• lars-erik.bjork@sun.com's avatar
    This is a patch for Bug#48500 · 44e2c65a
    lars-erik.bjork@sun.com authored
    5.0 buffer overflow for ER_UPDATE_INFO, or truncated info message in 5.1
          
    5.0.86 has a buffer overflow/crash, and 5.1.40 has a truncated message.
          
    errmsg.txt contains this:
          
    ER_UPDATE_INFO
    rum "Linii identificate (matched): %ld  Schimbate: %ld  Atentionari 
    (warnings): %ld"
    When that is sprintf'd into a buffer of STRING_BUFFER_USUAL_SIZE size,
    a buffer overflow can happen.
          
    The solution to this is to use MYSQL_ERRMSG_SIZE for the buffer size, 
    instead of STRING_BUFFER_USUAL_SIZE. This will allow longer strings. 
    To avoid potential crashes, we will also use my_snprintf instead of
    sprintf.
    44e2c65a
sql_update.cc 54.8 KB