Below is the list of changes that have just been committed into a local
5.0 repository of tnurnberg. When tnurnberg does a push these changes will
be propagated to the main repository and, within 24 hours after the
push, to the public repository.
For information on how to access the public repository
see http://dev.mysql.com/doc/mysql/en/installing-source-tree.html
ChangeSet@stripped, 2007-11-26 09:13:23+01:00, tnurnberg@stripped +2 -0
Bug#31752: check strmake() bounds
strmake() called with wrong parameters:
5.0-specific fixes.
client/mysql.cc@stripped, 2007-11-26 09:13:22+01:00, tnurnberg@stripped +4 -1
In debug-mode, strmake() fills unused part of buffer with
a test-pattern. This overwrites our previous extra '\0'
(from previous bzero()).
sql/sp.cc@stripped, 2007-11-26 09:13:22+01:00, tnurnberg@stripped +1 -1
off-by-one buffer-size.
diff -Nrup a/client/mysql.cc b/client/mysql.cc
--- a/client/mysql.cc 2007-08-30 10:53:20 +02:00
+++ b/client/mysql.cc 2007-11-26 09:13:22 +01:00
@@ -2987,7 +2987,10 @@ com_connect(String *buffer, char *line)
Two null bytes are needed in the end of buff to allow
get_arg to find end of string the second time it's called.
*/
- strmake(buff, line, sizeof(buff)-2);
+ tmp= strmake(buff, line, sizeof(buff)-2);
+#ifdef EXTRA_DEBUG
+ tmp[1]= 0;
+#endif
tmp= get_arg(buff, 0);
if (tmp && *tmp)
{
diff -Nrup a/sql/sp.cc b/sql/sp.cc
--- a/sql/sp.cc 2007-07-25 16:38:48 +02:00
+++ b/sql/sp.cc 2007-11-26 09:13:22 +01:00
@@ -1902,7 +1902,7 @@ sp_use_new_db(THD *thd, LEX_STRING new_d
if (thd->db)
{
- old_db->length= (strmake(old_db->str, thd->db, old_db->length) -
+ old_db->length= (strmake(old_db->str, thd->db, old_db->length - 1) -
old_db->str);
}
else
