Description:
The checking for unit parsing in MySQL is not strict. It ignores the invalid characters after the first unit character ('k', 'm', 'g').
The manifestation is that an erroneous user input such as '1M0' (should be 10M) would be translated as 1 without any warning message (obviously a typo).
The root cause is the checking in "eval_num_suffix()", is not complete.
The following example illustrates the problem.
$ mysqld --query_cache_limit=1K0
mysql> SHOW GLOBAL VARIABLES LIKE 'query\_cache\_limit';
+-------------------+-------+
| Variable_name | Value |
+-------------------+-------+
| query_cache_limit | 1024 |
+-------------------+-------+
1 row in set (0.00 sec)
How to repeat:
Described in the previous section.
Suggested fix:
Here is the tested patch to fix the problem:
The idea is straightforward. Check the characters after the unit character and print out the error message if the user setting is erroneous.
=============================================================
--- mysys/my_getopt.c 2012-08-29 01:50:46.000000000 -0700
+++ mysys/my_getopt.c 2013-03-17 15:42:54.298246608 -0700
@@ -857,6 +864,7 @@
static longlong eval_num_suffix(char *argument, int *error, char *option_name)
{
char *endchar;
+ char *lastchar;
longlong num;
*error= 0;
@@ -869,6 +877,19 @@
*error= 1;
return 0;
}
+
+ lastchar = endchar;
+ lastchar++;
+ if(*endchar == 'k' || *endchar == 'K' || *endchar == 'm' || *endchar == 'M' || *endchar == 'g' || *endchar == 'G') {
+ if(*lastchar != 0) {
+ fprintf(stderr,
+ "Unknown characters '%s' used for variable '%s' (value '%s')\n",
+ lastchar, option_name, argument);
+ *error=1;
+ return 0;
+ }
+ }
+
if (*endchar == 'k' || *endchar == 'K')
num*= 1024L;
else if (*endchar == 'm' || *endchar == 'M')
Description: The checking for unit parsing in MySQL is not strict. It ignores the invalid characters after the first unit character ('k', 'm', 'g'). The manifestation is that an erroneous user input such as '1M0' (should be 10M) would be translated as 1 without any warning message (obviously a typo). The root cause is the checking in "eval_num_suffix()", is not complete. The following example illustrates the problem. $ mysqld --query_cache_limit=1K0 mysql> SHOW GLOBAL VARIABLES LIKE 'query\_cache\_limit'; +-------------------+-------+ | Variable_name | Value | +-------------------+-------+ | query_cache_limit | 1024 | +-------------------+-------+ 1 row in set (0.00 sec) How to repeat: Described in the previous section. Suggested fix: Here is the tested patch to fix the problem: The idea is straightforward. Check the characters after the unit character and print out the error message if the user setting is erroneous. ============================================================= --- mysys/my_getopt.c 2012-08-29 01:50:46.000000000 -0700 +++ mysys/my_getopt.c 2013-03-17 15:42:54.298246608 -0700 @@ -857,6 +864,7 @@ static longlong eval_num_suffix(char *argument, int *error, char *option_name) { char *endchar; + char *lastchar; longlong num; *error= 0; @@ -869,6 +877,19 @@ *error= 1; return 0; } + + lastchar = endchar; + lastchar++; + if(*endchar == 'k' || *endchar == 'K' || *endchar == 'm' || *endchar == 'M' || *endchar == 'g' || *endchar == 'G') { + if(*lastchar != 0) { + fprintf(stderr, + "Unknown characters '%s' used for variable '%s' (value '%s')\n", + lastchar, option_name, argument); + *error=1; + return 0; + } + } + if (*endchar == 'k' || *endchar == 'K') num*= 1024L; else if (*endchar == 'm' || *endchar == 'M')