1berry/MariaDB-server
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fixed access to undefined memory

Browse Source 
alloc_query() is examined the content of it's argument, which was
uninitalized.
Fixed by storing stmt_id in llbuf, according to code comments.
This commit is contained in:
Monty 2021-03-28 18:43:14 +03:00
parent 80459bcbd4
commit 8e2d69f7b8
1 changed files with 5 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
sql/sql_prepare.cc
View File

@ -3414,15 +3414,17 @@ static void mysql_stmt_execute_common(THD *thd,
if (!(stmt= find_prepared_statement(thd, stmt_id)))
{
char llbuf[22];
size_t length;
/*
Did not find the statement with the provided stmt_id.
Set thd->query_string with the stmt_id so the
audit plugin gets the meaningful notification.
*/
if (alloc_query(thd, llbuf, sizeof(llbuf)))
length= (size_t) (longlong10_to_str(stmt_id, llbuf, 10) - llbuf);
if (alloc_query(thd, llbuf, length + 1))
thd->set_query(0, 0);
my_error(ER_UNKNOWN_STMT_HANDLER, MYF(0), static_cast<int>(sizeof(llbuf)),
llstr(stmt_id, llbuf), "mysqld_stmt_execute");
my_error(ER_UNKNOWN_STMT_HANDLER, MYF(0), (int) length, llbuf,
"mysqld_stmt_execute");
DBUG_VOID_RETURN;
}