diff options
| author | Vladislav Vaintroub <vvaintroub@mysql.com> | 2009-04-29 13:51:10 +0200 |
|---|---|---|
| committer | Vladislav Vaintroub <vvaintroub@mysql.com> | 2009-04-29 13:51:10 +0200 |
| commit | 73d3be945ff5f224ae7197883617495a9e0002b2 (patch) | |
| tree | 9590cb8e7034720efd1d753e79d501e9b760a805 /mysys | |
| parent | 90815182f09d8c9647b8ce2f907b7e3d6b687375 (diff) | |
| download | mariadb-git-73d3be945ff5f224ae7197883617495a9e0002b2.tar.gz | |
Bug#43932 myisam index corruption with large index and large
key_buffer_size.
The cause of corruption was number overflow when multiplying
two ulong values, number of used keycache blocks with size
of a single block. The result of multiplication exceeded ulong
range (4G) and this lead to incorrectly calculated buffer offset
in the key cache.
The fix is to use size_t for multiplication result.
This patch also fixes pointless cast in safemalloc
(size of allocated block to uint), that creates lot of false
alarm warnings when using big keycache (> 4GB) in debug mode.
Diffstat (limited to 'mysys')
| -rw-r--r-- | mysys/mf_keycache.c | 6 | ||||
| -rw-r--r-- | mysys/safemalloc.c | 2 |
2 files changed, 5 insertions, 3 deletions
diff --git a/mysys/mf_keycache.c b/mysys/mf_keycache.c index 397a3332740..16bcb11eb91 100644 --- a/mysys/mf_keycache.c +++ b/mysys/mf_keycache.c @@ -2044,13 +2044,15 @@ restart: } else { + size_t block_mem_offset; /* There are some never used blocks, take first of them */ DBUG_ASSERT(keycache->blocks_used < (ulong) keycache->disk_blocks); block= &keycache->block_root[keycache->blocks_used]; + block_mem_offset= + ((size_t) keycache->blocks_used) * keycache->key_cache_block_size; block->buffer= ADD_TO_PTR(keycache->block_mem, - ((ulong) keycache->blocks_used* - keycache->key_cache_block_size), + block_mem_offset, uchar*); keycache->blocks_used++; DBUG_ASSERT(!block->next_used); diff --git a/mysys/safemalloc.c b/mysys/safemalloc.c index 36d07b475e9..c484f1d4c54 100644 --- a/mysys/safemalloc.c +++ b/mysys/safemalloc.c @@ -174,7 +174,7 @@ void *_mymalloc(size_t size, const char *filename, uint lineno, myf MyFlags) data[size + 3]= MAGICEND3; irem->filename= (char *) filename; irem->linenum= lineno; - irem->datasize= (uint32) size; + irem->datasize= size; irem->prev= NULL; /* Add this remember structure to the linked list */ |