From: Ole John Aske Date: October 11 2010 9:55am Subject: bzr commit into mysql-5.1-telco-7.0-spj-scan-vs-scan branch (ole.john.aske:3308) List-Archive: http://lists.mysql.com/commits/120479 Message-Id: <20101011095529.2B5B121D@fimafeng09.norway.sun.com> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============6192464597662518787==" --===============6192464597662518787== MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Content-Disposition: inline #At file:///net/fimafeng09/export/home/tmp/oleja/mysql/mysql-5.1-telco-7.0-spj-scan-scan/ based on revid:ole.john.aske@stripped 3308 Ole John Aske 2010-10-11 spj-svs: Fixed an undefined memory read Fixed a situation where an empty 'm_spjProjection' will cause NdbQueryOperationDefImpl::appendChildProjection() to set the QueryTree flag 'NI_LINKED_ATTR' without appending a projection list to the serialized query tree. This fix will ensure that a serialized m_spjProjection list with size==0 will be included in these cases. No testcase as I can't think of any deterministic ways to make a testcase for an undefined memory read.... modified: storage/ndb/src/ndbapi/NdbQueryBuilder.cpp === modified file 'storage/ndb/src/ndbapi/NdbQueryBuilder.cpp' --- a/storage/ndb/src/ndbapi/NdbQueryBuilder.cpp 2010-10-11 09:48:36 +0000 +++ b/storage/ndb/src/ndbapi/NdbQueryBuilder.cpp 2010-10-11 09:55:24 +0000 @@ -1810,11 +1810,9 @@ public: m_pos(0), m_finished(false) { - if (size > 0) { - m_seq = buffer.alloc(1 + size/2); - assert (size <= 0xFFFF); - m_seq[0] = size; - } + m_seq = buffer.alloc(1 + size/2); + assert (size <= 0xFFFF); + m_seq[0] = size; } ~Uint16Sequence() --===============6192464597662518787== MIME-Version: 1.0 Content-Type: text/bzr-bundle; charset="us-ascii"; name="bzr/ole.john.aske@stripped" Content-Transfer-Encoding: 7bit Content-Disposition: inline # Bazaar merge directive format 2 (Bazaar 0.90) # revision_id: ole.john.aske@stripped\ # c6k1ptd3zvc3ipl8 # target_branch: file:///net/fimafeng09/export/home/tmp/oleja/mysql\ # /mysql-5.1-telco-7.0-spj-scan-scan/ # testament_sha1: 0dcd3459f179802627180e5ec3426460b29f1605 # timestamp: 2010-10-11 11:55:29 +0200 # source_branch: bzr+ssh://oaske@stripped/bzrroot/server\ # /mysql-5.1-telco-7.0-spj/ # base_revision_id: ole.john.aske@stripped\ # yayn6gufqziknfcx # # Begin bundle IyBCYXphYXIgcmV2aXNpb24gYnVuZGxlIHY0CiMKQlpoOTFBWSZTWb0KFyAAAapfgEAQUOv//389 9Aq////wUASVp7uhc6ut3cZInCUSaTE09FNqemJNkJiabSGkaep+oBqeptJkEoiZDQYhNU/1Keak B6mjQGgZDQGgCUEBCGmqemJlPSep6aT0jageppo0aAAOaYmTJowmCYmmATAIYIwIwCSSGiaaZpGl P0TMkyQ0eU2k9Mpp6g9QD1Dvtgp0sJ8N69lM1NHblqKp6xwU/KgXwYtGt3vT3qI1Lvp19aLrFVTh o9CB+BXK2TC+xspxuj1fD5hdY8L8ez3Gb8O+e5ntU+8bB5DbVNMrm+kKDj0m3Xi+0ISJXwubFta1 pWtOz6vM6MnKiDVunRioR++oYSMH+7r7m1jjkIa5apgHT18nqsWZtO0N1mVhe27YpJ3IhCiDEUEx Y2ytaJXK6LOhRIRCkuNJAgRPEQBl+cZJFh4Mr2HU9zwR0ViHEt2cIMb3PjW6L9eg50rPDDtuodLJ 5pzZF2AtywMP8cRMLq+/QbFEIGbZ0E+gSsoskNMsHCkZR166nNo1nIsMa0HvHVNI6F4kRwlvMQN9 pUiPyUOGjsbcweNFxOPK+q1Rwj3lYmGGwRkZXkOdkgwvHPuJ5svvR6FDF8rfEEhNMo5wONRnKlg2 c0w2s0Kt48s1YRVU0rOEisMXHewGFMIXVK64iybYJowQhQpaal5vxZayXZfnc0XrPBjOqEXRZrEe wJ0XVxM3IXuUzYLxjyqa3rNHS8iHzfYYFVV9rb7I3+HmnhDEfzjneY7fdNCZ8P5Juoj+ThDB66eL qKbGIdtt1g+Kc3MDQ064dBsP1g2b+SREpN3hXIiHJcbLMigSs6zVo41okep0jnizMdaH3h9+Bdt3 nQZLsvWDCfBz2DHylspSGT0gIpc32JWeQmmqbFrO0cS6+8otz4LnPx1syQ7u2JFrLSGEHuA0uwFM sZcJZiSklid1jUWfrGIZqNTHdPxjtrdsuXyu5M4uKrnZXyRyCRK3laa5j7Rma+Y72pSL6G0OxTov qIOPEKSTE6gV0RDboiWDSdtUY3sm2L1f1hRUZ84sxaio4nkDmrTTJHV+kRt0biRClgOkN3OR1YHY ZzxJv8vTAMxBZmVfz8tGilipB4Lyg5RLbgzibgYlnpZ2r7dQRkk7HFedOarf8E0ecrtuC61RKtSm ZbURkJ78HTTa+dGZM14pe0NxlgUS08xyHrOHYHBIa+fUJ3Im1skXBufcG3Et+DYGAI3VIZmGrdMH VqUiCQ41EE5NTbbScxC1fUV+K9SVY8lxDVTITkdztPojIdhhVFdEG7QVLOqMkKazw74ZiLEq7ioQ POpIRVRUlz+o82zZ/RX180iIOdoWFgzts4KoR4TFXVIqQ5anXDGbTGo9mSlmURGbJbZQpE/fLBPL sOHiKbQbyh/kYBkt7yiI4BFprdQ5ZqoY+uJNN9qNPD+pFofBZAqioWZ+D8LL/MQy0ZeGIyGWkXei xuCHao6+E0QuTx77LKF646XDIsQkvJr90yfHKTjFuRBNAjVvrgHZjZBp7Z6KjYSMNKpEUpzPZTFN FlHj/kxq4B0cd2IpKse0UFYHEfKlj6ZU4bDKsmDKgtBj31I9rKcCwIrRP+LuSKcKEhehQuQA --===============6192464597662518787==--