Complete application of InnoDB snapshot innodb-5.1-ss2485, part 2. Fixes

Bug #36149: Read buffer overflow in srv0start.c found during "make test" Detailed revision comments: r2485 | vasil | 2008-05-28 16:01:14 +0300 (Wed, 28 May 2008) | 9 lines branches/5.1: Fix Bug#36149 Read buffer overflow in srv0start.c found during "make test" Use strncmp(3) instead of memcmp(3) to avoid reading past end of the string if it is empty (*str == '\0'). This bug is _not_ a buffer overflow. Discussed with: Sunny (via IM)
17 years ago · 1c0d9aa082
1 changed files with 8 additions and 7 deletions
--- a/storage/innobase/srv/srv0start.c
+++ b/storage/innobase/srv/srv0start.c
@ -202,13 +202,13 @@ srv_parse_data_file_paths_and_sizes(

 		str = srv_parse_megabytes(str, &size);

-		if (0 == memcmp(str, ":autoextend",
-				(sizeof ":autoextend") - 1)) {
+		if (0 == strncmp(str, ":autoextend",
+				 (sizeof ":autoextend") - 1)) {

 			str += (sizeof ":autoextend") - 1;

-			if (0 == memcmp(str, ":max:",
-					(sizeof ":max:") - 1)) {
+			if (0 == strncmp(str, ":max:",
+					 (sizeof ":max:") - 1)) {

 				str += (sizeof ":max:") - 1;

@ -290,14 +290,15 @@ srv_parse_data_file_paths_and_sizes(
 		(*data_file_names)[i] = path;
 		(*data_file_sizes)[i] = size;

-		if (0 == memcmp(str, ":autoextend",
-				(sizeof ":autoextend") - 1)) {
+		if (0 == strncmp(str, ":autoextend",
+				 (sizeof ":autoextend") - 1)) {

 			*is_auto_extending = TRUE;

 			str += (sizeof ":autoextend") - 1;

-			if (0 == memcmp(str, ":max:", (sizeof ":max:") - 1)) {
+			if (0 == strncmp(str, ":max:",
+					 (sizeof ":max:") - 1)) {

 				str += (sizeof ":max:") - 1;