From f77bf24df91769a4d1355087bdbfc9352d032dc4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Markus=20M=C3=A4kel=C3=A4?= <markus.makela@mariadb.com>
Date: Mon, 16 Jul 2018 09:11:21 +0300
Subject: [PATCH] Check remaining query length in SetSqlModeParser

SetSqlModeParser would read uninitialized memory if a query consisting of
only comments would be executed.
---
 .../modules/protocol/MySQL/mariadbclient/setsqlmodeparser.hh | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/server/modules/protocol/MySQL/mariadbclient/setsqlmodeparser.hh b/server/modules/protocol/MySQL/mariadbclient/setsqlmodeparser.hh
index f0400584d..4ae428e17 100644
--- a/server/modules/protocol/MySQL/mariadbclient/setsqlmodeparser.hh
+++ b/server/modules/protocol/MySQL/mariadbclient/setsqlmodeparser.hh
@@ -156,7 +156,10 @@ public:
 
                         bypass_whitespace();
 
-                        if (is_set(m_pI))
+                        // Check that there's enough characters to contain a SET keyword
+                        bool long_enough = m_pEnd - m_pI > 3 ;
+
+                        if (long_enough && is_set(m_pI))
                         {
                             rv = parse(pSql_mode);
                         }