Description:
In reviewing source code in directory 'mysql-5.6.25/storage/ndb/src/mgmapi',
file 'mgmapi.cpp', there is a call to malloc() at line 2578, but no check
for a return value of NULL is performed, indicating failure.  The patch
file below addresses this issue:

--- mgmapi.cpp.orig     2015-06-14 11:38:35.000000000 -0700
+++ mgmapi.cpp  2015-06-14 11:42:12.000000000 -0700
@@ -2578,6 +2578,12 @@
       break;
 
     void *tmp_data = malloc(base64_needed_decoded_length((size_t) (len - 1)));
+    if(!tmp_data)
+    {       
+      SET_ERROR(handle, ENOMEM,
+               "Allocating ndb_mgm_events struct");
+      DBUG_RETURN(NULL);
+    }
     const int res = ndb_base64_decode(buf64, len-1, tmp_data, NULL);
     delete[] buf64;
     UtilBuffer tmp;
	 
Please feel free to review this proposed fix, comments, changes, etc.

I am attaching the patch file to this bug report...

Bill Parker (wp02855 at gmail dot com)

How to repeat:
Not Applicable...

Suggested fix:
Review and apply attached patch file

Patch File for This Bug Report

Attachment: mgmapi.cpp.patch (text/x-diff), 477 bytes.

To me, this looks like  a bug. Out-Of-Memory error is very hard one and should not occur in practice.

However, this is code from Cluster storage engine.

Hi,

Thanks for the report. Yes this is a bug, the value returned by malloc() should be tested. The actual way of reporting error and behavior on error might be handled differently (depends on the cluster dev team decision) but in any case error need to be reported

kind regards
Bogdan Kecman

Thanks for the confirmation, I was thinking, would this warrant a entry to Mitre CVE (on the off chance that a NULL pointer, I know probably quite hard to exhaust memory, could be passed to memset(), which would result in a segfault and potential loss of data)?