Commit 1ef420b8 authored by Nirbhay Choubey's avatar Nirbhay Choubey

Bug#16066243 PB2 FAILURES I_MAIN.BUG15912213 AND

    I_MAIN.CTYPE_UTF8 FOR MACOSX10.6 FOR 5.1

While converting directory name to filename, a
file separator (FN_LIBCHAR) might get appended
to the resulting file name. This can result in
off-by-one error when length of the input string
is equal to FN_REFLEN. In this case, the terminating
'\0' gets written beyond the buffer allocated to store
the result.

Fixed by incrementing the dst buffer size by 1. As
extra safety, switched to strnmov() and added a debug
assert to check the length of the input file name.

No test case added as the scenario is already
covered by the test cases added for bugs in
the description.
parent 39323920
...@@ -103,7 +103,7 @@ MY_DIR *my_dir(const char *path, myf MyFlags) ...@@ -103,7 +103,7 @@ MY_DIR *my_dir(const char *path, myf MyFlags)
MEM_ROOT *names_storage; MEM_ROOT *names_storage;
DIR *dirp; DIR *dirp;
struct dirent *dp; struct dirent *dp;
char tmp_path[FN_REFLEN+1],*tmp_file; char tmp_path[FN_REFLEN + 2], *tmp_file;
#ifdef THREAD #ifdef THREAD
char dirent_tmp[sizeof(struct dirent)+_POSIX_PATH_MAX+1]; char dirent_tmp[sizeof(struct dirent)+_POSIX_PATH_MAX+1];
#endif #endif
...@@ -215,10 +215,11 @@ char * directory_file_name (char * dst, const char *src) ...@@ -215,10 +215,11 @@ char * directory_file_name (char * dst, const char *src)
/* Process as Unix format: just remove test the final slash. */ /* Process as Unix format: just remove test the final slash. */
char * end; char * end;
DBUG_ASSERT(strlen(src) < (FN_REFLEN + 1));
if (src[0] == 0) if (src[0] == 0)
src= (char*) "."; /* Use empty as current */ src= (char*) "."; /* Use empty as current */
end=strmov(dst, src); end= strnmov(dst, src, FN_REFLEN + 1);
if (end[-1] != FN_LIBCHAR) if (end[-1] != FN_LIBCHAR)
{ {
end[0]=FN_LIBCHAR; /* Add last '/' */ end[0]=FN_LIBCHAR; /* Add last '/' */
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment