summaryrefslogtreecommitdiff
path: root/sql
diff options
context:
space:
mode:
authorNeeraj Bisht <neeraj.x.bisht@oracle.com>2013-04-30 22:38:34 +0530
committerNeeraj Bisht <neeraj.x.bisht@oracle.com>2013-04-30 22:38:34 +0530
commit0c9c76e9eb0513478d3f445d06b75badc8c6d2b8 (patch)
tree78f38cf73e9855fa5dc76b6b1a7c2186ab875aff /sql
parent37e044c2cdd6ce0dc69a99d82f4467209a1b8b1c (diff)
downloadmariadb-git-0c9c76e9eb0513478d3f445d06b75badc8c6d2b8.tar.gz
BUG#16222245 - CRASH WITH EXPLAIN FOR A QUERY WITH LOOSE SCAN FOR
GROUP BY, MYISAM Problem:- In a query, where we are using loose index scan optimization and we have MIN() causes segmentation fault(where table row length is less then key_length). Analysis: While using loose index scan for MIN(), we call key_copy(), to copy the key data from record. This function is using temporary record buffer to store key data from the record buffer.But in case where the key length is greater then the buffer length, this will cause a segmentation fault. Solution: Give a proper buffer to store a key record. sql/opt_range.cc: We can't use record buffer to store key data.So, give a proper buffer to store a key record.
Diffstat (limited to 'sql')
-rw-r--r--sql/opt_range.cc8
1 files changed, 5 insertions, 3 deletions
diff --git a/sql/opt_range.cc b/sql/opt_range.cc
index 548ebfd6531..3adf27539a5 100644
--- a/sql/opt_range.cc
+++ b/sql/opt_range.cc
@@ -10856,9 +10856,11 @@ int QUICK_GROUP_MIN_MAX_SELECT::next_min()
*/
if (min_max_arg_part && min_max_arg_part->field->is_null())
{
+ uchar key_buf[MAX_KEY_LENGTH];
+
/* Find the first subsequent record without NULL in the MIN/MAX field. */
- key_copy(tmp_record, record, index_info, 0);
- result= file->index_read_map(record, tmp_record,
+ key_copy(key_buf, record, index_info, 0);
+ result= file->index_read_map(record, key_buf,
make_keypart_map(real_key_parts),
HA_READ_AFTER_KEY);
/*
@@ -10874,7 +10876,7 @@ int QUICK_GROUP_MIN_MAX_SELECT::next_min()
if (!result)
{
if (key_cmp(index_info->key_part, group_prefix, real_prefix_len))
- key_restore(record, tmp_record, index_info, 0);
+ key_restore(record, key_buf, index_info, 0);
}
else if (result == HA_ERR_KEY_NOT_FOUND || result == HA_ERR_END_OF_FILE)
result= 0; /* There is a result in any case. */