1berry/MariaDB-server
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

fix Binary_string::c_ptr and c_ptr_safe

Browse Source 
if the Ptr="abc", then str_length=3, and for a C ptr it needs Ptr[3]=0;
but it passes str_length+1 (=4) to realloc, and realloc allocates
arg_length+1 bytes (that is 5) and does Ptr[arg_length]= 0; (Ptr[4]=0)
This commit is contained in:
Sergei Golubchik 2021-09-05 13:09:02 +02:00
parent b9e2002702
commit 4c1ed54bfc
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
sql/sql_string.h
View File

@ -643,7 +643,7 @@ public:
Ptr[str_length]=0;
return Ptr;
}
(void) realloc(str_length+1); /* This will add end \0 */
(void) realloc(str_length); /* This will add end \0 */
return Ptr;
}
/*
@ -666,7 +666,7 @@ public:
if (Ptr && str_length < Alloced_length)
Ptr[str_length]=0;
else
(void) realloc(str_length + 1);
(void) realloc(str_length);
return Ptr;
}