From 8e2d69f7b8425c9cd9546cb45c16c492d5aa5b0a Mon Sep 17 00:00:00 2001
From: Monty <monty@mariadb.org>
Date: Sun, 28 Mar 2021 18:43:14 +0300
Subject: Fixed access to undefined memory

alloc_query() is examined the content of it's argument, which was
uninitalized.
Fixed by storing stmt_id in llbuf, according to code comments.
---
 sql/sql_prepare.cc | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/sql/sql_prepare.cc b/sql/sql_prepare.cc
index 2cda1241a35..314966fbf00 100644
--- a/sql/sql_prepare.cc
+++ b/sql/sql_prepare.cc
@@ -3414,15 +3414,17 @@ static void mysql_stmt_execute_common(THD *thd,
   if (!(stmt= find_prepared_statement(thd, stmt_id)))
   {
     char llbuf[22];
+    size_t length;
     /*
       Did not find the statement with the provided stmt_id.
       Set thd->query_string with the stmt_id so the
       audit plugin gets the meaningful notification.
     */
-    if (alloc_query(thd, llbuf, sizeof(llbuf)))
+    length= (size_t) (longlong10_to_str(stmt_id, llbuf, 10) - llbuf);
+    if (alloc_query(thd, llbuf, length + 1))
       thd->set_query(0, 0);
-    my_error(ER_UNKNOWN_STMT_HANDLER, MYF(0), static_cast<int>(sizeof(llbuf)),
-             llstr(stmt_id, llbuf), "mysqld_stmt_execute");
+    my_error(ER_UNKNOWN_STMT_HANDLER, MYF(0), (int) length, llbuf,
+             "mysqld_stmt_execute");
     DBUG_VOID_RETURN;
   }
 
-- 
cgit v1.2.1