diff options
| author | dean@mysql.com <> | 2005-02-15 17:27:23 -0600 |
|---|---|---|
| committer | dean@mysql.com <> | 2005-02-15 17:27:23 -0600 |
| commit | c962d060ac40b15e3280f71b59e17b8428c421b6 (patch) | |
| tree | 44d483589f1760bf733da671ffd5ca8d36f85276 /myisam | |
| parent | c4ff270284e6f09b09391b5f7a337828fa254e41 (diff) | |
| download | mariadb-git-c962d060ac40b15e3280f71b59e17b8428c421b6.tar.gz | |
ft_nlq_search.c:
Added bounds check to avoid accessing unallocated FT_DOC array. (BUG #8522)
Diffstat (limited to 'myisam')
| -rw-r--r-- | myisam/ft_nlq_search.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/myisam/ft_nlq_search.c b/myisam/ft_nlq_search.c index 3ad983f0a37..13cbf24b3f7 100644 --- a/myisam/ft_nlq_search.c +++ b/myisam/ft_nlq_search.c @@ -205,6 +205,10 @@ FT_INFO *ft_init_nlq_search(MI_INFO *info, uint keynr, byte *query, left_root_right)) goto err2; + /* + If ndocs == 0, this will not allocate RAM for FT_INFO.doc[], + so if ndocs == 0, FT_INFO.doc[] must not be accessed. + */ dlist=(FT_INFO *)my_malloc(sizeof(FT_INFO)+ sizeof(FT_DOC)*(aio.dtree.elements_in_tree-1), MYF(0)); @@ -275,7 +279,8 @@ float ft_nlq_find_relevance(FT_INFO *handler, else a=c; } - if (docs[a].dpos == docid) + /* bounds check to avoid accessing unallocated handler->doc */ + if (a < handler->ndocs && docs[a].dpos == docid) return (float) docs[a].weight; else return 0.0; |