Bug #38124 (clean-up patch)

The fix for Bug #38124 introuced a bug. If the value given for a set_var exceeded the length of the temporary buffer, we would read behind the end of the buffer. Using c_ptr_safe(), instead of c_ptr(), ensures that we won't read beyond the buffer limit mysql-6.0-codebase revid: 2617.44.1

Bug #38124 (clean-up patch)
The fix for Bug #38124 introuced a bug. If the value given for a set_var exceeded the length of the temporary buffer, we would read behind the end of the buffer. Using c_ptr_safe(), instead of c_ptr(), ensures that we won't read beyond the buffer limit mysql-6.0-codebase revid: 2617.44.1
7e895de8 · Magne Mahre · 53d54948 · 7e895de8
Commit 7e895de8 authored Oct 15, 2009 by Magne Mahre
Hide whitespace changes
Inline Side-by-side

Showing with 1 addition and 1 deletion

sql/set_var.cc sql/set_var.cc +1 -1

No files found.
--- a/sql/set_var.cc
+++ b/sql/set_var.cc
@@ -2544,7 +2544,7 @@ bool update_sys_var_str_path(THD *thd, sys_var_str *var_str,
    String str(buff, sizeof(buff), system_charset_info), *newval;

    newval= var->value->val_str(&str);
-    old_value= newval->c_ptr();
+    old_value= newval->c_ptr_safe();
    str_length= strlen(old_value);
  }