Problem:

Slave thread coredumps on startup on SCO OpenServer 5.0.5 ( possibly others too) because of a buffer overrun bug in realpath(). Other areas of MySQL can pontentially be unstable as well, as realpath() is called frequently in that context.

Fix:

--- 1.6/mysys/mf_format.c Tue Sep 19 19:54:43 2000 +++ edited/mysys/mf_format.c Fri Oct 27 18:46:38 2000 @@ -33,10 +33,14 @@ /* 32 Resolve filename to full path */ /* 64 Return NULL if too long path */

+#ifdef SCO +#define BUFF_LEN 4097 +#else #ifdef MAXPATHLEN #define BUFF_LEN MAXPATHLEN #else #define BUFF_LEN FN_LEN +#endif #endif

my_string fn_format(my_string to, const char *name, const char *dsk,

Gory details (discovered by disassembling realpath() ):

if the first argument of realpath starts with '.', realpath() will call getcwd() passing it hard-coded 4096 constant for the buffer size. Even if the length of the current working directory much less than 4096, getcwd() will modify all 4096 characters of the buffer. The docs on realpath() say the buffer must be at least MAXPATHLEN characters. The problem is that MAXPATHLEN is not defined anywhere, at least I could not find where it is defined, when you compile it is not defined, and docs on realpath() do not tell you to include anything other than <stdlib.h>, which does not define MAXPATHLEN. Related constants MAX_PATH and NL_MAXPATHLEN are defined to 1024, which is not sufficient to avoid buffer overrun in getcwd().