Bug #27715 mysqld --character-sets-dir buffer overflow
Submitted: 9 Apr 2007 12:31 Modified: 8 May 2007 1:11
Reporter: Ramil Kalimullin Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server: Charsets Severity:S1 (Critical)
Version: OS:Any
Assigned to: Ramil Kalimullin CPU Architecture:Any

[9 Apr 2007 12:31] Ramil Kalimullin 
Description:
mysqld doesn't check the length of the composed character set file name (somewhere) that leads to SIGSEGV.

How to repeat:
just launch 
./mysqld --character-sets-dir=`perl -e 'print "A"x2800';`
[26 Apr 2007 11:35] Bugs System 
Pushed into 5.0.42
[26 Apr 2007 11:35] Bugs System 
Pushed into 5.1.18-beta
[8 May 2007 1:11] Paul DuBois 
Noted in 5.0.42, 5.1.18 changelogs.

mysqld did not check the length of option values and could crash with
a buffer overflow for long values.