| Bug #13650 | DBUG_PRINT reads uninited memory in db_find_routine*() | ||
|---|---|---|---|
| Submitted: | 30 Sep 2005 12:16 | Modified: | 11 Oct 2005 16:49 |
| Reporter: | Guilhem Bichot | Email Updates: | |
| Status: | Closed | Impact on me: | |
| Category: | MySQL Server | Severity: | S3 (Non-critical) |
| Version: | 5.0 | OS: | Linux (linux) |
| Assigned to: | Jim Winstead | CPU Architecture: | Any |
[7 Oct 2005 0:37]
Bugs System
A patch for this bug has been committed. After review, it may be pushed to the relevant source trees for release in the next version. You can access the patch from: http://lists.mysql.com/internals/30793
[11 Oct 2005 16:49]
Jim Winstead
Fixed in 5.0.15.
Description: calling SELECT fn1(20) where fn1() is this function: CREATE FUNCTION fn1(x INT) RETURNS INT DETERMINISTIC BEGIN INSERT INTO mtest.t1 VALUES (x); RETURN x+2; END| we find in the debug trace of the server: T@11479719: | | | | | | >db_find_routine T@11479719: | | | | | | | enter: type: 1 name: fn1�^A db_find_routine_aux() has the same problem. In gdb: m_name = {str = 0x17d905f "fn1\177\001", length = 3} and the DBUG_PRINT is: DBUG_PRINT("enter", ("type: %d name: %*s", type, name->m_name.length, name->m_name.str)); So the string is not 0-terminated, and even though fprintf() is told to display only 3 characters (%*s form) it apparently reads and prints until it finds a zero. How to repeat: see above.