[CONC-63] Memory corruption in my_net_read of net.c n Windows 64 bit - Jira

XML

Word

Printable

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Minor
Resolution: Duplicate
Affects Version/s: None
Fix Version/s: None
Component/s: None
Labels:
None
Environment:
Windows 64bit build, mariadb-native-client.tar.gz of 2012-11-29

Description

In net.c line 656 in the call to my_real_read, a pointer to complen which is ulong (32-bit bit in MSVC 64-bit builds) is passed as the third argument which expects a pointer to size_t (64-bit in MSVC 64-bit builds). As a result, 4 bytes of some other use are overwritten.

The buggy code is hidden away by a (size_t *) cast:

>>>> Start
ulong my_net_read(NET *net)
{
ulong len,complen;

#ifdef HAVE_COMPRESS
if (!net->compress)
{
#endif
len = my_real_read (net,(size_t *)&complen);
^--- Bug
>>>> End

A possible fix is as follows:

>>>> Start
ulong my_net_read(NET *net)
{
ulong len,complen;
size_t complen_tmp;

#ifdef HAVE_COMPRESS
if (!net->compress)
{
#endif
len = my_real_read (net,&complen_tmp);
complen = complen_tmp;
>>>> End

Attachments

Activity

People

Assignee:: Georg Richter

Reporter:: Dror Harari

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 2013-12-26 12:59

Updated:: 2014-01-11 19:24

Resolved:: 2014-01-11 19:24

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.