From e252af7b7e505741645384cf511354e348fbb1c0 Mon Sep 17 00:00:00 2001
From: Sergei Golubchik <sergii@pisem.net>
Date: Mon, 9 Dec 2013 12:38:09 +0100
Subject: [PATCH] reuse new safe_net_field_length_ll function where appropriate

---
 sql/sql_acl.cc | 35 ++++++++++-------------------------
 1 file changed, 10 insertions(+), 25 deletions(-)

diff --git a/sql/sql_acl.cc b/sql/sql_acl.cc
index 4ce41e103bd..b4786bfd529 100644
--- a/sql/sql_acl.cc
+++ b/sql/sql_acl.cc
@@ -11112,36 +11112,21 @@ static bool
 read_client_connect_attrs(char **ptr, char *end,
                           const CHARSET_INFO *from_cs)
 {
-  size_t length, length_length;
-  size_t max_bytes_available= end - *ptr;
+  size_t length;
+  char *ptr_save= *ptr;
+
   /* not enough bytes to hold the length */
-  if ((*ptr) >= (end - 1))
+  if (ptr_save >= end)
     return true;
 
-  /* read the length */
-  if (max_bytes_available >= 9)
-  {
-    char *ptr_save= *ptr;
-    length= net_field_length_ll((uchar **) ptr);
-    length_length= *ptr - ptr_save;
-    DBUG_ASSERT(length_length <= 9);
-  }
-  else
-  {
-    /* to avoid reading unallocated and uninitialized memory */
-    char buf[10]={'\0','\0','\0','\0','\0','\0','\0','\0','\0','\0',},
-         *len_ptr= buf;
-    memcpy(buf, *ptr, max_bytes_available);
-    length= net_field_length_ll((uchar **) &len_ptr);
-    length_length= len_ptr - buf;
-    *ptr+= length_length;
-    if (max_bytes_available < length_length)
-      return true;
-  }
-  max_bytes_available-= length_length;
+  length= safe_net_field_length_ll((uchar **) ptr, end - ptr_save);
+
+  /* cannot even read the length */
+  if (*ptr == NULL)
+    return true;
 
   /* length says there're more data than can fit into the packet */
-  if (length > max_bytes_available)
+  if (*ptr + length > end)
     return true;
 
   /* impose an artificial length limit of 64k */