Bug #29494 Field packet with NULL fields crashes libmysqlclient.

unpack_fields() didn't expect NULL_LENGHT in the field's descriptions.
In this case we get NULL in the resulting string so cannot use
strdup_root to make a copy of it.
strdup_root changed with strmake_root as it's NULL-safe
parent 91dc4197
...@@ -1176,12 +1176,12 @@ unpack_fields(MYSQL_DATA *data,MEM_ROOT *alloc,uint fields, ...@@ -1176,12 +1176,12 @@ unpack_fields(MYSQL_DATA *data,MEM_ROOT *alloc,uint fields,
/* fields count may be wrong */ /* fields count may be wrong */
DBUG_ASSERT ((field - result) < fields); DBUG_ASSERT ((field - result) < fields);
cli_fetch_lengths(&lengths[0], row->data, default_value ? 8 : 7); cli_fetch_lengths(&lengths[0], row->data, default_value ? 8 : 7);
field->catalog = strdup_root(alloc,(char*) row->data[0]); field->catalog= strmake_root(alloc,(char*) row->data[0], lengths[0]);
field->db = strdup_root(alloc,(char*) row->data[1]); field->db= strmake_root(alloc,(char*) row->data[1], lengths[1]);
field->table = strdup_root(alloc,(char*) row->data[2]); field->table= strmake_root(alloc,(char*) row->data[2], lengths[2]);
field->org_table= strdup_root(alloc,(char*) row->data[3]); field->org_table= strmake_root(alloc,(char*) row->data[3], lengths[3]);
field->name = strdup_root(alloc,(char*) row->data[4]); field->name= strmake_root(alloc,(char*) row->data[4], lengths[4]);
field->org_name = strdup_root(alloc,(char*) row->data[5]); field->org_name= strmake_root(alloc,(char*) row->data[5], lengths[5]);
field->catalog_length= lengths[0]; field->catalog_length= lengths[0];
field->db_length= lengths[1]; field->db_length= lengths[1];
...@@ -1202,7 +1202,7 @@ unpack_fields(MYSQL_DATA *data,MEM_ROOT *alloc,uint fields, ...@@ -1202,7 +1202,7 @@ unpack_fields(MYSQL_DATA *data,MEM_ROOT *alloc,uint fields,
field->flags|= NUM_FLAG; field->flags|= NUM_FLAG;
if (default_value && row->data[7]) if (default_value && row->data[7])
{ {
field->def=strdup_root(alloc,(char*) row->data[7]); field->def=strmake_root(alloc,(char*) row->data[7], lengths[7]);
field->def_length= lengths[7]; field->def_length= lengths[7];
} }
else else
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment