[MDEV-7019] String::chop() is wrong and may potentially crash. - Jira

XML

Word

Printable

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Major
Resolution: Fixed
Affects Version/s: 5.5.40, 10.0.14
Fix Version/s: 5.5.41
Component/s: OTHER
Labels:
- upstream

Description

Olivier noticed that this code looks wrong in sql_string.h:

  inline void chop()

    Ptr[str_length--]= '\0';

it should be written as:

  inline void chop()

    Ptr[--str_length]= '\0';

The reason why the problem was not found is probably because all chop() callers do not really care about correct 0-termination, they only need to reduce length by 1. Perhaps it should be fixed not to maintain 0 termination at all, to something like this:

  inline void chop()

    str_length--;

Attachments

Activity

People

Assignee:: Alexander Barkov

Reporter:: Alexander Barkov

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 2014-11-03 18:33

Updated:: 2014-11-10 16:11

Resolved:: 2014-11-10 16:11

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.