From: Date: August 5 2008 4:33pm
Subject: bzr commit into mysql-5.1-telco-6.3 branch (jonas:2646) Bug#38520
List-Archive: http://lists.mysql.com/commits/50937
X-Bug: 38520
Message-Id: <20080805143307.4E9E61F048@perch.localdomain>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit

#At file:///home/jonas/src/telco-6.3/

 2646 jonas@stripped	2008-08-05 [merge]
      ndb - bug#38520 (merge telco-6.2 to telco-6.3)
        Incorrect handling EMPTY_ENTRY setion with length 2
modified:
  storage/ndb/tools/restore/Restore.cpp

=== modified file 'storage/ndb/tools/restore/Restore.cpp'
--- a/storage/ndb/tools/restore/Restore.cpp	2008-03-18 20:05:09 +0000
+++ b/storage/ndb/tools/restore/Restore.cpp	2008-08-05 14:32:58 +0000
@@ -1351,13 +1351,19 @@ bool RestoreDataIterator::readFragmentHe
     if (Header.SectionType == BackupFormat::EMPTY_ENTRY)
     {
       void *tmp;
-      buffer_get_ptr(&tmp, Header.SectionLength*4-8, 1);
+      if (Header.SectionLength < 2)
+      {
+        err << "getFragmentFooter:Error reading fragment footer" << endl;
+        return false;
+      }
+      if (Header.SectionLength > 2)
+        buffer_get_ptr(&tmp, Header.SectionLength*4-8, 1);
       continue;
     }
     break;
   }
   /* read rest of header */
-  if (buffer_read(((char*)&Header)+8, sizeof(Header)-8, 1) != 1)
+  if (buffer_read(((char*)&Header)+8, Header.SectionLength*4-8, 1) != 1)
   {
     ret = 0;
     return false;