Bug#101448when the input of net_length_size is 251, return 3

[zhjwpku]

The implementation of net_length_size might be wrong when input of num is 251.

Since 251 is reserved for NULL, when 251 is the input of net_store_length's 2nd parameter(i.e. length), it store 252 in the first byte of buffer, and store the 251 in the next 2 bytes.

I checked one usage in Session_gtids_ctx_encoder_string::encode, the calculated len is used to prepare the buffer(buf.prep_append).

So I think in very rare condition, the code might cause buffer overflow.

Signed-off-by: Zhao Junwang zhjwpku@gmail.com

[mysql-oca-bot]

Hi, thank you for submitting this pull request. In order to consider your code we need you to sign the Oracle Contribution Agreement (OCA). Please review the details and follow the instructions at http://www.oracle.com/technetwork/community/oca-486395.html
Please make sure to include your MySQL bug system user (email) in the returned form.
Thanks

[mysql-oca-bot]

Hi, thank you for your contribution. Please confirm this code is submitted under the terms of the OCA (Oracle's Contribution Agreement) you have previously signed by cutting and pasting the following text as a comment:
"I confirm the code being submitted is offered under the terms of the OCA, and that I am authorized to contribute it."
Thanks

[zhjwpku]

I confirm the code being submitted is offered under the terms of the OCA, and that I am authorized to contribute it.

[mysql-admin]

Hi @zhjwpku

I am closing this PR request as you have posed the code offered here directly in the suggested fix of https://bugs.mysql.com/bug.php?id=101448 and the bug itself is already fixed and closed (we didn't fixed it using your exact code but based on your idea - see details in the bug comments).

Thanks for the contribution.
==Omer