bugfix: buffer overwrite in mariadb-backup

this fixes galera.galera_sst_mariabackup_table_options Note that `man snprintf` says The functions snprintf() and vsnprintf() do not write more than size bytes (including the terminating null byte ('\0')). If the output was truncated due to this limit, then the return value is the number of characters (excluding the terminating null byte) which would have been written to the final string if enough space had been available.
2025-01-29 02:05:57 +01:00 · 2024-05-04 21:02:53 +02:00 · 2024-05-04 21:02:53 +02:00 · 983e6ca097
commit 983e6ca097
parent 349ca2be74
1 changed files with 4 additions and 2 deletions
--- a/extra/mariabackup/backup_mysql.cc
+++ b/extra/mariabackup/backup_mysql.cc
@ -66,7 +66,7 @@ Street, Fifth Floor, Boston, MA 02110-1335 USA
 #include "page0zip.h"

 char *tool_name;
-char tool_args[2048];
+char tool_args[8192];

 /* mysql flavor and version */
 mysql_flavor_t server_flavor = FLAVOR_UNKNOWN;
@ -1937,9 +1937,11 @@ char *make_argv(char *buf, size_t len, int argc, char **argv)
 		if (strncmp(*argv, "--password", strlen("--password")) == 0) {
 			arg = "--password=...";
 		}
-		left-= snprintf(buf + len - left, left,
+		uint l= snprintf(buf + len - left, left,
 				"%s%c", arg, argc > 1 ? ' ' : 0);
 		++argv; --argc;
+                if (l < left)
+                  left-= l;
 	}

 	return buf;