Bug #30639: limit offset,rowcount wraps when rowcount >= 2^32 in windows

 The parser uses ulonglong to store the LIMIT number. This number
 then is stored into a variable of type ha_rows. ha_rows is either
 4 or 8 byte depending on the BIG_TABLES define from config.h
 So an overflow may occur (and LIMIT becomes zero) while storing an
 ulonglong value in ha_rows.
 Fixed by :
  1. Using the maximum possible value for ha_rows on overflow
  2. Defining BIG_TABLES for the windows builds (to match the others) 

1 files changed, 11 insertions, 2 deletions

diff --git a/sql/sql_lex.cc b/sql/sql_lex.cc
index 66f5540d286..56bdaf6e4c5 100644
--- a/sql/sql_lex.cc
+++ b/sql/sql_lex.cc
@@ -2372,10 +2372,19 @@ st_lex::copy_db_to(char **p_db, size_t *p_db_length) const
 void st_select_lex_unit::set_limit(st_select_lex *sl)
 {
   ha_rows select_limit_val;
+  ulonglong val;
 
   DBUG_ASSERT(! thd->stmt_arena->is_stmt_prepare());
-  select_limit_val= (ha_rows)(sl->select_limit ? sl->select_limit->val_uint() :
-                                                 HA_POS_ERROR);
+  val= sl->select_limit ? sl->select_limit->val_uint() : HA_POS_ERROR;
+  select_limit_val= (ha_rows)val;
+#ifndef BIG_TABLES
+  /* 
+    Check for overflow : ha_rows can be smaller then ulonglong if
+    BIG_TABLES is off.
+    */
+  if (val != (ulonglong)select_limit_val)
+    select_limit_val= HA_POS_ERROR;
+#endif
   offset_limit_cnt= (ha_rows)(sl->offset_limit ? sl->offset_limit->val_uint() :
                                                  ULL(0));
   select_limit_cnt= select_limit_val + offset_limit_cnt;