Fix out-of-bounds read of extra2

author: Aleksey Midenkov <midenok@gmail.com> 2019-12-25 22:57:14 +0300
committer: Aleksey Midenkov <midenok@gmail.com> 2019-12-25 22:57:14 +0300
commit: 7864cb5dd32d3a88c2baf6ce3163ea1ff47c4efb (patch)
tree: 7c663d8cc286dee36c7346e7d398397aa67f02fa
parent: 414e5f7f5544a9baf1bf1fc31b01b387a73ef3b4 (diff)
download: mariadb-git-7864cb5dd32d3a88c2baf6ce3163ea1ff47c4efb.tar.gz
1 files changed, 4 insertions, 4 deletions
diff --git a/sql/table.cc b/sql/table.cc
index 761c0bf2b35..ab18eb75f65 100644
--- a/sql/table.cc
+++ b/sql/table.cc
@@ -1757,6 +1757,10 @@ int TABLE_SHARE::init_from_binary_frm_image(THD *thd, bool write,
   /* Length of the MariaDB extra2 segment in the form file. */
   len = uint2korr(frm_image+4);
 
+  if (frm_length < FRM_HEADER_SIZE + len ||
+      !(pos= uint4korr(frm_image + FRM_HEADER_SIZE + len)))
+    goto err;
+
   if (read_extra2(frm_image, len, &extra2))
     goto err;
 
@@ -1778,10 +1782,6 @@ int TABLE_SHARE::init_from_binary_frm_image(THD *thd, bool write,
   }
 #endif
 
-  if (frm_length < FRM_HEADER_SIZE + len ||
-      !(pos= uint4korr(frm_image + FRM_HEADER_SIZE + len)))
-    goto err;
-
   forminfo= frm_image + pos;
   if (forminfo + FRM_FORMINFO_SIZE >= frm_image_end)
     goto err;
author	Aleksey Midenkov <midenok@gmail.com>	2019-12-25 22:57:14 +0300
committer	Aleksey Midenkov <midenok@gmail.com>	2019-12-25 22:57:14 +0300
commit	7864cb5dd32d3a88c2baf6ce3163ea1ff47c4efb (patch)
tree	7c663d8cc286dee36c7346e7d398397aa67f02fa
parent	414e5f7f5544a9baf1bf1fc31b01b387a73ef3b4 (diff)
download	mariadb-git-7864cb5dd32d3a88c2baf6ce3163ea1ff47c4efb.tar.gz