Commit 0a92a344 authored by Magne Mahre's avatar Magne Mahre

Bug #38124 (clean-up patch)

The fix for Bug #38124 introuced a bug. If the value given 
for a set_var exceeded the length of the temporary buffer,
we would read behind the end of the buffer.  Using 
c_ptr_safe(), instead of c_ptr(), ensures that we won't
read beyond the buffer limit

mysql-6.0-codebase revid: 2617.44.1
parent 6b80cd91
......@@ -2544,7 +2544,7 @@ bool update_sys_var_str_path(THD *thd, sys_var_str *var_str,
String str(buff, sizeof(buff), system_charset_info), *newval;
newval= var->value->val_str(&str);
old_value= newval->c_ptr();
old_value= newval->c_ptr_safe();
str_length= strlen(old_value);
}
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment