diff options
author | Monty <monty@mariadb.org> | 2021-03-28 18:43:14 +0300 |
---|---|---|
committer | Monty <monty@mariadb.org> | 2021-03-28 18:43:14 +0300 |
commit | 8e2d69f7b8425c9cd9546cb45c16c492d5aa5b0a (patch) | |
tree | cc52bbd73a09c967b875fa48eae7e12a0c9bd8c9 /sql | |
parent | 80459bcbd4ca2cfd149f58c41428882fcfc49e03 (diff) | |
download | mariadb-git-8e2d69f7b8425c9cd9546cb45c16c492d5aa5b0a.tar.gz |
Fixed access to undefined memory
alloc_query() is examined the content of it's argument, which was
uninitalized.
Fixed by storing stmt_id in llbuf, according to code comments.
Diffstat (limited to 'sql')
-rw-r--r-- | sql/sql_prepare.cc | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/sql/sql_prepare.cc b/sql/sql_prepare.cc index 2cda1241a35..314966fbf00 100644 --- a/sql/sql_prepare.cc +++ b/sql/sql_prepare.cc @@ -3414,15 +3414,17 @@ static void mysql_stmt_execute_common(THD *thd, if (!(stmt= find_prepared_statement(thd, stmt_id))) { char llbuf[22]; + size_t length; /* Did not find the statement with the provided stmt_id. Set thd->query_string with the stmt_id so the audit plugin gets the meaningful notification. */ - if (alloc_query(thd, llbuf, sizeof(llbuf))) + length= (size_t) (longlong10_to_str(stmt_id, llbuf, 10) - llbuf); + if (alloc_query(thd, llbuf, length + 1)) thd->set_query(0, 0); - my_error(ER_UNKNOWN_STMT_HANDLER, MYF(0), static_cast<int>(sizeof(llbuf)), - llstr(stmt_id, llbuf), "mysqld_stmt_execute"); + my_error(ER_UNKNOWN_STMT_HANDLER, MYF(0), (int) length, llbuf, + "mysqld_stmt_execute"); DBUG_VOID_RETURN; } |