[CONC-619] NULL pointer dereference in unpack_fields (libmariadb) - Jira

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Blocker
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 3.1.21
Component/s: Internal
Labels:
None

Description

libmariadb/mariadb_lib.c

...

    for (i=0; i < field_count; i++)

      uint length= (uint)(row->data[i+1] - row->data[i] - 1);

      if (!row->data[i] && row->data[i][length])

        goto error;

...

Even if row->data[i] is NULL we still continue condition evaluation and dereference NULL pointer in row->data[i][length]. Possibly || should be used instead of &&.

Attachments

Activity

Ascending order - Click to sort in descending order

Yury Chaikou created issue - 2022-11-18 21:01

Sergei Golubchik made changes - 2022-11-25 17:08

Field	Original Value	New Value
Key	~~MDEV-30040~~	~~CONC-619~~
Project	MariaDB Server [ 10000 ]	MariaDB Connector/C [ 10300 ]

Sergei Golubchik made changes - 2022-11-25 17:08

Assignee

Georg Richter [ georg ]

Sergei Golubchik made changes - 2022-11-25 17:09

Fix Version/s

3.1 [ 23223 ]

Sergei Golubchik made changes - 2022-11-25 17:09

Priority

Major [ 3 ]

Blocker [ 1 ]

Georg Richter added a comment - 2024-10-16 16:53

This was already fixed in rev. a3bba4639f55148c59a28a506df8a2b88e5e83ab (C/C vers. 3.1.21)

Georg Richter added a comment - 2024-10-16 16:53 This was already fixed in rev. a3bba4639f55148c59a28a506df8a2b88e5e83ab (C/C vers. 3.1.21)

Georg Richter made changes - 2024-10-16 16:53

Component/s		Internal [ 16816 ]
Fix Version/s		3.1.21 [ 28612 ]
Fix Version/s	3.1 [ 23223 ]
Resolution		Fixed [ 1 ]
Status	Open [ 1 ]	Closed [ 6 ]

People

Assignee:: Georg Richter

Reporter:: Yury Chaikou

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 2022-11-18 21:01

Updated:: 2024-10-16 16:53

Resolved:: 2024-10-16 16:53

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.

MariaDB Connector/C