Bogus snprintf error checking in query_response_time.cc
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Percona Server moved to https://jira.percona.com/projects/PS |
Fix Released
|
Low
|
Laurynas Biveinis | ||
5.5 |
Fix Released
|
Low
|
Laurynas Biveinis |
Bug Description
The code reads
std::size_t result_length= snprintf(
if(result_length < 0)
{
/* Assume the result is overflowing */
}
The return type of snprintf is signed int, the type size_t is unsigned, thus the negative return values are lost and the if-clause is dead code, as warned by the compiler:
sql/query_
The second problem is that the code inside if-clause assumes that the error is that the string was truncated, which is wrong. If the string was truncated, then snprintf returns positive value that is larger than the specified output buffer size. The negative value is returned for other errors.
Related branches
- Alexey Kopytov (community): Approve
- Laurynas Biveinis (community): Needs Resubmitting
- Oleg Tsarev (community): Approve
-
Diff: 701 lines (+115/-130)1 file modifiedpatches/response_time_distribution.patch (+115/-130)
Percona now uses JIRA for bug reports so this bug report is migrated to: https:/ /jira.percona. com/browse/ PS-1880