Fix for Bug #43973 - backup_myisam.test fails on 6.0-bugteam

      
The test started failing following the push for BUG#41541.
Some of the algorithms access bytes beyond the input data
and this can affect up to one byte less than "word size"
which is BITS_SAVED / 8. 
      
Fixed by adding (BITS_SAVED / 8) -1 bytes to buffer size
(i.e. Memory Segment #2) to avoid accessing un-allocated data.

myisam/mi_packrec.c:
  Fixed _mi_read_pack_info() method to allocate (BITS_SAVED/8) - 1 
  bytes to the Memory Segment #2
mysql-test/r/myisampack.result:
  Result file for BUG#43973
mysql-test/t/myisampack.test:
  Testcase for BUG#43973

1 files changed, 9 insertions, 27 deletions

diff --git a/myisam/mi_packrec.c b/myisam/mi_packrec.c
index df9a4d18a6c..68911d7f129 100644
--- a/myisam/mi_packrec.c
+++ b/myisam/mi_packrec.c
@@ -208,10 +208,17 @@ my_bool _mi_read_pack_info(MI_INFO *info, pbool fix_keys)
     This segment will be reallocated after construction of the tables.
   */
   length=(uint) (elements*2+trees*(1 << myisam_quick_table_bits));
+  /*
+    To keep some algorithms simpler, we accept that they access
+    bytes beyond the end of the input data. This can affect up to
+    one byte less than the "word size" size used in this file,
+    which is BITS_SAVED / 8. To avoid accessing non-allocated
+    data, we add (BITS_SAVED / 8) - 1 bytes to the buffer size.
+  */
   if (!(share->decode_tables=(uint16*)
         my_malloc((length + OFFSET_TABLE_SIZE) * sizeof(uint16) +
-                  (uint) (share->pack.header_length - sizeof(header)),
-                  MYF(MY_WME | MY_ZEROFILL))))
+                  (uint) (share->pack.header_length - sizeof(header) +
+                  (BITS_SAVED / 8) - 1), MYF(MY_WME | MY_ZEROFILL))))
     goto err1;
   tmp_buff=share->decode_tables+length;
   disk_cache=(byte*) (tmp_buff+OFFSET_TABLE_SIZE);
@@ -1430,31 +1437,6 @@ static void fill_buffer(MI_BIT_BUFF *bit_buff)
     bit_buff->current_byte=0;
     return;
   }
-  else
-  {
-    uint len= 0;
-    uint i= 0;
-    /*
-      Check if the remaining buffer/record to read is less than the word size.
-      If so read byte by byte
-
-      Note: if this branch becomes a bottleneck it can be removed, assuming
-      that the second memory segment allocates 7 extra bytes (see
-      _mi_read_pack_info()).
-    */
-    len= bit_buff->end - bit_buff->pos;
-    if (len < (BITS_SAVED / 8))
-    {
-      bit_buff->current_byte= 0;
-      for (i=0 ; i < len ; i++)
-      {
-        bit_buff->current_byte+= (((uint) ((uchar) bit_buff->pos[len - i - 1]))
-                                                                    << (8 * i));
-      }
-      bit_buff->pos= bit_buff->end;
-      return;
-    }
-  }
 
 #if BITS_SAVED == 64
   bit_buff->current_byte=  ((((uint) ((uchar) bit_buff->pos[7]))) +