praiskup / rpms / mariadb

Forked from rpms/mariadb 5 years ago
Clone
Source Code
GIT

Files

  1.   2a7a489639586c042f248384543c55c6695cd6bc
  2.   mariadb-string-overflow.patch
Blob Blame History Raw 
These issues were found by Coverity static analysis tool, for more info
see messages by particular fixes (messages belong to 5.1.61).

Filed upstream at http://bugs.mysql.com/bug.php?id=64631


Error: BUFFER_SIZE_WARNING:
/builddir/build/BUILD/mysql-5.1.61/sql/sql_prepare.cc:2749: buffer_size_warning: Calling strncpy with a maximum size argument of 512 bytes on destination array "this->stmt->last_error" of size 512 bytes might leave the destination string unterminated.


diff -up mariadb-10.0.10/sql/sql_prepare.cc.p8 mariadb-10.0.10/sql/sql_prepare.cc
--- mariadb-10.0.10/sql/sql_prepare.cc.p8	2014-03-30 19:56:42.000000000 +0200
+++ mariadb-10.0.10/sql/sql_prepare.cc	2014-04-07 18:43:33.901074770 +0200
@@ -3021,7 +3021,7 @@ void mysql_stmt_get_longdata(THD *thd, c
   {
     stmt->state= Query_arena::STMT_ERROR;
     stmt->last_errno= thd->get_stmt_da()->sql_errno();
-    strncpy(stmt->last_error, thd->get_stmt_da()->message(), MYSQL_ERRMSG_SIZE);
+    strncpy(stmt->last_error, thd->get_stmt_da()->message(), sizeof(stmt->last_error)-1);
   }
   thd->set_stmt_da(save_stmt_da);
Powered by Pagure 5.14.1
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.