database/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-09-02 09:41:40 +03:00
Code Activity

Bug#31850 Test crashes in "embedded" server

Browse Source 
The mysql_change_user command fails to properly update the database pointer
when no database is selected, leading to "use after free" errors. The same
happens on the user privilege pointer in the thread security context.

The solution is to properly reset and update the database name. Also update
the user_priv pointer so that it doesn't point to freed memory.
This commit is contained in:
davi@endora.local
2007-11-01 17:29:20 -02:00
parent 7ec50bd483
commit 968af72150
2 changed files with 12 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
sql/sql_parse.cc
View File

@@ -911,6 +911,7 @@ bool dispatch_command(enum enum_server_command command, THD *thd,
/* Clear variables that are allocated */
thd->user_connect= 0;
thd->security_ctx->priv_user= thd->security_ctx->user;
res= check_user(thd, COM_CHANGE_USER, passwd, passwd_len, db, FALSE);
if (res)
@@ -933,8 +934,8 @@ bool dispatch_command(enum enum_server_command command, THD *thd,
if (save_user_connect)
decrease_user_connections(save_user_connect);
#endif /* NO_EMBEDDED_ACCESS_CHECKS */
x_free((uchar*) save_db);
x_free((uchar*) save_security_ctx.user);
x_free(save_db);
x_free(save_security_ctx.user);
if (cs_number)
{