Added checks for possible NULL value and out-of-bounds reads.

server/modules/protocol/mysql_backend.c

@@ -1633,7 +1633,13 @@ static GWBUF* process_response_data (
                         {
                                 uint8_t* data;
 
-                                /** Read next packet length */
+                                /** Read next packet length if there is at least
+				 * three bytes left. If there is less than three
+				 * bytes in the buffer or it is NULL, we need to
+				 wait for more data from the backend server.*/
+				if(readbuf == NULL || GWBUF_LENGTH(readbuf) < 3)
+				    break;
+
 				data = GWBUF_DATA(readbuf);
 				nbytes_left = MYSQL_GET_PACKET_LEN(data)+MYSQL_HEADER_LEN;
 				/** Store new status to protocol structure */