From 8b9432ffacd6843c4b61192866f2d81aa1cad346 Mon Sep 17 00:00:00 2001
From: Sergei Golubchik <serg@mariadb.org>
Date: Thu, 17 Mar 2016 12:02:28 +0100
Subject: [PATCH] MDEV-9698 Buffer overflow in
 extension_based_table_discovery()

fix a buffer overflow in extension_based_table_discovery
(that only happens in debug builds)
---
 sql/discover.cc | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/sql/discover.cc b/sql/discover.cc
index 82648e94bc5..36e3ef72c44 100644
--- a/sql/discover.cc
+++ b/sql/discover.cc
@@ -206,7 +206,8 @@ int extension_based_table_discovery(MY_DIR *dirp, const char *ext_meta,
     {
       size_t len= (octothorp ? octothorp : ext) - cur->name;
       if (from != cur &&
-          (my_strnncoll(cs, (uchar*)from->name, len, (uchar*)cur->name, len) ||
+          (strlen(from->name) <= len ||
+           my_strnncoll(cs, (uchar*)from->name, len, (uchar*)cur->name, len) ||
            (from->name[len] != FN_EXTCHAR && from->name[len] != '#')))
         advance(from, to, cur, skip);