bugfix: buffer overwrite in mariadb-backup

this fixes galera.galera_sst_mariabackup_table_options Note that `man snprintf` says The functions snprintf() and vsnprintf() do not write more than size bytes (including the terminating null byte ('\0')). If the output was truncated due to this limit, then the return value is the number of characters (excluding the terminating null byte) which would have been written to the final string if enough space had been available.

bugfix: buffer overwrite in mariadb-backup
this fixes galera.galera_sst_mariabackup_table_options Note that `man snprintf` says The functions snprintf() and vsnprintf() do not write more than size bytes (including the terminating null byte ('\0')). If the output was truncated due to this limit, then the return value is the number of characters (excluding the terminating null byte) which would have been written to the final string if enough space had been available.
983e6ca0 · Sergei Golubchik · 349ca2be · 983e6ca0
Commit 983e6ca0 authored May 04, 2024 by Sergei Golubchik
Hide whitespace changes
Inline Side-by-side

Showing with 4 additions and 2 deletions

extra/mariabackup/backup_mysql.cc extra/mariabackup/backup_mysql.cc +4 -2

No files found.
--- a/extra/mariabackup/backup_mysql.cc
+++ b/extra/mariabackup/backup_mysql.cc
@@ -66,7 +66,7 @@ Street, Fifth Floor, Boston, MA 02110-1335 USA
 #include "page0zip.h"

 char *tool_name;
-char tool_args[2048];
+char tool_args[8192];

 /* mysql flavor and version */
 mysql_flavor_t server_flavor = FLAVOR_UNKNOWN;
@@ -1937,9 +1937,11 @@ char *make_argv(char *buf, size_t len, int argc, char **argv)
 		if (strncmp(*argv, "--password", strlen("--password")) == 0) {
 			arg = "--password=...";
 		}
-		left-= snprintf(buf + len - left, left,
+		uint l= snprintf(buf + len - left, left,
 				"%s%c", arg, argc > 1 ? ' ' : 0);
 		++argv; --argc;
+                if (l < left)
+                  left-= l;
 	}

 	return buf;