Bug#22694 "function plugin_foreach_with_mask() uses an uninitialized pointer"

   Fix uninitialized memory.


sql/sql_plugin.cc:
  move my_alloca() call out of nested stack frame.
  ensure that every element of array is initialized.

1 files changed, 10 insertions, 9 deletions

diff --git a/sql/sql_plugin.cc b/sql/sql_plugin.cc
index 8cd4c661fb8..9ff88b2054a 100644
--- a/sql/sql_plugin.cc
+++ b/sql/sql_plugin.cc
@@ -951,29 +951,30 @@ my_bool plugin_foreach_with_mask(THD *thd, plugin_foreach_func *func,
   state_mask= ~state_mask; // do it only once
 
   rw_rdlock(&THR_LOCK_plugin);
+  total= type == MYSQL_ANY_PLUGIN ? plugin_array.elements
+                                  : plugin_hash[type].records;
+  /*
+    Do the alloca out here in case we do have a working alloca:
+	leaving the nested stack frame invalidates alloca allocation.
+  */
+  plugins=(struct st_plugin_int **)my_alloca(total*sizeof(*plugins));
   if (type == MYSQL_ANY_PLUGIN)
   {
-    total=plugin_array.elements;
-    plugins=(struct st_plugin_int **)my_alloca(total*sizeof(*plugins));
     for (idx= 0; idx < total; idx++)
     {
       plugin= dynamic_element(&plugin_array, idx, struct st_plugin_int *);
-      if (plugin->state & state_mask)
-        continue;
-      plugins[idx]= plugin;
+      plugins[idx]= !(plugin->state & state_mask) ? plugin : NULL;
     }
   }
   else
   {
-    HASH *hash= &plugin_hash[type];
-    total=hash->records;
-    plugins=(struct st_plugin_int **)my_alloca(total*sizeof(*plugins));
+    HASH *hash= plugin_hash + type;
     for (idx= 0; idx < total; idx++)
     {
       plugin= (struct st_plugin_int *) hash_element(hash, idx);
       if (plugin->state & state_mask)
         continue;
-      plugins[idx]= plugin;
+      plugins[idx]= !(plugin->state & state_mask) ? plugin : NULL;
     }
   }
   rw_unlock(&THR_LOCK_plugin);