diff options
| author | Ramil Kalimullin <ramil@mysql.com> | 2010-04-29 08:42:32 +0400 |
|---|---|---|
| committer | Ramil Kalimullin <ramil@mysql.com> | 2010-04-29 08:42:32 +0400 |
| commit | 0d5dbb166b1bcd39588268d4148f02c9f58575f8 (patch) | |
| tree | 0245757c04be4818a686cab6bdc56dc75e53a508 /mysql-test/t/overflow.test | |
| parent | 6d43510a421cd450d8c43224f38a17b4a59ec556 (diff) | |
| download | mariadb-git-0d5dbb166b1bcd39588268d4148f02c9f58575f8.tar.gz | |
Fix for bug #53237: mysql_list_fields/COM_FIELD_LIST stack smashing
Problem: "COM_FIELD_LIST is an old command of the MySQL server, before there was real move to only
SQL. Seems that the data sent to COM_FIELD_LIST( mysql_list_fields() function) is not
checked for sanity. By sending long data for the table a buffer is overflown, which can
be used deliberately to include code that harms".
Fix: check incoming data length.
sql/sql_parse.cc:
Fix for bug #53237: mysql_list_fields/COM_FIELD_LIST stack smashing
- check incoming mysql_list_fields() table name arg length.
Diffstat (limited to 'mysql-test/t/overflow.test')
0 files changed, 0 insertions, 0 deletions