Though your changes looked innocent - that is they most probably could do no harm - I failed to understand when they'll do any good. You replaced a set of checks for buffer overflow by some other set of checks, which looked equivalent to the old one.
Hi, it turns out that my original problem was completely due to the bug in MyODBC 3.51.05: MySQL immediately truncated my very long key name, thereby avoiding any buffer overflows in MySQL code.
However, as I already indicated in my previous message, I _did_ find potential issues with those MySQL files for which I provided patches. The issues may be improbable, but now that we know them, we should rather fix them once and for all.
Here you have some clarifications about the patches I provided:
mysys/my_error.c - my_error() can overflow buffer when the error format message length exceeds ERRMSGSIZE+20; my_printf_error() must not use the unsafe vsprintf(), but the safe my_vsnprintf().
mysys/my_vsnprintf.c - my_vsnprintf() must reserve 20 bytes of temp. space instead of 16, to format a decimal integer up to 2^64; if it uses a temporary array for that, instead of the error message buffer itself, a narrow number can still fit just before the end of the error buffer (now the code requires enough space to fit a wide number).
sql/handler.cc - print_error() would fail if strlen(ER(ER_DUP_ENTRY)) is larger than MYSQL_ERRMSG_SIZE.
sql/net_pkg.cc - send_ok() assumes that the "message" will fit in the error buffer.
sql/sql_table.cc - mysql_admin_table() should use safe my_snprintf() instead of unsafe sprintf().
Thanks, Maarten
--------------------------------------------------------------------- Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive)
To request this thread, e-mail <[EMAIL PROTECTED]> To unsubscribe, e-mail <[EMAIL PROTECTED]> Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php