Description:
ret is allocated using malloc() (libc) directly, but then is free()'d later on using x_free which in turn wraps my_free.

In certain other client library versions (MariaDB 10.X) this causes problems as my_malloc and my_free does some extra work.  There is two possible fixes:

1.  Use my_malloc
2.  Use free

There is a secondary bug in that memset is called directly on the value of ret without first checking that it actually succeeded.  The risk on that is probably negligible.

How to repeat:
Install MariaDB 10.X
Install myodbc.
Try to use an application that uses myodbc.

Suggested fix:
Switch to using my_malloc in MySQLGetPrivateProfileStringW function in util/odbcinstw.c.

use free() instead of x_free ...

Attachment: myodbc-mariadb-segfault.patch (text/x-patch), 585 bytes.

use my_malloc() instead of malloc()

Attachment: myodbc-mariadb-segfault2.patch (text/x-patch), 594 bytes.

Two patches, I prefer the latter, so by using my_malloc we also get zeroing of the memory area directly, without a separate (unsafe) memset.

Hello  	Jaco Kroon,

Thank you for the report and contribution.

Thanks,
Chiranjeevi.

Posted by developer:
 
The patch is pushed into mysql-5.7 branch inside Connector/ODBC git repository.

Added the following entry to the C/ODBC 5.3.6 changelog:

"The function MySQLGetPrivateProfileStringW() used malloc() to allocate
memory and then xfree() to free the allocated memory for a returned
value. That caused some issues when certain third-party versions of
MySQL client library (like MariaDB 10.x) was used. The issues have been
fixed by replacing malloc() with my_malloc()."