• Developer Zone
• Lists Home
• FAQ

Below is the list of changes that have just been committed into a local
5.0 repository of tnurnberg. When tnurnberg does a push these changes will
be propagated to the main repository and, within 24 hours after the
push, to the public repository.
For information on how to access the public repository
see http://dev.mysql.com/doc/mysql/en/installing-source-tree.html

ChangeSet@stripped, 2007-11-26 09:13:23+01:00, tnurnberg@stripped +2 -0
  Bug#31752: check strmake() bounds
  
  strmake() called with wrong parameters:
  5.0-specific fixes.

  client/mysql.cc@stripped, 2007-11-26 09:13:22+01:00, tnurnberg@stripped +4 -1
    In debug-mode, strmake() fills unused part of buffer with
    a test-pattern. This overwrites our previous extra '\0'
    (from previous bzero()).

  sql/sp.cc@stripped, 2007-11-26 09:13:22+01:00, tnurnberg@stripped +1 -1
    off-by-one buffer-size.

diff -Nrup a/client/mysql.cc b/client/mysql.cc
--- a/client/mysql.cc	2007-08-30 10:53:20 +02:00
+++ b/client/mysql.cc	2007-11-26 09:13:22 +01:00
@@ -2987,7 +2987,10 @@ com_connect(String *buffer, char *line)
       Two null bytes are needed in the end of buff to allow
       get_arg to find end of string the second time it's called.
     */
-    strmake(buff, line, sizeof(buff)-2);
+    tmp= strmake(buff, line, sizeof(buff)-2);
+#ifdef EXTRA_DEBUG
+    tmp[1]= 0;
+#endif
     tmp= get_arg(buff, 0);
     if (tmp && *tmp)
     {
diff -Nrup a/sql/sp.cc b/sql/sp.cc
--- a/sql/sp.cc	2007-07-25 16:38:48 +02:00
+++ b/sql/sp.cc	2007-11-26 09:13:22 +01:00
@@ -1902,7 +1902,7 @@ sp_use_new_db(THD *thd, LEX_STRING new_d
 
   if (thd->db)
   {
-    old_db->length= (strmake(old_db->str, thd->db, old_db->length) -
+    old_db->length= (strmake(old_db->str, thd->db, old_db->length - 1) -
                      old_db->str);
   }
   else