Hi,
Episode I : digitally re-mastered. I suppose that the only new thing
here is sql_show.cc so I'll comment on it only.
On 26.11.2007, at 09:20, Tatjana A Nuernberg wrote:
> Below is the list of changes that have just been committed into a
> local
> 4.1 repository of tnurnberg. When tnurnberg does a push these
> changes will
> be propagated to the main repository and, within 24 hours after the
> push, to the public repository.
> For information on how to access the public repository
> see http://dev.mysql.com/doc/mysql/en/installing-source-tree.html
>
> ChangeSet@stripped, 2007-11-26 08:20:40+01:00, tnurnberg@stripped +6 -0
> Bug#31752: check strmake() bounds
>
> strmake() calls are easy to get wrong. Add checks in extra
> debug mode to identify possible exploits.
>
> Remove some dead code.
>
> Remove some off-by-one errors identified with new checks.
<snip>
> diff -Nrup a/sql/sql_show.cc b/sql/sql_show.cc
> --- a/sql/sql_show.cc 2007-01-18 17:43:45 +01:00
> +++ b/sql/sql_show.cc 2007-11-26 08:20:40 +01:00
> @@ -136,7 +136,7 @@ int mysqld_show_tables(THD *thd,const ch
> {
> Item_string *field=new Item_string("",0,thd->charset());
> List<Item> field_list;
> - char path[FN_LEN],*end;
> + char path[FN_REFLEN],*end;
Please add a comment from where this limitation comes from. Or even
better : add a comment to the relevant function (from what I
understand unpack_dirname()) : whichever you think is more appropriate.
> List<char> files;
> char *file_name;
> Protocol *protocol= thd->protocol;
> @@ -457,7 +457,7 @@ int mysqld_extend_show_tables(THD *thd,c
> Item *item;
> List<char> files;
> List<Item> field_list;
> - char path[FN_LEN];
> + char path[FN_REFLEN];
See above.
Best Regards,
Joro
--
Georgi Kodinov, Senior Software Engineer
MySQL AB, Plovdiv, Bulgaria, www.mysql.com
Office: +359 32 634 397 Mobile: +359 887 700 566 Skype: georgekodinov
Are you MySQL certified? www.mysql.com/certification
