[MCOL-343] ha_calpont_execplan assigns String::ptr() to std::string Created: 2016-10-03 Updated: 2016-11-01 Resolved: 2016-10-10 |
|
| Status: | Closed |
| Project: | MariaDB ColumnStore |
| Component/s: | MDB Plugin |
| Affects Version/s: | 1.0.3 |
| Fix Version/s: | 1.0.4 |
| Type: | Bug | Priority: | Major |
| Reporter: | David Hall (Inactive) | Assignee: | Daniel Lee (Inactive) |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | None | ||
| Environment: |
Centos 6.5 |
||
| Sprint: | 2016-19 |
| Description |
|
MariaDB's String object maintains a buffer that is frequently larger than the contained string. There is no null terminator in the buffer. The object maintains a separate length field. There are places in ha_calpont_execplan.cpp where a String::ptr() is assigned directly to a std::string. This leads to the string potentially containing more characters than intended and of unknown values. The symptoms can be bad results or error messages to the user. String::c_ptr() should be substituted, as this translates the buffer into a null terminated string of the proper length. |
| Comments |
| Comment by David Hall (Inactive) [ 2016-10-03 ] |
|
This should be painless and may fix a couple of breakages. |
| Comment by Andrew Hutchings (Inactive) [ 2016-10-03 ] |
|
Good fix! I'm not quite on how exactly to test this though. |
| Comment by Daniel Lee (Inactive) [ 2016-10-10 ] |
|
Build tested: 1.0.4-1 Name : mariadb-columnstore-platform Closing the ticket per source code review only. Test will be cover under regression tests. |
| Comment by David Hall (Inactive) [ 2016-11-01 ] |
|
Use of c_ptr() turns out to be a bad idea. Some places in the server save pointers to String objects. c_ptr() may cause a realloc and invalidate those pointers. Use std::string::assign(buf, len) instead. |