| Bug #103 | Bug in mysys/charset.c:get_word() | ||
|---|---|---|---|
| Submitted: | 26 Feb 2003 11:55 | Modified: | 26 Apr 2003 6:00 |
| Reporter: | [ name withheld ] | Email Updates: | |
| Status: | Closed | Impact on me: | |
| Category: | MySQL Server | Severity: | S3 (Non-critical) |
| Version: | 3.23.55 | OS: | |
| Assigned to: | Alexander Barkov | CPU Architecture: | Any |
[11 Mar 2003 12:59]
Lenz Grimmer
Bar, could you please have a look at this?
[26 Apr 2003 6:00]
Michael Widenius
Thank you for your bug report. This issue has been fixed in the latest
development tree for that product. You can find more information about
accessing our development trees at
http://www.mysql.com/doc/en/Installing_source_tree.html
Fixed in 3.23 tree
Description: Here is get_word function: static my_bool get_word(struct simpleconfig_buf_st *fb, char *buf) { char *endptr=fb->p; for (;;) { while (isspace(*endptr)) ++endptr; if (*endptr && *endptr != '#') /* Not comment */ break; /* Found something */ if ((fgets(fb->buf, sizeof(fb->buf), fb->f)) == NULL) return TRUE; /* end of file */ endptr = fb->buf; } while (!isspace(*endptr)) *buf++= *endptr++; *buf=0; fb->p = endptr; return FALSE; } It is called from fill_array(), which is called from read_charset_file(). Consider charset file which ends like this: ... B8 BA BC BE C0 C2 C4 C6 C8 CA CC CE D0 D2 D4 D6<EOF HERE> Ie. no '\n' at the end of file (file comes from developer on Windows machine, and Windows editors tends to strip final newline for some reason). The affected line is: while (!isspace(*endptr)) It will hit '\0' (or other arbitrary value if line is longer than buffer) when its past the data read by fgets() which is not whitespace character as assumed. isspace() returns false and copying process will continue with unexpected results. How to repeat: Suggested fix: Should be changed to (*endptr && !isspace(*endptr)).