diff options
| author | Vladislav Vaintroub <wlad@montyprogram.com> | 2012-11-10 20:36:18 +0100 |
|---|---|---|
| committer | Vladislav Vaintroub <wlad@montyprogram.com> | 2012-11-10 20:36:18 +0100 |
| commit | 353130204dead31c311cfc2877278640df84a5ee (patch) | |
| tree | 96dc95fd535b02040a4ef5792c54d3593be4ec17 | |
| parent | 8db072748fc9beb11fa34fe3efc3e31f17499409 (diff) | |
| download | mariadb-git-353130204dead31c311cfc2877278640df84a5ee.tar.gz | |
MDEV-3849 - 1 bytes stack overwrite in normalize_dirname().
Take into account that length of strings passed down to this function can be up to FN_REFLEN+1 bytes. including terminating zero.
The overwrite was caused by incomplete fix to MySQL Bug # 44834
| -rw-r--r-- | mysys/mf_pack.c | 14 |
1 files changed, 7 insertions, 7 deletions
diff --git a/mysys/mf_pack.c b/mysys/mf_pack.c index 86fd61537e7..e6b576b6d96 100644 --- a/mysys/mf_pack.c +++ b/mysys/mf_pack.c @@ -35,7 +35,7 @@ void pack_dirname(char * to, const char *from) int cwd_err; size_t d_length,length,UNINIT_VAR(buff_length); char * start; - char buff[FN_REFLEN]; + char buff[FN_REFLEN + 1]; DBUG_ENTER("pack_dirname"); (void) intern_filename(to,from); /* Change to intern name */ @@ -132,7 +132,7 @@ size_t cleanup_dirname(register char *to, const char *from) reg3 char * from_ptr; reg4 char * start; char parent[5], /* for "FN_PARENTDIR" */ - buff[FN_REFLEN+1],*end_parentdir; + buff[FN_REFLEN + 1],*end_parentdir; #ifdef BACKSLASH_MBTAIL CHARSET_INFO *fs= fs_character_set(); #endif @@ -245,7 +245,7 @@ my_bool my_use_symdir=0; /* Set this if you want to use symdirs */ #ifdef USE_SYMDIR void symdirget(char *dir) { - char buff[FN_REFLEN+1]; + char buff[FN_REFLEN + 1]; char *pos=strend(dir); if (dir[0] && pos[-1] != FN_DEVCHAR && my_access(dir, F_OK)) { @@ -295,7 +295,7 @@ void symdirget(char *dir) size_t normalize_dirname(char *to, const char *from) { size_t length; - char buff[FN_REFLEN]; + char buff[FN_REFLEN + 1]; DBUG_ENTER("normalize_dirname"); /* @@ -423,7 +423,7 @@ static char * NEAR_F expand_tilde(char * *path) size_t unpack_filename(char * to, const char *from) { size_t length, n_length, buff_length; - char buff[FN_REFLEN]; + char buff[FN_REFLEN + 1]; DBUG_ENTER("unpack_filename"); length=dirname_part(buff, from, &buff_length);/* copy & convert dirname */ @@ -459,7 +459,7 @@ size_t system_filename(char * to, const char *from) int libchar_found; size_t length; char * to_pos,from_pos,pos; - char buff[FN_REFLEN]; + char buff[FN_REFLEN + 1]; DBUG_ENTER("system_filename"); libchar_found=0; @@ -516,7 +516,7 @@ size_t system_filename(char * to, const char *from) char *intern_filename(char *to, const char *from) { size_t length, to_length; - char buff[FN_REFLEN]; + char buff[FN_REFLEN + 1]; if (from == to) { /* Dirname may destroy from */ strmov(buff,from); |