MDEV-22005 UBSAN: applying non-zero offset 2 to null pointer in my_charpos_mb()

Empty comment has a correct length.
2025-07-29 05:21:33 +03:00 · 2020-03-23 02:08:01 +03:00
parent 5918b17004
commit 0b00c1a22f
2 changed files with 12 additions and 4 deletions
--- a/sql/sql_table.cc
+++ b/sql/sql_table.cc
@ -1,6 +1,6 @@
 /*
   Copyright (c) 2000, 2019, Oracle and/or its affiliates.
-   Copyright (c) 2010, 2019, MariaDB
+   Copyright (c) 2010, 2020, MariaDB

   This program is free software; you can redistribute it and/or modify
   it under the terms of the GNU General Public License as published by
@ -4286,8 +4286,12 @@ bool validate_comment_length(THD *thd, LEX_STRING *comment, size_t max_len,
                             uint err_code, const char *name)
 {
  DBUG_ENTER("validate_comment_length");
-  uint tmp_len= my_charpos(system_charset_info, comment->str,
-                           comment->str + comment->length, max_len);
+
+  if (comment->length == 0)
+    DBUG_RETURN(false);
+
+  size_t tmp_len=
+      Well_formed_prefix(system_charset_info, *comment, max_len).length();
  if (tmp_len < comment->length)
  {
    if (thd->is_strict_mode())