server icon indicating copy to clipboard operation
server copied to clipboard

Published 20 hours ago verified publisher icon MariaDB

Minimize unsafe C functions usage - replace strcat() and strcpy() - continues

Open Chaloff opened this issue 1 year ago • 3 comments

Description

Similar to 567b681 continue to replace use of strcat() and strcpy() with safer custom methods safe_strcat() and safe_strcpy().

How can this PR be tested?

All build stages pass for these commits.

Basing the PR against the correct MariaDB version

  • [x] This is a bug fix and the PR is based against the earliest branch in which the bug can be reproduced

Backward compatibility

The changes are fully backward compatible.

All new code of the whole pull request, including one or several files that are either new files or modified ones, are contributed under the BSD-new license. I am contributing on behalf of my employer Amazon Web Services

Chaloff avatar Mar 01 '23 21:03 Chaloff

@Chaloff can you fix the vulnerability introduced in 567b68129943 described in #2640 and create a gcc bug report for array-bounds such that the obsessive cleaning of "unsafe" functions doesn't create "safe" vulnerabilities of human error.

FWIW I saw the erroneous warnings in g++13.1.1 (20230511 (Red Hat 13.1.1-2)) in Fedora 38.

grooverdan avatar May 19 '23 03:05 grooverdan

@Chaloff can you fix the vulnerability introduced in 567b681 described in #2640 and create a gcc bug report for array-bounds such that the obsessive cleaning of "unsafe" functions doesn't create "safe" vulnerabilities of human error.

FWIW I saw the erroneous warnings in g++13.1.1 (20230511 (Red Hat 13.1.1-2)) in Fedora 38.

This was addressed here https://github.com/MariaDB/server/pull/2692

Chaloff avatar Jul 27 '23 00:07 Chaloff

CLA assistant check
Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you all sign our Contributor License Agreement before we can accept your contribution.
10 out of 20 committers have signed the CLA.

:white_check_mark: vaintroub
:white_check_mark: janlindstrom
:white_check_mark: FooBarrior
:white_check_mark: iangilfillan
:white_check_mark: dbart
:white_check_mark: wet6123
:white_check_mark: tvdijen
:white_check_mark: bnestere
:white_check_mark: Chaloff
:white_check_mark: LinuxJedi
:x: sanja-byelkin
:x: vuvova
:x: abarkov
:x: sysprg
:x: Thirunarayanan
:x: dmitryshulga
:x: knielsen
:x: montywi
:x: mariadb-YuchenPei
:x: dr-m
You have signed the CLA already but the status is still pending? Let us recheck it.

CLAassistant avatar Aug 30 '24 23:08 CLAassistant