Bug #20622 Buffer overwrite in instance manager causes im crash
Submitted: 22 Jun 2006 10:05 Modified: 6 Jul 2006 22:43
Reporter: Kristian Nielsen Email Updates:
Status: Closed Impact on me:
None 
Category:Instance Manager Severity:S1 (Critical)
Version:5.0 OS:Linux (Linux)
Assigned to: Kristian Nielsen CPU Architecture:Any

[22 Jun 2006 10:05] Kristian Nielsen
Description:
I hit a 1-byte buffer overwrite problem in instance manager.

In Instance_options::complete_initialization(), a buffer is allocated and passed to convert_dirname(). However the buffer is too short (convert_dirname() adds stuff at the end), causing buffer overwrite and occational crash.

How to repeat:
mysql-test-run.pl --valgrind-all im_cmd_line

Suggested fix:
I will commit a fix shortly.
[22 Jun 2006 10:34] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/8062
[22 Jun 2006 14:17] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/8078
[22 Jun 2006 14:38] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/8079
[23 Jun 2006 11:32] Alexander Nozdrin
Updated the version, because the same problem is in 5.0.
[23 Jun 2006 12:14] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/8136
[23 Jun 2006 12:52] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/8138
[23 Jun 2006 16:49] Kristian Nielsen
Pushed to mysql-5.0-runtime.
[24 Jun 2006 14:48] Kristian Nielsen
Pushed to mysql-5.1.

Fixed in 5.1.12.

(Will be pushed into mysql-5.0 when mysql-5.0-runtime team tree is merged.
[26 Jun 2006 19:46] Alexander Nozdrin
Pushed into 5.0 tree, currently tagged 5.0.23.
[6 Jul 2006 22:43] Paul DuBois
Noted in 5.0.23, 5.1.12 changelogs.

A buffer overwrite error in Instance Manager caused a crash.