rpms
/
mysql
7
0
Fork 0
Code Issues Pull Requests Releases Activity
mysql/community-mysql-covscan-str...

58 lines
2.9 KiB
Diff
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

The following problems have been found by Coverity - static analysis tool.
mysql-5.5.31/plugin/semisync/semisync_master.cc:672:parameter_as_source Note: This defect has an elevated risk because the source argument is a parameter of the current function.
mysql-5.5.31/plugin/semisync/semisync_master.cc:661:parameter_as_source Note: This defect has an elevated risk because the source argument is a parameter of the current function.
mysql-5.5.31/plugin/semisync/semisync_master.cc:555:parameter_as_source Note: This defect has an elevated risk because the source argument is a parameter of the current function.
diff -up mysql-5.6.14/plugin/semisync/semisync_master.cc.p33 mysql-5.6.14/plugin/semisync/semisync_master.cc
--- mysql-5.6.14/plugin/semisync/semisync_master.cc.p33 2013-09-10 09:38:25.000000000 +0200
+++ mysql-5.6.14/plugin/semisync/semisync_master.cc 2013-10-09 15:29:03.550379533 +0200
@@ -553,7 +553,8 @@ int ReplSemiSyncMaster::reportReplyBinlo
if (need_copy_send_pos)
{
- strcpy(reply_file_name_, log_file_name);
+ strncpy(reply_file_name_, log_file_name, sizeof(reply_file_name_)-1);
+ reply_file_name_[sizeof(reply_file_name_)-1] = '\0';
reply_file_pos_ = log_file_pos;
reply_file_name_inited_ = true;
@@ -681,7 +682,8 @@ int ReplSemiSyncMaster::commitTrx(const
if (cmp <= 0)
{
/* This thd has a lower position, let's update the minimum info. */
- strcpy(wait_file_name_, trx_wait_binlog_name);
+ strncpy(wait_file_name_, trx_wait_binlog_name, sizeof(wait_file_name_)-1);
+ wait_file_name_[sizeof(wait_file_name_)-1] = '\0';
wait_file_pos_ = trx_wait_binlog_pos;
rpl_semi_sync_master_wait_pos_backtraverse++;
@@ -692,7 +694,8 @@ int ReplSemiSyncMaster::commitTrx(const
}
else
{
- strcpy(wait_file_name_, trx_wait_binlog_name);
+ strncpy(wait_file_name_, trx_wait_binlog_name, sizeof(wait_file_name_)-1);
+ wait_file_name_[sizeof(wait_file_name_)-1] = '\0';
wait_file_pos_ = trx_wait_binlog_pos;
wait_file_name_inited_ = true;
mysql-5.5.31/sql/sp_rcontext.h:87:buffer_size_warning Calling strncpy with a maximum size argument of 512 bytes on destination array "this->m_message" of size 512 bytes might leave the destination string unterminated.
diff -up mysql-5.6.14/sql/rpl_handler.cc.p33 mysql-5.6.14/sql/rpl_handler.cc
diff -up mysql-5.6.14/sql/sp_rcontext.h.p33 mysql-5.6.14/sql/sp_rcontext.h
--- mysql-5.6.14/sql/sp_rcontext.h.p33 2013-10-09 15:29:03.552379535 +0200
+++ mysql-5.6.14/sql/sp_rcontext.h 2013-10-09 15:29:53.367412814 +0200
@@ -144,7 +144,8 @@ public:
memcpy(sql_state, _sql_state, SQLSTATE_LENGTH);
sql_state[SQLSTATE_LENGTH]= '\0';
- strncpy(message, _message, MYSQL_ERRMSG_SIZE);
+ strncpy(message, _message, sizeof(message)-1);
+ message[sizeof(message)-1] = '\0';
}
};
Reference in New Issue View Git Blame Copy Permalink