[#MDEV-7019] String::chop() is wrong and may potentially crash.

[MDEV-7019] String::chop() is wrong and may potentially crash. Created: 2014-11-03 Updated: 2014-11-10 Resolved: 2014-11-10
Status:	Closed
Project:	MariaDB Server
Component/s:	OTHER
Affects Version/s:	5.5.40, 10.0.14
Fix Version/s:	5.5.41

Type:

Bug

Priority:

Major

Reporter:

Alexander Barkov

Assignee:

Alexander Barkov

Resolution:

Fixed

Votes:

Labels:

upstream

Description

Olivier noticed that this code looks wrong in sql_string.h:

  inline void chop()

    Ptr[str_length--]= '\0';

it should be written as:

  inline void chop()

    Ptr[--str_length]= '\0';

The reason why the problem was not found is probably because all chop() callers do not really care about correct 0-termination, they only need to reduce length by 1. Perhaps it should be fixed not to maintain 0 termination at all, to something like this:

  inline void chop()

    str_length--;

Comments

Comment by Alexander Barkov [ 2014-11-10 ]

Upstream bug:
http://bugs.mysql.com/bug.php?id=56492

Comment by Alexander Barkov [ 2014-11-10 ]

Pushed into 5.5.

Generated at Thu Feb 08 07:16:20 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.

[MDEV-7019] String::chop() is wrong and may potentially crash. Created: 2014-11-03 Updated: 2014-11-10 Resolved: 2014-11-10