From ef75f54b721adc55e266e5e64a4a55c9f15bab55 Mon Sep 17 00:00:00 2001 From: obdev Date: Wed, 22 Mar 2023 11:42:13 +0000 Subject: [PATCH] Fix incorrect length setting leads to out-of-bounds memory access --- src/sql/engine/expr/ob_expr_substr.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/sql/engine/expr/ob_expr_substr.cpp b/src/sql/engine/expr/ob_expr_substr.cpp index 90cee5547e..5841e9adb1 100644 --- a/src/sql/engine/expr/ob_expr_substr.cpp +++ b/src/sql/engine/expr/ob_expr_substr.cpp @@ -458,7 +458,7 @@ int ObExprSubstr::substr(common::ObString &varchar, res_len = min(length, mb_len - start); int64_t offset = ObCharset::charpos(cs_type, varchar.ptr(), varchar.length(), start); res_len = ObCharset::charpos(cs_type, varchar.ptr() + offset, - (offset == 0) ? varchar.length() : varchar.length() - offset + 1, res_len); + (offset == 0) ? varchar.length() : varchar.length() - offset, res_len); varchar.assign_ptr(varchar.ptr() + offset, static_cast(res_len)); } }