Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-221

memcmp() in filename_to_tablename can read past the end of the input string

Details

    • Bug
    • Status: Closed (View Workflow)
    • Minor
    • Resolution: Fixed
    • 5.5.22, 5.5.23
    • 5.5.24
    • None
    • None

    Description

      The code in question is

      if (!memcmp(from, tmp_file_prefix, tmp_file_prefix_length))

      The problem here is that 'from' can have length < 4 (=tmp_file_prefix_length), and there might be anything past the end of from, for example another page with unmapped memory

      The problem is found with Windows Application verifier, that tweaks heap allocations in a way that they are places at the end of the page. Quite a lot of innodb tests crash in this function, when mysqld is run under application verifier.

      Attachments

        Activity

          There are no comments yet on this issue.

          People

            Unassigned Unassigned
            wlad Vladislav Vaintroub
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Git Integration

                Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.