Bug #28884 maybe a problem with malloc into base64.c
Submitted: 4 Jun 2007 18:28 Modified: 27 Mar 2008 19:24
Reporter: Ludovic Gasc Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server: General Severity:S3 (Non-critical)
Version:5.0.41 OS:Any
Assigned to: Sergey Vojtovich CPU Architecture:Any
Tags: malloc

[4 Jun 2007 18:28] Ludovic Gasc 
Description:
in mysys/base64.c file :

Lines : 225 - 228 
 char * src= (char *) malloc(src_len); 
 char * s= src; 
 char * str; 
 char * dst;

the malloc return is not verified.

Line : 245 
 dst= (char *) malloc(base64_needed_decoded_length(strlen(str))); 

the malloc return is not verified.

It's a problem if malloc fails, isn't it ?

How to repeat:
Launch this with not enough memory.

Suggested fix:
Verify malloc return.
[5 Jun 2007 6:51] Sveta Smirnova 
Thank you for the report.

Verified as described using code analysis.
[15 Jan 2008 12:25] Bugs System 
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/41010

ChangeSet@1.2650, 2008-01-15 16:23:14+04:00, svoj@mysql.com +1 -0
  BUG#28884 - maybe a problem with malloc into base64.c
  
  Fixed that return value of malloc was not checked.
  Fixed wrong argument count (compilation failure) to base64_decode()
  function.
  
  Note:
  - there is no test case for this fix as this code is never compiled
    into mysql clients/server;
  - as this code is used for internal testing purposes only, no changelog
    entry needed.
[27 Mar 2008 11:19] Bugs System 
Pushed into 5.1.24-rc
[27 Mar 2008 17:51] Bugs System 
Pushed into 6.0.5-alpha
[27 Mar 2008 19:24] Paul DuBois 
No changelog entry needed.