Details
-
Bug
-
Status: Open (View Workflow)
-
Major
-
Resolution: Unresolved
-
10.2(EOL), 10.3(EOL), 10.4(EOL), 10.5(EOL), 10.6, 10.7(EOL), 10.8(EOL)
-
None
-
None
-
None
Description
client/mysqldump.c
In the for() loop, we increment delimiter_max_size at the end rather than proposed_length. If the passed-in query contains no more than one consecutive ';', all is well. But if the query contains ';;' the the function never returns.
static char *create_delimiter(char *query, char *delimiter_buff, |
int delimiter_max_size) |
{
|
int proposed_length; |
char *presence; |
|
|
delimiter_buff[0]= ';'; /* start with one semicolon, and */ |
|
|
for (proposed_length= 2; proposed_length < delimiter_max_size; |
*delimiter_max_size*++) {
|
|
|
delimiter_buff[proposed_length-1]= ';'; /* add semicolons, until */ |
delimiter_buff[proposed_length]= '\0'; |
|
|
presence = strstr(query, delimiter_buff); |
if (presence == NULL) { /* the proposed delimiter is not in the query. */ |
return delimiter_buff; |
}
|
|
|
}
|
return NULL; /* but if we run out of space, return nothing at all. */ |
}
|