diff options
| author | unknown <svoj@mysql.com/june.mysql.com> | 2007-01-22 16:34:58 +0400 |
|---|---|---|
| committer | unknown <svoj@mysql.com/june.mysql.com> | 2007-01-22 16:34:58 +0400 |
| commit | fde52a2f827654f02dae9e0cd69f262bb54ee11a (patch) | |
| tree | 250eb2892e5a27251f71815a994abfc1044b6fa6 /myisam | |
| parent | f509e774bc5e593418f84b70d315b9d4a798eb12 (diff) | |
| download | mariadb-git-fde52a2f827654f02dae9e0cd69f262bb54ee11a.tar.gz | |
BUG#24401 - MySQL server crashes if you try to retrieve data from
corrupted table
Accessing a table with corrupted column definition results in server
crash.
This is fixed by refusing to open such tables. Affects MyISAM only.
No test case, since it requires crashed table.
myisam/mi_open.c:
Refuse to open MyISAM table with summary columns length bigger than
length of the record.
Diffstat (limited to 'myisam')
| -rw-r--r-- | myisam/mi_open.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/myisam/mi_open.c b/myisam/mi_open.c index 047686278b4..b007eb63e63 100644 --- a/myisam/mi_open.c +++ b/myisam/mi_open.c @@ -435,6 +435,13 @@ MI_INFO *mi_open(const char *name, int mode, uint open_flags) offset+=share->rec[i].length; } share->rec[i].type=(int) FIELD_LAST; /* End marker */ + if (offset > share->base.reclength) + { + /* purecov: begin inspected */ + my_errno= HA_ERR_CRASHED; + goto err; + /* purecov: end */ + } if (! lock_error) { |