MDEV-28315 Fix ASAN stack-buffer-overflow in String::copy_aligned

Starting since this commit 36cdd5c3cd there is an ASAN stack-buffer-overflow error because we append a NULL terminator beyond the length of memory allocated. Reviewed by: Monty and Nayuta Yanagisawa
2025-07-27 18:02:13 +03:00 · 2022-08-01 04:27:33 -07:00
parent 63478e72de
commit 84d26f98c7
4 changed files with 24 additions and 2 deletions
--- a/sql/sql_string.cc
+++ b/sql/sql_string.cc
@ -398,7 +398,7 @@ bool String::copy_aligned(const char *str, size_t arg_length, size_t offset,
  DBUG_ASSERT(offset && offset != cs->mbminlen);

  size_t aligned_length= arg_length + offset;
-  if (alloc(aligned_length))
+  if (alloc(aligned_length+1))
    return TRUE;
  
  /*