Percona Server with XtraDB

Bogus snprintf error checking in query_response_time.cc

Reported by Laurynas Biveinis on 2011-07-14
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Percona Server
Low
Laurynas Biveinis
5.5
Low
Laurynas Biveinis

Bug Description

The code reads
  std::size_t result_length= snprintf(buffer,buffer_size,format,second,microsecond);
  if(result_length < 0)
  {
    /* Assume the result is overflowing */
  }

The return type of snprintf is signed int, the type size_t is unsigned, thus the negative return values are lost and the if-clause is dead code, as warned by the compiler:

sql/query_response_time.cc:147: error: comparison of unsigned expression < 0 is always false

The second problem is that the code inside if-clause assumes that the error is that the string was truncated, which is wrong. If the string was truncated, then snprintf returns positive value that is larger than the specified output buffer size. The negative value is returned for other errors.

Related branches

lp:~laurynas-biveinis/percona-server/bug810272
Merged into lp:percona-server/5.5 at revision 198
Alexey Kopytov: Approve on 2011-11-21
Laurynas Biveinis: Resubmit on 2011-11-21
Oleg Tsarev (community): Approve on 2011-11-17
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers