• unknown's avatar
    Bug#31752: check strmake() bounds · a905ac34
    unknown authored
    strmake() calls are easy to get wrong. Add checks in extra
    debug mode to identify possible exploits.
    
    Remove some dead code.
    
    Remove some off-by-one errors identified with new checks.
    
    
    sql/log.cc:
      fix off-by-one buffer-length argument to prevent stack smashing
    sql/repl_failsafe.cc:
      fix off-by-one buffer-length argument to prevent stack smashing
    sql/set_var.cc:
      fix off-by-one buffer-length argument to prevent stack smashing
      (already approved, backports #31588)
    sql/sql_show.cc:
      misdimensioned buffers: functions further down the callstack
      expect bufsize of FN_REFLEN
    sql/unireg.cc:
      When EXTRA_DEBUG is enabled, strmake() will write funny patterns to
      buffers it operates on to identify possibly overflows. This leads to
      badness in mysql_create_frm(), so we explicitly put any unused bytes
      (back) into a defined state. Not a bug-fix, but part of the strmake()
      bug detector.
    strings/strmake.c:
      strmake() takes maximum string length rather than buffer-length
      (string length + 1 to accomodate \0 terminator) as argument.
      Since this is easy to get wrong, add extra debug code to identify
      off-by-ones so we can prevent stack smashing.
      
      Alternative "BAD_STRING_COMPILER" removed after checking
      with Monty.
    a905ac34
repl_failsafe.cc 26.5 KB