From ff8d8b1125c3d7c299b98f1d3266828e8a378642 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Javier=20Jaramago=20Fern=C3=A1ndez?=
 <jaramago.fernandez.javier@gmail.com>
Date: Thu, 5 Sep 2024 09:31:20 +0000
Subject: [PATCH] Fix invalid read-after-free for 'account_details.attributes'

This ownership model needs to be revisited. After transferring the
ownership of an 'account_details_t' field, it should be nullified.
---
 lib/MySQL_Protocol.cpp | 1 +
 1 file changed, 1 insertion(+)

diff --git a/lib/MySQL_Protocol.cpp b/lib/MySQL_Protocol.cpp
index d0fee754d..215bb2d8e 100644
--- a/lib/MySQL_Protocol.cpp
+++ b/lib/MySQL_Protocol.cpp
@@ -1415,6 +1415,7 @@ bool MySQL_Protocol::process_pkt_COM_CHANGE_USER(unsigned char *pkt, unsigned in
 		(*myds)->sess->user_attributes = nullptr;
 	}
 	(*myds)->sess->user_attributes=account_details.attributes;
+	account_details.attributes = nullptr;
 	char* password = get_password(account_details, PASSWORD_TYPE::PRIMARY);
 
 	if (password==NULL) {