MDEV-22337 Assertion `Alloced_length >= (str_length + length +...

Fix pointer calculations in the Session_tracker::store. Most of the fix for this bug goes to the 10.5, but this part should be also fixed earlier.

MDEV-22337 Assertion `Alloced_length >= (str_length + length +...
Fix pointer calculations in the Session_tracker::store. Most of the fix for this bug goes to the 10.5, but this part should be also fixed earlier.
4af4284b · Alexey Botchkov · dd5c307c · 4af4284b
Commit 4af4284b authored Apr 29, 2020 by Alexey Botchkov
Hide whitespace changes
Inline Side-by-side

Showing with 9 additions and 1 deletion

sql/session_tracker.cc sql/session_tracker.cc +9 -1

No files found.
--- a/sql/session_tracker.cc
+++ b/sql/session_tracker.cc
@@ -1693,7 +1693,7 @@ void Session_tracker::store(THD *thd, String *buf)
  }

  size_t length= buf->length() - start;
-  uchar *data= (uchar *)(buf->ptr() + start);
+  uchar *data;
  uint size;

  if ((size= net_length_size(length)) != 1)
@@ -1703,8 +1703,16 @@ void Session_tracker::store(THD *thd, String *buf)
      buf->length(start); // it is safer to have 0-length block in case of error
      return;
    }
+
+    /*
+      The 'buf->reserve()' can change the buf->ptr() so we cannot
+      calculate the 'data' earlier.
+    */
+    data= (uchar *)(buf->ptr() + start);
    memmove(data + (size - 1), data, length);
  }
+  else
+    data= (uchar *)(buf->ptr() + start);

  net_store_length(data - 1, length);
 }