Bug #75196 malloc() followed by x_free segfaults on every connect
Submitted: 12 Dec 2014 17:44 Modified: 15 Mar 2017 10:26
Reporter: Ken Tossell Email Updates:
Status: Closed Impact on me:
Category:Connector / ODBC Severity:S2 (Serious)
Version:5.3.4 OS:Any
Assigned to: Bogdan Degtyariov CPU Architecture:Any

[12 Dec 2014 17:44] Ken Tossell
In util/odbcinstw.c:MySQLGetPrivateProfileStringW, 'ret' is allocated using plain malloc and then freed using x_free/my_free. my_free tries to free(ret-8) and crashes the program.

How to repeat:
Build against a libmysql that stores allocation information before the apparent pointer address. Try to connect to a server.

Suggested fix:
This works: ret = x_malloc(cbRetBuffer + 1, MYF(0))
[15 Mar 2017 10:26] Bogdan Degtyariov