Details
-
Type:
Bug
-
Status: Closed (View Workflow)
-
Priority:
Major
-
Resolution: Fixed
-
Affects Version/s: 10.2.29
-
Component/s: Server, Storage Engine - Connect
Description
Our checker detected a probable buffer overflow in strncat call (storage/connect/reldef.cpp:503:63):
[ 3291s] I: Statement might be overflowing a buffer in strncat. Common mistake:
[ 3291s] BAD: strncat(buffer,charptr,sizeof(buffer)) is wrong, it takes the left over size as 3rd argument
[ 3291s] GOOD: strncat(buffer,charptr,sizeof(buffer)-strlen(buffer)-1)
[ 3291s] E: mariadb bufferoverflowstrncat /home/abuild/rpmbuild/BUILD/mariadb-10.2.29/storage/connect/reldef.cpp:503:63
There are probably more of such strncat calls in the MariaDB server so it would be wise to revise all of them.