ft_nlq_search.c:

Added bounds check to avoid accessing unallocated FT_DOC array. (BUG #8522)

ft_nlq_search.c:
Added bounds check to avoid accessing unallocated FT_DOC array. (BUG #8522)
c962d060 · dean@mysql.com · c4ff2702 · c962d060 · c962d060
Commit c962d060 authored Feb 15, 2005 by dean@mysql.com
Hide whitespace changes
Inline Side-by-side

Showing with 7 additions and 1 deletion

BitKeeper/etc/logging_ok BitKeeper/etc/logging_ok +1 -0

myisam/ft_nlq_search.c myisam/ft_nlq_search.c +6 -1

No files found.
--- a/BitKeeper/etc/logging_ok
+++ b/BitKeeper/etc/logging_ok
@@ -24,6 +24,7 @@ bk@admin.bk
 brian@brian-akers-computer.local
 carsten@tsort.bitbybit.dk
 davida@isil.mysql.com
+dean@mysql.com
 dellis@goetia.(none)
 dlenev@brandersnatch.localdomain
 dlenev@build.mysql.com

--- a/myisam/ft_nlq_search.c
+++ b/myisam/ft_nlq_search.c
@@ -205,6 +205,10 @@ FT_INFO *ft_init_nlq_search(MI_INFO *info, uint keynr, byte *query,
 		left_root_right))
    goto err2;

+  /*
+    If ndocs == 0, this will not allocate RAM for FT_INFO.doc[],
+    so if ndocs == 0, FT_INFO.doc[] must not be accessed.
+   */
  dlist=(FT_INFO *)my_malloc(sizeof(FT_INFO)+
 			     sizeof(FT_DOC)*(aio.dtree.elements_in_tree-1),
 			     MYF(0));
@@ -275,7 +279,8 @@ float ft_nlq_find_relevance(FT_INFO *handler,
    else
      a=c;
  }
-  if (docs[a].dpos == docid)
+  /* bounds check to avoid accessing unallocated handler->doc  */
+  if (a < handler->ndocs && docs[a].dpos == docid)
    return (float) docs[a].weight;
  else
    return 0.0;