Hi!
On Oct 27, Sergey Vojtovich wrote:
> On Fri, Oct 26, 2007 at 09:15:43PM +0200, Sergei Golubchik wrote:
> > On Oct 25, Sergey Vojtovich wrote:
> > > ChangeSet@stripped, 2007-10-26 02:09:13+05:00, svoj@stripped +3 -0
> > > BUG#11392 - fulltext search bug
> > >
> > > Fulltext boolean mode phrase search may crash server on platforms
> > > where size of pointer is not equal to size of unsigned integer
> > > (in other words some 64-bit platforms).
> > >
> > > The problem was integer overflow.
> > >
> > > Affects 4.1 only.
>
> > The correct fix is either declare m[1].beg as int (signed) or
> > ptrdiff_t. Or cast the value to int explicitly.
>
> I do not see any reason to make m[1].beg signed, as it can never be
> negative. And I do not see any reason to cast, whereas *(ptr + (uint)0 - 1)
> works perfectly.
it works perfectly, because it's evaluated as
*( (ptr+(uint)0) - 1)
while original expression is evaluated as
* (ptr + ((uint)0 - 1))
> I'd agree to change type of m[1].beg to ptrdiff_t (just to bring it's size
> to conformity with pointer size), but only in case we really want to support
> strings bigger than 4Gb. Even with this approach I'd still prefer to keep
> m[1].beg unsigned.
ptrdiff_t is signed, for the obvious reason that you've already
discovered in this bug :)
> Please confirm that you want me to change the patch and in which way.
chaning p[i] to *(p+i) looks very confusing, as according to the standard
these two notations must be equivalent.
I'd prefer to declare m[1].beg as int, or add a cast. ptrdiff_t would
open a whole can of wor^H^Harnings where it's assigned to an integer
variable about "possible value truncation". And I don't trust old
compilers having ptrdiff_t defined.
Regards / Mit vielen Grüssen,
Sergei
--
__ ___ ___ ____ __
/ |/ /_ __/ __/ __ \/ / Sergei Golubchik <serg@stripped>
/ /|_/ / // /\ \/ /_/ / /__ Principal Software Developer
/_/ /_/\_, /___/\___\_\___/ MySQL GmbH, Dachauer Str. 37, D-80335 München
<___/ Geschäftsführer: Kaj Arnö - HRB
München 162140
