Commit 0a92a344 authored by Magne Mahre's avatar Magne Mahre

Bug #38124 (clean-up patch)

The fix for Bug #38124 introuced a bug. If the value given 
for a set_var exceeded the length of the temporary buffer,
we would read behind the end of the buffer.  Using 
c_ptr_safe(), instead of c_ptr(), ensures that we won't
read beyond the buffer limit

mysql-6.0-codebase revid: 2617.44.1
parent 6b80cd91
...@@ -2544,7 +2544,7 @@ bool update_sys_var_str_path(THD *thd, sys_var_str *var_str, ...@@ -2544,7 +2544,7 @@ bool update_sys_var_str_path(THD *thd, sys_var_str *var_str,
String str(buff, sizeof(buff), system_charset_info), *newval; String str(buff, sizeof(buff), system_charset_info), *newval;
newval= var->value->val_str(&str); newval= var->value->val_str(&str);
old_value= newval->c_ptr(); old_value= newval->c_ptr_safe();
str_length= strlen(old_value); str_length= strlen(old_value);
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment