diff options
| author | Sergei Golubchik <sergii@pisem.net> | 2013-02-28 18:42:49 +0100 |
|---|---|---|
| committer | Sergei Golubchik <sergii@pisem.net> | 2013-02-28 18:42:49 +0100 |
| commit | 8161c6772d144d6a4f08fc924ff6e6e403d1371d (patch) | |
| tree | 3f1fe5f8048a163da4eadf0f86c1fd2a3007955d /storage/myisam | |
| parent | 154aac8eb002f5d167153e09f1d13570989521e0 (diff) | |
| parent | 31c06437c970d4d0f4ec0301acac9c56e0ed29b5 (diff) | |
| download | mariadb-git-8161c6772d144d6a4f08fc924ff6e6e403d1371d.tar.gz | |
merge with mysql-5.5.30 minus few incorrect or not applicable changesets
Diffstat (limited to 'storage/myisam')
| -rw-r--r-- | storage/myisam/mi_open.c | 6 | ||||
| -rw-r--r-- | storage/myisam/mi_search.c | 15 |
2 files changed, 15 insertions, 6 deletions
diff --git a/storage/myisam/mi_open.c b/storage/myisam/mi_open.c index 438057e22df..22225303bae 100644 --- a/storage/myisam/mi_open.c +++ b/storage/myisam/mi_open.c @@ -349,6 +349,12 @@ MI_INFO *mi_open(const char *name, int mode, uint open_flags) } else if (pos->type == HA_KEYTYPE_BINARY) pos->charset= &my_charset_bin; + if (!(share->keyinfo[i].flag & HA_SPATIAL) && + pos->start > share->base.reclength) + { + my_errno= HA_ERR_CRASHED; + goto err; + } } if (share->keyinfo[i].flag & HA_SPATIAL) { diff --git a/storage/myisam/mi_search.c b/storage/myisam/mi_search.c index 968cb9624a6..01fa10de7a3 100644 --- a/storage/myisam/mi_search.c +++ b/storage/myisam/mi_search.c @@ -949,9 +949,7 @@ uint _mi_get_binary_pack_key(register MI_KEYDEF *keyinfo, uint nod_flag, ("Found too long binary packed key: %u of %u at 0x%lx", length, keyinfo->maxlength, (long) *page_pos)); DBUG_DUMP("key", *page_pos, 16); - mi_print_error(keyinfo->share, HA_ERR_CRASHED); - my_errno=HA_ERR_CRASHED; - DBUG_RETURN(0); /* Wrong key */ + goto crashed; /* Wrong key */ } /* Key is packed against prev key, take prefix from prev key. */ from= key; @@ -994,6 +992,8 @@ uint _mi_get_binary_pack_key(register MI_KEYDEF *keyinfo, uint nod_flag, if (from == from_end) { from=page; from_end=page_end; } length+= (uint) ((*key++ = *from++)); } + if (length > keyseg->length) + goto crashed; } else length=keyseg->length; @@ -1033,15 +1033,18 @@ uint _mi_get_binary_pack_key(register MI_KEYDEF *keyinfo, uint nod_flag, if (from_end != page_end) { DBUG_PRINT("error",("Error when unpacking key")); - mi_print_error(keyinfo->share, HA_ERR_CRASHED); - my_errno=HA_ERR_CRASHED; - DBUG_RETURN(0); /* Error */ + goto crashed; /* Error */ } /* Copy data pointer and, if appropriate, key block pointer. */ memcpy((uchar*) key,(uchar*) from,(size_t) length); *page_pos= from+length; } DBUG_RETURN((uint) (key-start_key)+keyseg->length); + + crashed: + mi_print_error(keyinfo->share, HA_ERR_CRASHED); + my_errno= HA_ERR_CRASHED; + DBUG_RETURN(0); } |