From dddced964b7d3662f6bec97dc8a21f598a4b3ec7 Mon Sep 17 00:00:00 2001
From: "tnurnberg@mysql.com/white.intern.koehntopp.de" <>
Date: Thu, 6 Dec 2007 11:48:27 +0100
Subject: Bug#31752: check strmake() bounds

post-fixes: prevent semi-related overflow, additional comments
---
 sql/unireg.cc | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'sql/unireg.cc')

diff --git a/sql/unireg.cc b/sql/unireg.cc
index 795198fc55f..dcb49bc1766 100644
--- a/sql/unireg.cc
+++ b/sql/unireg.cc
@@ -141,6 +141,11 @@ bool mysql_create_frm(THD *thd, my_string file_name,
 	  60);
   forminfo[46]=(uchar) strlen((char*)forminfo+47);	// Length of comment
 #ifdef EXTRA_DEBUG
+  /*
+    EXTRA_DEBUG causes strmake() to initialize its buffer behind the
+    payload with a magic value to detect wrong buffer-sizes. We
+    explicitly zero that segment again.
+  */
   memset((char*) forminfo+47 + forminfo[46], 0, 61 - forminfo[46]);
 #endif
 
-- 
cgit v1.2.1