From 863b86db2485dddbfdbb8200531b7af265daa5db Mon Sep 17 00:00:00 2001
From: unknown <ramil/ram@mysql.com/ramil.myoffice.izhnet.ru>
Date: Tue, 12 Feb 2008 15:12:45 +0400
Subject: Fix for bug #33758: Got query result when using ORDER BY ASC, but
 empty result when using DESC

Problem: fetching MyISAM keys we copy a key block pointer to the end of the key buffer.
However, we don't take into account the pointer length calculatig the buffer size,
that may leads to memory overwriting and in turn to unpredictable results.

Fix: increase key buffer size by length of the key block pointer.

Note: no simple test case.


myisam/mi_open.c:
  Fix for bug #33758: Got query result when using ORDER BY ASC, but
  empty result when using DESC
    - increase possible maximum key length by size of the key block pointer,
      as it's copied into the key buffer in the get_key() MyISAM functions.
---
 myisam/mi_open.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/myisam/mi_open.c b/myisam/mi_open.c
index 5314d6a9a6c..d4d8458a669 100644
--- a/myisam/mi_open.c
+++ b/myisam/mi_open.c
@@ -270,6 +270,9 @@ MI_INFO *mi_open(const char *name, int mode, uint open_flags)
     if (share->options & HA_OPTION_COMPRESS_RECORD)
       share->base.max_key_length+=2;	/* For safety */
 
+    /* Add space for node pointer */
+    share->base.max_key_length+= share->base.key_reflength;
+
     if (!my_multi_malloc(MY_WME,
 			 &share,sizeof(*share),
 			 &share->state.rec_per_key_part,sizeof(long)*key_parts,
-- 
cgit v1.2.1