From 6b444f8e5550757ccce81df87550c53d67461cc7 Mon Sep 17 00:00:00 2001
From: tiancaiamao <tiancaiamao@gmail.com>
Date: Mon, 21 Nov 2016 23:10:28 +0800
Subject: [PATCH] server: check an array out of range for malform packet
 (#2048)

---
 server/conn_stmt.go | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/server/conn_stmt.go b/server/conn_stmt.go
index 97fbca02e3..9314c4b19c 100644
--- a/server/conn_stmt.go
+++ b/server/conn_stmt.go
@@ -185,6 +185,10 @@ func parseStmtArgs(args []interface{}, boundParams [][]byte, nullBitmap, paramTy
 			continue
 		}
 
+		if (i<<1)+1 >= len(paramTypes) {
+			return mysql.ErrMalformPacket
+		}
+
 		tp := paramTypes[i<<1]
 		isUnsigned := (paramTypes[(i<<1)+1] & 0x80) > 0