Description:
Can't pass value longer than 67 as TableType parameter to SQLTables.

SQLTables (http://msdn2.microsoft.com/en-us/library//ms711831.aspx)

overrun(length 69): 'TABLE','VIEW','SYNONYM','ALIAS','GLOBAL TEMPORARY','LOCAL TEMPORARY'
overrun(length 68): 'TABLE','VIEW','SYNONYM','ALIAS','GLOBAL TEMPORARY','LOCAL TEMPORAR'
ok(length 67): 'TABLE','VIEW','SYNONYM','ALIAS','GLOBAL TEMPORARY','LOCAL TEMPORA'

How to repeat:
Microsoft ODBC test tool odbcte32
- Full connect (odbc 3.0, use odbc)
- Catalog|SQLTables, only fill in TableType with:
'TABLE','VIEW','SYNONYM','ALIAS','GLOBAL TEMPORARY','LOCAL TEMPORARY'
- Press Ok, wait a minute, BOEM!

Suggested fix:
No buffer overrun.

Hi Patrick and thanks for your report.

I don't see us posing this limitation in our code... Can you please use "SQL_ALL_TABLE_TYPES" instead of long strings while I consult whether this is our bug or not.

In any case, odbcte32.exe bombs just like described.

I stand corrected... Our fault:
static my_bool check_table_type(const char *TableType, 
                                const char *req_type, 
                                uint       len)
{
    char    req_type_quoted[NAME_LEN+2], req_type_quoted1[NAME_LEN+2];
...
Type_buff[NAME_LEN+1],

Verified as described by reporter. Maybe we should increase MYSQL_NAME_LEN.

Made buffer allocation dynamic for the one, described in bug, and for the rest I found can be overrun.

Attachment: bug36275.diff (application/octet-stream, text), 14.20 KiB.

Remove buggy helper functions in catalog.c and fix treatment of identifiers as wildcards

Attachment: bug36275.patch (text/plain), 27.70 KiB.

Updated patch including test case and removing handling of  SQL_ALL_* as strings

Attachment: bug36275.patch (text/plain), 30.60 KiB.

ok to push.

Fixed in the upcoming 5.1.5 release.

An entry has been added to the 5.1.5 changelog:

Assigning a string longer than 67 characters to the TableType parameter resulted in a buffer overrun when the SQLTables() function was called.