diff options
| author | Satya B <satya.bn@sun.com> | 2009-04-07 17:06:15 +0530 |
|---|---|---|
| committer | Satya B <satya.bn@sun.com> | 2009-04-07 17:06:15 +0530 |
| commit | 543abcd48eed40864cccb1c6f3142abeba60d3a5 (patch) | |
| tree | 47bcfc26a04f95081ae9ff779961a649c8545b45 /storage/myisam/mi_packrec.c | |
| parent | 5847be8c9ac91e746af591d44ff01b72d9f87adc (diff) | |
| parent | 10350e2097393cb7410eedfcf6ba533faba20a56 (diff) | |
| download | mariadb-git-543abcd48eed40864cccb1c6f3142abeba60d3a5.tar.gz | |
merge 5.0-bugteam to 5.1-bugteam
Diffstat (limited to 'storage/myisam/mi_packrec.c')
| -rw-r--r-- | storage/myisam/mi_packrec.c | 36 |
1 files changed, 9 insertions, 27 deletions
diff --git a/storage/myisam/mi_packrec.c b/storage/myisam/mi_packrec.c index 0f3c35235e9..be9ce9a0c24 100644 --- a/storage/myisam/mi_packrec.c +++ b/storage/myisam/mi_packrec.c @@ -209,10 +209,17 @@ my_bool _mi_read_pack_info(MI_INFO *info, pbool fix_keys) This segment will be reallocated after construction of the tables. */ length=(uint) (elements*2+trees*(1 << myisam_quick_table_bits)); + /* + To keep some algorithms simpler, we accept that they access + bytes beyond the end of the input data. This can affect up to + one byte less than the "word size" size used in this file, + which is BITS_SAVED / 8. To avoid accessing non-allocated + data, we add (BITS_SAVED / 8) - 1 bytes to the buffer size. + */ if (!(share->decode_tables=(uint16*) my_malloc((length + OFFSET_TABLE_SIZE) * sizeof(uint16) + - (uint) (share->pack.header_length - sizeof(header)), - MYF(MY_WME | MY_ZEROFILL)))) + (uint) (share->pack.header_length - sizeof(header) + + (BITS_SAVED / 8) - 1), MYF(MY_WME | MY_ZEROFILL)))) goto err1; tmp_buff=share->decode_tables+length; disk_cache= (uchar*) (tmp_buff+OFFSET_TABLE_SIZE); @@ -1431,31 +1438,6 @@ static void fill_buffer(MI_BIT_BUFF *bit_buff) bit_buff->current_byte=0; return; } - else - { - uint len= 0; - uint i= 0; - /* - Check if the remaining buffer/record to read is less than the word size. - If so read byte by byte - - Note: if this branch becomes a bottleneck it can be removed, assuming - that the second memory segment allocates 7 extra bytes (see - _mi_read_pack_info()). - */ - len= bit_buff->end - bit_buff->pos; - if (len < (BITS_SAVED / 8)) - { - bit_buff->current_byte= 0; - for (i=0 ; i < len ; i++) - { - bit_buff->current_byte+= (((uint) ((uchar) bit_buff->pos[len - i - 1])) - << (8 * i)); - } - bit_buff->pos= bit_buff->end; - return; - } - } #if BITS_SAVED == 64 bit_buff->current_byte= ((((uint) ((uchar) bit_buff->pos[7]))) + |