Segfault fix on memo zero length multiple page

While converting memo field to string, stop processing on zero length multiple page.
2025-04-05 20:31:00 +08:00 · 2014-05-02 15:12:16 +02:00 · 2014-05-02 15:12:16 +02:00 · a89baeacf5
commit a89baeacf5
parent 95cf90d8ea
1 changed files with 6 additions and 2 deletions
--- a/src/libmdb/data.c
+++ b/src/libmdb/data.c
@ -732,9 +732,13 @@ static char *mdb_memo_to_string(MdbHandle *mdb, int start, int size)
 			printf("row num %d start %d len %d\n",
 				pg_row & 0xff, row_start, len);
 #endif
-			if (tmpoff + len - 4 > memo_len) {
+			if (tmpoff + len - 4 > memo_len)
 				break;
-			}
+
+			/* Stop processing on zero length multiple page memo fields */
+			if (!len)
+				break;
+
 			memcpy(tmp + tmpoff, buf + row_start + 4, len - 4);
 			tmpoff += len - 4;
 		} while (( pg_row = mdb_get_int32(buf, row_start) ));