diff options
author | unknown <jimw@mysql.com> | 2005-03-31 19:17:45 -0800 |
---|---|---|
committer | unknown <jimw@mysql.com> | 2005-03-31 19:17:45 -0800 |
commit | e7332e64ca5ef7208846488935a2249285212f91 (patch) | |
tree | 046d9ad3bbf129292636ad08e19e842f8417d8a0 /libmysqld | |
parent | ab77d7d7633a2cff057b17ec43233d4f0d0b0822 (diff) | |
download | mariadb-git-e7332e64ca5ef7208846488935a2249285212f91.tar.gz |
Fix crash in embedded server due to incorrect storage of results
in the query cache. (Bug #9549)
libmysqld/emb_qcache.h:
Fix Querycache_stream::use_next_block() to actually use the next
block and mark blocks as used when it writes to them.
mysql-test/r/query_cache.result:
Update results.
mysql-test/t/query_cache.test:
Add new regression test.
libmysqld/emb_qcache.cc:
Fix calls to use_next_block() to indicate whether we are writing
to the next block or not.
sql/sql_cache.cc:
Initialize the first block properly when storing a result in
the embedded server.
Diffstat (limited to 'libmysqld')
-rw-r--r-- | libmysqld/emb_qcache.cc | 36 | ||||
-rw-r--r-- | libmysqld/emb_qcache.h | 27 |
2 files changed, 42 insertions, 21 deletions
diff --git a/libmysqld/emb_qcache.cc b/libmysqld/emb_qcache.cc index 2d3d82b7952..ecc45096165 100644 --- a/libmysqld/emb_qcache.cc +++ b/libmysqld/emb_qcache.cc @@ -22,7 +22,7 @@ void Querycache_stream::store_char(char c) { if (data_end == cur_data) - use_next_block(); + use_next_block(TRUE); *(cur_data++)= c; #ifndef DBUG_OFF stored_size++; @@ -42,13 +42,13 @@ void Querycache_stream::store_short(ushort s) } if (data_end == cur_data) { - use_next_block(); + use_next_block(TRUE); int2store(cur_data, s); cur_data+= 2; return; } *cur_data= ((byte *)(&s))[0]; - use_next_block(); + use_next_block(TRUE); *(cur_data++)= ((byte *)(&s))[1]; } @@ -66,7 +66,7 @@ void Querycache_stream::store_int(uint i) } if (!rest_len) { - use_next_block(); + use_next_block(TRUE); int4store(cur_data, i); cur_data+= 4; return; @@ -74,7 +74,7 @@ void Querycache_stream::store_int(uint i) char buf[4]; int4store(buf, i); memcpy(cur_data, buf, rest_len); - use_next_block(); + use_next_block(TRUE); memcpy(cur_data, buf+rest_len, 4-rest_len); cur_data+= 4-rest_len; } @@ -93,13 +93,13 @@ void Querycache_stream::store_ll(ulonglong ll) } if (!rest_len) { - use_next_block(); + use_next_block(TRUE); int8store(cur_data, ll); cur_data+= 8; return; } memcpy(cur_data, &ll, rest_len); - use_next_block(); + use_next_block(TRUE); memcpy(cur_data, ((byte*)&ll)+rest_len, 8-rest_len); cur_data+= 8-rest_len; } @@ -112,14 +112,14 @@ void Querycache_stream::store_str_only(const char *str, uint str_len) do { size_t rest_len= data_end - cur_data; - if (rest_len > str_len) + if (rest_len >= str_len) { memcpy(cur_data, str, str_len); cur_data+= str_len; return; } memcpy(cur_data, str, rest_len); - use_next_block(); + use_next_block(TRUE); str_len-= rest_len; str+= rest_len; } while(str_len); @@ -145,7 +145,7 @@ void Querycache_stream::store_safe_str(const char *str, uint str_len) char Querycache_stream::load_char() { if (cur_data == data_end) - use_next_block(); + use_next_block(FALSE); return *(cur_data++); } @@ -160,13 +160,13 @@ ushort Querycache_stream::load_short() } if (data_end == cur_data) { - use_next_block(); + use_next_block(FALSE); result= uint2korr(cur_data); cur_data+= 2; return result; } ((byte*)&result)[0]= *cur_data; - use_next_block(); + use_next_block(FALSE); ((byte*)&result)[1]= *(cur_data++); return result; } @@ -183,14 +183,14 @@ uint Querycache_stream::load_int() } if (!rest_len) { - use_next_block(); + use_next_block(FALSE); result= uint4korr(cur_data); cur_data+= 4; return result; } char buf[4]; memcpy(buf, cur_data, rest_len); - use_next_block(); + use_next_block(FALSE); memcpy(buf+rest_len, cur_data, 4-rest_len); cur_data+= 4-rest_len; result= uint4korr(buf); @@ -209,13 +209,13 @@ ulonglong Querycache_stream::load_ll() } if (!rest_len) { - use_next_block(); + use_next_block(FALSE); result= uint8korr(cur_data); cur_data+= 8; return result; } memcpy(&result, cur_data, rest_len); - use_next_block(); + use_next_block(FALSE); memcpy(((byte*)&result)+rest_len, cur_data, 8-rest_len); cur_data+= 8-rest_len; return result; @@ -226,7 +226,7 @@ void Querycache_stream::load_str_only(char *buffer, uint str_len) do { size_t rest_len= data_end - cur_data; - if (rest_len > str_len) + if (rest_len >= str_len) { memcpy(buffer, cur_data, str_len); cur_data+= str_len; @@ -234,7 +234,7 @@ void Querycache_stream::load_str_only(char *buffer, uint str_len) break; } memcpy(buffer, cur_data, rest_len); - use_next_block(); + use_next_block(FALSE); str_len-= rest_len; buffer+= rest_len; } while(str_len); diff --git a/libmysqld/emb_qcache.h b/libmysqld/emb_qcache.h index 32ce19847ff..6201058ce56 100644 --- a/libmysqld/emb_qcache.h +++ b/libmysqld/emb_qcache.h @@ -22,22 +22,43 @@ class Querycache_stream uint headers_len; public: #ifndef DBUG_OFF + Query_cache_block *first_block; uint stored_size; #endif Querycache_stream(Query_cache_block *ini_block, uint ini_headers_len) : block(ini_block), headers_len(ini_headers_len) { - use_next_block(); + cur_data= ((byte*)block)+headers_len; + data_end= cur_data + (block->used-headers_len); #ifndef DBUG_OFF + first_block= ini_block; stored_size= 0; #endif } - void use_next_block() + void use_next_block(bool writing) { + /* + This shouldn't be called if there is only one block, or to loop + around to the first block again. That means we're trying to write + more data than we allocated space for. + */ + DBUG_ASSERT(block->next != block); + DBUG_ASSERT(block->next != first_block); + + block= block->next; + /* + While writing, update the type of each block as we write to it. + While reading, make sure that the block is of the expected type. + */ + if (writing) + block->type= Query_cache_block::RES_CONT; + else + DBUG_ASSERT(block->type == Query_cache_block::RES_CONT); + cur_data= ((byte*)block)+headers_len; data_end= cur_data + (block->used-headers_len); } - + void store_char(char c); void store_short(ushort s); void store_int(uint i); |