From: ramil
Date: February 8 2008 3:17pm
Subject: bk commit into 5.0 tree (ramil:1.2570) BUG#33758
List-Archive: http://lists.mysql.com/commits/41944
X-Bug: 33758
Message-Id: <20080208151751.D77FD3400078@ramil.myoffice.izhnet.ru>

Below is the list of changes that have just been committed into a local
5.0 repository of ramil.  When ramil does a push these changes
will be propagated to the main repository and, within 24 hours after the
push, to the public repository.
For information on how to access the public repository
see http://dev.mysql.com/doc/mysql/en/installing-source-tree.html

ChangeSet@stripped, 2008-02-08 19:17:48+04:00, ramil@stripped +1 -0
  Fix for bug #33758: Got query result when using ORDER BY ASC, but 
  empty result when using DESC
  
  Problem: fetching MyISAM keys we copy a key block pointer to the end of the key buffer.
  However, we don't take into account the pointer length calculatig the buffer size,
  that may leads to memory overwriting and in turn to unpredictable results.
  
  Fix: increase key buffer size by length of the key block pointer.
  
  Note: no simple test case.

  myisam/mi_open.c@stripped, 2008-02-08 19:17:47+04:00, ramil@stripped +3 -0
    Fix for bug #33758: Got query result when using ORDER BY ASC, but 
    empty result when using DESC
      - eincrease possible maximum key length by size of the key block pointer,
        as it's copied into the key buffer in the get_key() MyISAM functions.

diff -Nrup a/myisam/mi_open.c b/myisam/mi_open.c
--- a/myisam/mi_open.c	2007-12-18 15:29:47 +04:00
+++ b/myisam/mi_open.c	2008-02-08 19:17:47 +04:00
@@ -270,6 +270,9 @@ MI_INFO *mi_open(const char *name, int m
     if (share->options & HA_OPTION_COMPRESS_RECORD)
       share->base.max_key_length+=2;	/* For safety */
 
+    /* Add space for node pointer */
+    share->base.max_key_length+= share->base.key_reflength;
+
     if (!my_multi_malloc(MY_WME,
 			 &share,sizeof(*share),
 			 &share->state.rec_per_key_part,sizeof(long)*key_parts,