From 68d05007bbf0dd9ef725bddf312fbb72ed0c7d52 Mon Sep 17 00:00:00 2001
From: Georg Richter <georg@mariadb.com>
Date: Sat, 2 Mar 2019 07:54:06 +0100
Subject: [PATCH] Fix for CONC-392:

Fixed crash when server sent session tracking information with session type
SESSION_TRACK_STATE_CHANGE. In this special case the packet doesn't contain
the overall length. (see https://mariadb.com/kb/en/library/ok_packet/).
---
 libmariadb/mariadb_lib.c         |  3 ++-
 unittest/libmariadb/connection.c | 20 ++++++++++++++++++++
 2 files changed, 22 insertions(+), 1 deletion(-)

diff --git a/libmariadb/mariadb_lib.c b/libmariadb/mariadb_lib.c
index ed84b8c4..93e89f1b 100644
--- a/libmariadb/mariadb_lib.c
+++ b/libmariadb/mariadb_lib.c
@@ -2034,7 +2034,8 @@ int ma_read_ok_packet(MYSQL *mysql, uchar *pos, ulong length)
             case SESSION_TRACK_STATE_CHANGE:
             case SESSION_TRACK_TRANSACTION_CHARACTERISTICS:
             case SESSION_TRACK_SYSTEM_VARIABLES:
-              net_field_length(&pos); /* ignore total length, item length will follow next */
+              if (si_type != SESSION_TRACK_STATE_CHANGE)
+                net_field_length(&pos); /* ignore total length, item length will follow next */
               plen= net_field_length(&pos);
               if (!ma_multi_malloc(0,
                                   &session_item, sizeof(LIST),
diff --git a/unittest/libmariadb/connection.c b/unittest/libmariadb/connection.c
index 60546692..d32038fd 100644
--- a/unittest/libmariadb/connection.c
+++ b/unittest/libmariadb/connection.c
@@ -1602,8 +1602,28 @@ static int test_conc312(MYSQL *my)
   return OK;
 }
 
+static int test_conc392(MYSQL *mysql)
+{
+  int rc;
+  const char *data;
+  size_t len;
+  
+  rc= mysql_query(mysql, "set session_track_state_change=1");
+  check_mysql_rc(rc, mysql);
+
+  if (mysql_session_track_get_first(mysql, SESSION_TRACK_STATE_CHANGE, &data, &len))
+  {
+    diag("session_track_get_first failed");
+    return FAIL;
+  }
+  
+  FAIL_IF(len != 1, "Expected length 1");
+  return OK;
+}
+
 
 struct my_tests_st my_tests[] = {
+  {"test_conc392", test_conc392, TEST_CONNECTION_DEFAULT, 0, NULL, NULL},
   {"test_conc312", test_conc312, TEST_CONNECTION_DEFAULT, 0, NULL, NULL},
   {"test_conc351", test_conc351, TEST_CONNECTION_NONE, 0, NULL, NULL},
   {"test_conc332", test_conc332, TEST_CONNECTION_NONE, 0, NULL, NULL},