row0mysql.c:

Fix memory corruption bug reported by Georg Richter: if one created a table whose primary key contained at least 2 column prefixes, that could corrupt the memory heap of prebuilt_t innobase/row/row0mysql.c: Fix memory corruption bug reported by Georg Richter: if one created a table whose primary key contained at least 2 column prefixes, that could corrupt the memory heap of prebuilt_t
author: unknown <heikki@hundin.mysql.fi> 2005-02-13 20:48:02 +0200
committer: unknown <heikki@hundin.mysql.fi> 2005-02-13 20:48:02 +0200
commit: 602d9a0329383082687614322d14af1fc23f2ace (patch)
tree: 235fe27164845f714311f4a1e81040fa37bc16c0 /innobase
parent: f37290b960114b930c565019dbc5a4dc4ab201ae (diff)
download: mariadb-git-602d9a0329383082687614322d14af1fc23f2ace.tar.gz
1 files changed, 4 insertions, 1 deletions
diff --git a/innobase/row/row0mysql.c b/innobase/row/row0mysql.c
index f1673aa6fa5..0ec261e798f 100644
--- a/innobase/row/row0mysql.c
+++ b/innobase/row/row0mysql.c
@@ -424,10 +424,13 @@ row_create_prebuilt(
 	prebuilt->sel_graph = NULL;
 
 	prebuilt->search_tuple = dtuple_create(heap,
-						dict_table_get_n_cols(table));
+					2 * dict_table_get_n_cols(table));
 	
 	clust_index = dict_table_get_first_index(table);
 
+	/* Make sure that search_tuple is long enough for clustered index */
+	ut_a(2 * dict_table_get_n_cols(table) >= clust_index->n_fields);
+
 	ref_len = dict_index_get_n_unique(clust_index);
 
 	ref = dtuple_create(heap, ref_len);
author	unknown <heikki@hundin.mysql.fi>	2005-02-13 20:48:02 +0200
committer	unknown <heikki@hundin.mysql.fi>	2005-02-13 20:48:02 +0200
commit	602d9a0329383082687614322d14af1fc23f2ace (patch)
tree	235fe27164845f714311f4a1e81040fa37bc16c0 /innobase
parent	f37290b960114b930c565019dbc5a4dc4ab201ae (diff)
download	mariadb-git-602d9a0329383082687614322d14af1fc23f2ace.tar.gz