From: Date: August 5 2008 4:34pm
Subject: bzr commit into mysql-5.1-telco-6.4 branch (jonas:2698) Bug#38520
List-Archive: http://lists.mysql.com/commits/50938
X-Bug: 38520
Message-Id: <20080805143446.26A1F1F048@perch.localdomain>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit

#At file:///home/jonas/src/telco-6.4/

 2698 jonas@stripped	2008-08-05 [merge]
      ndb - bug#38520 (merge telco-6.3 to telco-6.4)
        Incorrect handling EMPTY_ENTRY setion with length 2
modified:
  storage/ndb/tools/restore/Restore.cpp

=== modified file 'storage/ndb/tools/restore/Restore.cpp'
--- a/storage/ndb/tools/restore/Restore.cpp	2008-06-02 13:27:27 +0000
+++ b/storage/ndb/tools/restore/Restore.cpp	2008-08-05 14:34:39 +0000
@@ -1365,13 +1365,19 @@ bool RestoreDataIterator::readFragmentHe
     if (Header.SectionType == BackupFormat::EMPTY_ENTRY)
     {
       void *tmp;
-      buffer_get_ptr(&tmp, Header.SectionLength*4-8, 1);
+      if (Header.SectionLength < 2)
+      {
+        err << "getFragmentFooter:Error reading fragment footer" << endl;
+        return false;
+      }
+      if (Header.SectionLength > 2)
+        buffer_get_ptr(&tmp, Header.SectionLength*4-8, 1);
       continue;
     }
     break;
   }
   /* read rest of header */
-  if (buffer_read(((char*)&Header)+8, sizeof(Header)-8, 1) != 1)
+  if (buffer_read(((char*)&Header)+8, Header.SectionLength*4-8, 1) != 1)
   {
     ret = 0;
     return false;