diff options
| author | unknown <tnurnberg@sin.intern.azundris.com> | 2007-10-18 10:47:54 +0200 |
|---|---|---|
| committer | unknown <tnurnberg@sin.intern.azundris.com> | 2007-10-18 10:47:54 +0200 |
| commit | cd9d89a75d4cd5e9408cd34e6229910acf23cdc1 (patch) | |
| tree | d5f9a4b59eab9b021a873e89e87187e3d3765c5b /mysql-test/t/variables.test | |
| parent | 77d786b5a0cd303d30b9a22a044b916078551e6c (diff) | |
| download | mariadb-git-cd9d89a75d4cd5e9408cd34e6229910acf23cdc1.tar.gz | |
Bug#31588: buffer overrun when setting variables
Buffer used when setting variables was not dimensioned to accomodate
trailing '\0'. An overflow by one character was therefore possible.
CS corrects limits to prevent such overflows.
mysql-test/r/variables.result:
Try to overflow buffer used for setting system variables.
Unpatched server should throw a valgrind warning here.
Actual value and error message irrelevant, only length counts.
mysql-test/t/variables.test:
Try to overflow buffer used for setting system variables.
sql/set_var.cc:
Adjust maximum number of characters we can store in 'buff' by one
as strmake() will write a terminating '\0'.
Diffstat (limited to 'mysql-test/t/variables.test')
| -rw-r--r-- | mysql-test/t/variables.test | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/mysql-test/t/variables.test b/mysql-test/t/variables.test index 808dc0973d4..371cd6bc9b1 100644 --- a/mysql-test/t/variables.test +++ b/mysql-test/t/variables.test @@ -447,4 +447,11 @@ set @test = @@query_prealloc_size; set @@query_prealloc_size = @test; select @@query_prealloc_size = @test; -# End of 4.1 tests +# +# Bug#31588 buffer overrun when setting variables +# +# Buffer-size Off By One. Should throw valgrind-warning without fix #31588. +--error 1231 +set global sql_mode=repeat('a',80); + +--echo End of 4.1 tests |