MDEV-3849 - 1 bytes stack overwrite in normalize_dirname().

Take into account that length of strings passed down to this function can be up to FN_REFLEN+1 bytes. including terminating zero. The overwrite was caused by incomplete fix to MySQL Bug # 44834

MDEV-3849 - 1 bytes stack overwrite in normalize_dirname().
Take into account that length of strings passed down to this function can be up to FN_REFLEN+1 bytes. including terminating zero. The overwrite was caused by incomplete fix to MySQL Bug # 44834
35313020 · Vladislav Vaintroub · 8db07274 · 35313020
Commit 35313020 authored Nov 10, 2012 by Vladislav Vaintroub
Hide whitespace changes
Inline Side-by-side

Showing with 7 additions and 7 deletions

mysys/mf_pack.c mysys/mf_pack.c +7 -7

No files found.
--- a/mysys/mf_pack.c
+++ b/mysys/mf_pack.c
@@ -35,7 +35,7 @@ void pack_dirname(char * to, const char *from)
  int cwd_err;
  size_t d_length,length,UNINIT_VAR(buff_length);
  char * start;
-  char buff[FN_REFLEN];
+  char buff[FN_REFLEN + 1];
  DBUG_ENTER("pack_dirname");

  (void) intern_filename(to,from);		/* Change to intern name */
@@ -132,7 +132,7 @@ size_t cleanup_dirname(register char *to, const char *from)
  reg3 char * from_ptr;
  reg4 char * start;
  char parent[5],				/* for "FN_PARENTDIR" */
-       buff[FN_REFLEN+1],*end_parentdir;
+       buff[FN_REFLEN + 1],*end_parentdir;
 #ifdef BACKSLASH_MBTAIL
  CHARSET_INFO *fs= fs_character_set();
 #endif
@@ -245,7 +245,7 @@ my_bool my_use_symdir=0;	/* Set this if you want to use symdirs */
 #ifdef USE_SYMDIR
 void symdirget(char *dir)
 {
-  char buff[FN_REFLEN+1];
+  char buff[FN_REFLEN + 1];
  char *pos=strend(dir);
  if (dir[0] && pos[-1] != FN_DEVCHAR && my_access(dir, F_OK))
  {
@@ -295,7 +295,7 @@ void symdirget(char *dir)
 size_t normalize_dirname(char *to, const char *from)
 {
  size_t length;
-  char buff[FN_REFLEN];
+  char buff[FN_REFLEN + 1];
  DBUG_ENTER("normalize_dirname");

  /*
@@ -423,7 +423,7 @@ static char * NEAR_F expand_tilde(char * *path)
 size_t unpack_filename(char * to, const char *from)
 {
  size_t length, n_length, buff_length;
-  char buff[FN_REFLEN];
+  char buff[FN_REFLEN + 1];
  DBUG_ENTER("unpack_filename");

  length=dirname_part(buff, from, &buff_length);/* copy & convert dirname */
@@ -459,7 +459,7 @@ size_t system_filename(char * to, const char *from)
  int libchar_found;
  size_t length;
  char * to_pos,from_pos,pos;
-  char buff[FN_REFLEN];
+  char buff[FN_REFLEN + 1];
  DBUG_ENTER("system_filename");

  libchar_found=0;
@@ -516,7 +516,7 @@ size_t system_filename(char * to, const char *from)
 char *intern_filename(char *to, const char *from)
 {
  size_t length, to_length;
-  char buff[FN_REFLEN];
+  char buff[FN_REFLEN + 1];
  if (from == to)
  {						/* Dirname may destroy from */
    strmov(buff,from);