Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-7019

String::chop() is wrong and may potentially crash.

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 5.5.40, 10.0.14
    • Fix Version/s: 5.5.41
    • Component/s: OTHER
    • Labels:

      Description

      Olivier noticed that this code looks wrong in sql_string.h:

        inline void chop()
        {
          Ptr[str_length--]= '\0';
        }

      it should be written as:

        inline void chop()
        {
          Ptr[--str_length]= '\0';
        }

      The reason why the problem was not found is probably because all chop() callers do not really care about correct 0-termination, they only need to reduce length by 1. Perhaps it should be fixed not to maintain 0 termination at all, to something like this:

        inline void chop()
        {
          str_length--;
        }

        Attachments

          Activity

            People

            Assignee:
            bar Alexander Barkov
            Reporter:
            bar Alexander Barkov
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: