Commit 4bb42c4e authored by Michael Widenius's avatar Michael Widenius

Fix for Lbug:#686010 maria.optimize corrupts stack around alloca() call


storage/maria/ma_check.c:
  Allocate also memory for nodflag and transid's
storage/maria/ma_write.c:
  Allow nodflag and transid as part of key.
  (This has nothing to do with the bug report, but it's a safer check).
storage/maria/maria_def.h:
  Define MARIA_MAX_POINTER_LENGTH (length of pointer to node)
  Added node pointer length to MARIA_INDEX_OVERHEAD_SIZE, as this is part of the key.
  (Safety fix)
parent b0312896
...@@ -3133,7 +3133,8 @@ static int sort_one_index(HA_CHECK *param, MARIA_HA *info, ...@@ -3133,7 +3133,8 @@ static int sort_one_index(HA_CHECK *param, MARIA_HA *info,
key.keyinfo= keyinfo; key.keyinfo= keyinfo;
if (!(buff= (uchar*) my_alloca((uint) keyinfo->block_length + if (!(buff= (uchar*) my_alloca((uint) keyinfo->block_length +
keyinfo->maxlength))) keyinfo->maxlength +
MARIA_INDEX_OVERHEAD_SIZE)))
{ {
_ma_check_print_error(param,"Not enough memory for key block"); _ma_check_print_error(param,"Not enough memory for key block");
DBUG_RETURN(-1); DBUG_RETURN(-1);
......
...@@ -22,8 +22,6 @@ ...@@ -22,8 +22,6 @@
#include "ma_key_recover.h" #include "ma_key_recover.h"
#include "ma_blockrec.h" #include "ma_blockrec.h"
#define MAX_POINTER_LENGTH 8
/* Functions declared in this file */ /* Functions declared in this file */
static int w_search(MARIA_HA *info, uint32 comp_flag, static int w_search(MARIA_HA *info, uint32 comp_flag,
...@@ -802,7 +800,7 @@ int _ma_insert(register MARIA_HA *info, MARIA_KEY *key, ...@@ -802,7 +800,7 @@ int _ma_insert(register MARIA_HA *info, MARIA_KEY *key,
#endif #endif
if (t_length > 0) if (t_length > 0)
{ {
if (t_length >= keyinfo->maxlength*2+MAX_POINTER_LENGTH) if (t_length >= keyinfo->maxlength*2+MARIA_INDEX_OVERHEAD_SIZE)
{ {
my_errno=HA_ERR_CRASHED; my_errno=HA_ERR_CRASHED;
DBUG_RETURN(-1); DBUG_RETURN(-1);
...@@ -811,7 +809,7 @@ int _ma_insert(register MARIA_HA *info, MARIA_KEY *key, ...@@ -811,7 +809,7 @@ int _ma_insert(register MARIA_HA *info, MARIA_KEY *key,
} }
else else
{ {
if (-t_length >= keyinfo->maxlength*2+MAX_POINTER_LENGTH) if (-t_length >= keyinfo->maxlength*2+MARIA_INDEX_OVERHEAD_SIZE)
{ {
my_errno=HA_ERR_CRASHED; my_errno=HA_ERR_CRASHED;
DBUG_RETURN(-1); DBUG_RETURN(-1);
......
...@@ -152,11 +152,13 @@ typedef struct st_maria_state_info ...@@ -152,11 +152,13 @@ typedef struct st_maria_state_info
#define MARIA_COLUMNDEF_SIZE (2*7+1+1+4) #define MARIA_COLUMNDEF_SIZE (2*7+1+1+4)
#define MARIA_BASE_INFO_SIZE (MY_UUID_SIZE + 5*8 + 6*4 + 11*2 + 6 + 5*2 + 1 + 16) #define MARIA_BASE_INFO_SIZE (MY_UUID_SIZE + 5*8 + 6*4 + 11*2 + 6 + 5*2 + 1 + 16)
#define MARIA_INDEX_BLOCK_MARGIN 16 /* Safety margin for .MYI tables */ #define MARIA_INDEX_BLOCK_MARGIN 16 /* Safety margin for .MYI tables */
#define MARIA_MAX_POINTER_LENGTH 7 /* Node pointer */
/* Internal management bytes needed to store 2 transid/key on an index page */ /* Internal management bytes needed to store 2 transid/key on an index page */
#define MARIA_MAX_PACK_TRANSID_SIZE (TRANSID_SIZE+1) #define MARIA_MAX_PACK_TRANSID_SIZE (TRANSID_SIZE+1)
#define MARIA_TRANSID_PACK_OFFSET (256- TRANSID_SIZE - 1) #define MARIA_TRANSID_PACK_OFFSET (256- TRANSID_SIZE - 1)
#define MARIA_MIN_TRANSID_PACK_OFFSET (MARIA_TRANSID_PACK_OFFSET-TRANSID_SIZE) #define MARIA_MIN_TRANSID_PACK_OFFSET (MARIA_TRANSID_PACK_OFFSET-TRANSID_SIZE)
#define MARIA_INDEX_OVERHEAD_SIZE (MARIA_MAX_PACK_TRANSID_SIZE * 2) #define MARIA_INDEX_OVERHEAD_SIZE (MARIA_MAX_PACK_TRANSID_SIZE * 2 + \
MARIA_MAX_POINTER_LENGTH)
#define MARIA_DELETE_KEY_NR 255 /* keynr for deleted blocks */ #define MARIA_DELETE_KEY_NR 255 /* keynr for deleted blocks */
/* /*
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment