From 37d215325b05d69cd58853dc0f9c5fd2cccdff84 Mon Sep 17 00:00:00 2001 From: Richard Fuchs Date: Tue, 2 Jan 2024 08:48:24 -0500 Subject: [PATCH] MT#59064 switch query string to g_autoptr type This fixes a bug which incorrectly used strlen(callid) instead of strlen(esc_callid) to determine the size of the VLA to hold the complete query string. Take this opportunity to eliminate the VLA and switch to an allocated printf string instead. Change-Id: I4a64d05180832f3471249acf354bec6b5a3ba15e (cherry picked from commit b34401efefb9adf583c8e906fa97c7adbb2b9956) --- medmysql.c | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/medmysql.c b/medmysql.c index 442dfea..7e9afdc 100644 --- a/medmysql.c +++ b/medmysql.c @@ -685,26 +685,24 @@ int medmysql_fetch_records(char *callid, MYSQL_RES *res; MYSQL_ROW row; size_t callid_len = strlen(callid); - char query[strlen(MED_FETCH_QUERY) + callid_len * 7 + 1]; int ret = 0; - int len; unsigned long long count = 0; char esc_callid[callid_len*2+1]; mysql_real_escape_string(med_handler->m, esc_callid, callid, callid_len); - len = snprintf(query, sizeof(query), MED_FETCH_QUERY, + g_autoptr(char) query = g_strdup_printf(MED_FETCH_QUERY, esc_callid, esc_callid, esc_callid, esc_callid, esc_callid, esc_callid, esc_callid); - assert(len > 0 && (size_t)len < sizeof(query)); /* truncated - internal bug */ + assert(query != NULL); /*L_DEBUG("q='%s'", query);*/ - if(medmysql_query_wrapper(med_handler, query, len) != 0) + if(medmysql_query_wrapper(med_handler, query, strlen(query)) != 0) { L_CRITICAL("Error getting acc records for callid '%s': %s", callid, mysql_error(med_handler->m));