Details
-
Bug
-
Status: Closed (View Workflow)
-
Major
-
Resolution: Fixed
-
3.1.19, 3.3.3
-
None
Description
From cppcheck and seems to be correct.
/home/dan/repos/mariadb-server-10.11/libmariadb/libmariadb/mariadb_stmt.c:749:13: error: Common realloc mistake: 'start' nulled but not freed upon failure [memleakOnRealloc]
|
if (!(start= (uchar *)realloc(start, length)))
|
^
|
/home/dan/repos/mariadb-server-10.11/libmariadb/libmariadb/mariadb_stmt.c:772:15: error: Common realloc mistake: 'start' nulled but not freed upon failure [memleakOnRealloc]
|
if (!(start= (uchar *)realloc(start, length)))
|
^
|
/home/dan/repos/mariadb-server-10.11/libmariadb/libmariadb/mariadb_stmt.c:842:15: error: Common realloc mistake: 'start' nulled but not freed upon failure [memleakOnRealloc]
|
if (!(start= (uchar *)realloc(start, length)))
|
^
|
/home/dan/repos/mariadb-server-10.11/libmariadb/libmariadb/mariadb_stmt.c:967:15: error: Common realloc mistake: 'start' nulled but not freed upon failure [memleakOnRealloc]
|
if (!(start= (uchar *)realloc(start, length)))
|
^
|
/home/dan/repos/mariadb-server-10.11/libmariadb/libmariadb/mariadb_stmt.c:1053:17: error: Common realloc mistake: 'start' nulled but not freed upon failure [memleakOnRealloc]
|
if (!(start= (uchar *)realloc(start, length)))
|
^
|
Fixes of the form:
diff --git a/libmariadb/mariadb_stmt.c b/libmariadb/mariadb_stmt.c
|
index 4e77b5c..db129cf 100644
|
--- a/libmariadb/mariadb_stmt.c
|
+++ b/libmariadb/mariadb_stmt.c
|
@@ -1049,9 +1049,11 @@ unsigned char* ma_stmt_execute_generate_bulk_request(MYSQL_STMT *stmt, size_t *r |
if (free_bytes < size + 20) |
{
|
size_t offset= p - start; |
+ char *new_start; |
length= MAX(2 * length, offset + size + 20);
|
- if (!(start= (uchar *)realloc(start, length))) |
+ if (!(new_start= (uchar *)realloc(start, length))) |
goto mem_error; |
+ start= new_start;
|
p= start + offset;
|
}
|
|