Fixed access to undefined memory

alloc_query() is examined the content of it's argument, which was uninitalized. Fixed by storing stmt_id in llbuf, according to code comments.

Fixed access to undefined memory
alloc_query() is examined the content of it's argument, which was uninitalized. Fixed by storing stmt_id in llbuf, according to code comments.
8e2d69f7 · Monty · 80459bcb · 8e2d69f7
Commit 8e2d69f7 authored Mar 28, 2021 by Monty
Hide whitespace changes
Inline Side-by-side

Showing with 5 additions and 3 deletions

sql/sql_prepare.cc sql/sql_prepare.cc +5 -3

No files found.
--- a/sql/sql_prepare.cc
+++ b/sql/sql_prepare.cc
@@ -3414,15 +3414,17 @@ static void mysql_stmt_execute_common(THD *thd,
  if (!(stmt= find_prepared_statement(thd, stmt_id)))
  {
    char llbuf[22];
+    size_t length;
    /*
      Did not find the statement with the provided stmt_id.
      Set thd->query_string with the stmt_id so the
      audit plugin gets the meaningful notification.
    */
-    if (alloc_query(thd, llbuf, sizeof(llbuf)))
+    length= (size_t) (longlong10_to_str(stmt_id, llbuf, 10) - llbuf);
+    if (alloc_query(thd, llbuf, length + 1))
      thd->set_query(0, 0);
-    my_error(ER_UNKNOWN_STMT_HANDLER, MYF(0), static_cast<int>(sizeof(llbuf)),
+    my_error(ER_UNKNOWN_STMT_HANDLER, MYF(0), (int) length, llbuf,
-             llstr(stmt_id, llbuf), "mysqld_stmt_execute");
+             "mysqld_stmt_execute");
    DBUG_VOID_RETURN;
  }