diff options
| author | Michael Widenius <monty@askmonty.org> | 2012-03-13 16:38:43 +0200 |
|---|---|---|
| committer | Michael Widenius <monty@askmonty.org> | 2012-03-13 16:38:43 +0200 |
| commit | 6f06cef02b062f240806cad555275c54fd68eba6 (patch) | |
| tree | 0f0a13215822bd8fe1f0dae21d68be7e5a3accdb /storage/archive | |
| parent | 223483aedf0c53bc66cb6833210228b46448003a (diff) | |
| download | mariadb-git-6f06cef02b062f240806cad555275c54fd68eba6.tar.gz | |
Fixed bug lp:917689 "Archive table corruption crashing MariaDB signal 11"
Added 'from_end' as extra parameter to Field::unpack() to detect wrong from data.
Change ha_archive::unpack_row() to detect wrong field lengths.
Replication code changed to detect wrong field information in events.
mysql-test/r/archive.result:
dded test case for lp:917689
sql/field.cc:
Added 'from_end' as extra parameter to Field::unpack() to detect wrong from data.
Removed not used 'unpack_key' functions.
sql/field.h:
Added 'from_end' as extra parameter to Field::unpack() to detect wrong from data.
Removed not used 'unpack_key' functions.
Removed some not needed unpack() functions.
sql/filesort.cc:
Added buffer end parameter to unpack_addon_fields()
sql/log_event.h:
Added end of buffer argument to unpack_row()
sql/log_event_old.cc:
Added end of buffer argument to unpack_row()
sql/log_event_old.h:
Added end of buffer argument to unpack_row()
sql/records.cc:
Added buffer end parameter to unpack_addon_fields()
sql/rpl_record.cc:
Added end of buffer argument to unpack_row()
Added detection of wrong field information in events
sql/rpl_record.h:
Added end of buffer argument to unpack_row()
sql/rpl_record_old.cc:
Added end of buffer argument to unpack_row()
Added detection of wrong field information in events
sql/rpl_record_old.h:
Added end of buffer argument to unpack_row()
sql/table.h:
Added buffer end parameter to unpack()
storage/archive/ha_archive.cc:
Change ha_archive::unpack_row() to detect wrong field lengths.
This fixes lp:917689
Diffstat (limited to 'storage/archive')
| -rw-r--r-- | storage/archive/ha_archive.cc | 12 |
1 files changed, 9 insertions, 3 deletions
diff --git a/storage/archive/ha_archive.cc b/storage/archive/ha_archive.cc index 0549ba2d978..63c37d2d43b 100644 --- a/storage/archive/ha_archive.cc +++ b/storage/archive/ha_archive.cc @@ -1120,20 +1120,26 @@ int ha_archive::unpack_row(azio_stream *file_to_read, uchar *record) if (read != row_len || error) { - DBUG_RETURN(HA_ERR_CRASHED_ON_USAGE); + DBUG_RETURN(error ? HA_ERR_CRASHED_ON_USAGE : HA_ERR_WRONG_IN_RECORD); } /* Copy null bits */ - const uchar *ptr= record_buffer->buffer; + const uchar *ptr= record_buffer->buffer, *end= ptr+ row_len; memcpy(record, ptr, table->s->null_bytes); ptr+= table->s->null_bytes; + if (ptr > end) + DBUG_RETURN(HA_ERR_WRONG_IN_RECORD); for (Field **field=table->field ; *field ; field++) { if (!((*field)->is_null_in_record(record))) { - ptr= (*field)->unpack(record + (*field)->offset(table->record[0]), ptr); + if (!(ptr= (*field)->unpack(record + (*field)->offset(table->record[0]), + ptr, end))) + DBUG_RETURN(HA_ERR_WRONG_IN_RECORD); } } + if (ptr != end) + DBUG_RETURN(HA_ERR_WRONG_IN_RECORD); DBUG_RETURN(0); } |