From 639f9d0c74783181af8d44ae8d89018539592bb6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Javier=20Jaramago=20Fern=C3=A1ndez?=
 <jaramago.fernandez.javier@gmail.com>
Date: Thu, 23 Oct 2025 16:07:13 +0200
Subject: [PATCH 1/2] Fix potential 'use-after-free' by 'SHOW PROCESSLIST'

Accesses by 'stats___mysql_processlist' to 'myconn->query.ptr' could
lead to invalid memory accesses, as the pointed query could already have
been free by the session after being issued.
---
 lib/MySQL_Session.cpp | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/lib/MySQL_Session.cpp b/lib/MySQL_Session.cpp
index 1c1a9d5c8..b00c692d9 100644
--- a/lib/MySQL_Session.cpp
+++ b/lib/MySQL_Session.cpp
@@ -8126,8 +8126,8 @@ char* MySQL_Session::get_current_query(int max_length) {
 	}
 
 	if (CurrentQuery.stmt_info == NULL) { // text protocol
-		query_ptr = mybe->server_myds->myconn->query.ptr;
-		query_len = mybe->server_myds->myconn->query.length;
+		query_ptr = reinterpret_cast<const char*>(CurrentQuery.QueryPointer);
+		query_len = CurrentQuery.QueryLength;
 	} else { // prepared statement
 		query_ptr = CurrentQuery.stmt_info->query;
 		query_len = CurrentQuery.stmt_info->query_length;
@@ -8154,4 +8154,4 @@ char* MySQL_Session::get_current_query(int max_length) {
 	}
 
 	return res;
-}
\ No newline at end of file
+}

From 67624b8569a02544d357d6a94d589ec4bfebfd5f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Javier=20Jaramago=20Fern=C3=A1ndez?=
 <jaramago.fernandez.javier@gmail.com>
Date: Thu, 23 Oct 2025 16:58:28 +0200
Subject: [PATCH 2/2] Fix compilation warning for 'strncpy' due string
 truncation

As per the GCC manual, calls to 'strn*' function family shall be
replaced by 'memcpy' when truncation (no null termination) is expected.
---
 lib/MySQL_Session.cpp | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/MySQL_Session.cpp b/lib/MySQL_Session.cpp
index b00c692d9..861279fa9 100644
--- a/lib/MySQL_Session.cpp
+++ b/lib/MySQL_Session.cpp
@@ -8145,8 +8145,8 @@ char* MySQL_Session::get_current_query(int max_length) {
 		res = (char *) malloc(query_len + 1);
 		if (trunc_query) {
 			// for truncated queries, add three dots at the end
-			strncpy(res, query_ptr, query_len - 3);
-			strncpy(res + (query_len - 3), "...", 3);
+			memcpy(res, query_ptr, query_len - 3);
+			memcpy(res + (query_len - 3), "...", 3);
 		} else {
 			strncpy(res, query_ptr, query_len);
 		}