[MDEV-21084] Statement might be overflowing a buffer in strncat - Jira

XML

Word

Printable

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Major
Resolution: Fixed
Affects Version/s: 10.2.29
Fix Version/s: 10.2.30, 10.3.21, 10.4.11
Component/s: Server, Storage Engine - Connect
Labels:
- buffer
- overflow
- server

Description

Our checker detected a probable buffer overflow in strncat call (storage/connect/reldef.cpp:503:63):

[ 3291s] I: Statement might be overflowing a buffer in strncat. Common mistake:
[ 3291s] BAD: strncat(buffer,charptr,sizeof(buffer)) is wrong, it takes the left over size as 3rd argument
[ 3291s] GOOD: strncat(buffer,charptr,sizeof(buffer)-strlen(buffer)-1)
[ 3291s] E: mariadb bufferoverflowstrncat /home/abuild/rpmbuild/BUILD/mariadb-10.2.29/storage/connect/reldef.cpp:503:63

There are probably more of such strncat calls in the MariaDB server so it would be wise to revise all of them.

Attachments

Options
- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

Attachments

mariadb-10.2.29-bufferoverflowstrncat.patch
0.6 kB
2019-11-19 12:51

Activity

People

Assignee:: Olivier Bertrand

Reporter:: Kristyna Streitova

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 2019-11-19 12:56

Updated:: 2019-11-27 23:44

Resolved:: 2019-11-27 23:44