Bug#31752: check strmake() bounds

strmake() called with wrong parameters: 5.0-specific fixes. client/mysql.cc: In debug-mode, strmake() fills unused part of buffer with a test-pattern. This overwrites our previous extra '\0' (from previous bzero()). sql/sp.cc: off-by-one buffer-size.

Bug#31752: check strmake() bounds
strmake() called with wrong parameters: 5.0-specific fixes. client/mysql.cc: In debug-mode, strmake() fills unused part of buffer with a test-pattern. This overwrites our previous extra '\0' (from previous bzero()). sql/sp.cc: off-by-one buffer-size.
1c72446e · unknown · fe280afa · 1c72446e · 1c72446e
Commit 1c72446e authored Nov 26, 2007 by unknown
Hide whitespace changes
Inline Side-by-side

Showing with 5 additions and 2 deletions

client/mysql.cc client/mysql.cc +4 -1

sql/sp.cc sql/sp.cc +1 -1

No files found.
--- a/client/mysql.cc
+++ b/client/mysql.cc
@@ -2987,7 +2987,10 @@ com_connect(String *buffer, char *line)
      Two null bytes are needed in the end of buff to allow
      get_arg to find end of string the second time it's called.
    */
-    strmake(buff, line, sizeof(buff)-2);
+    tmp= strmake(buff, line, sizeof(buff)-2);
+#ifdef EXTRA_DEBUG
+    tmp[1]= 0;
+#endif
    tmp= get_arg(buff, 0);
    if (tmp && *tmp)
    {

--- a/sql/sp.cc
+++ b/sql/sp.cc
@@ -1902,7 +1902,7 @@ sp_use_new_db(THD *thd, LEX_STRING new_db, LEX_STRING *old_db,

  if (thd->db)
  {
-    old_db->length= (strmake(old_db->str, thd->db, old_db->length) -
+    old_db->length= (strmake(old_db->str, thd->db, old_db->length - 1) -
                     old_db->str);
  }
  else