commit 3e198cba7c78ce42463b179a8c86b5e305fd2cd1 Author: Jeremy Cole Date: Tue Jun 25 12:26:16 2013 -0700 Printing binlog events could cause 1-byte buffer overflow Printing binlog events which are a multiple of 8 bytes but not 16 bytes would cause a 1-byte buffer overflow in hexdump_data_to_io_cache due to improperly appending a mid-line space twice. Instead of dumbly reproducing the mid-line space append logic in both the formatting code and in what is ostensibly padding code, use sizeof and the current buffer pointers to pad the buffer up to the proper size, eliminating the need for more complicated logic. Change-Id: I4b6f4d76efe978ff33fc4ff77449157dc2be44ff diff --git a/sql/log_event.cc b/sql/log_event.cc index 45453a6..7dfc6ce 100644 --- a/sql/log_event.cc +++ b/sql/log_event.cc @@ -1819,14 +1819,12 @@ static void hexdump_data_to_io_cache(IO_CACHE *file, if (hex_string[0]) { char emit_buf[256]; - for (int j= (HEXDUMP_BYTES_PER_LINE - strlen(char_string)); j > 0; j--) - { - if (j == (HEXDUMP_BYTES_PER_LINE / 2)) *h++= ' '; - *h++= ' '; - *h++= ' '; + + /* Pad the hex buffer up to a full line; don't pad the char buffer. */ + for (my_off_t j= (h - hex_string); j < sizeof(hex_string) - 1; j++) *h++= ' '; - } *h= '\0'; + size_t const emit_buf_written= my_snprintf(emit_buf, sizeof(emit_buf), "# %8llx %s |%s|\n",