mirror/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-01-16 03:52:35 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Bug#25471090: MYSQL USE AFTER FREE

Browse source 
in a specially crafted invalid packet, one can get end_pos < pos here
This commit is contained in:
Sergei Golubchik 2018-04-19 22:39:24 +02:00
parent 149c993b2c
commit 7828ba0df4
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
sql-common/client.c
View file

@ -1708,7 +1708,7 @@ read_one_row(MYSQL *mysql,uint fields,MYSQL_ROW row, ulong *lengths)
}
else
{
if (len > (ulong) (end_pos - pos))
if (pos + len > end_pos)
{
set_mysql_error(mysql, CR_UNKNOWN_ERROR, unknown_sqlstate);
return -1;