BUG#22286421: NULL POINTER DEREFERENCE

ANALYSIS: ========= A LEX_STRING structure pointer is processed during the validation of a stored program name. During this processing, there is a possibility of null pointer dereference. FIX: ==== check_routine_name() is invoked by the parser by supplying a non-empty string as the SP name. To avoid any potential calls to check_routine_name() with NULL value, a debug assert has been added to catch such cases.

BUG#22286421: NULL POINTER DEREFERENCE
ANALYSIS: ========= A LEX_STRING structure pointer is processed during the validation of a stored program name. During this processing, there is a possibility of null pointer dereference. FIX: ==== check_routine_name() is invoked by the parser by supplying a non-empty string as the SP name. To avoid any potential calls to check_routine_name() with NULL value, a debug assert has been added to catch such cases.
fbf44eed · Karthik Kamath · 3a8f43be · fbf44eed
Commit fbf44eed authored Apr 19, 2016 by Karthik Kamath
Hide whitespace changes
Inline Side-by-side

Showing with 4 additions and 3 deletions

sql/sp_head.cc sql/sp_head.cc +4 -3

No files found.
--- a/sql/sp_head.cc
+++ b/sql/sp_head.cc
 /*
-   Copyright (c) 2002, 2013, Oracle and/or its affiliates. All rights reserved.
+   Copyright (c) 2002, 2016, Oracle and/or its affiliates. All rights reserved.

   This program is free software; you can redistribute it and/or modify
   it under the terms of the GNU General Public License as published by
@@ -490,8 +490,9 @@ sp_name::init_qname(THD *thd)
 bool
 check_routine_name(LEX_STRING *ident)
 {
-  if (!ident || !ident->str || !ident->str[0] ||
-      ident->str[ident->length-1] == ' ')
+  DBUG_ASSERT(ident != NULL && ident->str != NULL);
+
+  if (!ident->str[0] || ident->str[ident->length-1] == ' ')
  {
    my_error(ER_SP_WRONG_NAME, MYF(0), ident->str);
    return TRUE;