Bug#24498 Stack overflow in mysqltest

- Thanks to Vasil Dimov for the patch! client/mysqltest.c: Use my_snprintf to protect against exceeding size of buff Since variable name and valu might not be null terminated it's necessary to provide the length of the format specifiers.

Bug#24498 Stack overflow in mysqltest
- Thanks to Vasil Dimov for the patch! client/mysqltest.c: Use my_snprintf to protect against exceeding size of buff Since variable name and valu might not be null terminated it's necessary to provide the length of the format specifiers.
ecba2302 · unknown · 0c81ee81 · ecba2302
Commit ecba2302 authored Dec 08, 2006 by unknown
Hide whitespace changes
Inline Side-by-side

Showing with 3 additions and 1 deletion

client/mysqltest.c client/mysqltest.c +3 -1

No files found.
--- a/client/mysqltest.c
+++ b/client/mysqltest.c
@@ -1240,7 +1240,9 @@ void var_set(const char *var_name, const char *var_name_end,
      v->int_dirty= 0;
      v->str_val_len= strlen(v->str_val);
    }
-    strxmov(buf, v->name, "=", v->str_val, NullS);
+    my_snprintf(buf, sizeof(buf), "%.*s=%.*s",
+                v->name_len, v->name,
+                v->str_val_len, v->str_val);
    if (!(v->env_s= my_strdup(buf, MYF(MY_WME))))
      die("Out of memory");
    putenv(v->env_s);