[CONC-619] NULL pointer dereference in unpack_fields (libmariadb) - Jira

XML

Word

Printable

Details

Type: Bug
Status: Open (View Workflow)
Priority: Blocker
Resolution: Unresolved
Affects Version/s: None
Fix Version/s: 3.1
Component/s: None
Labels:
None

Description

libmariadb/mariadb_lib.c

...

    for (i=0; i < field_count; i++)

      uint length= (uint)(row->data[i+1] - row->data[i] - 1);

      if (!row->data[i] && row->data[i][length])

        goto error;

...

Even if row->data[i] is NULL we still continue condition evaluation and dereference NULL pointer in row->data[i][length]. Possibly || should be used instead of &&.

Attachments

Activity

People

Assignee:: Georg Richter

Reporter:: Yury Chaikou

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 2022-11-18 21:01

Updated:: 2023-05-02 15:59

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.