Skip to content

Commit feddfdc

Browse files
author
Tor Didriksen
committed
Bug#14834333 ADDRESSSANITIZER BUGS IN MYSQL_CLIENT_TEST
Fix errors reported by address sanitizer: - test_pure_coverage() needs two my_bind structs, since the table has two columns - do not read past the end of the character constant "SHOW DATABASES" - do not read past the end of 'buff'
1 parent 2129981 commit feddfdc

2 files changed

Lines changed: 8 additions & 4 deletions

File tree

libmysql/libmysql.c

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -4066,6 +4066,7 @@ my_bool STDCALL mysql_stmt_bind_result(MYSQL_STMT *stmt, MYSQL_BIND *my_bind)
40664066
stmt->bind was initialized in mysql_stmt_prepare
40674067
stmt->bind overlaps with bind if mysql_stmt_bind_param
40684068
is called from mysql_stmt_store_result.
4069+
BEWARE of buffer overwrite ...
40694070
*/
40704071

40714072
if (stmt->bind != my_bind)

tests/mysql_client_test.c

Lines changed: 7 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -6348,7 +6348,7 @@ static void test_temporal_param()
63486348
static void test_pure_coverage()
63496349
{
63506350
MYSQL_STMT *stmt;
6351-
MYSQL_BIND my_bind[1];
6351+
MYSQL_BIND my_bind[2];
63526352
int rc;
63536353
ulong length;
63546354

@@ -6410,6 +6410,7 @@ static void test_pure_coverage()
64106410
rc= mysql_stmt_execute(stmt);
64116411
check_execute(stmt, rc);
64126412

6413+
// NOTE: stmt now has two columns, but only my_bind[0] is initialized.
64136414
my_bind[0].buffer_type= MYSQL_TYPE_GEOMETRY;
64146415
rc= mysql_stmt_bind_result(stmt, my_bind);
64156416
check_execute_r(stmt, rc); /* unsupported buffer type */
@@ -6431,7 +6432,8 @@ static void test_pure_coverage()
64316432
static void test_buffers()
64326433
{
64336434
MYSQL_STMT *stmt;
6434-
MYSQL_BIND my_bind[1];
6435+
// The test_pure table has two columns.
6436+
MYSQL_BIND my_bind[2];
64356437
int rc;
64366438
ulong length;
64376439
my_bool is_null;
@@ -9141,7 +9143,7 @@ static void test_parse_error_and_bad_length()
91419143
DIE_UNLESS(rc);
91429144
if (!opt_silent)
91439145
fprintf(stdout, "Got error (as expected): '%s'\n", mysql_error(mysql));
9144-
rc= mysql_real_query(mysql, "SHOW DATABASES", 100);
9146+
rc= mysql_real_query(mysql, "SHOW DATABASES", 12); // Incorrect length.
91459147
DIE_UNLESS(rc);
91469148
if (!opt_silent)
91479149
fprintf(stdout, "Got error (as expected): '%s'\n", mysql_error(mysql));
@@ -9152,7 +9154,7 @@ static void test_parse_error_and_bad_length()
91529154
fprintf(stdout, "Got error (as expected): '%s'\n", mysql_error(mysql));
91539155
stmt= mysql_stmt_init(mysql);
91549156
DIE_UNLESS(stmt);
9155-
rc= mysql_stmt_prepare(stmt, "SHOW DATABASES", 100);
9157+
rc= mysql_stmt_prepare(stmt, "SHOW DATABASES", 12); // Incorrect length.
91569158
DIE_UNLESS(rc != 0);
91579159
if (!opt_silent)
91589160
fprintf(stdout, "Got error (as expected): '%s'\n", mysql_stmt_error(stmt));
@@ -17120,6 +17122,7 @@ static void test_bug31669()
1712017122
DIE_UNLESS(rc);
1712117123

1712217124
memset(buff, 'a', sizeof(buff));
17125+
buff[sizeof(buff) - 1] = '\0';
1712317126

1712417127
rc= mysql_change_user(mysql, buff, buff, buff);
1712517128
DIE_UNLESS(rc);

0 commit comments

Comments
 (0)