Hi! On Mar 12, Maarten LITMAATH wrote: > >Description: > > MySQL (e.g. version 4.0.10-gamma) does not check for buffer overflows > when formatting error messages: the code just assumes that no message > will ever be larger than SC_MAXWIDTH (256), ERRMSGSIZE (SC_MAXWIDTH) > or MYSQL_ERRMSG_SIZE (200). This has been observed to lead to memory > corruption when the client e.g. tries to redefine a key with a name > whose length is of order 200 (yes, that _is_ a realistic use case for > computer-handled keys). > > >How-To-Repeat: > > Define a key with a length of ~200 or more (the longer, the better) > and then try to redefine it; observe the client getting an error message > that is truncated and/or has trailing garbage. The client and/or the > server may then have corrupted their own memories to such an extent > that they become unusable and/or crash (both have been observed at > least in a client application).
Nope. Fails for me. mysql> create table aa (bb int, key ccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccc(bb)); ERROR 1059: Identifier name 'ccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccc' is too long mysql> create table aa (bb int, key ccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccc(bb)); ERROR 1059: Identifier name 'cccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccc Error message gets truncated, no overflow. Sergei -- MySQL Development Team __ ___ ___ ____ __ / |/ /_ __/ __/ __ \/ / Sergei Golubchik <[EMAIL PROTECTED]> / /|_/ / // /\ \/ /_/ / /__ MySQL AB, http://www.mysql.com/ /_/ /_/\_, /___/\___\_\___/ Osnabrueck, Germany <___/ --------------------------------------------------------------------- Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail <[EMAIL PROTECTED]> To unsubscribe, e-mail <[EMAIL PROTECTED]> Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
