List:Commits« Previous MessageNext Message »
From:Tatjana A Nuernberg Date:May 14 2007 4:00pm
Subject:bk commit into 5.0 tree (tnurnberg:1.2478) BUG#24924
View as plain text  
Below is the list of changes that have just been committed into a local
5.0 repository of tnurnberg. When tnurnberg does a push these changes will
be propagated to the main repository and, within 24 hours after the
push, to the public repository.
For information on how to access the public repository
see http://dev.mysql.com/doc/mysql/en/installing-source-tree.html

ChangeSet@stripped, 2007-05-14 18:00:03+02:00, tnurnberg@stripped +1 -0
  Bug#24924: shared-memory-base-name that is too long causes buffer overflow
  
  buffer for shared-memory name was static, is dynamic now. (win)

  sql/mysqld.cc@stripped, 2007-05-14 17:59:55+02:00, tnurnberg@stripped +13 -1
    Bug#24924: shared-memory-base-name that is too long causes buffer overflow
    
    use dynamic rather than static buffer for shared memory name

# This is a BitKeeper patch.  What follows are the unified diffs for the
# set of deltas contained in the patch.  The rest of the patch, the part
# that BitKeeper cares about, is below these diffs.
# User:	tnurnberg
# Host:	blasphemy.mysql.com
# Root:	/home/tnurnberg/24924/50-24924

--- 1.609/sql/mysqld.cc	2007-05-02 14:25:09 +02:00
+++ 1.610/sql/mysqld.cc	2007-05-14 17:59:55 +02:00
@@ -4387,7 +4387,7 @@ pthread_handler_t handle_connections_sha
   HANDLE event_connect_answer= 0;
   ulong smem_buffer_length= shared_memory_buffer_length + 4;
   ulong connect_number= 1;
-  char tmp[63];
+  char *tmp= NULL;
   char *suffix_pos;
   char connect_number_char[22], *p;
   const char *errmsg= 0;
@@ -4396,6 +4396,12 @@ pthread_handler_t handle_connections_sha
   DBUG_ENTER("handle_connections_shared_memorys");
   DBUG_PRINT("general",("Waiting for allocated shared memory."));
 
+  /*
+     get enough space base-name + '_' + longest suffix we might ever send
+   */
+  if (!(tmp= my_str_malloc(strlen(shared_memory_base_name) + 32L)))
+    goto error;
+
   if (my_security_attr_create(&sa_event, &errmsg,
                               GENERIC_ALL, SYNCHRONIZE | EVENT_MODIFY_STATE))
     goto error;
@@ -4583,6 +4589,12 @@ errorconn:
 
   /* End shared memory handling */
 error:
+  if (tmp)
+  {
+    my_str_free(tmp);
+    tmp= NULL;
+  }
+
   if (errmsg)
   {
     char buff[180];
Thread
bk commit into 5.0 tree (tnurnberg:1.2478) BUG#24924Tatjana A Nuernberg14 May