Backport into build-200906240007-5.1.34sp1

> ------------------------------------------------------------
> revno: 2871.4.1
> revision-id: vvaintroub@mysql.com-20090429115110-1ye4700m8it5tyc5
> parent: staale.smedseng@sun.com-20090428161955-3vnku1igwt0knpfu
> committer: Vladislav Vaintroub <vvaintroub@mysql.com>
> branch nick: mysql-5.1-bugteam
> timestamp: Wed 2009-04-29 13:51:10 +0200
> message:
>   Bug#43932 myisam index corruption with large index and large 
>   key_buffer_size.
>   
>   The cause of corruption was number overflow when multiplying 
>   two ulong values, number of used keycache blocks with size
>   of a single block. The result of multiplication exceeded ulong 
>   range (4G) and this lead to incorrectly calculated  buffer offset
>   in the key cache.
>   
>   The fix is to use size_t for multiplication result.
>   
>   This patch also fixes pointless cast in safemalloc 
>   (size of allocated block to uint), that creates lot of false
>   alarm warnings when using big keycache (> 4GB) in debug mode.

1 files changed, 4 insertions, 2 deletions

diff --git a/mysys/mf_keycache.c b/mysys/mf_keycache.c
index 397a3332740..16bcb11eb91 100644
--- a/mysys/mf_keycache.c
+++ b/mysys/mf_keycache.c
@@ -2044,13 +2044,15 @@ restart:
         }
         else
         {
+          size_t block_mem_offset;
           /* There are some never used blocks, take first of them */
           DBUG_ASSERT(keycache->blocks_used <
                       (ulong) keycache->disk_blocks);
           block= &keycache->block_root[keycache->blocks_used];
+          block_mem_offset= 
+           ((size_t) keycache->blocks_used) * keycache->key_cache_block_size;
           block->buffer= ADD_TO_PTR(keycache->block_mem,
-                                    ((ulong) keycache->blocks_used*
-                                     keycache->key_cache_block_size),
+                                    block_mem_offset,
                                     uchar*);
           keycache->blocks_used++;
           DBUG_ASSERT(!block->next_used);