Skip to content

Commit a52c46e

Browse files
committed
Bug#25471090: MYSQL USE AFTER FREE
a better fix
1 parent 5cfe523 commit a52c46e

File tree

1 file changed

+2
-2
lines changed

1 file changed

+2
-2
lines changed

sql-common/client.c

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1636,7 +1636,7 @@ MYSQL_DATA *cli_read_rows(MYSQL *mysql,MYSQL_FIELD *mysql_fields,
16361636
else
16371637
{
16381638
cur->data[field] = to;
1639-
if (to + len > end_to)
1639+
if (unlikely(len > (ulong)(end_to-to) || to > end_to))
16401640
{
16411641
free_rows(result);
16421642
set_mysql_error(mysql, CR_MALFORMED_PACKET, unknown_sqlstate);
@@ -1708,7 +1708,7 @@ read_one_row(MYSQL *mysql,uint fields,MYSQL_ROW row, ulong *lengths)
17081708
}
17091709
else
17101710
{
1711-
if (pos + len > end_pos)
1711+
if (unlikely(len > (ulong)(end_pos - pos) || pos > end_pos))
17121712
{
17131713
set_mysql_error(mysql, CR_UNKNOWN_ERROR, unknown_sqlstate);
17141714
return -1;

0 commit comments

Comments
 (0)