Bug #4925 | Crash in MySQL 4.0.20 in net_printf (str overflow ?) | ||
---|---|---|---|
Submitted: | 6 Aug 2004 12:30 | Modified: | 17 Aug 2004 23:58 |
Reporter: | jocelyn fournier (Silver Quality Contributor) | Email Updates: | |
Status: | Closed | Impact on me: | |
Category: | MySQL Server | Severity: | S2 (Serious) |
Version: | 4.0.20 | OS: | Linux (Linux) |
Assigned to: | Sergei Golubchik | CPU Architecture: | Any |
[6 Aug 2004 12:30]
jocelyn fournier
[6 Aug 2004 12:45]
jocelyn fournier
Note also that some of my files could have a 4.1 FRM header.
[6 Aug 2004 18:38]
Hartmut Holzgraefe
Although i can't reproduce this i still agree that using vsnprintf instead of vsprintf is a valid request.
[12 Aug 2004 0:28]
Antony Curtis
Patch for bug: ===== net_pkg.cc 1.31 vs edited ===== --- 1.31/sql/net_pkg.cc 2003-02-17 00:14:34 +00:00 +++ edited/net_pkg.cc 2004-08-11 23:03:13 +01:00 @@ -124,7 +124,7 @@ } offset= net->return_errno ? 2 : 0; text_pos=(char*) net->buff+head_length+offset+1; - (void) vsprintf(my_const_cast(char*) (text_pos),format,args); + (void) vsnprintf(my_const_cast(char*) (text_pos), (int) (net->buff_end-text_pos),format,args); length=(uint) strlen((char*) text_pos); if (length >= sizeof(net->last_error)) length=sizeof(net->last_error)-1; /* purecov: inspected */
[12 Aug 2004 0:34]
Antony Curtis
Actually, this patch will compile better ;) ===== net_pkg.cc 1.31 vs edited ===== --- 1.31/sql/net_pkg.cc 2003-02-17 00:14:34 +00:00 +++ edited/net_pkg.cc 2004-08-11 23:33:28 +01:00 @@ -124,7 +124,8 @@ } offset= net->return_errno ? 2 : 0; text_pos=(char*) net->buff+head_length+offset+1; - (void) vsprintf(my_const_cast(char*) (text_pos),format,args); + (void) vsnprintf(my_const_cast(char*) (text_pos), + (int)((char *)net->buff_end-(char *)text_pos),format,args); length=(uint) strlen((char*) text_pos); if (length >= sizeof(net->last_error)) length=sizeof(net->last_error)-1; /* purecov: inspected */
[17 Aug 2004 23:58]
Sergei Golubchik
Thank you for your bug report. This issue has been committed to our source repository of that product and will be incorporated into the next release. If necessary, you can access the source repository and build the latest available version, including the bugfix, yourself. More information about accessing the source trees is available at http://www.mysql.com/doc/en/Installing_source_tree.html Additional info: fixed in 4.1.21