[MDEV-7019] String::chop() is wrong and may potentially crash. - JIRA

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 5.5.40, 10.0.14
Fix Version/s: 5.5.41
Component/s: OTHER
Labels:
- upstream

Description

Olivier noticed that this code looks wrong in sql_string.h:

  inline void chop()
  {
    Ptr[str_length--]= '\0';
  }

it should be written as:

  inline void chop()
  {
    Ptr[--str_length]= '\0';
  }

The reason why the problem was not found is probably because all chop() callers do not really care about correct 0-termination, they only need to reduce length by 1. Perhaps it should be fixed not to maintain 0 termination at all, to something like this:

  inline void chop()
  {
    str_length--;
  }

Gliffy Diagrams

Attachments

Activity

Ascending order - Click to sort in descending order

Hide

Permalink

Alexander Barkov added a comment - 2014-11-10 15:35

Upstream bug:
http://bugs.mysql.com/bug.php?id=56492

Show

Alexander Barkov added a comment - 2014-11-10 15:35 Upstream bug: http://bugs.mysql.com/bug.php?id=56492

Hide

Permalink

Alexander Barkov added a comment - 2014-11-10 16:11

Pushed into 5.5.

Show

Alexander Barkov added a comment - 2014-11-10 16:11 Pushed into 5.5.

People

Assignee:

Alexander Barkov

Reporter:

Alexander Barkov

Votes:

0 Vote for this issue

Watchers:

2 Start watching this issue

Dates

Created:

2014-11-03 18:33

Updated:

2014-11-10 16:11

Resolved:

2014-11-10 16:11

Agile

View on Board