Bug #53956 buffer overflow in mysqlshow with long table and column names
Submitted: 25 May 2010 3:59 Modified: 20 Apr 2013 17:16
Reporter: Shane Bester (Platinum Quality Contributor) Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server: Command-line Clients Severity:S3 (Non-critical)
Version:5.0.91, 5.1.47, 5.1.48-bzr, 5.5.3 OS:Any (Windows, Mac OS X)
Assigned to: CPU Architecture:Any
Tags: buffer overflow, mysqlshow

[25 May 2010 3:59] Shane Bester 
Description:
in mysqlshow, the list_fields function contains this static buffer
char query[1024];
which is overrun when a long column name is given:

strxmov(end," like '",wild,"'",NullS);

The result is a crash of the client.

How to repeat:
On windows, run this all on one line:

mysqlshow.exe -h127.0.0.1 mysql user aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
[25 May 2010 4:04] MySQL Verification Team 
same problem for the function list_table_status and a long table name given.
[25 May 2010 4:11] Valeriy Kravchuk 
Verified with recent 5.1.48 from bzr on Mac OS X also.
[9 Apr 2013 12:56] MySQL Verification Team 
Still affects even mysql-trunk today, testcase:

php -r "system('mysqlshow.exe -uroot -vvv test showit '.str_repeat('a',2000));"
[20 Apr 2013 17:16] Paul DuBois 
Noted in 5.7.2 changelog.

Long table or column names could cause mysqlshow to exit.