Bug #38124 (clean-up patch)

The fix for Bug #38124 introuced a bug. If the value given for a set_var exceeded the length of the temporary buffer, we would read behind the end of the buffer. Using c_ptr_safe(), instead of c_ptr(), ensures that we won't read beyond the buffer limit mysql-6.0-codebase revid: 2617.44.1
16 years ago · 7e895de84f
1 changed files with 1 additions and 1 deletions
--- a/sql/set_var.cc
+++ b/sql/set_var.cc
@ -2544,7 +2544,7 @@ bool update_sys_var_str_path(THD *thd, sys_var_str *var_str,
    String str(buff, sizeof(buff), system_charset_info), *newval;

    newval= var->value->val_str(&str);
-    old_value= newval->c_ptr();
+    old_value= newval->c_ptr_safe();
    str_length= strlen(old_value);
  }