Commit a1b2a28e authored by Olivier Bertrand's avatar Olivier Bertrand

- Fix MDEV-9779. Avoid buffer overflow when setting partname.

  modified:   storage/connect/ha_connect.cc
  modified:   storage/connect/ha_connect.h
parent d681c50a
......@@ -757,7 +757,7 @@ ha_connect::ha_connect(handlerton *hton, TABLE_SHARE *table_arg)
sdvalout= NULL;
xmod= MODE_ANY;
istable= false;
*partname= 0;
memset(partname, 0, sizeof(partname));
bzero((char*) &xinfo, sizeof(XINFO));
valid_info= false;
valid_query_id= 0;
......@@ -3124,11 +3124,12 @@ int ha_connect::open(const char *name, int mode, uint test_if_locked)
if (table->part_info) {
if (GetStringOption("Filename") || GetStringOption("Tabname")
|| GetStringOption("Connect")) {
strcpy(partname, decode(g, strrchr(name, '#') + 1));
strncpy(partname, decode(g, strrchr(name, '#') + 1), sizeof(partname) - 1);
// strcpy(partname, table->part_info->curr_part_elem->partition_name);
part_id= &table->part_info->full_part_field_set;
// part_id= &table->part_info->full_part_field_set;
} else // Inward table
strcpy(partname, strrchr(name, slash) + 1);
strncpy(partname, strrchr(name, slash) + 1, sizeof(partname) - 1);
part_id= &table->part_info->full_part_field_set; // Temporary
} // endif part_info
#endif // WITH_PARTITION_STORAGE_ENGINE
......@@ -6144,7 +6145,7 @@ int ha_connect::create(const char *name, TABLE *table_arg,
strcpy(dbpath, name);
p= strrchr(dbpath, slash);
strcpy(partname, ++p);
strncpy(partname, ++p, sizeof(partname) - 1);
strcat(strcat(strcpy(buf, p), "."), lwt);
*p= 0;
} else {
......@@ -6195,7 +6196,7 @@ int ha_connect::create(const char *name, TABLE *table_arg,
#if defined(WITH_PARTITION_STORAGE_ENGINE)
if (part_info && !inward)
strcpy(partname, decode(g, strrchr(name, '#') + 1));
strncpy(partname, decode(g, strrchr(name, '#') + 1), sizeof(partname) - 1);
// strcpy(partname, part_info->curr_part_elem->partition_name);
#endif // WITH_PARTITION_STORAGE_ENGINE
......@@ -6236,8 +6237,9 @@ int ha_connect::create(const char *name, TABLE *table_arg,
#if defined(WITH_PARTITION_STORAGE_ENGINE)
if (part_info)
strcpy(partname,
decode(g, strrchr(name, (inward ? slash : '#')) + 1));
strncpy(partname,
decode(g, strrchr(name, (inward ? slash : '#')) + 1),
sizeof(partname) - 1);
#endif // WITH_PARTITION_STORAGE_ENGINE
if ((rc= optimize(table->in_use, NULL))) {
......
......@@ -554,7 +554,7 @@ int index_prev(uchar *buf);
PVAL sdvalin4; // Used to convert date values
PVAL sdvalout; // Used to convert date values
bool istable; // True for table handler
char partname[64]; // The partition name
char partname[65]; // The partition name
MODE xmod; // Table mode
XINFO xinfo; // The table info structure
bool valid_info; // True if xinfo is valid
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment