[MDEV-14981] String::c_ptr may abort - Jira

XML

Word

Printable

Details

Type: Bug
Status: Open (View Workflow)
Priority: Major
Resolution: Unresolved
Affects Version/s: 10.2.12
Fix Version/s: 10.2
Component/s: Debug, Server
Labels:
None

Description

the function String::c_ptr() has a debug assert to ensure there was room for a /0 terminator. This may be false in the following series.

Start with a string where str_length == Alloced_length - 1.
Append a single character such that this is called:

  inline bool append(char chr)

    if (str_length < Alloced_length)

      Ptr[str_length++]=chr;

    else

      if (realloc_with_extra(str_length + 1))

	return 1;

      Ptr[str_length++]=chr;

    return 0;

The character is added, wiping out the /0 and creating a situation where str_length == Alloced_length and if c_ptr() is called next, the debug assert aborts.

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: David Hall (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 2018-01-17 20:01

Updated:: 2020-12-01 12:39

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.