diff options
Diffstat (limited to 'storage/myisam/mi_packrec.c')
-rw-r--r-- | storage/myisam/mi_packrec.c | 16 |
1 files changed, 13 insertions, 3 deletions
diff --git a/storage/myisam/mi_packrec.c b/storage/myisam/mi_packrec.c index f751efa280b..895ce2b8c85 100644 --- a/storage/myisam/mi_packrec.c +++ b/storage/myisam/mi_packrec.c @@ -210,10 +210,17 @@ my_bool _mi_read_pack_info(MI_INFO *info, pbool fix_keys) This segment will be reallocated after construction of the tables. */ length=(uint) (elements*2+trees*(1 << myisam_quick_table_bits)); + /* + To keep some algorithms simpler, we accept that they access + bytes beyond the end of the input data. This can affect up to + one byte less than the "word size" size used in this file, + which is BITS_SAVED / 8. To avoid accessing non-allocated + data, we add (BITS_SAVED / 8) - 1 bytes to the buffer size. + */ if (!(share->decode_tables=(uint16*) my_malloc((length + OFFSET_TABLE_SIZE) * sizeof(uint16) + - (uint) (share->pack.header_length - sizeof(header)), - MYF(MY_WME | MY_ZEROFILL)))) + (uint) (share->pack.header_length - sizeof(header) + + (BITS_SAVED / 8) - 1), MYF(MY_WME | MY_ZEROFILL)))) goto err1; tmp_buff=share->decode_tables+length; disk_cache= (uchar*) (tmp_buff+OFFSET_TABLE_SIZE); @@ -1432,6 +1439,7 @@ static void fill_buffer(MI_BIT_BUFF *bit_buff) bit_buff->current_byte=0; return; } + #if BITS_SAVED == 64 bit_buff->current_byte= ((((uint) ((uchar) bit_buff->pos[7]))) + (((uint) ((uchar) bit_buff->pos[6])) << 8) + @@ -1495,7 +1503,9 @@ my_bool _mi_memmap_file(MI_INFO *info) DBUG_PRINT("warning",("File isn't extended for memmap")); DBUG_RETURN(0); } - if (mi_dynmap_file(info, share->state.state.data_file_length)) + if (mi_dynmap_file(info, + share->state.state.data_file_length + + MEMMAP_EXTRA_MARGIN)) DBUG_RETURN(0); } info->opt_flag|= MEMMAP_USED; |