From: Marcin Siodelski <marcin@isc.org>
Date: Wed, 21 Aug 2019 18:33:27 +0000 (+0200)
Subject: [#851,!24-p] Avoid using empty buffer in the MySQL binding.
X-Git-Tag: Kea-1.6.0~21
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=434ebd0811a4b8bdcc45eee887526c7ae748ab42;p=thirdparty%2Fkea.git

[#851,!24-p] Avoid using empty buffer in the MySQL binding.

Prior to this change, the out of bound vector element would be referenced
and could lead to undefined behavior.
---

diff --git a/src/lib/mysql/mysql_binding.cc b/src/lib/mysql/mysql_binding.cc
index 524206da17..37b0df95e8 100644
--- a/src/lib/mysql/mysql_binding.cc
+++ b/src/lib/mysql/mysql_binding.cc
@@ -292,7 +292,9 @@ MySqlBinding::convertFromDatabaseTime(const MYSQL_TIME& database_time) {
 
 MySqlBinding::MySqlBinding(enum_field_types buffer_type,
                            const size_t length)
-    : buffer_(length), length_(length),
+    // Make sure that the buffer has non-zero length in case we need to
+    // reference its first element to assign it to the MySQL binding.
+    : buffer_(length > 0 ? length : 1), length_(length),
       null_value_(buffer_type == MYSQL_TYPE_NULL) {
     memset(&bind_, 0, sizeof(MYSQL_BIND));
     bind_.buffer_type = buffer_type;