From: Date: December 8 2006 4:08pm
Subject: bk commit into 4.1 tree (msvensson:1.2583) BUG#24498
List-Archive: http://lists.mysql.com/commits/16658
X-Bug: 24498
Message-Id: <20061208150858.93B0886DF0C@neptunus.localdomain>

Below is the list of changes that have just been committed into a local
4.1 repository of msvensson. When msvensson does a push these changes will
be propagated to the main repository and, within 24 hours after the
push, to the public repository.
For information on how to access the public repository
see http://dev.mysql.com/doc/mysql/en/installing-source-tree.html

ChangeSet@stripped, 2006-12-08 16:08:54+01:00, msvensson@neptunus.(none) +1 -0
  Bug#24498 Stack overflow in mysqltest
   - Thanks to Vasil Dimov for the patch!

  client/mysqltest.c@stripped, 2006-12-08 16:08:52+01:00, msvensson@neptunus.(none) +3 -1
    Use my_snprintf to protect against exceeding size of buff
    Since variable name and valu might not be null terminated it's necessary to
    provide the length of the format specifiers.   

# This is a BitKeeper patch.  What follows are the unified diffs for the
# set of deltas contained in the patch.  The rest of the patch, the part
# that BitKeeper cares about, is below these diffs.
# User:	msvensson
# Host:	neptunus.(none)
# Root:	/home/msvensson/mysql/mysql-4.1-maint

--- 1.228/client/mysqltest.c	2006-12-08 16:08:58 +01:00
+++ 1.229/client/mysqltest.c	2006-12-08 16:08:58 +01:00
@@ -1240,7 +1240,9 @@ void var_set(const char *var_name, const
       v->int_dirty= 0;
       v->str_val_len= strlen(v->str_val);
     }
-    strxmov(buf, v->name, "=", v->str_val, NullS);
+    my_snprintf(buf, sizeof(buf), "%.*s=%.*s",
+                v->name_len, v->name,
+                v->str_val_len, v->str_val);
     if (!(v->env_s= my_strdup(buf, MYF(MY_WME))))
       die("Out of memory");
     putenv(v->env_s);