Bug #77853 format_path() does not consider directory boundaries
Submitted: 28 Jul 2015 4:36 Modified: 5 Jul 2016 16:39
Reporter: Jesper wisborg Krogh Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server: SYS Schema Severity:S3 (Non-critical)
Version:1.4.0 OS:Any
Assigned to: CPU Architecture:Any

[28 Jul 2015 4:36] Jesper wisborg Krogh 
Description:
The sys.format_path() function makes replacements purely based a match irrespectively of whether the match is really only for a prefix of the actual value.

How to repeat:
For example with:

   [mysqld]
   innodb_data_home_dir  = /mysql/innodb
   innodb_undo_directory = /mysql/innodb_undo

you get:

mysql> SELECT @@innodb_undo_directory, @@innodb_data_home_dir, sys.format_path(@@innodb_undo_directory);
+-------------------------+------------------------+------------------------------------------+
| @@innodb_undo_directory | @@innodb_data_home_dir | sys.format_path(@@innodb_undo_directory) |
+-------------------------+------------------------+------------------------------------------+
| /mysql/innodb_undo      | /mysql/innodb          | @@innodb_data_home_dir/_undo             |
+-------------------------+------------------------+------------------------------------------+
1 row in set (0.00 sec)

Suggested fix:
At least check for a directory boundary or end of string before making the replacement.
[5 Jul 2016 16:39] Paul DuBois 
Posted by developer:
 
Noted in 5.7.14 changelog.

The sys schema format_path() function replaced substrings of the path
name argument without verifying that the substrings were delimited by
path name separators.