Percona Server moved to https://jira.percona.com/projects/PS

Bogus snprintf error checking in query_response_time.cc

Bug #810272 reported by Laurynas Biveinis on 2011-07-14

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Percona Server moved to https://jira.percona.com/projects/PS	Fix Released	Low	Laurynas Biveinis	Percona Server moved to https://jira.percona.com/projects/PS 5.5.18-23.0
	5.5	Fix Released	Low	Laurynas Biveinis	Percona Server moved to https://jira.percona.com/projects/PS 5.5.18-23.0

Bug Description

The code reads
  std::size_t result_length= snprintf(buffer,buffer_size,format,second,microsecond);
  if(result_length < 0)
  {
    /* Assume the result is overflowing */
  }

The return type of snprintf is signed int, the type size_t is unsigned, thus the negative return values are lost and the if-clause is dead code, as warned by the compiler:

sql/query_response_time.cc:147: error: comparison of unsigned expression < 0 is always false

The second problem is that the code inside if-clause assumes that the error is that the string was truncated, which is wrong. If the string was truncated, then snprintf returns positive value that is larger than the specified output buffer size. The negative value is returned for other errors.

Related branches

lp:~laurynas-biveinis/percona-server/bug810272

Merged into lp:percona-server/5.5 at revision 198

Alexey Kopytov (community): Approve on 2011-11-21

Laurynas Biveinis (community): Needs Resubmitting on 2011-11-21

Oleg Tsarev (community): Approve on 2011-11-17

Revision history for this message

Shahriyar Rzayev (rzayev-sehriyar) wrote on 2018-01-25:

Percona now uses JIRA for bug reports so this bug report is migrated to: https://jira.percona.com/browse/PS-1880

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.