-
Davi Arnaut authored
non-latin1 server error message The problem was a one byte buffer overflow in the conversion of a error message between character sets. Ahead of explaining the problem further, some background information. Before an error message is sent to the user, the message is converted to the character set specified in the character_set_results variable. For various reasons, this conversion might cause the message to increase in length -- for example, if certain characters can't be represented in the result character set. If the final message length is greater than the maximum allowed length of a error message (MYSQL_ERRMSG_SIZE), the message is truncated. The message is also always null-terminated regardless of the character set. The problem arises from this null-termination. If a message length reached the maximum, the terminating null character would be placed one byte past the end of the message buffer. The solution is to reserve the end of the message buffer for the null character. mysql-test/t/ctype_errors.test: Add test case for Bug#12736295. sql/sql_error.cc: The to_end pointer was actually pointing past the end of the buffer. Since the message is always null terminated, point to_end to the last position of the buffer.
28e6b4ed
