| Bug #87912 | Possible unintended usage of variable "len" in file "client/mysqltest.cc" | ||
|---|---|---|---|
| Submitted: | 29 Sep 2017 11:05 | Modified: | 10 Oct 2017 13:44 |
| Reporter: | Petru-Florin Mihancea | Email Updates: | |
| Status: | Verified | Impact on me: | |
| Category: | MySQL Server: Tests | Severity: | S3 (Non-critical) |
| Version: | 5.7 | OS: | Any |
| Assigned to: | CPU Architecture: | Any | |
[10 Oct 2017 13:44]
MySQL Verification Team
Hi! You are actually quite right. This is not a part of the server, but one of the test programs. However, a bug in a test program is still a bug. It should be len1 , since len is saved from the search for the command "query_get_value". Verified as reported.
Description: Hi, While experimenting with a CodeSonar plugin we develop, we noticed a potential bug in file "mysql-server/client/mysqltest.cc" line 2991 and 2992 function "eval_expr": /* Check if this is a "let $var= convert_error()" */ const char* get_value_str1= "convert_error"; const size_t len1= strlen(get_value_str1); if (strncmp(p, get_value_str1, len1)==0) { struct st_command command; memset(&command, 0, sizeof(command)); command.query= (char*)p; command.first_word_len= len; //HERE command.first_argument= command.query + len; //HERE command.end= (char*)*p_end; var_set_convert_error(&command, v); DBUG_VOID_RETURN; } Shouldn't you use the len1 variable (instead of len) at the mentioned lines? Best regards, Petru Mihancea How to repeat: This issue has been detected automatically via static analysis.