From 3d65d0db1611f3aea3e1bcde22949351f3b89661 Mon Sep 17 00:00:00 2001 From: Sergei Golubchik Date: Tue, 4 Sep 2018 23:19:07 +0200 Subject: MDEV-9137 MariaDB Crash on Query Using Aria Engine Two bugs in Aria, related to 2-level fulltext indexes: * REPAIR calculated the key number incorrectly * CHECK copied the key into last_key too early and checking the second-level btree was overwriting it --- storage/maria/ma_check.c | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) (limited to 'storage/maria') diff --git a/storage/maria/ma_check.c b/storage/maria/ma_check.c index 198df72a1d6..d6379dc4d91 100644 --- a/storage/maria/ma_check.c +++ b/storage/maria/ma_check.c @@ -891,8 +891,7 @@ static int chk_index(HA_CHECK *param, MARIA_HA *info, MARIA_KEYDEF *keyinfo, if (level > param->max_level) param->max_level=level; - if (_ma_get_keynr(share, anc_page->buff) != - (uint) (keyinfo - share->keyinfo)) + if (_ma_get_keynr(share, anc_page->buff) != keyinfo->key_nr) _ma_check_print_error(param, "Page at %s is not marked for index %u", llstr(anc_page->pos, llbuff), (uint) (keyinfo - share->keyinfo)); @@ -916,7 +915,7 @@ static int chk_index(HA_CHECK *param, MARIA_HA *info, MARIA_KEYDEF *keyinfo, info->last_key.keyinfo= tmp_key.keyinfo= keyinfo; info->lastinx= ~0; /* Safety */ tmp_key.data= tmp_key_buff; - for ( ;; ) + for ( ;; _ma_copy_key(&info->last_key, &tmp_key)) { if (nod_flag) { @@ -998,7 +997,6 @@ static int chk_index(HA_CHECK *param, MARIA_HA *info, MARIA_KEYDEF *keyinfo, tmp_key.data); } } - _ma_copy_key(&info->last_key, &tmp_key); (*key_checksum)+= maria_byte_checksum(tmp_key.data, tmp_key.data_length); record= _ma_row_pos_from_key(&tmp_key); @@ -5728,8 +5726,7 @@ static int sort_insert_key(MARIA_SORT_PARAM *sort_param, a_length= share->keypage_header + nod_flag; key_block->end_pos= anc_buff + share->keypage_header; bzero(anc_buff, share->keypage_header); - _ma_store_keynr(share, anc_buff, (uint) (sort_param->keyinfo - - share->keyinfo)); + _ma_store_keynr(share, anc_buff, sort_param->keyinfo->key_nr); lastkey=0; /* No previous key in block */ } else -- cgit v1.2.1 From 7438667fa96433605078ada7874fc17eac925d9f Mon Sep 17 00:00:00 2001 From: Sergei Golubchik Date: Wed, 5 Sep 2018 00:59:04 +0200 Subject: MDEV-9137 MariaDB Crash on Query Using Aria Engine update the code to match semantics of `key` - it's not a (char*) pointer to the buffer as in MyISAM. --- storage/maria/ma_write.c | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) (limited to 'storage/maria') diff --git a/storage/maria/ma_write.c b/storage/maria/ma_write.c index a9022417986..842f3a0aa8d 100644 --- a/storage/maria/ma_write.c +++ b/storage/maria/ma_write.c @@ -665,13 +665,18 @@ static int w_search(register MARIA_HA *info, uint32 comp_flag, MARIA_KEY *key, else { /* popular word. two-level tree. going down */ - my_off_t root=dup_key_pos; - keyinfo= &share->ft2_keyinfo; - get_key_full_length_rdonly(off, key); - key+=off; + my_off_t root= dup_key_pos; + MARIA_KEY subkey; + get_key_full_length_rdonly(off, key->data); + subkey.keyinfo= keyinfo= &share->ft2_keyinfo; + subkey.data= key->data + off; + subkey.data_length= key->data_length - off; + subkey.ref_length= key->ref_length; + subkey.flag= key->flag; + /* we'll modify key entry 'in vivo' */ keypos-= keyinfo->keylength + page.node; - error= _ma_ck_real_write_btree(info, key, &root, comp_flag); + error= _ma_ck_real_write_btree(info, &subkey, &root, comp_flag); _ma_dpointer(share, keypos+HA_FT_WLEN, root); subkeys--; /* should there be underflow protection ? */ DBUG_ASSERT(subkeys < 0); -- cgit v1.2.1 From fb324e3f8f7e81f60f19aa0840550acdcbbc429f Mon Sep 17 00:00:00 2001 From: Sergei Golubchik Date: Wed, 5 Sep 2018 01:34:25 +0200 Subject: MDEV-9137 MariaDB Crash on Query Using Aria Engine fix for 2-level ft indexes and boolean search in Aria --- storage/maria/ma_ft_boolean_search.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'storage/maria') diff --git a/storage/maria/ma_ft_boolean_search.c b/storage/maria/ma_ft_boolean_search.c index 83ae08553ef..d4578ad6bd7 100644 --- a/storage/maria/ma_ft_boolean_search.c +++ b/storage/maria/ma_ft_boolean_search.c @@ -457,7 +457,7 @@ static int _ft2_search(FTB *ftb, FTB_WORD *ftbw, my_bool init_search) */ ftbw->off=off; ftbw->key_root= info->cur_row.lastpos; - ftbw->keyinfo=& info->s->ft2_keyinfo; + ftbw->keyinfo= info->last_key.keyinfo= & info->s->ft2_keyinfo; r= _ma_search_first(info, ftbw->keyinfo, ftbw->key_root); DBUG_ASSERT(r==0); /* found something */ memcpy(lastkey_buf+off, info->last_key.data, -- cgit v1.2.1