From 4f63b6cf53ce2d9eaf4a8006587ebf3c4d6ddd3c Mon Sep 17 00:00:00 2001
From: Sergei Golubchik <serg@mariadb.org>
Date: Mon, 26 Apr 2021 16:52:32 +0200
Subject: Bug #31674599: THE UDF_INIT() FUNCTION CAUSE SERVER CRASH

---
 sql/sql_udf.cc | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'sql/sql_udf.cc')

diff --git a/sql/sql_udf.cc b/sql/sql_udf.cc
index 2af12d94228..c026ef6b7ba 100644
--- a/sql/sql_udf.cc
+++ b/sql/sql_udf.cc
@@ -196,7 +196,7 @@ void udf_init()
     DBUG_PRINT("info",("init udf record"));
     LEX_STRING name;
     name.str=get_field(&mem, table->field[0]);
-    name.length = (uint) strlen(name.str);
+    name.length = (uint) safe_strlen(name.str);
     char *dl_name= get_field(&mem, table->field[2]);
     bool new_dl=0;
     Item_udftype udftype=UDFTYPE_FUNCTION;
@@ -210,12 +210,12 @@ void udf_init()
 
       On windows we must check both FN_LIBCHAR and '/'.
     */
-    if (check_valid_path(dl_name, strlen(dl_name)) ||
+    if (!name.str || !dl_name || check_valid_path(dl_name, strlen(dl_name)) ||
         check_string_char_length(&name, 0, NAME_CHAR_LEN,
                                  system_charset_info, 1))
     {
       sql_print_error("Invalid row in mysql.func table for function '%.64s'",
-                      name.str);
+                      safe_str(name.str));
       continue;
     }
 
-- 
cgit v1.2.1