From e6c542c5b528c42cc7920f42f7441fde57b69144 Mon Sep 17 00:00:00 2001
From: Felipe Zimmerle <felipe@zimmerle.org>
Date: Thu, 16 Jun 2016 10:31:15 -0300
Subject: [PATCH] Fix invalid read on sql hex decode transformation

---
 src/actions/transformations/sql_hex_decode.cc | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/src/actions/transformations/sql_hex_decode.cc b/src/actions/transformations/sql_hex_decode.cc
index b5579ee2..d4e949ce 100644
--- a/src/actions/transformations/sql_hex_decode.cc
+++ b/src/actions/transformations/sql_hex_decode.cc
@@ -66,32 +66,38 @@ std::string SqlHexDecode::evaluate(std::string value,
 
 int SqlHexDecode::inplace(unsigned char *data, int len) {
     unsigned char *d, *begin = data;
+    int count = 0;
 
     if ((data == NULL) || (len == 0)) {
         return 0;
     }
 
-    for (d = data; *data; *d++ = *data++) {
+    for (d = data; (++count < len) && *data; *d++ = *data++) {
         if (*data != '0') {
             continue;
         }
         ++data;
+        ++count;
         if (mytolower(*data) != 'x') {
             data--;
+            count--;
             continue;
         }
 
         data++;
+        ++count;
 
         // Do we need to keep "0x" if no hexa after?
         if (!VALID_HEX(data[0]) || !VALID_HEX(data[1])) {
             data -= 2;
+            count -= 2;
             continue;
         }
 
         while (VALID_HEX(data[0]) && VALID_HEX(data[1])) {
             *d++ = x2c(data);
             data += 2;
+            count += 2;
         }
     }