#At file:///data/z/mysql-next-mr-runtime/ based on revid:magne.mahre@stripped
2926 Magne Mahre 2009-10-15
Bug #38124 (clean-up patch)
The fix for Bug #38124 introuced a bug. If the value given
for a set_var exceeded the length of the temporary buffer,
we would read behind the end of the buffer. Using
c_ptr_safe(), instead of c_ptr(), ensures that we won't
read beyond the buffer limit
mysql-6.0-codebase revid: 2617.44.1
modified:
sql/set_var.cc
=== modified file 'sql/set_var.cc'
--- a/sql/set_var.cc 2009-10-15 09:09:31 +0000
+++ b/sql/set_var.cc 2009-10-15 11:38:21 +0000
@@ -2544,7 +2544,7 @@ bool update_sys_var_str_path(THD *thd, s
String str(buff, sizeof(buff), system_charset_info), *newval;
newval= var->value->val_str(&str);
- old_value= newval->c_ptr();
+ old_value= newval->c_ptr_safe();
str_length= strlen(old_value);
}
Attachment: [text/bzr-bundle] bzr/magne.mahre@sun.com-20091015113821-v9b3su5opnpd8b75.bundle
| Thread |
|---|
| • bzr commit into mysql-5.5.0-next-mr-runtime branch (magne.mahre:2926)Bug#38124 | Magne Mahre | 15 Oct |
