Bug#27029 alter table ... enable keys crashes mysqld on large table

- When creating an index for the sort, the number of rows plus 1 is used to allocate a buffer. In this test case, the number of rows 4294967295 is the max value of an unsigned integer, so when 1 was added to it, a buffer of size 0 was allocated causing the crash. - Create new test suite for this bug's test suite as per QA.
author: iggy@amd64.(none) <> 2007-06-21 12:45:56 -0400
committer: iggy@amd64.(none) <> 2007-06-21 12:45:56 -0400
commit: 39416f50a5afc7569295b0be7b2a2a97769d94d5 (patch)
tree: 7da5f4402743de245c951e35da479e7e3fbfaf3c /myisam
parent: 9346e9246a275a4d7159bb76c570cfd2d0694e04 (diff)
download: mariadb-git-39416f50a5afc7569295b0be7b2a2a97769d94d5.tar.gz
1 files changed, 3 insertions, 2 deletions
diff --git a/myisam/sort.c b/myisam/sort.c
index 3cb48b47b2c..ba3a6e20b30 100644
--- a/myisam/sort.c
+++ b/myisam/sort.c
@@ -138,8 +138,9 @@ int _create_index_by_sort(MI_SORT_PARAM *info,my_bool no_messages,
 
   while (memavl >= MIN_SORT_MEMORY)
   {
-    if ((my_off_t) (records+1)*(sort_length+sizeof(char*)) <=
-	(my_off_t) memavl)
+    if ((records < UINT_MAX32) && 
+       ((my_off_t) (records + 1) * 
+        (sort_length + sizeof(char*)) <= (my_off_t) memavl))
       keys= records+1;
     else
       do
author	iggy@amd64.(none) <>	2007-06-21 12:45:56 -0400
committer	iggy@amd64.(none) <>	2007-06-21 12:45:56 -0400
commit	39416f50a5afc7569295b0be7b2a2a97769d94d5 (patch)
tree	7da5f4402743de245c951e35da479e7e3fbfaf3c /myisam
parent	9346e9246a275a4d7159bb76c570cfd2d0694e04 (diff)
download	mariadb-git-39416f50a5afc7569295b0be7b2a2a97769d94d5.tar.gz