Bug#12347040: MEMORY LEAK IN CONVERT_TZ COULD POSSIBLY CAUSE

DOS ATTACKS Problem: For detailed description, see Bug#42502. This bug is a duplicate of Bug#42502. The complete fix for Bug#42502 was not made as proposed. Hence the bug still persists. Fix: Make the changes as proposed originally for the bugfix of 42502. Which is to remove the allocation of the memory before we actually check for any errors. sql/tztime.cc: Remove the double allocation for tz_info

Bug#12347040: MEMORY LEAK IN CONVERT_TZ COULD POSSIBLY CAUSE
DOS ATTACKS Problem: For detailed description, see Bug#42502. This bug is a duplicate of Bug#42502. The complete fix for Bug#42502 was not made as proposed. Hence the bug still persists. Fix: Make the changes as proposed originally for the bugfix of 42502. Which is to remove the allocation of the memory before we actually check for any errors. sql/tztime.cc: Remove the double allocation for tz_info
fa61c049 · Chaithra Gopalareddy · 5cf9e193 · fa61c049
Commit fa61c049 authored Dec 26, 2012 by Chaithra Gopalareddy
Hide whitespace changes
Inline Side-by-side

Showing with 3 additions and 18 deletions

sql/tztime.cc sql/tztime.cc +3 -18

No files found.
--- a/sql/tztime.cc
+++ b/sql/tztime.cc
@@ -1808,7 +1808,7 @@ static Time_zone*
 tz_load_from_open_tables(const String *tz_name, TABLE_LIST *tz_tables)
 {
  TABLE *table= 0;
-  TIME_ZONE_INFO *tz_info;
+  TIME_ZONE_INFO *tz_info= NULL;
  Tz_names_entry *tmp_tzname;
  Time_zone *return_val= 0;
  int res;
@@ -1816,7 +1816,8 @@ tz_load_from_open_tables(const String *tz_name, TABLE_LIST *tz_tables)
  my_time_t ttime;
  char buff[MAX_FIELD_WIDTH];
  String abbr(buff, sizeof(buff), &my_charset_latin1);
-  char *alloc_buff, *tz_name_buff;
+  char *alloc_buff= NULL;
+  char *tz_name_buff= NULL;
  /*
    Temporary arrays that are used for loading of data for filling
    TIME_ZONE_INFO structure
@@ -1836,22 +1837,6 @@ tz_load_from_open_tables(const String *tz_name, TABLE_LIST *tz_tables)

  DBUG_ENTER("tz_load_from_open_tables");

-  /* Prepare tz_info for loading also let us make copy of time zone name */
-  if (!(alloc_buff= (char*) alloc_root(&tz_storage, sizeof(TIME_ZONE_INFO) +
-                                       tz_name->length() + 1)))
-  {
-    sql_print_error("Out of memory while loading time zone description");
-    return 0;
-  }
-  tz_info= (TIME_ZONE_INFO *)alloc_buff;
-  bzero(tz_info, sizeof(TIME_ZONE_INFO));
-  tz_name_buff= alloc_buff + sizeof(TIME_ZONE_INFO);
-  /*
-    By writing zero to the end we guarantee that we can call ptr()
-    instead of c_ptr() for time zone name.
-  */
-  strmake(tz_name_buff, tz_name->ptr(), tz_name->length());
-
  /*
    Let us find out time zone id by its name (there is only one index
    and it is specifically for this purpose).