From 65e55a4b3545a9b48dfeae88791dc7eb52a01963 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Javier=20Jaramago=20Fern=C3=A1ndez?=
 <jaramago.fernandez.javier@gmail.com>
Date: Mon, 27 Apr 2020 12:56:00 +0200
Subject: [PATCH] Added len checks to avoid possible buffer overflows

---
 lib/c_tokenizer.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/lib/c_tokenizer.c b/lib/c_tokenizer.c
index 2053c5fba..2f5b8b497 100644
--- a/lib/c_tokenizer.c
+++ b/lib/c_tokenizer.c
@@ -246,7 +246,7 @@ char *mysql_query_digest_and_first_comment(char *s, int _len, char **first_comme
 			{
 				ccl=0;
 				flag = 1;
-				if (*(s+1)=='!')
+				if (i != (len-1) && *(s+1)=='!')
 					cmd=1;
 			}
 
@@ -257,13 +257,13 @@ char *mysql_query_digest_and_first_comment(char *s, int _len, char **first_comme
 			}
 
 			// comment type 3 - start with '--'
-			else if(prev_char == '-' && *s == '-' && ((*(s+1)==' ') || (*(s+1)=='\n') || (*(s+1)=='\r') || (*(s+1)=='\t') ))
+			else if(i != (len-1) && prev_char == '-' && *s == '-' && ((*(s+1)==' ') || (*(s+1)=='\n') || (*(s+1)=='\r') || (*(s+1)=='\t') ))
 			{
 				flag = 3;
 			}
 
-			else if (*s == '-' && ((*(s+1)=='-'))) {
-				if (prev_char != '-' && i!=(len-1)) {
+			else if (i != (len-1) && *s == '-' && (*(s+1)=='-')) {
+				if (prev_char != '-') {
 					flag = 3;
 				}
 				else if (i==0) {