1berry/MariaDB-server
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Bug#12347040: MEMORY LEAK IN CONVERT_TZ COULD POSSIBLY CAUSE

Browse Source 
DOS ATTACKS
      
Problem:
For detailed description, see Bug#42502. This bug is a duplicate
of Bug#42502. The complete fix for Bug#42502 was not made as
proposed. Hence the bug still persists.
      
Fix:
Make the changes as proposed originally for the bugfix of 42502.
Which is to remove the allocation of the memory before we actually
check for any errors.

sql/tztime.cc:
  Remove the double allocation for tz_info
This commit is contained in:
Chaithra Gopalareddy 2012-12-26 20:21:19 +05:30
parent 5cf9e19365
commit fa61c0499a
1 changed files with 3 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
sql/tztime.cc
View File

@ -1808,7 +1808,7 @@ static Time_zone*
tz_load_from_open_tables(const String *tz_name, TABLE_LIST *tz_tables) tz_load_from_open_tables(const String *tz_name, TABLE_LIST *tz_tables)
{ {
TABLE *table= 0; TABLE *table= 0;
TIME_ZONE_INFO *tz_info; TIME_ZONE_INFO *tz_info= NULL;
Tz_names_entry *tmp_tzname; Tz_names_entry *tmp_tzname;
Time_zone *return_val= 0; Time_zone *return_val= 0;
int res; int res;
@ -1816,7 +1816,8 @@ tz_load_from_open_tables(const String *tz_name, TABLE_LIST *tz_tables)
my_time_t ttime; my_time_t ttime;
char buff[MAX_FIELD_WIDTH]; char buff[MAX_FIELD_WIDTH];
String abbr(buff, sizeof(buff), &my_charset_latin1); String abbr(buff, sizeof(buff), &my_charset_latin1);
char *alloc_buff, *tz_name_buff; char *alloc_buff= NULL;
char *tz_name_buff= NULL;
/* /*
Temporary arrays that are used for loading of data for filling Temporary arrays that are used for loading of data for filling
TIME_ZONE_INFO structure TIME_ZONE_INFO structure
@ -1836,22 +1837,6 @@ tz_load_from_open_tables(const String *tz_name, TABLE_LIST *tz_tables)
DBUG_ENTER("tz_load_from_open_tables"); DBUG_ENTER("tz_load_from_open_tables");
/* Prepare tz_info for loading also let us make copy of time zone name */
if (!(alloc_buff= (char*) alloc_root(&tz_storage, sizeof(TIME_ZONE_INFO) +
tz_name->length() + 1)))
{
sql_print_error("Out of memory while loading time zone description");
return 0;
}
tz_info= (TIME_ZONE_INFO *)alloc_buff;
bzero(tz_info, sizeof(TIME_ZONE_INFO));
tz_name_buff= alloc_buff + sizeof(TIME_ZONE_INFO);
/*
By writing zero to the end we guarantee that we can call ptr()
instead of c_ptr() for time zone name.
*/
strmake(tz_name_buff, tz_name->ptr(), tz_name->length());
/* /*
Let us find out time zone id by its name (there is only one index Let us find out time zone id by its name (there is only one index
and it is specifically for this purpose). and it is specifically for this purpose).