hcq/MaxScale
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

MXS-3399 Fix heap-buffer overflow

Browse Source 
The original code for catenating an SrcList to another assumed
that the list to be catenated had only 1 element. Now works
regardless of the number of items.
This commit is contained in:
Johan Wikman
2021-02-08 09:49:16 +02:00
parent 182de7c7b8
commit bf7d53dd23
1 changed files with 3 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
query_classifier/qc_sqlite/sqlite-src-3110100/src/build.c
View File

@ -3751,11 +3751,13 @@ SrcList* sqlite3SrcListCat(sqlite3 *db, SrcList *pHead, SrcList *pTail)
if ( pHead==0 ){ if ( pHead==0 ){
return pTail; return pTail;
} }
/* After call to sqlite3SrcListEnlarge(), pNew->nSrc is already final size. */
int nSrc = pHead->nSrc;
pNew = sqlite3SrcListEnlarge(db, pHead, pTail->nSrc, pHead->nSrc); pNew = sqlite3SrcListEnlarge(db, pHead, pTail->nSrc, pHead->nSrc);
if (!db->mallocFailed){ if (!db->mallocFailed){
int i; int i;
for(i=0; i<pTail->nSrc; i++){ for(i=0; i<pTail->nSrc; i++){
pNew->a[pNew->nSrc - 1 + i] = pTail->a[i]; pNew->a[nSrc + i] = pTail->a[i];
memset(&pTail->a[i], 0, sizeof(pTail->a[0])); memset(&pTail->a[i], 0, sizeof(pTail->a[0]));
} }
pTail->nSrc = 0; pTail->nSrc = 0;