diff options
author | Nikita Malyavin <nikitamalyavin@gmail.com> | 2020-09-22 20:17:02 +1000 |
---|---|---|
committer | Nikita Malyavin <nikitamalyavin@gmail.com> | 2020-11-02 14:11:42 +1000 |
commit | 30894fe9a9024d4dfe85f7fc93cf702040a9ef67 (patch) | |
tree | 75c8ff45abe6447e73309e5703ce6ec286e05816 | |
parent | 95fcd567bdc4f9cdbe6b75ea6047982500b45c2f (diff) | |
download | mariadb-git-30894fe9a9024d4dfe85f7fc93cf702040a9ef67.tar.gz |
Add DBUG_ASSERT in Field::ptr_in_record
1. Subtracting table->record[0] from record is UB (non-contiguous buffers)
2. It is very popular to use move_field_offset, which changes Field::ptr,
but leaves table->record[0] unchanged. This makes a ptr_in_record result
incorrect, since it relies on table->record[0] value.
The check ensures the result is within the queried record boundaries.
-rw-r--r-- | sql/field.h | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/sql/field.h b/sql/field.h index be4d279ce61..dfc02149f9d 100644 --- a/sql/field.h +++ b/sql/field.h @@ -1151,8 +1151,9 @@ public: virtual void reset_fields() {} const uchar *ptr_in_record(const uchar *record) const { - my_ptrdiff_t l_offset= (my_ptrdiff_t) (record - table->record[0]); - return ptr + l_offset; + my_ptrdiff_t l_offset= (my_ptrdiff_t) (ptr - table->record[0]); + DBUG_ASSERT(l_offset >= 0 && table->s->rec_buff_length - l_offset > 0); + return record + l_offset; } virtual int set_default(); |