From c05fd700970ad45735caed3a6f9930d4ce19a3bd Mon Sep 17 00:00:00 2001
From: Alexander Barkov <bar@mariadb.com>
Date: Thu, 14 Apr 2022 16:11:04 +0400
Subject: MDEV-26323 use-after-poison issue of MariaDB server

---
 sql/sql_plugin.cc | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'sql/sql_plugin.cc')

diff --git a/sql/sql_plugin.cc b/sql/sql_plugin.cc
index 97bc17042b2..75631faccaa 100644
--- a/sql/sql_plugin.cc
+++ b/sql/sql_plugin.cc
@@ -372,7 +372,8 @@ bool check_valid_path(const char *path, size_t len)
 static void fix_dl_name(MEM_ROOT *root, LEX_STRING *dl)
 {
   const size_t so_ext_len= sizeof(SO_EXT) - 1;
-  if (my_strcasecmp(&my_charset_latin1, dl->str + dl->length - so_ext_len,
+  if (dl->length < so_ext_len ||
+      my_strcasecmp(&my_charset_latin1, dl->str + dl->length - so_ext_len,
                     SO_EXT))
   {
     char *s= (char*)alloc_root(root, dl->length + so_ext_len + 1);
-- 
cgit v1.2.1