diff options
author | Varun Gupta <varun.gupta@mariadb.com> | 2020-10-30 14:56:57 +0530 |
---|---|---|
committer | Marko Mäkelä <marko.makela@mariadb.com> | 2020-10-30 12:22:01 +0200 |
commit | 5a0c34e4c2fd951119efb432eedcaa65a1d36606 (patch) | |
tree | 5e6e21e19580aa9ac77c62b9a6409c6eca3c7d29 /libmariadb | |
parent | 5482d62760bcbdcf44f1340fb5846c3942419dc5 (diff) | |
download | mariadb-git-5a0c34e4c2fd951119efb432eedcaa65a1d36606.tar.gz |
MDEV-24033: SIGSEGV in __memcmp_avx2_movbe from queue_insert | SIGSEGV in __memcmp_avx2_movbe from native_compare
The issue here was the system variable max_sort_length was being applied
to decimals and it was truncating the value for decimals to the number
of bytes set by max_sort_length.
This was leading to a buffer overflow as the values were written
to the buffer without truncation and then we moved the offset to
the number of bytes(set by max_sort_length), that are needed for comparison.
The fix is to not apply max_sort_length for fixed size types like INT,
DECIMALS and only apply max_sort_length for CHAR, VARCHARS, TEXT and
BLOBS.
Diffstat (limited to 'libmariadb')
0 files changed, 0 insertions, 0 deletions