diff options
| author | unknown <monty@narttu.mysql.fi> | 2003-07-18 04:04:24 +0300 |
|---|---|---|
| committer | unknown <monty@narttu.mysql.fi> | 2003-07-18 04:04:24 +0300 |
| commit | 06517dfed3505981105d892e036e36d32c23c9aa (patch) | |
| tree | 6daa5670b9fcf6d6a667f2f4af5a9ac7e1d44770 /myisam | |
| parent | 6159cd27bfe9d24e610c7a25f8e0d991abd9caff (diff) | |
| download | mariadb-git-06517dfed3505981105d892e036e36d32c23c9aa.tar.gz | |
Fixed memory overrun when doing REPAIR on table with multi-part auto_increment key where one part was a packed CHAR
myisam/mi_check.c:
Fixed memory overrun in _mi_put_key_in_record
myisam/mi_key.c:
Fixed unnecessary memory allocation
mysql-test/r/insert_select.result:
Added test case for memory corruption
mysql-test/t/insert_select.test:
Added test case for memory corruption
mysys/safemalloc.c:
Removed compiler warnings
sql/sql_acl.cc:
Fixed core dump when running with --debug
Diffstat (limited to 'myisam')
| -rw-r--r-- | myisam/mi_check.c | 22 | ||||
| -rw-r--r-- | myisam/mi_key.c | 2 |
2 files changed, 19 insertions, 5 deletions
diff --git a/myisam/mi_check.c b/myisam/mi_check.c index 92641cce13a..6caacd95386 100644 --- a/myisam/mi_check.c +++ b/myisam/mi_check.c @@ -896,7 +896,8 @@ int chk_data_link(MI_CHECK *param, MI_INFO *info,int extend) if (_mi_rec_unpack(info,record,info->rec_buff,block_info.rec_len) == MY_FILE_ERROR) { - mi_check_print_error(param,"Found wrong record at %s", llstr(start_recpos,llbuff)); + mi_check_print_error(param,"Found wrong record at %s", + llstr(start_recpos,llbuff)); got_error=1; } else @@ -3611,6 +3612,7 @@ err: void update_auto_increment_key(MI_CHECK *param, MI_INFO *info, my_bool repair_only) { + byte *record; if (!info->s->base.auto_key || !(((ulonglong) 1 << (info->s->base.auto_key-1) & info->s->state.key_map))) @@ -3624,13 +3626,24 @@ void update_auto_increment_key(MI_CHECK *param, MI_INFO *info, if (!(param->testflag & T_SILENT) && !(param->testflag & T_REP)) printf("Updating MyISAM file: %s\n", param->isam_file_name); - /* We have to use keyread here as a normal read uses info->rec_buff */ + /* + We have to use an allocated buffer instead of info->rec_buff as + _mi_put_key_in_record() may use info->rec_buff + */ + if (!(record= (byte*) my_malloc((uint) info->s->base.pack_reclength, + MYF(0)))) + { + mi_check_print_error(param,"Not enough memory for extra record"); + return; + } + mi_extra(info,HA_EXTRA_KEYREAD,0); - if (mi_rlast(info,info->rec_buff, info->s->base.auto_key-1)) + if (mi_rlast(info, record, info->s->base.auto_key-1)) { if (my_errno != HA_ERR_END_OF_FILE) { mi_extra(info,HA_EXTRA_NO_KEYREAD,0); + my_free((char*) record, MYF(0)); mi_check_print_error(param,"%d when reading last record",my_errno); return; } @@ -3642,10 +3655,11 @@ void update_auto_increment_key(MI_CHECK *param, MI_INFO *info, ulonglong auto_increment= (repair_only ? info->s->state.auto_increment : param->auto_increment_value); info->s->state.auto_increment=0; - update_auto_increment(info,info->rec_buff); + update_auto_increment(info, record); set_if_bigger(info->s->state.auto_increment,auto_increment); } mi_extra(info,HA_EXTRA_NO_KEYREAD,0); + my_free((char*) record, MYF(0)); update_state_info(param, info, UPDATE_AUTO_INC); return; } diff --git a/myisam/mi_key.c b/myisam/mi_key.c index 5b167cc9ab0..89f6bc490fa 100644 --- a/myisam/mi_key.c +++ b/myisam/mi_key.c @@ -264,7 +264,7 @@ static int _mi_put_key_in_record(register MI_INFO *info, uint keynr, byte *blob_ptr; DBUG_ENTER("_mi_put_key_in_record"); - if (info->blobs && info->s->keyinfo[keynr].flag & HA_VAR_LENGTH_KEY) + if (info->s->base.blobs && info->s->keyinfo[keynr].flag & HA_VAR_LENGTH_KEY) { if (!(blob_ptr= mi_alloc_rec_buff(info, info->s->keyinfo[keynr].keylength, |