[MDEV-11752] Unsafe strmov - function definition in include/m_string.h Created: 2017-01-10 Updated: 2017-03-10 Resolved: 2017-03-10 |
|
| Status: | Closed |
| Project: | MariaDB Server |
| Component/s: | Server |
| Affects Version/s: | 5.5, 10.0, 10.1, 10.2 |
| Fix Version/s: | 10.1.22, 10.2.5 |
| Type: | Bug | Priority: | Major |
| Reporter: | Michal Schorm | Assignee: | Sergei Golubchik |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | upstream-fixed | ||
| Environment: |
Fedora, RHEL, CentOS |
||
| Sprint: | 10.1.22 |
| Description |
|
Hello, bug#48864 In Fedora and RHEL, we still use the same patch, that is pasted in that discussion as "[19 Nov 2009 9:32] Georgi Kodinov" — Please fill in "Affected component" field, as I am not sure what to choose. |
| Comments |
| Comment by Elena Stepanova [ 2017-01-11 ] |
|
I'm not sure which current versions of Fedora and server one needs to reproduce the problem; just filling Affects/Fix version guessing from the upstream bug report. |
| Comment by Michal Schorm [ 2017-01-19 ] |
|
Currently, Fedora Rawhide, 25 and 24 contains the same version - MariaDB 10.1.20. In RHEL other versions are still used too - 5.5, 10.0 and 10.1 It would be nice to have it fixed in all of theese versions, however the patch works and I'm just trying to point out the issue in order it to be fixed in future releases. |
| Comment by Sergei Golubchik [ 2017-03-07 ] |
|
mschorm, is it currently an issue? We have comp_err is fixed, for quite a while, I suspect. Are you saying that there are other cases where strmov() is used on overlapping strings? |
| Comment by Michal Schorm [ 2017-03-08 ] |
|
It seems, it is no longer an issue. Thanks I'm trying to refresh the MariaDB and MySQL packages in Fedora, so I'm going through all patches and trying to check, if they are obsolete or should be reported to you and add them to the MariaDB project. |
| Comment by Sergei Golubchik [ 2017-03-10 ] |
|
I've added an assert (in debug builds) that strmov is never used with overlapping strings. |