List:Commits« Previous MessageNext Message »
From:jack andrews Date:July 13 2009 2:56pm
Subject:bzr commit into mysql-5.1-telco-7.0 branch (jack:2948) Bug#45733
View as plain text  
#At file:///D:/repo/more-than-4-ndbd-bug45733/ based on revid:jonas@stripped

 2948 jack andrews	2009-07-13
      Bug #45733  	Cluster with more than 4 storage node 
        . changed basestring_vsnprintf to check that clients
          don't try to write a string with length > max_size.

    modified:
      storage/ndb/src/common/util/BaseString.cpp
      storage/ndb/src/common/util/basestring_vsnprintf.c
=== modified file 'storage/ndb/src/common/util/BaseString.cpp'
--- a/storage/ndb/src/common/util/BaseString.cpp	2009-06-06 12:52:24 +0000
+++ b/storage/ndb/src/common/util/BaseString.cpp	2009-07-13 14:55:19 +0000
@@ -210,7 +210,8 @@ BaseString::assfmt(const char *fmt, ...)
 	m_chr = t;
     }
     va_start(ap, fmt);
-    basestring_vsnprintf(m_chr, l, fmt, ap);
+    l = basestring_vsnprintf(m_chr, l, fmt, ap);
+    assert(l<=(int)strlen(m_chr));
     va_end(ap);
     m_len = strlen(m_chr);
     return *this;

=== modified file 'storage/ndb/src/common/util/basestring_vsnprintf.c'
--- a/storage/ndb/src/common/util/basestring_vsnprintf.c	2009-05-27 15:21:45 +0000
+++ b/storage/ndb/src/common/util/basestring_vsnprintf.c	2009-07-13 14:55:19 +0000
@@ -47,27 +47,23 @@ static char basestring_vsnprintf_buf[16*
 int
 basestring_vsnprintf(char *str, size_t size, const char *format, va_list ap)
 {
+  int ret = 0;
+  size_t max_size = sizeof(basestring_vsnprintf_buf);
   if (size == 0)
   {
-#ifdef SNPRINTF_RETURN_TRUNC
-    return vsnprintf(basestring_vsnprintf_buf,
-		     sizeof(basestring_vsnprintf_buf),
-		     format, ap);
-#else
-    char buf[1];
-    return vsnprintf(buf, 1, format, ap);
-#endif
+    char buf[2];
+    return basestring_vsnprintf(buf, 1, format, ap);
   }
-  {
-    int ret= vsnprintf(str, size, format, ap);
+  ret = vsnprintf(str, size, format, ap);
 #ifdef SNPRINTF_RETURN_TRUNC
-    if (ret == size-1 || ret == -1)
-    {
-      ret= vsnprintf(basestring_vsnprintf_buf,
-		     sizeof(basestring_vsnprintf_buf),
-		     format, ap);
-    }
+  if (ret == size-1 || ret < 0)
+    ret= vsnprintf(basestring_vsnprintf_buf, max_size, format, ap);
 #endif
-    return ret;
+  if (ret < 0 || ret > (max_size-1))
+  {
+    fprintf(stderr, "tried to snprintf a string > %d\n", max_size);
+    fprintf(stderr, "actual retval of vsnprintf: %d\n", ret);
+    abort();
   }
+  return ret;
 }


Attachment: [text/bzr-bundle] bzr/jack@sun.com-20090713145519-1lyopk9wmbvo5cg4.bundle
Thread
bzr commit into mysql-5.1-telco-7.0 branch (jack:2948) Bug#45733jack andrews13 Jul