Skip to content

M
MariaDB
Commit 054d7c9a authored by serg@serg.mysql.com's avatar serg@serg.mysql.com
Browse files
Options

sql_table.cc key length limit check disabled for FULLTEXT 

ft_parser.c	Nasty buffer overflow fixed
parent 67dd1d11
Hide whitespace changes
Inline Side-by-side
Showing with 18 additions and 17 deletions
myisam/ft_parser.c
View file @ 054d7c9a
/* Copyright (C) 2000 MySQL AB & MySQL Finland AB & TCX DataKonsult AB /* Copyright (C) 2000 MySQL AB & MySQL Finland AB & TCX DataKonsult AB
This program is free software; you can redistribute it and/or modify This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or the Free Software Foundation; either version 2 of the License, or
(at your option) any later version. (at your option) any later version.
This program is distributed in the hope that it will be useful, This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details. GNU General Public License for more details.
You should have received a copy of the GNU General Public License You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */
...@@ -141,6 +141,7 @@ TREE * ft_parse(TREE *wtree, byte *doc, int doclen) ...@@ -141,6 +141,7 @@ TREE * ft_parse(TREE *wtree, byte *doc, int doclen)
for (w.pos=doc; doc<end; doc++) for (w.pos=doc; doc<end; doc++)
if (!word_char(*doc)) break; if (!word_char(*doc)) break;
if ((w.len= (uint) (doc-w.pos)) < MIN_WORD_LEN) continue; if ((w.len= (uint) (doc-w.pos)) < MIN_WORD_LEN) continue;
if (w.len >= HA_FT_MAXLEN) continue;
if (!tree_insert(wtree, &w, 0)) if (!tree_insert(wtree, &w, 0))
{ {
delete_tree(wtree); delete_tree(wtree);
......
sql/sql_table.cc
View file @ 054d7c9a
...@@ -469,7 +469,7 @@ int mysql_create_table(THD *thd,const char *db, const char *table_name, ...@@ -469,7 +469,7 @@ int mysql_create_table(THD *thd,const char *db, const char *table_name,
} }
} }
key_info->key_length=(uint16) key_length; key_info->key_length=(uint16) key_length;
if (key_length > file->max_key_length()) if (key_length > file->max_key_length() && key->type != Key::FULLTEXT)
{ {
my_error(ER_TOO_LONG_KEY,MYF(0),file->max_key_length()); my_error(ER_TOO_LONG_KEY,MYF(0),file->max_key_length());
DBUG_RETURN(-1); DBUG_RETURN(-1);
...@@ -725,9 +725,9 @@ bool close_cached_table(THD *thd,TABLE *table) ...@@ -725,9 +725,9 @@ bool close_cached_table(THD *thd,TABLE *table)
static int send_check_errmsg(THD* thd, TABLE_LIST* table, static int send_check_errmsg(THD* thd, TABLE_LIST* table,
const char* operator_name, const char* errmsg) const char* operator_name, const char* errmsg)
{ {
String* packet = &thd->packet; String* packet = &thd->packet;
packet->length(0); packet->length(0);
net_store_data(packet, table->name); net_store_data(packet, table->name);
...@@ -744,7 +744,7 @@ static int send_check_errmsg(THD* thd, TABLE_LIST* table, ...@@ -744,7 +744,7 @@ static int send_check_errmsg(THD* thd, TABLE_LIST* table,
static int prepare_for_restore(THD* thd, TABLE_LIST* table) static int prepare_for_restore(THD* thd, TABLE_LIST* table)
{ {
String *packet = &thd->packet; String *packet = &thd->packet;
if(table->table) // do not overwrite existing tables on restore if(table->table) // do not overwrite existing tables on restore
{ {
return send_check_errmsg(thd, table, "restore", return send_check_errmsg(thd, table, "restore",
...@@ -757,10 +757,10 @@ static int prepare_for_restore(THD* thd, TABLE_LIST* table) ...@@ -757,10 +757,10 @@ static int prepare_for_restore(THD* thd, TABLE_LIST* table)
char src_path[FN_REFLEN], dst_path[FN_REFLEN]; char src_path[FN_REFLEN], dst_path[FN_REFLEN];
char* table_name = table->name; char* table_name = table->name;
char* db = thd->db ? thd->db : table->db; char* db = thd->db ? thd->db : table->db;
if(!fn_format(src_path, table_name, backup_dir, reg_ext, 4 + 64)) if(!fn_format(src_path, table_name, backup_dir, reg_ext, 4 + 64))
return -1; // protect buffer overflow return -1; // protect buffer overflow
sprintf(dst_path, "%s/%s/%s", mysql_real_data_home, db, table_name); sprintf(dst_path, "%s/%s/%s", mysql_real_data_home, db, table_name);
int lock_retcode; int lock_retcode;
...@@ -770,14 +770,14 @@ static int prepare_for_restore(THD* thd, TABLE_LIST* table) ...@@ -770,14 +770,14 @@ static int prepare_for_restore(THD* thd, TABLE_LIST* table)
pthread_mutex_unlock(&LOCK_open); pthread_mutex_unlock(&LOCK_open);
return -1; return -1;
} }
if(lock_retcode && wait_for_locked_table_names(thd, table)) if(lock_retcode && wait_for_locked_table_names(thd, table))
{ {
pthread_mutex_unlock(&LOCK_open); pthread_mutex_unlock(&LOCK_open);
return -1; return -1;
} }
pthread_mutex_unlock(&LOCK_open); pthread_mutex_unlock(&LOCK_open);
if(my_copy(src_path, if(my_copy(src_path,
fn_format(dst_path, dst_path,"", fn_format(dst_path, dst_path,"",
reg_ext, 4), reg_ext, 4),
...@@ -790,25 +790,25 @@ static int prepare_for_restore(THD* thd, TABLE_LIST* table) ...@@ -790,25 +790,25 @@ static int prepare_for_restore(THD* thd, TABLE_LIST* table)
thd->net.no_send_ok = 1; thd->net.no_send_ok = 1;
// generate table will try to send OK which messes up the output // generate table will try to send OK which messes up the output
// for the client // for the client
if(generate_table(thd, table, 0)) if(generate_table(thd, table, 0))
{ {
thd->net.no_send_ok = save_no_send_ok; thd->net.no_send_ok = save_no_send_ok;
return send_check_errmsg(thd, table, "restore", return send_check_errmsg(thd, table, "restore",
"Failed generating table from .frm file"); "Failed generating table from .frm file");
} }
thd->net.no_send_ok = save_no_send_ok; thd->net.no_send_ok = save_no_send_ok;
} }
return 0; return 0;
} }
static int mysql_admin_table(THD* thd, TABLE_LIST* tables, static int mysql_admin_table(THD* thd, TABLE_LIST* tables,
HA_CHECK_OPT* check_opt, HA_CHECK_OPT* check_opt,
thr_lock_type lock_type, thr_lock_type lock_type,
bool open_for_modify, bool open_for_modify,
const char *operator_name, const char *operator_name,
int (handler::*operator_func) int (handler::*operator_func)
(THD *, HA_CHECK_OPT *)) (THD *, HA_CHECK_OPT *))
{ {
...@@ -849,7 +849,7 @@ static int mysql_admin_table(THD* thd, TABLE_LIST* tables, ...@@ -849,7 +849,7 @@ static int mysql_admin_table(THD* thd, TABLE_LIST* tables,
// to finish the restore in the handler later on // to finish the restore in the handler later on
table->table = reopen_name_locked_table(thd, table); table->table = reopen_name_locked_table(thd, table);
} }
if (!table->table) if (!table->table)
{ {
const char *err_msg; const char *err_msg;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7