mysql/community-mysql-covscan-stroverflow.patch

58 lines
2.9 KiB
Diff
Raw Normal View History

The following problems have been found by Coverity - static analysis tool.
2013-10-09 15:55:08 +00:00
mysql-5.5.31/plugin/semisync/semisync_master.cc:672:parameter_as_source Note: This defect has an elevated risk because the source argument is a parameter of the current function.
2013-10-09 15:55:08 +00:00
mysql-5.5.31/plugin/semisync/semisync_master.cc:661:parameter_as_source Note: This defect has an elevated risk because the source argument is a parameter of the current function.
mysql-5.5.31/plugin/semisync/semisync_master.cc:555:parameter_as_source Note: This defect has an elevated risk because the source argument is a parameter of the current function.
2013-10-09 15:55:08 +00:00
diff -up mysql-5.6.14/plugin/semisync/semisync_master.cc.p33 mysql-5.6.14/plugin/semisync/semisync_master.cc
--- mysql-5.6.14/plugin/semisync/semisync_master.cc.p33 2013-09-10 09:38:25.000000000 +0200
+++ mysql-5.6.14/plugin/semisync/semisync_master.cc 2013-10-09 15:29:03.550379533 +0200
@@ -553,7 +553,8 @@ int ReplSemiSyncMaster::reportReplyBinlo
if (need_copy_send_pos)
{
- strcpy(reply_file_name_, log_file_name);
+ strncpy(reply_file_name_, log_file_name, sizeof(reply_file_name_)-1);
+ reply_file_name_[sizeof(reply_file_name_)-1] = '\0';
reply_file_pos_ = log_file_pos;
reply_file_name_inited_ = true;
2013-10-09 15:55:08 +00:00
@@ -681,7 +682,8 @@ int ReplSemiSyncMaster::commitTrx(const
if (cmp <= 0)
{
/* This thd has a lower position, let's update the minimum info. */
- strcpy(wait_file_name_, trx_wait_binlog_name);
+ strncpy(wait_file_name_, trx_wait_binlog_name, sizeof(wait_file_name_)-1);
+ wait_file_name_[sizeof(wait_file_name_)-1] = '\0';
wait_file_pos_ = trx_wait_binlog_pos;
rpl_semi_sync_master_wait_pos_backtraverse++;
2013-10-09 15:55:08 +00:00
@@ -692,7 +694,8 @@ int ReplSemiSyncMaster::commitTrx(const
}
else
{
- strcpy(wait_file_name_, trx_wait_binlog_name);
+ strncpy(wait_file_name_, trx_wait_binlog_name, sizeof(wait_file_name_)-1);
+ wait_file_name_[sizeof(wait_file_name_)-1] = '\0';
wait_file_pos_ = trx_wait_binlog_pos;
wait_file_name_inited_ = true;
2013-10-09 15:55:08 +00:00
mysql-5.5.31/sql/sp_rcontext.h:87:buffer_size_warning Calling strncpy with a maximum size argument of 512 bytes on destination array "this->m_message" of size 512 bytes might leave the destination string unterminated.
diff -up mysql-5.6.14/sql/rpl_handler.cc.p33 mysql-5.6.14/sql/rpl_handler.cc
diff -up mysql-5.6.14/sql/sp_rcontext.h.p33 mysql-5.6.14/sql/sp_rcontext.h
--- mysql-5.6.14/sql/sp_rcontext.h.p33 2013-10-09 15:29:03.552379535 +0200
+++ mysql-5.6.14/sql/sp_rcontext.h 2013-10-09 15:29:53.367412814 +0200
@@ -144,7 +144,8 @@ public:
memcpy(sql_state, _sql_state, SQLSTATE_LENGTH);
sql_state[SQLSTATE_LENGTH]= '\0';
2013-10-09 15:55:08 +00:00
- strncpy(message, _message, MYSQL_ERRMSG_SIZE);
+ strncpy(message, _message, sizeof(message)-1);
+ message[sizeof(message)-1] = '\0';
}
};