mirror/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-01-29 10:14:19 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

InnoDB: Fix potential buffer underflow.

Browse source
This commit is contained in:
osku@127.(none) 2005-09-29 13:02:18 +03:00
parent acdc193a45
commit ad52436711
3 changed files with 38 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
innobase/include/ut0mem.h
View file

@ -122,6 +122,7 @@ ut_strcmp(const void* str1, const void* str2);
Copies up to size - 1 characters from the NUL-terminated string src to
dst, NUL-terminating the result. Returns strlen(src), so truncation
occurred if the return value >= size. */
ulint
ut_strlcpy(
/*=======*/
@ -130,6 +131,18 @@ ut_strlcpy(
const char* src, /* in: source buffer */
ulint size); /* in: size of destination buffer */
/**************************************************************************
Like ut_strlcpy, but if src doesn't fit in dst completely, copies the last
(size - 1) bytes of src, not the first. */
ulint
ut_strlcpy_rev(
/*===========*/
/* out: strlen(src) */
char* dst, /* in: destination buffer */
const char* src, /* in: source buffer */
ulint size); /* in: size of destination buffer */
/**************************************************************************
Compute strlen(ut_strcpyq(str, q)). */
UNIV_INLINE

4
innobase/mem/mem0mem.c
View file

@ -187,9 +187,7 @@ mem_heap_create_block(
}
block->magic_n = MEM_BLOCK_MAGIC_N;
ut_memcpy(&(block->file_name), file_name + ut_strlen(file_name) - 7,
7);
block->file_name[7]='\0';
ut_strlcpy_rev(block->file_name, file_name, sizeof(block->file_name));
block->line = line;
#ifdef MEM_PERIODIC_CHECK

25
innobase/ut/ut0mem.c
View file

@ -364,7 +364,30 @@ ut_strlcpy(
dst[n] = '\0';
}
return src_size;
return(src_size);
}
/**************************************************************************
Like ut_strlcpy, but if src doesn't fit in dst completely, copies the last
(size - 1) bytes of src, not the first. */
ulint
ut_strlcpy_rev(
/*===========*/
/* out: strlen(src) */
char* dst, /* in: destination buffer */
const char* src, /* in: source buffer */
ulint size) /* in: size of destination buffer */
{
ulint src_size = strlen(src);
if (size != 0) {
ulint n = ut_min(src_size, size - 1);
memcpy(dst, src + src_size - n, n + 1);
}
return(src_size);
}
/**************************************************************************