Fix buffer overflow assertions
The buffer overflow assertions were off by one: The data pointer can be equal to the end pointer when the last column of the row is processed.
This commit is contained in:
Markus Mäkelä
@ -564,7 +564,7 @@ uint8_t* process_row_event_data(TABLE_MAP *map, TABLE_CREATE *create, avro_value
|
|||||||
avro_value_set_string(&field, strval);
|
avro_value_set_string(&field, strval);
|
||||||
sprintf(trace[i], "[%ld] ENUM: %lu bytes", i, bytes);
|
sprintf(trace[i], "[%ld] ENUM: %lu bytes", i, bytes);
|
||||||
ptr += bytes;
|
ptr += bytes;
|
||||||
check_overflow(ptr < end);
|
check_overflow(ptr <= end);
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
@ -600,7 +600,7 @@ uint8_t* process_row_event_data(TABLE_MAP *map, TABLE_CREATE *create, avro_value
|
|||||||
str[bytes] = '\0';
|
str[bytes] = '\0';
|
||||||
avro_value_set_string(&field, str);
|
avro_value_set_string(&field, str);
|
||||||
ptr += bytes;
|
ptr += bytes;
|
||||||
check_overflow(ptr < end);
|
check_overflow(ptr <= end);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
else if (column_is_bit(map->column_types[i]))
|
else if (column_is_bit(map->column_types[i]))
|
||||||
@ -619,7 +619,7 @@ uint8_t* process_row_event_data(TABLE_MAP *map, TABLE_CREATE *create, avro_value
|
|||||||
avro_value_set_int(&field, value);
|
avro_value_set_int(&field, value);
|
||||||
sprintf(trace[i], "[%ld] BIT", i);
|
sprintf(trace[i], "[%ld] BIT", i);
|
||||||
ptr += bytes;
|
ptr += bytes;
|
||||||
check_overflow(ptr < end);
|
check_overflow(ptr <= end);
|
||||||
}
|
}
|
||||||
else if (column_is_decimal(map->column_types[i]))
|
else if (column_is_decimal(map->column_types[i]))
|
||||||
{
|
{
|
||||||
@ -627,7 +627,7 @@ uint8_t* process_row_event_data(TABLE_MAP *map, TABLE_CREATE *create, avro_value
|
|||||||
ptr += unpack_decimal_field(ptr, metadata + metadata_offset, &f_value);
|
ptr += unpack_decimal_field(ptr, metadata + metadata_offset, &f_value);
|
||||||
avro_value_set_double(&field, f_value);
|
avro_value_set_double(&field, f_value);
|
||||||
sprintf(trace[i], "[%ld] DECIMAL", i);
|
sprintf(trace[i], "[%ld] DECIMAL", i);
|
||||||
check_overflow(ptr < end);
|
check_overflow(ptr <= end);
|
||||||
}
|
}
|
||||||
else if (column_is_variable_string(map->column_types[i]))
|
else if (column_is_variable_string(map->column_types[i]))
|
||||||
{
|
{
|
||||||
@ -650,7 +650,7 @@ uint8_t* process_row_event_data(TABLE_MAP *map, TABLE_CREATE *create, avro_value
|
|||||||
buf[sz] = '\0';
|
buf[sz] = '\0';
|
||||||
ptr += sz;
|
ptr += sz;
|
||||||
avro_value_set_string(&field, buf);
|
avro_value_set_string(&field, buf);
|
||||||
check_overflow(ptr < end);
|
check_overflow(ptr <= end);
|
||||||
}
|
}
|
||||||
else if (column_is_blob(map->column_types[i]))
|
else if (column_is_blob(map->column_types[i]))
|
||||||
{
|
{
|
||||||
@ -669,7 +669,7 @@ uint8_t* process_row_event_data(TABLE_MAP *map, TABLE_CREATE *create, avro_value
|
|||||||
uint8_t nullvalue = 0;
|
uint8_t nullvalue = 0;
|
||||||
avro_value_set_bytes(&field, &nullvalue, 1);
|
avro_value_set_bytes(&field, &nullvalue, 1);
|
||||||
}
|
}
|
||||||
check_overflow(ptr < end);
|
check_overflow(ptr <= end);
|
||||||
}
|
}
|
||||||
else if (column_is_temporal(map->column_types[i]))
|
else if (column_is_temporal(map->column_types[i]))
|
||||||
{
|
{
|
||||||
@ -681,7 +681,7 @@ uint8_t* process_row_event_data(TABLE_MAP *map, TABLE_CREATE *create, avro_value
|
|||||||
format_temporal_value(buf, sizeof(buf), map->column_types[i], &tm);
|
format_temporal_value(buf, sizeof(buf), map->column_types[i], &tm);
|
||||||
avro_value_set_string(&field, buf);
|
avro_value_set_string(&field, buf);
|
||||||
sprintf(trace[i], "[%ld] %s: %s", i, column_type_to_string(map->column_types[i]), buf);
|
sprintf(trace[i], "[%ld] %s: %s", i, column_type_to_string(map->column_types[i]), buf);
|
||||||
check_overflow(ptr < end);
|
check_overflow(ptr <= end);
|
||||||
}
|
}
|
||||||
/** All numeric types (INT, LONG, FLOAT etc.) */
|
/** All numeric types (INT, LONG, FLOAT etc.) */
|
||||||
else
|
else
|
||||||
@ -692,7 +692,7 @@ uint8_t* process_row_event_data(TABLE_MAP *map, TABLE_CREATE *create, avro_value
|
|||||||
&metadata[metadata_offset], lval);
|
&metadata[metadata_offset], lval);
|
||||||
set_numeric_field_value(&field, map->column_types[i], &metadata[metadata_offset], lval);
|
set_numeric_field_value(&field, map->column_types[i], &metadata[metadata_offset], lval);
|
||||||
sprintf(trace[i], "[%ld] %s", i, column_type_to_string(map->column_types[i]));
|
sprintf(trace[i], "[%ld] %s", i, column_type_to_string(map->column_types[i]));
|
||||||
check_overflow(ptr < end);
|
check_overflow(ptr <= end);
|
||||||
}
|
}
|
||||||
ss_dassert(metadata_offset <= map->column_metadata_size);
|
ss_dassert(metadata_offset <= map->column_metadata_size);
|
||||||
metadata_offset += get_metadata_len(map->column_types[i]);
|
metadata_offset += get_metadata_len(map->column_types[i]);
|
||||||
|
|||||||
Reference in New Issue
Block a user