List:Commits« Previous MessageNext Message »
From:Nirbhay Choubey Date:December 29 2011 5:35am
Subject:bzr push into mysql-trunk branch (nirbhay.choubey:3693 to 3694) Bug#13460909
View as plain text  
 3694 Nirbhay Choubey	2011-12-28
      Bug#13460909 :STACK SMASHING DETECTED IN LIBMYSQLD
                    DEBUG BUILD
      
      An embedded-mysql application can crash in debug
      mode with 'stack smashing detected' error when it
      tries to connect without specifying the user name
      (NULL).
      
      The problem lies in the length of the buffer (array)
      allocated to store user name in mysql_real_connect
      function. This length did not take into consideration
      an extra byte that strmake requires in order to store
      either '\0' or 'Z' in debug mode (for padding empty
      bytes).
      
      Fixed by increasing the name buffer length by 1.
     @ libmysqld/libmysqld.c
        Bug#13460909 :STACK SMASHING DETECTED IN
                      LIBMYSQLD DEBUG BUILD
        
        Increased the buffer size by one to cope
        up with the requirement placed by strmake
        function, which requires an extra byte in
        the destination buffer to store '\0' or
        'Z' (in debug mode).

    modified:
      libmysqld/libmysqld.c
 3693 Marko Mäkelä	2011-12-28 [merge]
      Merge mysql-5.5 to mysql-trunk.

    modified:
      storage/innobase/buf/buf0buf.cc
      storage/innobase/include/mem0mem.ic
      storage/innobase/include/univ.i
      storage/innobase/include/ut0mem.h
      storage/innobase/mem/mem0pool.cc
      storage/innobase/os/os0proc.cc
      storage/innobase/ut/ut0mem.cc
=== modified file 'libmysqld/libmysqld.c'
--- a/libmysqld/libmysqld.c	2011-06-30 15:50:45 +0000
+++ b/libmysqld/libmysqld.c	2011-12-28 13:43:30 +0000
@@ -81,7 +81,7 @@ mysql_real_connect(MYSQL *mysql,const ch
 		   const char *passwd, const char *db,
 		   uint port, const char *unix_socket,ulong client_flag)
 {
-  char name_buff[USERNAME_LENGTH];
+  char name_buff[USERNAME_LENGTH + 1];
 
   DBUG_ENTER("mysql_real_connect");
   DBUG_PRINT("enter",("host: %s  db: %s  user: %s (libmysqld)",

No bundle (reason: useless for push emails).
Thread
bzr push into mysql-trunk branch (nirbhay.choubey:3693 to 3694) Bug#13460909Nirbhay Choubey29 Dec