mirror/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-01-18 04:53:01 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

MDEV-29471 Buffer overflow in page_cur_insert_rec_low()

Browse source 
In commit 244fdc435d (MDEV-29438)
we made sure that if the preceding record is the page infimum record,
no more than 8 bytes will be read from it. But, if the data payload of
the being-inserted record is less than 8 bytes (this can happen in
secondary indexes), we must not compare all 8 bytes.

This was caught by a failure of the test gcol.innodb_virtual_basic
under MemorySanitizer and some builds with AddressSanitizer.
This commit is contained in:
Marko Mäkelä 2022-09-06 11:33:52 +03:00
parent ba987a46c9
commit c0470caf5a
1 changed files with 3 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
storage/innobase/page/page0cur.cc
View file

@ -1573,7 +1573,9 @@ inc_dir:
{
const byte *r= rec;
const byte *c= cur->rec;
const byte *c_end= c + (page_rec_is_infimum(c) ? 8 : data_size);
const byte *c_end= c + data_size;
if (page_rec_is_infimum(c) && data_size > 8)
c_end= c + 8;
static_assert(REC_N_OLD_EXTRA_BYTES == REC_N_NEW_EXTRA_BYTES + 1, "");
if (c <= insert_buf && c_end > insert_buf)
c_end= insert_buf;