From: Date: August 5 2008 4:08pm
Subject: bzr commit into mysql-5.1-telco-6.2 branch (jonas:2638) Bug#38520
List-Archive: http://lists.mysql.com/commits/50931
X-Bug: 38520
Message-Id: <20080805140845.AAA091F048@perch.localdomain>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit

#At file:///home/jonas/src/telco-6.2/

 2638 jonas@stripped	2008-08-05
      ndb - bug#38520
        Incorrect handling EMPTY_ENTRY setion with length 2
modified:
  storage/ndb/tools/restore/Restore.cpp

=== modified file 'storage/ndb/tools/restore/Restore.cpp'
--- a/storage/ndb/tools/restore/Restore.cpp	2008-03-17 16:31:55 +0000
+++ b/storage/ndb/tools/restore/Restore.cpp	2008-08-05 14:08:40 +0000
@@ -1002,13 +1002,19 @@ bool RestoreDataIterator::readFragmentHe
     if (Header.SectionType == BackupFormat::EMPTY_ENTRY)
     {
       void *tmp;
-      buffer_get_ptr(&tmp, Header.SectionLength*4-8, 1);
+      if (Header.SectionLength < 2)
+      {
+        err << "getFragmentFooter:Error reading fragment footer" << endl;
+        return false;
+      }
+      if (Header.SectionLength > 2)
+        buffer_get_ptr(&tmp, Header.SectionLength*4-8, 1);
       continue;
     }
     break;
   }
   /* read rest of header */
-  if (buffer_read(((char*)&Header)+8, sizeof(Header)-8, 1) != 1)
+  if (buffer_read(((char*)&Header)+8, Header.SectionLength*4-8, 1) != 1)
   {
     ret = 0;
     return false;