diff options
| author | Karthik Kamath <karthik.kamath@oracle.com> | 2016-04-19 14:49:27 +0530 |
|---|---|---|
| committer | Karthik Kamath <karthik.kamath@oracle.com> | 2016-04-19 14:49:27 +0530 |
| commit | fbf44eed3c69dc15047ac2d40c09dd0d16993fb0 (patch) | |
| tree | 4708bfd577ca100556ba26e842823bb253ea0f82 /sql | |
| parent | 3a8f43bec76d3d93a809b6a3c76e26e946ba0425 (diff) | |
| download | mariadb-git-fbf44eed3c69dc15047ac2d40c09dd0d16993fb0.tar.gz | |
BUG#22286421: NULL POINTER DEREFERENCE
ANALYSIS:
=========
A LEX_STRING structure pointer is processed during the
validation of a stored program name. During this processing,
there is a possibility of null pointer dereference.
FIX:
====
check_routine_name() is invoked by the parser by supplying a
non-empty string as the SP name. To avoid any potential calls
to check_routine_name() with NULL value, a debug assert has
been added to catch such cases.
Diffstat (limited to 'sql')
| -rw-r--r-- | sql/sp_head.cc | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/sql/sp_head.cc b/sql/sp_head.cc index 13d1b310599..992e7415f45 100644 --- a/sql/sp_head.cc +++ b/sql/sp_head.cc @@ -1,5 +1,5 @@ /* - Copyright (c) 2002, 2013, Oracle and/or its affiliates. All rights reserved. + Copyright (c) 2002, 2016, Oracle and/or its affiliates. All rights reserved. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -490,8 +490,9 @@ sp_name::init_qname(THD *thd) bool check_routine_name(LEX_STRING *ident) { - if (!ident || !ident->str || !ident->str[0] || - ident->str[ident->length-1] == ' ') + DBUG_ASSERT(ident != NULL && ident->str != NULL); + + if (!ident->str[0] || ident->str[ident->length-1] == ' ') { my_error(ER_SP_WRONG_NAME, MYF(0), ident->str); return TRUE; |