Commit 348d14c7 authored by Thayumanavar's avatar Thayumanavar

BUG#16402143 - STACK CORRUPTION IN DBUG_EXPLAIN

DESCRIPTION AND FIX:
DBUG_EXPLAIN result in buffer overflow when the
DEBUG variable values length exceed 255.
In _db_explain_ function which call macro str_to_buf
incorrectly passes the length of buf avaliable to
strnmov as len+1. The fix calculates the avaliable
space in buf and passes it to strnxmov.
parent b350990a
......@@ -919,7 +919,7 @@ void _db_pop_()
} while (0)
#define str_to_buf(S) do { \
char_to_buf(','); \
buf=strnmov(buf, (S), len+1); \
buf=strnmov(buf, (S), end-buf); \
if (buf >= end) goto overflow; \
} while (0)
#define list_to_buf(l, f) do { \
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment