Commit 33a098bf authored by unknown's avatar unknown
Browse files

Bug#24498 Stack overflow in mysqltest 

 - Thanks to Vasil Dimov for the patch!


client/mysqltest.c:
  Use my_snprintf to protect against exceeding size of buff
  Since variable name and valu might not be null terminated it's necessary to
  provide the length of the format specifiers.
parent ca1aebbd

client/mysqltest.c

+3 −1
Original line number Diff line number Diff line
@@ -1240,7 +1240,9 @@ void var_set(const char *var_name, const char *var_name_end, 
      v->int_dirty= 0;

      v->str_val_len= strlen(v->str_val);

    }

    strxmov(buf, v->name, "=", v->str_val, NullS);

    my_snprintf(buf, sizeof(buf), "%.*s=%.*s",

                v->name_len, v->name,

                v->str_val_len, v->str_val);

    if (!(v->env_s= my_strdup(buf, MYF(MY_WME))))

      die("Out of memory");

    putenv(v->env_s);