From 4c1ed54bfcb1ac08eb9b3221fba563ff55ac8f86 Mon Sep 17 00:00:00 2001
From: Sergei Golubchik <serg@mariadb.org>
Date: Sun, 5 Sep 2021 13:09:02 +0200
Subject: fix Binary_string::c_ptr and c_ptr_safe

if the Ptr="abc", then str_length=3, and for a C ptr it needs Ptr[3]=0;
but it passes str_length+1 (=4) to realloc, and realloc allocates
arg_length+1 bytes (that is 5) and does Ptr[arg_length]= 0; (Ptr[4]=0)
---
 sql/sql_string.h | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'sql/sql_string.h')

diff --git a/sql/sql_string.h b/sql/sql_string.h
index d7661605492..fe57c8153bb 100644
--- a/sql/sql_string.h
+++ b/sql/sql_string.h
@@ -643,7 +643,7 @@ public:
       Ptr[str_length]=0;
       return Ptr;
     }
-    (void) realloc(str_length+1);               /* This will add end \0 */
+    (void) realloc(str_length);               /* This will add end \0 */
     return Ptr;
   }
   /*
@@ -666,7 +666,7 @@ public:
     if (Ptr && str_length < Alloced_length)
       Ptr[str_length]=0;
     else
-      (void) realloc(str_length + 1);
+      (void) realloc(str_length);
     return Ptr;
   }
 
-- 
cgit v1.2.1