List:Commits« Previous MessageNext Message »
From:Luis Soares Date:June 28 2011 3:57pm
Subject:bzr push into mysql-trunk-bug11747577 branch (luis.soares:3203 to 3204)
Bug#11747577
View as plain text  
 3204 Luis Soares	2011-06-28
      BUG#11747577
      
      Fixing remaining issues on windows and solaris:
      
        - main.mysql
      
      and just on windows:
      
        - main.system_mysql_db_fix40123
        - main.system_mysql_db_fix50030
        - main.system_mysql_db_fix50117
        - main.mysql_comments

    modified:
      client/mysql.cc
      client/readline.cc
 3203 Luis Soares	2011-06-14
      BUG#11747577
            
      Fixing segmentation fault in main.mysql. There was a buffer
      overrun when searching for a command (find_command). We fix this
      by changing the order of how comparisons are made so that the
      access to memory is done only after the strings (input and
      commmand name) are compared.

    modified:
      client/mysql.cc
=== modified file 'client/mysql.cc'
--- a/client/mysql.cc	2011-06-14 13:34:19 +0000
+++ b/client/mysql.cc	2011-06-28 15:56:42 +0000
@@ -1973,8 +1973,13 @@ static int read_and_execute(bool interac
   {
     if (!interactive)
     {
+      /*
+        batch_readline can return 0 on EOF or error.
+        In that case, we need to double check that we have a valid
+        line before actually setting line_length to read_length.
+        */
       line= batch_readline(status.line_buff, real_binary_mode);
-      line_length= status.line_buff->read_length;
+      line_length= line ? status.line_buff->read_length : 0;
       /*
         ASCII 0x00 is not allowed appearing in queries if it is not in binary
         mode.
@@ -2004,7 +2009,11 @@ static int read_and_execute(bool interac
            (uchar) line[0] == 0xEF &&
            (uchar) line[1] == 0xBB &&
            (uchar) line[2] == 0xBF)
+      {
         line+= 3;
+        // decrease the line length accordingly to the 3 bytes chopped
+        line_length -=3;
+      }
       line_number++;
       if (!glob_buffer.length())
 	status.query_start_line=line_number;

=== modified file 'client/readline.cc'
--- a/client/readline.cc	2011-06-14 13:33:11 +0000
+++ b/client/readline.cc	2011-06-28 15:56:42 +0000
@@ -62,7 +62,7 @@ char *batch_readline(LINE_BUFFER *line_b
   if (out_length && pos[out_length-1] == '\n')
   {
     out_length--;                                   /* Remove '\n' */
-    if (!binary_mode && pos[out_length-1] == '\r')
+    if (out_length && !binary_mode && pos[out_length-1] == '\r')
       out_length--;                                 /* Remove '\r' */
   }
   line_buff->read_length=out_length;

No bundle (reason: useless for push emails).
Thread
bzr push into mysql-trunk-bug11747577 branch (luis.soares:3203 to 3204)Bug#11747577Luis Soares29 Jun