[Bug 1094779] New: libreoffice-base-drivers-mysql: memory corruption for strings longer than 64 characters
http://bugzilla.opensuse.org/show_bug.cgi?id=1094779 Bug ID: 1094779 Summary: libreoffice-base-drivers-mysql: memory corruption for strings longer than 64 characters Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.0 Hardware: x86-64 OS: Other Status: NEW Severity: Critical Priority: P5 - None Component: LibreOffice Assignee: bnc-team-screening@forge.provo.novell.com Reporter: dennisgrunert@hotmail.de QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- I marked this bug as critical since it seems that memory content can be extracted. Please change if this is not the case. Packages ======== This bug appeared after an Upgrade from Leap 42.3 to Leap 15.0 with the following packages: Leap 42.3 (no bug): * libreoffice: 6.0.4.2-21.1 * libreoffice-base-drivers-mysql: 6.0.4.2-21.1 * libmysqlcppconn7: 1.1.6-4.5 Leap 15.0 (with bug): * libreoffice: 6.0.4.2-lp150.1.3 * libreoffice-base-drivers-mysql: 6.0.4.2-lp150.1.3 * libmysqlcppconn7: 1.1.9-lp150.2.5 Description: ============ I have a libreoffice base file connecting to an external Maria DB database on a server via the MySQL Native Connector which is installed via the packages above. While everything was running smooth under Leap 42.3, I experience now this bug: Fields in tables with strings are corrupted, i.e., wrong and obscure characters are displayed after a certain amount of characters. Example: One field in a table is defined on the server as varchar(1000) with collation utf8_unicode_ci. The correct output of this field on the server and with the MySQL Native Connector unter Leap 42.3 is "HM hat FM (Islam, 2033), (FM, wollte seinen aktuellen Vertrag verkürzen und hat einen Kandidat, sollte uns email schreiben) Moustafa" The wrong output with Leap 15.0 is "HM hat FM (Islam, 2033), (FM, wollte seinen aktuellen Vertrag veonAResultSetConcurrency" Therefore, the string "onAResultSetConcurrency" was displayed instead of the second part of the second string. This happens everytime a string is longer than 64 characters! The characters 65 to the end are replaced by memory content as it seems. This may be also a security concern! The Ubuntu 16.04 LTS server is running MariaDB from the package mariadb-server with version 10.0.34-0ubuntu0.16.04.1. The config file /etc/mysql/my.cnf contains character_set_server=utf8 collation_server=utf8_unicode_ci But I do not suspect the encoding to be a problem but a hard limit of 64 characters for stings. Keep in mind that this bug is only appearing with the MySQL Native Connector, not when connection via the mysql client binary (mysql -h <host> -u <user> -p) or PHP. When replacing version 1.1.6-4.5 by 1.1.8-6.1 or 1.1.8-8.1 (most current version) of libmysqlcppconn7 in Leap 42.3, then this bug is also reproducible in Leap 42.3. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1094779
Tomáš Chvátal
http://bugzilla.opensuse.org/show_bug.cgi?id=1094779
http://bugzilla.opensuse.org/show_bug.cgi?id=1094779#c1
Bojan Ivancic
http://bugzilla.opensuse.org/show_bug.cgi?id=1094779
http://bugzilla.opensuse.org/show_bug.cgi?id=1094779#c2
--- Comment #2 from Bojan Ivancic
participants (1)
-
bugzilla_noreply@novell.com