MySQL Lists: commits: bk commit into 5.0 tree (knielsen:1.2132) BUG#20622

List:	Commits	« Previous Message Next Message »
From:	knielsen	Date:	June 23 2006 2:10pm
Subject:	bk commit into 5.0 tree (knielsen:1.2132) BUG#20622
View as plain text

Below is the list of changes that have just been committed into a local
5.0 repository of knielsen. When knielsen does a push these changes will
be propagated to the main repository and, within 24 hours after the
push, to the public repository.
For information on how to access the public repository
see http://dev.mysql.com/doc/mysql/en/installing-source-tree.html

ChangeSet
  1.2132 06/06/23 14:10:46 knielsen@stripped +2 -0
  BUG#20622: Fix one-byte buffer overrun in IM directory string handling.
  
  The problem was a call to convert_dirname() with a destination buffer
  that did not have room for the trailing slash added by that function.
  This could cause the instance manager to crash in some cases.

  server-tools/instance-manager/instance_options.cc
    1.31 06/06/23 14:10:41 knielsen@stripped +7 -2
    Fix buffer overrun.

  mysys/mf_dirname.c
    1.13 06/06/23 14:10:41 knielsen@stripped +3 -1
    Clarify in comments that convert_dirname destination must be larger than
    source to accomodate a trailing slash.

# This is a BitKeeper patch.  What follows are the unified diffs for the
# set of deltas contained in the patch.  The rest of the patch, the part
# that BitKeeper cares about, is below these diffs.
# User:	knielsen
# Host:	rt.int.sifira.dk
# Root:	/usr/local/mysql/mysql-5.0-bug20622

--- 1.12/mysys/mf_dirname.c	2006-02-24 17:34:09 +01:00
+++ 1.13/mysys/mf_dirname.c	2006-06-23 14:10:41 +02:00
@@ -72,7 +72,9 @@
 
   SYNPOSIS
     convert_dirname()
-    to				Store result here
+    to				Store result here. Must be at least of size
+    				min(FN_REFLEN, strlen(from) + 1) to make room
+    				for adding FN_LIBCHAR at the end.
     from			Original filename
     from_end			Pointer at end of filename (normally end \0)
 

--- 1.30/server-tools/instance-manager/instance_options.cc	2006-04-26 12:45:18 +02:00
+++ 1.31/server-tools/instance-manager/instance_options.cc	2006-06-23 14:10:41 +02:00
@@ -391,8 +391,13 @@
   const char *tmp;
   char *end;
 
-  if (!mysqld_path && !(mysqld_path= strdup_root(&alloc, default_path)))
-    goto err;
+  if (!mysqld_path)
+  {
+    // Need one extra byte, as convert_dirname() adds a slash at the end.
+    if (!(mysqld_path= alloc_root(&alloc, strlen(default_path) + 2)))
+      goto err;
+    strcpy(mysqld_path, default_path);
+  }
 
   // it's safe to cast this to char* since this is a buffer we are allocating
   end= convert_dirname((char*)mysqld_path, mysqld_path, NullS);

Thread
• bk commit into 5.0 tree (knielsen:1.2132) BUG#20622	knielsen	23 Jun