Details
-
Bug
-
Status: Closed (View Workflow)
-
Minor
-
Resolution: Duplicate
-
None
-
None
-
None
-
None
-
Windows 64bit build, mariadb-native-client.tar.gz of 2012-11-29
Description
In net.c line 656 in the call to my_real_read, a pointer to complen which is ulong (32-bit bit in MSVC 64-bit builds) is passed as the third argument which expects a pointer to size_t (64-bit in MSVC 64-bit builds). As a result, 4 bytes of some other use are overwritten.
The buggy code is hidden away by a (size_t *) cast:
>>>> Start
ulong my_net_read(NET *net)
{
ulong len,complen;
#ifdef HAVE_COMPRESS
if (!net->compress)
{
#endif
len = my_real_read (net,(size_t *)&complen);
^--- Bug
>>>> End
A possible fix is as follows:
>>>> Start
ulong my_net_read(NET *net)
{
ulong len,complen;
size_t complen_tmp;
#ifdef HAVE_COMPRESS
if (!net->compress)
{
#endif
len = my_real_read (net,&complen_tmp);
complen = complen_tmp;
>>>> End