List:Bugs« Previous MessageNext Message »
From:sasha Date:October 28 2000 1:03am
Subject:Workaround for SCO bug in realpath()
View as plain text  

Slave thread coredumps on startup on  SCO OpenServer 5.0.5 ( possibly others
too) because of a buffer overrun bug in realpath(). Other areas of MySQL can
pontentially be unstable as well, as realpath() is called frequently in that


--- 1.6/mysys/mf_format.c       Tue Sep 19 19:54:43 2000
+++ edited/mysys/mf_format.c    Fri Oct 27 18:46:38 2000
@@ -33,10 +33,14 @@
        /*              32  Resolve filename to full path */
        /*              64  Return NULL if too long path */

+#ifdef SCO
+#define BUFF_LEN 4097
 #define BUFF_LEN FN_LEN

 my_string fn_format(my_string to, const char *name, const char *dsk,

Gory details (discovered by disassembling realpath() ):

if the first argument of realpath starts with '.', realpath() will call getcwd()
passing it hard-coded 4096 constant for the buffer size. Even if the length of
the current working directory much less than 4096, getcwd() will modify all 4096
characters of the buffer. The docs on realpath() say the buffer must be at least
MAXPATHLEN characters. The problem is that MAXPATHLEN is not defined anywhere,
at least I could not find where it is defined, when you compile it is not
defined, and docs on realpath() do not tell you to include anything other than
<stdlib.h>, which does not define MAXPATHLEN. Related constants MAX_PATH and
NL_MAXPATHLEN are defined to 1024, which is not sufficient to avoid buffer
overrun in getcwd(). 
MySQL Development Team
   __  ___     ___ ____  __ 
  /  |/  /_ __/ __/ __ \/ /   Sasha Pachev <sasha@stripped>
 / /|_/ / // /\ \/ /_/ / /__  MySQL AB,
/_/  /_/\_, /___/\___\_\___/  Provo, Utah, USA
Workaround for SCO bug in realpath()sasha28 Oct
Re: Workaround for SCO bug in realpath()Gerald L. Clark30 Oct