From ca8f94f727dba19a6ac43691df53fdc829e2124e Mon Sep 17 00:00:00 2001
From: Sergei Golubchik <vuvova@gmail.com>
Date: Mon, 4 May 2020 09:13:08 +0200
Subject: [PATCH] BUG#29597896 - NULL POINTER DEREFERENCE IN LIBMYSQL

CONC version of server commit e8e67bd4a4c
---
 libmariadb/mariadb_lib.c | 19 +++++++------------
 1 file changed, 7 insertions(+), 12 deletions(-)

diff --git a/libmariadb/mariadb_lib.c b/libmariadb/mariadb_lib.c
index 7a38a875..0434527c 100644
--- a/libmariadb/mariadb_lib.c
+++ b/libmariadb/mariadb_lib.c
@@ -870,18 +870,13 @@ unpack_fields(const MYSQL *mysql,
 
     for (i=0; i < field_count; i++)
     {
-      switch(row->data[i][0]) {
-      case 0:
-       *(char **)(((char *)field) + rset_field_offsets[i*2])= ma_strdup_root(alloc, "");
-       *(unsigned int *)(((char *)field) + rset_field_offsets[i*2+1])= 0;
-       break;
-     default:
-       *(char **)(((char *)field) + rset_field_offsets[i*2])=
-         ma_strdup_root(alloc, (char *)row->data[i]);
-       *(unsigned int *)(((char *)field) + rset_field_offsets[i*2+1])=
-         (uint)(row->data[i+1] - row->data[i] - 1);
-       break;
-      }
+      uint length= (uint)(row->data[i+1] - row->data[i] - 1);
+      if (!row->data[i] && row->data[i][length])
+        goto error;
+
+      *(char **)(((char *)field) + rset_field_offsets[i*2])=
+        ma_strdup_root(alloc, (char *)row->data[i]);
+      *(unsigned int *)(((char *)field) + rset_field_offsets[i*2+1])= length;
     }
 
     field->extension= NULL;