Description:
my_b_vprintf() allocates a buffer of 17 bytes on stack when printing long integers. However, on a 64-bit machine the largest decimal representation of 'long' is 20 characters (excluding the terminating zero). Which means the buffer is overrun in this case.

This has been fixed in 5.6 with the following revision: http://bazaar.launchpad.net/~mysql/mysql-server/5.6/revision/2876.295.40

5.5 and earlier versions are still affected.

How to repeat:
Call my_b_vprintf(..., "%lu", 18446744073709551614), for example.

Should be fixed in 5.5.

Kaamos, 

This bug should be fixed in 5.6.12.

Can you check it out ????

Sinisa,

As my original report says, the bug was fixed in 5.6 long before 5.6.12. But 5.1.70 and 5.5.32 (i.e. the current LP branches) are still affected.

Bug is fixed in 5.6, but should be fixed in 5.1 and 5.5 too ...

Noted in 5.1.73, 5.5.35 changelogs.

The my_b_vprintf() function could produce incorrect results for long
integers on 64-bit systems.

5.1$ bzr log -r 4046
------------------------------------------------------------
revno: 4046
committer: mithun <mithun.c.y@oracle.com>
branch nick: mysql-5.1
timestamp: Tue 2013-09-10 15:32:27 +0530
message:
  Bug #16978278 : BUFFER OVERFLOW WHEN PRINTING A LARGE 64-BIT INTEGER
                  WITH MY_B_VPRINTF()
  Issue         : In LP 64 machine max long value can be 20 digit
                  decimal value. But in my_b_vprintf() the intermediate
                  buffer storage used is 17 bytes length. This will lead to
                  buffer overflow.
  Solution      : Increased the buffer storage from 17 to 32 bytes.
                  code is backported from 5.6