• unknown's avatar
    BUG#22053 - REPAIR table can crash server for some · 0f4f1f69
    unknown authored
                really damaged MyISAM tables
    
    When unpacking a blob column from broken row server crash
    could happen. This could rather happen when trying to repair
    a table using either REPAIR TABLE or myisamchk, though it
    also could happend when trying to access broken row using
    other SQL statements like SELECT if table is not marked as
    crashed.
    
    Fixed ulong overflow when trying to extract blob from
    broken row.
    
    Affects MyISAM only.
    
    
    myisam/mi_dynrec.c:
      Fixed ulong overflow when trying to extract blob from
      broken row. It happens when there are not enough bytes
      to store blob length in `from' buffer. In this case
      (ulong) (from_end - from) - size_length value is huge,
      close to ULONG_MAX.
    0f4f1f69
mi_dynrec.c 47.2 KB