• unknown's avatar
    This is a patch for Bug#48500 · 71c54b8c
    unknown authored
    5.0 buffer overflow for ER_UPDATE_INFO, or truncated info message in 5.1
          
    5.0.86 has a buffer overflow/crash, and 5.1.40 has a truncated message.
          
    errmsg.txt contains this:
          
    ER_UPDATE_INFO
    rum "Linii identificate (matched): %ld  Schimbate: %ld  Atentionari 
    (warnings): %ld"
    When that is sprintf'd into a buffer of STRING_BUFFER_USUAL_SIZE size,
    a buffer overflow can happen.
          
    The solution to this is to use MYSQL_ERRMSG_SIZE for the buffer size, 
    instead of STRING_BUFFER_USUAL_SIZE. This will allow longer strings. 
    To avoid potential crashes, we will also use my_snprintf instead of
    sprintf.
    
    sql/sql_update.cc:
      sing MYSQL_ERRMSG_SIZE instead of STRING_BUFFER_USUAL_SIZE.
      Using my_snprintf instead of sprintf.
    71c54b8c
sql_update.cc 54.8 KB