MySQL Bugs: #75196: malloc() followed by x_free segfaults on every connect

Bug #75196	malloc() followed by x_free segfaults on every connect
Submitted:	12 Dec 2014 17:44	Modified:	15 Mar 2017 10:26
Reporter:	Ken Tossell	Email Updates:
Status:	Closed	Impact on me:	None
Category:	Connector / ODBC	Severity:	S2 (Serious)
Version:	5.3.4	OS:	Any
Assigned to:	Bogdan Degtyariov	CPU Architecture:	Any

View
Add Comment
Files
Developer
Edit Submission
View Progress Log
Contributions

Description:
In util/odbcinstw.c:MySQLGetPrivateProfileStringW, 'ret' is allocated using plain malloc and then freed using x_free/my_free. my_free tries to free(ret-8) and crashes the program.

How to repeat:
Build against a libmysql that stores allocation information before the apparent pointer address. Try to connect to a server.

Suggested fix:
This works: ret = x_malloc(cbRetBuffer + 1, MYF(0))

Fixed