View Issue Details

Jump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
0000582LDMud 3.3Implementationpublic2008-10-01 15:182018-01-29 21:57
Reporterzesstra Assigned Tozesstra  
PrioritynormalSeveritycrashReproducibilityalways
Status resolvedResolutionfixed 
Product Version3.3 
Fixed in Version3.3.718 
Summary0000582: Potential crash in db_conv_string() due to stack overflow
Descriptiondb_conv_string() may crash with large argument strings.

As the mysql package is optional and not enabled by default, I set the priority to normal, not high.
TagsNo tags attached.
Attached Files
db_conv_string.diff (671 bytes)    
Index: pkg-mysql.c
===================================================================
--- pkg-mysql.c	(Revision 2411)
+++ pkg-mysql.c	(Arbeitskopie)
@@ -377,15 +377,17 @@
     char *buff;
 
     s = sp->u.str;
-    buff = alloca(mstrsize(s)*2 +1);
+    buff = xalloc(mstrsize(s)*2 +1);
     if ( !buff )
     {
-        errorf("Out of memory.\n");
+        errorf("Out of memory (%zu bytes) in db_conv_string().\n",
+               mstrsize(s)*2 + 1);
         /* NOTREACHED */
         return sp;
     }
     mysql_escape_string(buff, get_txt(s), strlen(get_txt(s)) );
-
+    
+    xfree(buff);
     free_string_svalue(sp);
     put_c_string(sp, buff);
     return sp;
db_conv_string.diff (671 bytes)   

Relationships

related to 0000553 resolvedGnomi LDMud 3.2 Backports of 3.3 fixes for 3.2.16 
child of 0000545 new LDMud 3.3 Usages of alloca() have to be checked for possible stack overflow 

Activities

zesstra

2008-10-04 13:12

administrator   ~0000801

Patch is attached.

zesstra

2008-12-12 18:25

administrator   ~0000815

Patch committed in r2443.

Issue History

Date Modified Username Field Change
2008-10-01 15:18 zesstra New Issue
2008-10-01 15:18 zesstra Status new => assigned
2008-10-01 15:18 zesstra Assigned To => zesstra
2008-10-01 15:18 zesstra Relationship added child of 0000545
2008-10-04 13:11 zesstra File Added: db_conv_string.diff
2008-10-04 13:12 zesstra Note Added: 0000801
2008-11-17 16:06 Gnomi Relationship added related to 0000553
2008-12-12 18:25 zesstra Status assigned => resolved
2008-12-12 18:25 zesstra Fixed in Version => 3.3.718
2008-12-12 18:25 zesstra Resolution open => fixed
2008-12-12 18:25 zesstra Note Added: 0000815
2010-11-16 09:42 zesstra Source_changeset_attached => ldmud.git master efc5782e
2018-01-29 18:59 zesstra Source_changeset_attached => ldmud.git master efc5782e
2018-01-29 21:57 zesstra Source_changeset_attached => ldmud.git master efc5782e