MT#59064 switch query string to g_autoptr type

This fixes a bug which incorrectly used strlen(callid) instead of strlen(esc_callid) to determine the size of the VLA to hold the complete query string. Take this opportunity to eliminate the VLA and switch to an allocated printf string instead. Change-Id: I4a64d05180832f3471249acf354bec6b5a3ba15e
sipwise · Jan 2, 2024 · b34401e · b34401e
1 parent e155cea
commit b34401e
Showing 1 changed file with 3 additions and 5 deletions.
diff --git a/medmysql.c b/medmysql.c
@@ -685,26 +685,24 @@ int medmysql_fetch_records(char *callid,
     MYSQL_RES *res;
     MYSQL_ROW row;
     size_t callid_len = strlen(callid);
-    char query[strlen(MED_FETCH_QUERY) + callid_len * 7 + 1];
     int ret = 0;
-    int len;
     unsigned long long count = 0;
 
     char esc_callid[callid_len*2+1];
 
     mysql_real_escape_string(med_handler->m, esc_callid, callid, callid_len);
 
-    len = snprintf(query, sizeof(query), MED_FETCH_QUERY,
+    g_autoptr(char) query = g_strdup_printf(MED_FETCH_QUERY,
         esc_callid,
         esc_callid, esc_callid,
         esc_callid, esc_callid,
         esc_callid, esc_callid);
 
-    assert(len > 0 && (size_t)len < sizeof(query)); /* truncated - internal bug */
+    assert(query != NULL);
 
     /*L_DEBUG("q='%s'", query);*/
 
-    if(medmysql_query_wrapper(med_handler, query, len) != 0)
+    if(medmysql_query_wrapper(med_handler, query, strlen(query)) != 0)
     {
         L_CRITICAL("Error getting acc records for callid '%s': %s",
                 callid, mysql_error(med_handler->m));