Bug#19584379 Reporting corruption may corrupt the innodb data dictionary

dict_set_corrupted(): Use the canonical way of searching for less-than-equal (PAGE_CUR_LE) and then checking low_match. The code that was introduced in MySQL 5.5.17 in Bug#11830883 SUPPORT "CORRUPTED" BIT FOR INNODB TABLES AND INDEXES could position the cursor on the page supremum, and then attempt to overwrite non-existing 7th field of the 1-field supremum record. Approved by Jimmy Yang

Bug#19584379 Reporting corruption may corrupt the innodb data dictionary
dict_set_corrupted(): Use the canonical way of searching for less-than-equal (PAGE_CUR_LE) and then checking low_match. The code that was introduced in MySQL 5.5.17 in Bug#11830883 SUPPORT "CORRUPTED" BIT FOR INNODB TABLES AND INDEXES could position the cursor on the page supremum, and then attempt to overwrite non-existing 7th field of the 1-field supremum record. Approved by Jimmy Yang
352b6bc9 · Marko Makela · 5057f47e · 352b6bc9 · 352b6bc9 · 352b6bc9
Commit 352b6bc9 authored Oct 27, 2014 by Marko Makela
3 changed files
--- a/mysql-test/suite/innodb/r/innodb_corrupt_bit.result
+++ b/mysql-test/suite/innodb/r/innodb_corrupt_bit.result
@@ -78,4 +78,5 @@ z
 31
 32
 drop table corrupt_bit_test_ā;
+DROP DATABASE pad;
 SET GLOBAL innodb_change_buffering_debug = 0;
--- a/mysql-test/suite/innodb/t/innodb_corrupt_bit.test
+++ b/mysql-test/suite/innodb/t/innodb_corrupt_bit.test
@@ -16,14 +16,20 @@
 # It instructs InnoDB to try to evict pages from the buffer pool when
 # change buffering is possible, so that the change buffer will be used
 # whenever possible.
-- error 0,ER_UNKNOWN_SYSTEM_VARIABLE
 SET @innodb_change_buffering_debug_orig = @@innodb_change_buffering_debug;
-- error 0,ER_UNKNOWN_SYSTEM_VARIABLE
 SET GLOBAL innodb_change_buffering_debug = 1;

 # Turn off Unique Check to create corrupted index with dup key
 SET UNIQUE_CHECKS=0;

+CREATE DATABASE pad;
+let $i=345;
+while ($i)
+{
+  --eval CREATE TABLE pad.t$i (a INT PRIMARY KEY) ENGINE=InnoDB;
+  dec $i;
+}
+
 -- enable_query_log

 set names utf8;
@@ -119,6 +125,6 @@ select z from corrupt_bit_test_ā limit 10;

 # Drop table
 drop table corrupt_bit_test_ā;
+DROP DATABASE pad;

-- error 0, ER_UNKNOWN_SYSTEM_VARIABLE
 SET GLOBAL innodb_change_buffering_debug = 0;
--- a/storage/innobase/dict/dict0dict.c
+++ b/storage/innobase/dict/dict0dict.c
@@ -5498,11 +5498,11 @@ dict_set_corrupted(

 	dict_index_copy_types(tuple, sys_index, 2);

-	btr_cur_search_to_nth_level(sys_index, 0, tuple, PAGE_CUR_GE,
+	btr_cur_search_to_nth_level(sys_index, 0, tuple, PAGE_CUR_LE,
 				    BTR_MODIFY_LEAF,
 				    &cursor, 0, __FILE__, __LINE__, &mtr);

-	if (cursor.up_match == dtuple_get_n_fields(tuple)) {
+	if (cursor.low_match == dtuple_get_n_fields(tuple)) {
 		/* UPDATE SYS_INDEXES SET TYPE=index->type
 		WHERE TABLE_ID=index->table->id AND INDEX_ID=index->id */
 		ulint	len;