diff options
| author | Marko Mäkelä <marko.makela@mariadb.com> | 2018-04-23 16:19:50 +0300 |
|---|---|---|
| committer | Marko Mäkelä <marko.makela@mariadb.com> | 2018-04-23 16:19:50 +0300 |
| commit | c7bb33724826dab53831b74bc0cf7ec311eb13f0 (patch) | |
| tree | 37ca01660dd7b06ea8d2ae24cd3c227ab5c8b543 | |
| parent | fcaf6194002b6949e1e806fe2f9f5f5997aa7577 (diff) | |
| download | mariadb-git-c7bb33724826dab53831b74bc0cf7ec311eb13f0.tar.gz | |
MDEV-15723 Crash in INFORMATION_SCHEMA.INNODB_SYS_TABLES when accessing corrupted record
dict_load_table_low(): When flagging an error, assign *table = NULL.
Failure to do so could cause a crash if an error was flagged when
accessing INFORMATION_SCHEMA.INNODB_SYS_TABLES.
| -rw-r--r-- | storage/innobase/dict/dict0load.cc | 5 | ||||
| -rw-r--r-- | storage/xtradb/dict/dict0load.cc | 6 |
2 files changed, 10 insertions, 1 deletions
diff --git a/storage/innobase/dict/dict0load.cc b/storage/innobase/dict/dict0load.cc index 77a31e5de63..4fec7ae4df3 100644 --- a/storage/innobase/dict/dict0load.cc +++ b/storage/innobase/dict/dict0load.cc @@ -1,6 +1,7 @@ /***************************************************************************** Copyright (c) 1996, 2016, Oracle and/or its affiliates. All Rights Reserved. +Copyright (c) 2018, MariaDB Corporation. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software @@ -2057,10 +2058,12 @@ dict_load_table_low( ulint flags2; if (rec_get_deleted_flag(rec, 0)) { + *table = NULL; return("delete-marked record in SYS_TABLES"); } if (rec_get_n_fields_old(rec) != DICT_NUM_FIELDS__SYS_TABLES) { + *table = NULL; return("wrong number of columns in SYS_TABLES record"); } @@ -2068,6 +2071,7 @@ dict_load_table_low( rec, DICT_FLD__SYS_TABLES__NAME, &len); if (len == 0 || len == UNIV_SQL_NULL) { err_len: + *table = NULL; return("incorrect column length in SYS_TABLES"); } rec_get_nth_field_offs_old( @@ -2147,6 +2151,7 @@ err_len: "InnoDB: in InnoDB data dictionary" " has unknown type %lx.\n", (ulong) flags); + *table = NULL; return("incorrect flags in SYS_TABLES"); } diff --git a/storage/xtradb/dict/dict0load.cc b/storage/xtradb/dict/dict0load.cc index 6cbd0a3d488..e7a072d6d55 100644 --- a/storage/xtradb/dict/dict0load.cc +++ b/storage/xtradb/dict/dict0load.cc @@ -1,7 +1,7 @@ /***************************************************************************** Copyright (c) 1996, 2016, Oracle and/or its affiliates. All Rights Reserved. -Copyright (c) 2017, MariaDB Corporation. +Copyright (c) 2017, 2018, MariaDB Corporation. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software @@ -2059,10 +2059,12 @@ dict_load_table_low( ulint flags2; if (rec_get_deleted_flag(rec, 0)) { + *table = NULL; return("delete-marked record in SYS_TABLES"); } if (rec_get_n_fields_old(rec) != DICT_NUM_FIELDS__SYS_TABLES) { + *table = NULL; return("wrong number of columns in SYS_TABLES record"); } @@ -2070,6 +2072,7 @@ dict_load_table_low( rec, DICT_FLD__SYS_TABLES__NAME, &len); if (len == 0 || len == UNIV_SQL_NULL) { err_len: + *table = NULL; return("incorrect column length in SYS_TABLES"); } rec_get_nth_field_offs_old( @@ -2149,6 +2152,7 @@ err_len: "InnoDB: in InnoDB data dictionary" " has unknown type %lx.\n", (ulong) flags); + *table = NULL; return("incorrect flags in SYS_TABLES"); } |