diff options
| author | Venkata Sidagam <venkata.sidagam@oracle.com> | 2012-10-31 18:32:53 +0530 |
|---|---|---|
| committer | Venkata Sidagam <venkata.sidagam@oracle.com> | 2012-10-31 18:32:53 +0530 |
| commit | 02501a0f9762c42b8d60ee754979bc60afe3ee36 (patch) | |
| tree | 55f817bcf3a56b2e1f90b7ce44bcca23144c5da2 /storage | |
| parent | 2919ca4e0b8ae2ef289bfd5b431819cdf205b513 (diff) | |
| download | mariadb-git-02501a0f9762c42b8d60ee754979bc60afe3ee36.tar.gz | |
BUG#13556441: CHECK AND REPAIR TABLE SHOULD BE MORE ROBUST [4]
Problem description:
mysql server crashes when we run repair table on currupted table.
Analysis:
The problem with this bug seem to be key_reflength out of bounds
(186 according to debugger). We read this value from meta-data
segment of .MYI file while doing mi_open().
If you look into _mi_kpointer() you can see that the upper limit
for key_reflength is 7.
Solution:
In mi_open() there is a line like:
if (share->base.keystart > 65535 || share->base.rec_reflength > 8)
we should verify key_reflength here as well.
Diffstat (limited to 'storage')
| -rw-r--r-- | storage/myisam/mi_open.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/storage/myisam/mi_open.c b/storage/myisam/mi_open.c index 86cf25b59ef..5951aef6d4f 100644 --- a/storage/myisam/mi_open.c +++ b/storage/myisam/mi_open.c @@ -232,7 +232,8 @@ MI_INFO *mi_open(const char *name, int mode, uint open_flags) } /* sanity check */ - if (share->base.keystart > 65535 || share->base.rec_reflength > 8) + if (share->base.keystart > 65535 || + share->base.rec_reflength > 8 || share->base.key_reflength > 7) { my_errno=HA_ERR_CRASHED; goto err; |