MDEV-23893: Apply Sergei’s patch to validate numeric suffix parsing #4425
+8
−1
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
|
Author
svoj
added
the
External Contribution
grooverdan
requested changes
Nov 17, 2025
Member
grooverdan
left a comment
grooverdan
left a comment
There was a problem hiding this comment.
On the Commit message. "MDEV-23893: Reject invalid numerical suffixes" is closer as a function description.
git commit --amend --author "Sergei Golubchik <[email protected]>" is a right way to attribute an author. Credit yourself in the body of the message if you want.
With these done, make this a single corrected commit and git push --force tot he same branch will update this PR.
|
|
||
| static inline ulonglong eval_num_suffix(char *suffix, int *error) | ||
| { | ||
| /* Sergei’s patch for MDEV-23893: |
Member
There was a problem hiding this comment.
remove above bit of comment and just leave as a comment on the text below, aligned to the indentation level. Correct the indentation level of if too`.
| errno= 0; | ||
| num= strtoll(argument, &endchar, 10); | ||
| if (errno == ERANGE) | ||
| if (errno == ERANGE||argument==endchar) |
Member
There was a problem hiding this comment.
Spaces on either side of ||.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
This patch applies Sergei’s proposed fix for MDEV-23893, ensuring that invalid suffixes for numeric configuration options (like
expire_logs_days) are properly rejected.In previous MariaDB versions (10.3–10.5), the server incorrectly accepted values such as:
This patch adds stricter validation during numeric suffix parsing.
✅ Changes
eval_num_suffix()to reject suffixes longer than one character (ab,hjh, etc.).eval_num_suffix_ll()to handle empty or invalid numeric values.🧠 Technical Details
This prevents multi-character suffixes from being accepted.
Also, additional range and parsing checks were added for safer numeric handling.
🧑💻 Credits
🔧 Testing
Verified that invalid values such as
expire_logs_days=abcorexpire_logs_days=pqnow trigger an error during startup.