mariadb

mirror of https://github.com/MariaDB/server.git synced 2025-01-18 04:53:01 +01:00

History

Marko Mäkelä b8c8692fd9 MDEV-24620 ASAN heap-buffer-overflow in btr_pcur_restore_position() Between btr_pcur_store_position() and btr_pcur_restore_position() it is possible that purge empties a table and enlarges index->n_core_fields and index->n_core_null_bytes. Therefore, we must cache index->n_core_fields in btr_pcur_t::old_n_core_fields so that btr_pcur_t::old_rec can be parsed correctly. Unfortunately, this is a huge change, because we will replace "bool leaf" parameters with "ulint n_core" (passing index->n_core_fields, or 0 for non-leaf pages). For special cases where we know that index->is_instant() cannot hold, we may also pass index->n_fields.	2021-04-13 10:28:13 +03:00
..
rem0cmp.cc	Merge branch '10.2' into 10.3	2020-05-04 16:47:11 +02:00
rem0rec.cc	MDEV-24620 ASAN heap-buffer-overflow in btr_pcur_restore_position()	2021-04-13 10:28:13 +03:00

Marko Mäkelä b8c8692fd9 MDEV-24620 ASAN heap-buffer-overflow in btr_pcur_restore_position()

Between btr_pcur_store_position() and btr_pcur_restore_position()
it is possible that purge empties a table and enlarges
index->n_core_fields and index->n_core_null_bytes.
Therefore, we must cache index->n_core_fields in
btr_pcur_t::old_n_core_fields so that btr_pcur_t::old_rec can be
parsed correctly.

Unfortunately, this is a huge change, because we will replace
"bool leaf" parameters with "ulint n_core"
(passing index->n_core_fields, or 0 for non-leaf pages).
For special cases where we know that index->is_instant() cannot hold,
we may also pass index->n_fields.

2021-04-13 10:28:13 +03:00

rem0cmp.cc

Merge branch '10.2' into 10.3

2020-05-04 16:47:11 +02:00

rem0rec.cc

MDEV-24620 ASAN heap-buffer-overflow in btr_pcur_restore_position()

2021-04-13 10:28:13 +03:00