mirror/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2026-05-15 19:37:16 +02:00
Code Issues Projects Releases Packages Wiki Activity

Bug #13889741: HANDLE_FATAL_SIGNAL IN _DB_ENTER_ |

Browse source 
HANDLE_FATAL_SIGNAL IN STRNLEN

Fixed the following bounds checking problems :
1. in check_if_legal_filename() make sure the null terminated
string is long enough before accessing the bytes in it.
Prevents pottential read-past-buffer-end
2. in my_wc_mb_filename() of the filename charset check
for the end of the destination buffer before sending single
byte characters into it.
Prevents write-past-end-of-buffer (and garbaling stack in
the cases reported here) errors.

Added test cases.
This commit is contained in:
Georgi Kodinov 2012-07-05 13:41:16 +03:00
commit 048577429f
2 changed files with 6 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

4
strings/ctype-utf8.c
View file

@ -4326,6 +4326,10 @@ my_wc_mb_filename(CHARSET_INFO *cs __attribute__((unused)),
{
int code;
char hex[]= "0123456789abcdef";
if (s >= e)
return MY_CS_TOOSMALL;
if (wc < 128 && filename_safe_char[wc])
{
*s= (uchar) wc;