• Shishir Jaiswal's avatar
    Bug#21977380 - POSSIBLE BUFFER OVERFLOW ISSUES · 9d72fb4a
    Shishir Jaiswal authored
    DESCRIPTION
    ===========
    Buffer overflow is reported in a lot of code sections
    spanning across server, client programs, Regex libraries
    etc. If not handled appropriately, they can cause abnormal
    behaviour.
    
    ANALYSIS
    ========
    The reported casea are the ones which are likely to result
    in SEGFAULT, MEMORY LEAK etc.
    
    FIX
    ===
    - sprintf() has been replaced by my_snprintf() to avoid
    buffer overflow.
    - my_free() is done after checking if the pointer isn't
      NULL already and setting it to NULL thereafter at few
      places.
    - Buffer is ensured to be large enough to hold the data.
    - 'unsigned int' (aka 'uint') is replaced with 'size_t'
    to avoid wraparound.
    - Memory is freed (if not done so) after its alloced and
    used.
    - Inserted assert() for size check in InnoDb memcached
    code (from 5.6 onwards)
    - Other minor changes
    
    (cherry picked from commit 3487e20959c940cbd24429afa795ebfc8a01e94f)
    9d72fb4a
split.c 7.06 KB