[MDEV-32568] my_read() may return -1 for errors but has unsigned (size_t) return type Created: 2023-10-24 Updated: 2023-11-27 |
|
| Status: | Open |
| Project: | MariaDB Server |
| Component/s: | mariabackup, Scripts & Clients, Storage Engine - MyISAM |
| Affects Version/s: | 10.4, 10.6, 10.10, 11.0, 11.3 |
| Fix Version/s: | 10.5, 10.6, 10.11, 11.0, 11.1, 11.2 |
| Type: | Bug | Priority: | Minor |
| Reporter: | Luis Eduardo Oliveira Lizardo | Assignee: | Luis Eduardo Oliveira Lizardo |
| Resolution: | Unresolved | Votes: | 0 |
| Labels: | None | ||
| Description |
|
my_read() may return -1 in case of errors. However, because it’s return type is unsigned (size_t) it actually returns 18446744073709551615. Some functions that call my_read() either do not check the result at all or expect a signed result and check it as “if my_read() > 0”. This might lead to arithmetic overflows, allocations of huge memory buffers, or other unexpected behavior. |