From 6f06cef02b062f240806cad555275c54fd68eba6 Mon Sep 17 00:00:00 2001
From: Michael Widenius <monty@askmonty.org>
Date: Tue, 13 Mar 2012 16:38:43 +0200
Subject: Fixed bug lp:917689 "Archive table corruption crashing MariaDB signal
 11" Added 'from_end' as extra parameter to Field::unpack() to detect wrong
 from data. Change ha_archive::unpack_row() to detect wrong field lengths.
 Replication code changed to detect wrong field information in events.

mysql-test/r/archive.result:
  dded test case for lp:917689
sql/field.cc:
  Added 'from_end' as extra parameter to Field::unpack() to detect wrong from data.
  Removed not used 'unpack_key' functions.
sql/field.h:
  Added 'from_end' as extra parameter to Field::unpack() to detect wrong from data.
  Removed not used 'unpack_key' functions.
  Removed some not needed unpack() functions.
sql/filesort.cc:
  Added buffer end parameter to unpack_addon_fields()
sql/log_event.h:
  Added end of buffer argument to unpack_row()
sql/log_event_old.cc:
  Added end of buffer argument to unpack_row()
sql/log_event_old.h:
  Added end of buffer argument to unpack_row()
sql/records.cc:
  Added buffer end parameter to unpack_addon_fields()
sql/rpl_record.cc:
  Added end of buffer argument to unpack_row()
  Added detection of wrong field information in events
sql/rpl_record.h:
  Added end of buffer argument to unpack_row()
sql/rpl_record_old.cc:
  Added end of buffer argument to unpack_row()
  Added detection of wrong field information in events
sql/rpl_record_old.h:
  Added end of buffer argument to unpack_row()
sql/table.h:
  Added buffer end parameter to unpack()
storage/archive/ha_archive.cc:
  Change ha_archive::unpack_row() to detect wrong field lengths.
  This fixes lp:917689
---
 sql/records.cc | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

(limited to 'sql/records.cc')

diff --git a/sql/records.cc b/sql/records.cc
index 01c260a7e90..10817dd8e51 100644
--- a/sql/records.cc
+++ b/sql/records.cc
@@ -447,7 +447,8 @@ static int rr_unpack_from_tempfile(READ_RECORD *info)
   if (my_b_read(info->io_cache, info->rec_buf, info->ref_length))
     return -1;
   TABLE *table= info->table;
-  (*table->sort.unpack)(table->sort.addon_field, info->rec_buf);
+  (*table->sort.unpack)(table->sort.addon_field, info->rec_buf,
+                        info->rec_buf + info->ref_length);
 
   return 0;
 }
@@ -498,7 +499,8 @@ static int rr_unpack_from_buffer(READ_RECORD *info)
   if (info->cache_pos == info->cache_end)
     return -1;                      /* End of buffer */
   TABLE *table= info->table;
-  (*table->sort.unpack)(table->sort.addon_field, info->cache_pos);
+  (*table->sort.unpack)(table->sort.addon_field, info->cache_pos,
+                        info->cache_end);
   info->cache_pos+= info->ref_length;
 
   return 0;
-- 
cgit v1.2.1