Fix for a crashing bug in send_data..

sql/net_pkg.cc: Fixing a buffer overflow with huge BLOB's. This bug was caused by increasing a storage for lenght of data, while memory was not sufficiently allocated for the task.
2026-05-03 13:45:34 +02:00 · 2003-01-13 22:36:50 +02:00 · 2003-01-13 22:36:50 +02:00 · f3e431a055
commit f3e431a055
parent 730584247e
1 changed files with 9 additions and 4 deletions
--- a/sql/net_pkg.cc
+++ b/sql/net_pkg.cc
@ -283,8 +283,13 @@ bool
 net_store_data(String *packet,const char *from,uint length)
 {
  ulong packet_length=packet->length();
-  if (packet_length+5+length > packet->alloced_length() &&
-      packet->realloc(packet_length+5+length))
+/* 
+   We have added net5store in net_store_length. 
+   Before that largest size was int3store.
+   Therefore +5 is changed to +9
+*/
+  if (packet_length+9+length > packet->alloced_length() &&
+      packet->realloc(packet_length+9+length))
    return 1;
  char *to=(char*) net_store_length((char*) packet->ptr()+packet_length,
 				    (ulonglong) length);
@ -300,8 +305,8 @@ net_store_data(String *packet,const char *from)
 {
  uint length=(uint) strlen(from);
  uint packet_length=packet->length();
-  if (packet_length+5+length > packet->alloced_length() &&
-      packet->realloc(packet_length+5+length))
+  if (packet_length+9+length > packet->alloced_length() &&
+      packet->realloc(packet_length+9+length))
    return 1;
  char *to=(char*) net_store_length((char*) packet->ptr()+packet_length,
 				    length);