Commit 9c6c80f6 authored by Vasil Dimov's avatar Vasil Dimov

Fix BUG#11798085 - INCORRECT INTEGER TYPES USED IN CALCULATION RESULT

IN OVERFLOW

Do not assign the result of the difference to a signed variable and
checking whether it is negative afterwards because this limits the max diff
to 2G on 32 bit systems. E.g. "signed = 3.5G - 1G" would be negative and the
code would assume that 3.5G < 1G. Instead compare the two variables directly
and assign to unsigned only if we know that the result of the subtraction
will be positive.

Discussed with:	Jimmy and Sunny (via IRC)
parent 374599b9
...@@ -1893,16 +1893,19 @@ buf_block_align( ...@@ -1893,16 +1893,19 @@ buf_block_align(
/* TODO: protect buf_pool->chunks with a mutex (it will /* TODO: protect buf_pool->chunks with a mutex (it will
currently remain constant after buf_pool_init()) */ currently remain constant after buf_pool_init()) */
for (chunk = buf_pool->chunks, i = buf_pool->n_chunks; i--; chunk++) { for (chunk = buf_pool->chunks, i = buf_pool->n_chunks; i--; chunk++) {
lint offs = ptr - chunk->blocks->frame; ulint offs;
if (UNIV_UNLIKELY(offs < 0)) { if (UNIV_UNLIKELY(ptr < chunk->blocks->frame)) {
continue; continue;
} }
/* else */
offs = ptr - chunk->blocks->frame;
offs >>= UNIV_PAGE_SIZE_SHIFT; offs >>= UNIV_PAGE_SIZE_SHIFT;
if (UNIV_LIKELY((ulint) offs < chunk->size)) { if (UNIV_LIKELY(offs < chunk->size)) {
buf_block_t* block = &chunk->blocks[offs]; buf_block_t* block = &chunk->blocks[offs];
/* The function buf_chunk_init() invokes /* The function buf_chunk_init() invokes
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment