Fixed Bug #5492 "set @@session.read_rnd_buffer_size=33554432"

   crashes server on query

incremented size of allocated buffer in the init_rr_cache(sql/records.cc)
(
We are going to read the last three bytes of the buffer via uint3korr
This macro reads actually 4 bytes (for speed)
So, we have to allocate one more byte at the end of the buffer 
to avoid memory assertion fault
)
parent 38f462ae
...@@ -249,9 +249,15 @@ static int init_rr_cache(READ_RECORD *info) ...@@ -249,9 +249,15 @@ static int init_rr_cache(READ_RECORD *info)
rec_cache_size=info->cache_records*info->reclength; rec_cache_size=info->cache_records*info->reclength;
info->rec_cache_size=info->cache_records*info->ref_length; info->rec_cache_size=info->cache_records*info->ref_length;
/*
We are going to read the last three bytes of the buffer via uint3korr
This macro reads actually 4 bytes (for speed)
So, we have to allocate one more byte at the end of the buffer
to avoid memory assertion fault
*/
if (info->cache_records <= 2 || if (info->cache_records <= 2 ||
!(info->cache=(byte*) my_malloc_lock(rec_cache_size+info->cache_records* !(info->cache=(byte*) my_malloc_lock(rec_cache_size+info->cache_records*
info->struct_length, info->struct_length+1,
MYF(0)))) MYF(0))))
DBUG_RETURN(1); DBUG_RETURN(1);
#ifdef HAVE_purify #ifdef HAVE_purify
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment