[CONC-820] alloca() on invalid metadata from the server - Jira

XML

Word

Printable

Details

Type: Bug
Status: In Review (View Workflow)
Priority: Major
Resolution: Unresolved
Affects Version/s: 3.3, 3.4
Fix Version/s: 3.3, 3.4
Component/s: Prepared Statements
Labels:
None

Description


      my_bool zf_truncated= 0;
 
      buffer= alloca(MAX(field->length, 22));
      endptr= ma_ll2str(val, buffer, is_unsigned ? 10 : -10);
      len= (uint)(endptr - buffer);

field->length can be very large and alloca() will destroy the stack.

Reported by Yalguun Tumenkhuu

Attachments

Activity

People

Assignee:: Georg Richter

Reporter:: Sergei Golubchik

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 2026-06-04 16:01

Updated:: 2026-06-04 16:17

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.

ma_stmt_codec.c
675	my_bool zf_truncated= 0;
676
677	buffer= alloca(MAX(field->length, 22));
678	endptr= ma_ll2str(val, buffer, is_unsigned ? 10 : -10);
679	len= (uint)(endptr - buffer);