Skip to content

M
mariadb
Commit 33a098bf authored by unknown's avatar unknown
Browse files
Options

Bug#24498 Stack overflow in mysqltest 

 - Thanks to Vasil Dimov for the patch!


client/mysqltest.c:
  Use my_snprintf to protect against exceeding size of buff
  Since variable name and valu might not be null terminated it's necessary to
  provide the length of the format specifiers.
parent ca1aebbd
Hide whitespace changes
Inline Side-by-side
Showing with 3 additions and 1 deletion
client/mysqltest.c
View file @ 33a098bf
...@@ -1240,7 +1240,9 @@ void var_set(const char *var_name, const char *var_name_end, ...@@ -1240,7 +1240,9 @@ void var_set(const char *var_name, const char *var_name_end,
v->int_dirty= 0; v->int_dirty= 0;
v->str_val_len= strlen(v->str_val); v->str_val_len= strlen(v->str_val);
} }
strxmov(buf, v->name, "=", v->str_val, NullS); my_snprintf(buf, sizeof(buf), "%.*s=%.*s",
v->name_len, v->name,
v->str_val_len, v->str_val);
if (!(v->env_s= my_strdup(buf, MYF(MY_WME)))) if (!(v->env_s= my_strdup(buf, MYF(MY_WME))))
die("Out of memory"); die("Out of memory");
putenv(v->env_s); putenv(v->env_s);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7