From fbf44eed3c69dc15047ac2d40c09dd0d16993fb0 Mon Sep 17 00:00:00 2001
From: Karthik Kamath <karthik.kamath@oracle.com>
Date: Tue, 19 Apr 2016 14:49:27 +0530
Subject: [PATCH] BUG#22286421: NULL POINTER DEREFERENCE

ANALYSIS:
=========
A LEX_STRING structure pointer is processed during the
validation of a stored program name. During this processing,
there is a possibility of null pointer dereference.

FIX:
====
check_routine_name() is invoked by the parser by supplying a
non-empty string as the SP name. To avoid any potential calls
to check_routine_name() with NULL value, a debug assert has
been added to catch such cases.
---
 sql/sp_head.cc | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/sql/sp_head.cc b/sql/sp_head.cc
index 13d1b310599..992e7415f45 100644
--- a/sql/sp_head.cc
+++ b/sql/sp_head.cc
@@ -1,5 +1,5 @@
 /*
-   Copyright (c) 2002, 2013, Oracle and/or its affiliates. All rights reserved.
+   Copyright (c) 2002, 2016, Oracle and/or its affiliates. All rights reserved.
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -490,8 +490,9 @@ sp_name::init_qname(THD *thd)
 bool
 check_routine_name(LEX_STRING *ident)
 {
-  if (!ident || !ident->str || !ident->str[0] ||
-      ident->str[ident->length-1] == ' ')
+  DBUG_ASSERT(ident != NULL && ident->str != NULL);
+
+  if (!ident->str[0] || ident->str[ident->length-1] == ' ')
   {
     my_error(ER_SP_WRONG_NAME, MYF(0), ident->str);
     return TRUE;