database/mariadb-connector-c
1
0
Fork 0
mirror of https://github.com/mariadb-corporation/mariadb-connector-c.git synced 2025-08-07 02:42:49 +03:00
Code Activity

BUG#29597896 - NULL POINTER DEREFERENCE IN LIBMYSQL

Browse Source 
CONC version of server commit e8e67bd4a4c
This commit is contained in:
Sergei Golubchik
2020-05-04 09:13:08 +02:00
parent 2d81c70a41
commit ca8f94f727
1 changed files with 7 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
libmariadb/mariadb_lib.c
View File

@@ -870,18 +870,13 @@ unpack_fields(const MYSQL *mysql,
for (i=0; i < field_count; i++)
{
switch(row->data[i][0]) {
case 0:
*(char **)(((char *)field) + rset_field_offsets[i*2])= ma_strdup_root(alloc, "");
*(unsigned int *)(((char *)field) + rset_field_offsets[i*2+1])= 0;
break;
default:
*(char **)(((char *)field) + rset_field_offsets[i*2])=
ma_strdup_root(alloc, (char *)row->data[i]);
*(unsigned int *)(((char *)field) + rset_field_offsets[i*2+1])=
(uint)(row->data[i+1] - row->data[i] - 1);
break;
}
uint length= (uint)(row->data[i+1] - row->data[i] - 1);
if (!row->data[i] && row->data[i][length])
goto error;
*(char **)(((char *)field) + rset_field_offsets[i*2])=
ma_strdup_root(alloc, (char *)row->data[i]);
*(unsigned int *)(((char *)field) + rset_field_offsets[i*2+1])= length;
}
field->extension= NULL;