Commit c326457d authored by unknown's avatar unknown

Fixed bug #28522:

sometimes `mysqldump --hex-blob' overruned output buffer by '\0' byte.

The dump_table() function has been fixed to reserve 1 byte more for the
last '\0' byte of dumped string.


client/mysqldump.c:
  Fixed bug #28522.
  The dump_table() function has been fixed to reserve 1 byte more for the
  last '\0' byte of dumped string.
mysql-test/t/mysqldump.test:
  Updated test case for bug #28522.
mysql-test/r/mysqldump.result:
  Updated test case for bug #28522.
parent c57d6f72
......@@ -2529,15 +2529,18 @@ static void dump_table(char *table, char *db)
plus 2 bytes for '0x' prefix.
- In non-HEX mode we need up to 2 bytes per character,
plus 2 bytes for leading and trailing '\'' characters.
Also we need to reserve 1 byte for terminating '\0'.
*/
dynstr_realloc_checked(&extended_row,length * 2+2);
dynstr_realloc_checked(&extended_row,length * 2 + 2 + 1);
if (opt_hex_blob && is_blob)
{
dynstr_append_checked(&extended_row, "0x");
extended_row.length+= mysql_hex_string(extended_row.str +
extended_row.length,
row[i], length);
extended_row.str[extended_row.length]= '\0';
DBUG_ASSERT(extended_row.length+1 <= extended_row.max_length);
/* mysql_hex_string() already terminated string by '\0' */
DBUG_ASSERT(extended_row.str[extended_row.length] == '\0');
}
else
{
......
......@@ -3310,5 +3310,16 @@ drop user user1;
drop user user2;
drop database mysqldump_test_db;
#
# Bug #28522: buffer overrun by '\0' byte using --hex-blob.
#
CREATE TABLE t1 (c1 INT, c2 LONGBLOB);
INSERT INTO t1 SET c1=11, c2=REPEAT('q',509);
CREATE TABLE `t1` (
`c1` int(11) default NULL,
`c2` longblob
);
INSERT INTO `t1` VALUES (11,0x7171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171);
DROP TABLE t1;
#
# End of 5.0 tests
#
......@@ -1528,7 +1528,14 @@ drop user user2;
drop database mysqldump_test_db;
--echo #
--echo # Bug #28522: buffer overrun by '\0' byte using --hex-blob.
--echo #
CREATE TABLE t1 (c1 INT, c2 LONGBLOB);
INSERT INTO t1 SET c1=11, c2=REPEAT('q',509);
--exec $MYSQL_DUMP --skip-create --compact --hex-blob test t1
DROP TABLE t1;
--echo #
--echo # End of 5.0 tests
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment