Commit e0f3a0fa authored by Tor Didriksen's avatar Tor Didriksen

Bug#17617945 BUFFER OVERFLOW IN GET_MERGE_MANY_BUFFS_COST WITH SMALL SORT_BUFFER_SIZE

get_cost_calc_buff_size() could return wrong value for the size of imerge_cost_buff.
parent e87a37a2
...@@ -2987,11 +2987,13 @@ class Unique :public Sql_alloc ...@@ -2987,11 +2987,13 @@ class Unique :public Sql_alloc
bool get(TABLE *table); bool get(TABLE *table);
static double get_use_cost(uint *buffer, uint nkeys, uint key_size, static double get_use_cost(uint *buffer, uint nkeys, uint key_size,
ulonglong max_in_memory_size); ulonglong max_in_memory_size);
// Returns the number of bytes needed in imerge_cost_buf.
inline static int get_cost_calc_buff_size(ulong nkeys, uint key_size, inline static int get_cost_calc_buff_size(ulong nkeys, uint key_size,
ulonglong max_in_memory_size) ulonglong max_in_memory_size)
{ {
register ulonglong max_elems_in_tree= register ulonglong max_elems_in_tree=
(1 + max_in_memory_size / ALIGN_SIZE(sizeof(TREE_ELEMENT)+key_size)); (max_in_memory_size / ALIGN_SIZE(sizeof(TREE_ELEMENT)+key_size));
return (int) (sizeof(uint)*(1 + nkeys/max_elems_in_tree)); return (int) (sizeof(uint)*(1 + nkeys/max_elems_in_tree));
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment