[MDEV-27571] create_delimiter() may hang if query contains ';;' Created: 2022-01-21  Updated: 2022-01-22

Status: Open
Project: MariaDB Server
Component/s: None
Affects Version/s: 10.2, 10.3, 10.4, 10.5, 10.6, 10.7, 10.8
Fix Version/s: None

Type: Bug Priority: Major
Reporter: Yury Chaikou Assignee: Unassigned
Resolution: Unresolved Votes: 0
Labels: None


 Description   

client/mysqldump.c
In the for() loop, we increment delimiter_max_size at the end rather than proposed_length. If the passed-in query contains no more than one consecutive ';', all is well. But if the query contains ';;' the the function never returns.

static char *create_delimiter(char *query, char *delimiter_buff, 
                              int delimiter_max_size) 
{
 
  int proposed_length;
 
  char *presence;
 
 
 
  delimiter_buff[0]= ';';  /* start with one semicolon, and */
 
 
 
  for (proposed_length= 2; proposed_length < delimiter_max_size; 
      *delimiter_max_size*++) {
 
 
 
    delimiter_buff[proposed_length-1]= ';';  /* add semicolons, until */
 
    delimiter_buff[proposed_length]= '\0';
 
 
 
    presence = strstr(query, delimiter_buff);
 
    if (presence == NULL) { /* the proposed delimiter is not in the query. */
 
       return delimiter_buff;
 
    }
 
 
 
  }
 
  return NULL;  /* but if we run out of space, return nothing at all. */
 
}


Generated at Thu Feb 08 09:53:55 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.