From 0f3cc95bf1523754d21cc3a4c59c0d107adc1c16 Mon Sep 17 00:00:00 2001
From: unknown <knielsen@mysql.com>
Date: Fri, 23 Jun 2006 14:50:02 +0200
Subject: BUG#20622: Fix one-byte buffer overrun in IM directory string
 handling.

The problem was a call to convert_dirname() with a destination buffer
that did not have room for the trailing slash added by that function.
This could cause the instance manager to crash in some cases.


mysys/mf_dirname.c:
  Clarify in comments that convert_dirname destination must be larger than
  source to accomodate a trailing slash.
server-tools/instance-manager/instance_options.cc:
  Fix buffer overrun.
---
 mysys/mf_dirname.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'mysys')

diff --git a/mysys/mf_dirname.c b/mysys/mf_dirname.c
index 9206aa28078..4d78f039799 100644
--- a/mysys/mf_dirname.c
+++ b/mysys/mf_dirname.c
@@ -72,7 +72,9 @@ uint dirname_part(my_string to, const char *name)
 
   SYNPOSIS
     convert_dirname()
-    to				Store result here
+    to				Store result here. Must be at least of size
+    				min(FN_REFLEN, strlen(from) + 1) to make room
+    				for adding FN_LIBCHAR at the end.
     from			Original filename
     from_end			Pointer at end of filename (normally end \0)
 
-- 
cgit v1.2.1