List:Packagers« Previous MessageNext Message »
From:Tom Lane Date:April 3 2005 3:08am
Subject:Uninitialized variable in latest 3.x security patch
View as plain text  
There's a small but critical error in Christian Hammer's recent backport
of the latest round of MySQL security fixes.  The create_flags variable
added to ha_myisam::create needs to be initialized ...

*** mysql-3.23.58-security2.patch~      Fri Mar 18 17:36:53 2005
--- mysql-3.23.58-security2.patch       Sat Apr  2 21:10:47 2005
***************
*** 162,168 ****
   {
     int error;
  -  uint i,j,recpos,minpos,fieldpos,temp_length,length;
! +  uint i,j,recpos,minpos,fieldpos,temp_length,length, create_flags;
     bool found_auto_increment=0;
     enum ha_base_keytype type;
     char buff[FN_REFLEN];
--- 162,168 ----
   {
     int error;
  -  uint i,j,recpos,minpos,fieldpos,temp_length,length;
! +  uint i,j,recpos,minpos,fieldpos,temp_length,length, create_flags=0;
     bool found_auto_increment=0;
     enum ha_base_keytype type;
     char buff[FN_REFLEN];

Without this you get fairly random failures during database
initialization.

AFAICS this is done correctly in MySQL 4.1.10a.

			regards, tom lane
Thread
Uninitialized variable in latest 3.x security patchTom Lane3 Apr
  • Re: Uninitialized variable in latest 3.x security patchChristian Hammers4 Apr