CVE-2016-1246: Buffer overflow in DBD-mysql error reporting (Perl DBI module)

[Florian Weimer <fw () deneb enyo de>]

When a reporting a variable bind error, DBD-mysql would try to
construct the error message in a fixed-size buffer on the stack,
possibly leading to arbitrary code execution.

It depends on the application whether untrusted data is included in
the error message.  -D_FORTIFY_SOURCE=2 would catch this and turn the
issue into a mere crash.

Upstream commit:

  <https://github.com/perl5-dbi/DBD-mysql/commit/7c164a0c86cec6ee95df1d141e67b0e85dfdefd2>

Upstream credits Pali Rohár with reporting and fixing this issue.

Here is what I used to validate the patch:

use strict;
use warnings;

use DBI;

my $dbh = DBI->connect("DBI:mysql:mysql:",
                       "root", "",
                       { PrintError => 0, RaiseError => 1});

$dbh->do('CREATE TEMPORARY TABLE t (i INTEGER NOT NULL)');
$dbh->begin_work;
my $st = $dbh->prepare('INSERT INTO t VALUES (?)');
$st->bind_param(1, 'X' x 64, DBI::SQL_INTEGER);
$dbh->commit;