Affected with 4d61f1247a1b
$ git tag --contains 4d61f1247a1b
|
mariadb-10.4.13
|
mariadb-10.4.14
|
mariadb-10.4.15
|
mariadb-10.4.16
|
mariadb-10.4.17
|
mariadb-10.5.1
|
mariadb-10.5.2
|
mariadb-10.5.3
|
mariadb-10.5.4
|
mariadb-10.5.5
|
mariadb-10.5.6
|
mariadb-10.5.7
|
Hi dcb thanks for the ticket.
Which environment and compiler you are using?
I used static analyser cppcheck on Fedora Linux to find this bug.
I recommend it.
I have to test the patch which introduce this change to see why is applied, but looking man page for scanf and usage of format specifier %[*][width][length]specifier ,the optional width argument is allowed to have longer characters than the pointer, but we have to guarantee that it will not exceed the limits and the nonmatching character will be found before that.
An optional decimal integer which specifies the maximum field width.
|
Reading of characters stops either when this maximum is reached or when a nonmatching character is found, whichever happens first.
|
Most conversions discard initial white space characters (the exceptions are noted below), and these discarded characters don't count toward the maximum field width.
|
String input conversions store a terminating null byte ('\0') to mark the end of the input; the maximum field width does not include this terminator.
|
Agree that it is best to check the valid length but will need to test also.
Do you have some test case for this, to check buff pointer ?
I will take a look for cppcheck also, thanks.
I run cppcheck for connect SE directory and got this also:
$ cppcheck storage/connect/ --force -j 8 2>err_connect.txt
|
[storage/connect/domdoc.cpp:35]: (error) syntax error
|
[storage/connect/ha_connect.cc:7402]: (error) syntax error
|
[storage/connect/myconn.cpp:643]: (error) Invalid number of character '{' when these macros are defined: 'ALPHA;MYSQL_PREPARED_STATEMENTS'.
|
[storage/connect/myconn.cpp:643]: (error) Invalid number of character '{' when these macros are defined: 'MYSQL_PREPARED_STATEMENTS'.
|
[storage/connect/value.cpp:2519]: (error) Signed integer overflow for expression 'n*126230400'.
|
>[storage/connect/value.cpp:2519]: (error) Signed integer overflow for expression 'n*126230400'.
If counting in chunks size about 126 million and ints only go to about two billion,
suggest use longs, not ints.
Maybe
#define FOURYEARS 126230400L // Four years in seconds (1 leap)
or possibly:
#define FOURYEARS ((long) (4 * 365.25 * 24 * 60 * 60))
dcb you can create PR https://github.com/MariaDB/server/pulls to solve all from ^ 
.
Thanks for the offer to create a PR, but I will decline that one.
I've reported a bug and pointed developers towards cppcheck.
It finds about 1,200 errors and 3,500 warnings in mariadb,
so the folks that know the mariadb code well might be busy fixing
a few of the more important problems it finds.
Possible 2 * off by one error in commit.
May I refer Sergei to the original message by cppcheck. 31 not 32 and probably 255, not 256.
no problem, it wasn't pushed yet