Bug #104856 | Possible SIGSEGV in set_parse_error_message | ||
---|---|---|---|
Submitted: | 7 Sep 2021 11:54 | Modified: | 17 Nov 2021 12:56 |
Reporter: | Dmitriy Philimonov | Email Updates: | |
Status: | Closed | Impact on me: | |
Category: | MySQL Server: Stored Routines | Severity: | S2 (Serious) |
Version: | 8.0 | OS: | Any |
Assigned to: | CPU Architecture: | Any |
[7 Sep 2021 11:54]
Dmitriy Philimonov
[7 Sep 2021 12:52]
MySQL Verification Team
Hi Mr. Philimonov, Thank you for your bug report. We fully agree with your analysis of the problem. Verified as reported.
[17 Nov 2021 12:56]
Jon Stephens
Documented fix as follows in the MySQL 8.0.28 changelog: Code inspection showed used of strncpy() in the internal function set_parse_error_message() without ensuring that the last byte of the buffer being copied into was a null byte. We fix this by using snprintf() instead; this makes sure that the result is valid even if it is truncated. Closed.
[17 Nov 2021 13:34]
MySQL Verification Team
Thank you, Jon !!!!