ganapathi / rpms / mariadb

Forked from rpms/mariadb 4 years ago
Clone
Source Code
GIT

Blame SOURCES/mariadb-covscan-stroverflow.patch

c4 c5 c5-plus c6 c6-plus c6-sig-sclo c7 c7-alt c7-beta c8-beta-stream-10.3 c8-stream-10.3
  1.   54b47928deae8f54cb7649cff35e700626fb142c
  2.   SOURCES
  3.   mariadb-covscan-stroverflow.patch
Blob History Raw
031387 
The following problems have been found by Coverity - static analysis tool.
031387
031387 
mysql-5.5.31/sql/sp_rcontext.h:87:buffer_size_warning – Calling strncpy with a maximum size argument of 512 bytes on destination array "this->m_message" of size 512 bytes might leave the destination string unterminated.
031387
ca2eb8 
diff -rup mariadb-5.5.47.covscan-stroverflow/sql/sp_rcontext.h mariadb-5.5.47/sql/sp_rcontext.h
ca2eb8 
--- mariadb-5.5.47.covscan-stroverflow/sql/sp_rcontext.h	2015-12-09 18:22:47.000000000 +0100
ca2eb8 
+++ mariadb-5.5.47/sql/sp_rcontext.h	2016-02-04 07:55:50.073558349 +0100
031387 
@@ -84,7 +84,8 @@ public:
031387 
     memcpy(m_sql_state, sqlstate, SQLSTATE_LENGTH);
031387 
     m_sql_state[SQLSTATE_LENGTH]= '\0';
031387
031387 
-    strncpy(m_message, msg, MYSQL_ERRMSG_SIZE);
031387 
+    strncpy(m_message, msg, sizeof(m_message)-1);
031387 
+    m_message[sizeof(m_message)-1] = '\0';
031387 
   }
031387
031387 
   void clear()

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation