Uploaded image for project: 'MariaDB Connector/C'
  1. MariaDB Connector/C
  2. CONC-619

NULL pointer dereference in unpack_fields (libmariadb)

    XMLWordPrintable

Details

    • Bug
    • Status: Closed (View Workflow)
    • Blocker
    • Resolution: Fixed
    • None
    • 3.1.21
    • Internal
    • None

    Description

      libmariadb/mariadb_lib.c

          ...
      		 
          for (i=0; i < field_count; i++)
      		 
          {
      		 
            uint length= (uint)(row->data[i+1] - row->data[i] - 1);
      		 
            if (!row->data[i] && row->data[i][length])
      		 
              goto error;
      		 
          ...

      Even if row->data[i] is NULL we still continue condition evaluation and dereference NULL pointer in row->data[i][length]. Possibly || should be used instead of &&.

      Attachments

        Activity

          People

            georg Georg Richter
            yury.chaikou Yury Chaikou
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Git Integration

                Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.