Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
MDEV-22060 MSAN use-of-uninitialized-value in main.query_cache_innodb
During the test main.query_cache_innodb, only 16 bytes of
db_buf are initialized during the memcmp() in
dict_acquire_mdl_shared<false>(), but db_len was wrongly set to 20 bytes.

Something similar was fixed in MDEV-21344, but only for the table name,
in commit 0e25a8b.

dict_table_t::parse_name(): Assign the return value of
filename_to_tablename() to the output parameters for lengths.
There is no need to invoke strlen().
  • Loading branch information
dr-m committed Mar 27, 2020
1 parent 0181384 commit d3bdc30
Showing 1 changed file with 4 additions and 5 deletions.
9 changes: 4 additions & 5 deletions storage/innobase/dict/dict0dict.cc
Expand Up @@ -753,9 +753,8 @@ bool dict_table_t::parse_name(char (&db_name)[NAME_LEN + 1],
if (!dict_locked)
mutex_exit(&dict_sys.mutex);

*db_name_len= db_len;

filename_to_tablename(db_buf, db_name, MAX_DATABASE_NAME_LEN + 1, true);
*db_name_len= filename_to_tablename(db_buf, db_name,
MAX_DATABASE_NAME_LEN + 1, true);

if (tbl_len > TEMP_FILE_PREFIX_LENGTH
&& !strncmp(tbl_buf, TEMP_FILE_PREFIX, TEMP_FILE_PREFIX_LENGTH))
Expand All @@ -764,8 +763,8 @@ bool dict_table_t::parse_name(char (&db_name)[NAME_LEN + 1],
if (char* is_part= strchr(tbl_buf, '#'))
*is_part= '\0';

filename_to_tablename(tbl_buf, tbl_name, MAX_TABLE_NAME_LEN + 1, true);
*tbl_name_len= strlen(tbl_name);
*tbl_name_len= filename_to_tablename(tbl_buf, tbl_name,
MAX_TABLE_NAME_LEN + 1, true);
return true;
}

Expand Down

0 comments on commit d3bdc30

Please sign in to comment.