Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
MDEV-26350: select_lex->ref_pointer_array.size() % 5 == 0
Due to an integer overflow an invalid size of ref_pointer_array could be allocated. Using size_t allows this continue. Allocation failures are handled gracefully if the value is too big. Thanks to Zuming Jiang for the bug report and fuzzing MariaDB. Reviewer: Sanja
- Loading branch information