Fixed access to undefined memory

alloc_query() is examined the content of it's argument, which was uninitalized. Fixed by storing stmt_id in llbuf, according to code comments.
author: Monty <monty@mariadb.org> 2021-03-28 18:43:14 +0300
committer: Monty <monty@mariadb.org> 2021-03-28 18:43:14 +0300
commit: 8e2d69f7b8425c9cd9546cb45c16c492d5aa5b0a (patch)
tree: cc52bbd73a09c967b875fa48eae7e12a0c9bd8c9
parent: 80459bcbd4ca2cfd149f58c41428882fcfc49e03 (diff)
download: mariadb-git-8e2d69f7b8425c9cd9546cb45c16c492d5aa5b0a.tar.gz
1 files changed, 5 insertions, 3 deletions
diff --git a/sql/sql_prepare.cc b/sql/sql_prepare.cc
index 2cda1241a35..314966fbf00 100644
--- a/sql/sql_prepare.cc
+++ b/sql/sql_prepare.cc
@@ -3414,15 +3414,17 @@ static void mysql_stmt_execute_common(THD *thd,
   if (!(stmt= find_prepared_statement(thd, stmt_id)))
   {
     char llbuf[22];
+    size_t length;
     /*
       Did not find the statement with the provided stmt_id.
       Set thd->query_string with the stmt_id so the
       audit plugin gets the meaningful notification.
     */
-    if (alloc_query(thd, llbuf, sizeof(llbuf)))
+    length= (size_t) (longlong10_to_str(stmt_id, llbuf, 10) - llbuf);
+    if (alloc_query(thd, llbuf, length + 1))
       thd->set_query(0, 0);
-    my_error(ER_UNKNOWN_STMT_HANDLER, MYF(0), static_cast<int>(sizeof(llbuf)),
-             llstr(stmt_id, llbuf), "mysqld_stmt_execute");
+    my_error(ER_UNKNOWN_STMT_HANDLER, MYF(0), (int) length, llbuf,
+             "mysqld_stmt_execute");
     DBUG_VOID_RETURN;
   }
author	Monty <monty@mariadb.org>	2021-03-28 18:43:14 +0300
committer	Monty <monty@mariadb.org>	2021-03-28 18:43:14 +0300
commit	8e2d69f7b8425c9cd9546cb45c16c492d5aa5b0a (patch)
tree	cc52bbd73a09c967b875fa48eae7e12a0c9bd8c9
parent	80459bcbd4ca2cfd149f58c41428882fcfc49e03 (diff)
download	mariadb-git-8e2d69f7b8425c9cd9546cb45c16c492d5aa5b0a.tar.gz