Fix for Lbug:#686010 maria.optimize corrupts stack around alloca() call

storage/maria/ma_check.c: Allocate also memory for nodflag and transid's storage/maria/ma_write.c: Allow nodflag and transid as part of key. (This has nothing to do with the bug report, but it's a safer check). storage/maria/maria_def.h: Define MARIA_MAX_POINTER_LENGTH (length of pointer to node) Added node pointer length to MARIA_INDEX_OVERHEAD_SIZE, as this is part of the key. (Safety fix)
2026-05-15 19:37:16 +02:00 · 2010-12-10 17:15:18 +02:00 · 2010-12-10 17:15:18 +02:00 · bd2034dbee
commit bd2034dbee
parent 84edaac4f1
3 changed files with 7 additions and 6 deletions
--- a/storage/maria/ma_check.c
+++ b/storage/maria/ma_check.c
@ -3133,7 +3133,8 @@ static int sort_one_index(HA_CHECK *param, MARIA_HA *info,
  key.keyinfo= keyinfo;

  if (!(buff= (uchar*) my_alloca((uint) keyinfo->block_length +
-                                 keyinfo->maxlength)))
+                                 keyinfo->maxlength +
+                                 MARIA_INDEX_OVERHEAD_SIZE)))
  {
    _ma_check_print_error(param,"Not enough memory for key block");
    DBUG_RETURN(-1);
--- a/storage/maria/ma_write.c
+++ b/storage/maria/ma_write.c
@ -22,8 +22,6 @@
 #include "ma_key_recover.h"
 #include "ma_blockrec.h"

-#define MAX_POINTER_LENGTH 8
-
 	/* Functions declared in this file */

 static int w_search(MARIA_HA *info, uint32 comp_flag,
@ -802,7 +800,7 @@ int _ma_insert(register MARIA_HA *info, MARIA_KEY *key,
 #endif
  if (t_length > 0)
  {
-    if (t_length >= keyinfo->maxlength*2+MAX_POINTER_LENGTH)
+    if (t_length >= keyinfo->maxlength*2+MARIA_INDEX_OVERHEAD_SIZE)
    {
      my_errno=HA_ERR_CRASHED;
      DBUG_RETURN(-1);
@ -811,7 +809,7 @@ int _ma_insert(register MARIA_HA *info, MARIA_KEY *key,
  }
  else
  {
-    if (-t_length >= keyinfo->maxlength*2+MAX_POINTER_LENGTH)
+    if (-t_length >= keyinfo->maxlength*2+MARIA_INDEX_OVERHEAD_SIZE)
    {
      my_errno=HA_ERR_CRASHED;
      DBUG_RETURN(-1);
--- a/storage/maria/maria_def.h
+++ b/storage/maria/maria_def.h
@ -152,11 +152,13 @@ typedef struct st_maria_state_info
 #define MARIA_COLUMNDEF_SIZE	(2*7+1+1+4)
 #define MARIA_BASE_INFO_SIZE	(MY_UUID_SIZE + 5*8 + 6*4 + 11*2 + 6 + 5*2 + 1 + 16)
 #define MARIA_INDEX_BLOCK_MARGIN 16	/* Safety margin for .MYI tables */
+#define MARIA_MAX_POINTER_LENGTH 7	/* Node pointer */
 /* Internal management bytes needed to store 2 transid/key on an index page */
 #define MARIA_MAX_PACK_TRANSID_SIZE   (TRANSID_SIZE+1)
 #define MARIA_TRANSID_PACK_OFFSET     (256- TRANSID_SIZE - 1)
 #define MARIA_MIN_TRANSID_PACK_OFFSET (MARIA_TRANSID_PACK_OFFSET-TRANSID_SIZE)
-#define MARIA_INDEX_OVERHEAD_SIZE     (MARIA_MAX_PACK_TRANSID_SIZE * 2)
+#define MARIA_INDEX_OVERHEAD_SIZE     (MARIA_MAX_PACK_TRANSID_SIZE * 2 + \
+                                       MARIA_MAX_POINTER_LENGTH)
 #define MARIA_DELETE_KEY_NR  255	/* keynr for deleted blocks */

 /*