-
Tor Didriksen authored
Post-push fix. Some callers of dynstr_append_mem() apparently depend on the side-effects of zero-termination when appending a zero-sized string. This is from clang version 6.0.0-1ubuntu2 with ASAN: ==25852==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x604000189d40 at pc 0x0000004e076c bp 0x7ffd77220550 sp 0x7ffd7721fd00 READ of size 17 at 0x604000189d40 thread T0 #0 0x4e076b in __interceptor_strlen.part.30 asan_interceptors.cc.o:? #1 0x5b0496 in init_dynamic_string(DYNAMIC_STRING*, char const*, unsigned long, unsigned long) mysys/my_string.cc:51 #2 0x56accd in do_connect(st_command*) client/mysqltest.cc:5970 #3 0x5680c9 in main client/mysqltest.cc:8945 #4 0x7f027e87db96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310 The fix is to skip memcpy() only, if length == zero, rather than skipping the entire function. Change-Id: I10540d7c87ae1cfed3bc6967e42290401f5d1f8dTor Didriksen authoredPost-push fix. Some callers of dynstr_append_mem() apparently depend on the side-effects of zero-termination when appending a zero-sized string. This is from clang version 6.0.0-1ubuntu2 with ASAN: ==25852==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x604000189d40 at pc 0x0000004e076c bp 0x7ffd77220550 sp 0x7ffd7721fd00 READ of size 17 at 0x604000189d40 thread T0 #0 0x4e076b in __interceptor_strlen.part.30 asan_interceptors.cc.o:? #1 0x5b0496 in init_dynamic_string(DYNAMIC_STRING*, char const*, unsigned long, unsigned long) mysys/my_string.cc:51 #2 0x56accd in do_connect(st_command*) client/mysqltest.cc:5970 #3 0x5680c9 in main client/mysqltest.cc:8945 #4 0x7f027e87db96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310 The fix is to skip memcpy() only, if length == zero, rather than skipping the entire function. Change-Id: I10540d7c87ae1cfed3bc6967e42290401f5d1f8d
Loading