Details
-
Bug
-
Status: Open (View Workflow)
-
Blocker
-
Resolution: Unresolved
-
None
-
None
-
None
Description
libmariadb/mariadb_lib.c
...
|
for (i=0; i < field_count; i++) |
{
|
uint length= (uint)(row->data[i+1] - row->data[i] - 1);
|
if (!row->data[i] && row->data[i][length]) |
goto error; |
...
|
Even if row->data[i] is NULL we still continue condition evaluation and dereference NULL pointer in row->data[i][length]. Possibly || should be used instead of &&.