From: Date: May 18 2007 2:45am
Subject: bk commit into 5.0 tree (dkatz:1.2490) BUG#27119
List-Archive: http://lists.mysql.com/commits/26936
X-Bug: 27119
Message-Id: <20070518004540.0AF0D3E89BE@damien-katzs-computer.local>

Below is the list of changes that have just been committed into a local
5.0 repository of dkatz. When dkatz does a push these changes will
be propagated to the main repository and, within 24 hours after the
push, to the public repository.
For information on how to access the public repository
see http://dev.mysql.com/doc/mysql/en/installing-source-tree.html

ChangeSet@stripped, 2007-05-17 20:45:33-04:00, dkatz@stripped +1 -0
  Bug #27119  	server crash with integer division by zero during filesort on huge result
  
  Fixed a problem and compiler warning on 64bit platforms so that they only allocated UINT_MAX number of BUFFPEKS.

  sql/filesort.cc@stripped, 2007-05-17 20:45:28-04:00, dkatz@stripped +2 -2
     Fixed a problem and compiler warning on 64bit platforms so that they only allocated UINT_MAX number of BUFFPEKS.

# This is a BitKeeper patch.  What follows are the unified diffs for the
# set of deltas contained in the patch.  The rest of the patch, the part
# that BitKeeper cares about, is below these diffs.
# User:	dkatz
# Host:	damien-katzs-computer.local
# Root:	/Users/dkatz/50_div_zero

--- 1.119/sql/filesort.cc	2007-05-17 17:54:27 -04:00
+++ 1.120/sql/filesort.cc	2007-05-17 20:45:28 -04:00
@@ -370,7 +370,7 @@ static BUFFPEK *read_buffpek_from_file(I
   ulong length;
   BUFFPEK *tmp;
   DBUG_ENTER("read_buffpek_from_file");
-  if ((ulong)count > ULONG_MAX/sizeof(BUFFPEK))
+  if (count > UINT_MAX/sizeof(BUFFPEK))
     return 0; /* sizeof(BUFFPEK)*count will overflow */
   tmp=(BUFFPEK*) my_malloc(length=sizeof(BUFFPEK)*count, MYF(MY_WME));
   if (tmp)
@@ -604,7 +604,7 @@ write_keys(SORTPARAM *param, register uc
                        MYF(MY_WME)))
     goto err;                                   /* purecov: inspected */
   /* check we won't have more buffpeks than we can possibly keep in memory */
-  if (my_b_tell(buffpek_pointers) + sizeof(BUFFPEK) > (ulonglong)ULONG_MAX)
+  if (my_b_tell(buffpek_pointers) + sizeof(BUFFPEK) > (ulonglong)UINT_MAX)
     goto err;
   buffpek.file_pos= my_b_tell(tempfile);
   if ((ha_rows) count > param->max_rows)