2649 Jonas Oreland 2008-08-13
ndb - bug#38628 - Fix invalid memory access in takeOverScanOp
(causes bus-error on i.e sparc)
modified:
storage/ndb/src/ndbapi/NdbScanOperation.cpp
=== modified file 'storage/ndb/src/ndbapi/NdbScanOperation.cpp'
--- a/storage/ndb/src/ndbapi/NdbScanOperation.cpp 2008-08-11 12:44:24 +0000
+++ b/storage/ndb/src/ndbapi/NdbScanOperation.cpp 2008-08-13 20:04:01 +0000
@@ -2122,7 +2122,7 @@ NdbScanOperation::takeOverScanOp(Operati
*/
Uint32 infoword= 0;
Uint32 len= 0;
- const Uint32 *src= NULL;
+ const char *src= NULL;
Uint32 idx= m_current_api_receiver;
if (idx >= m_api_receivers_count)
@@ -2130,7 +2130,7 @@ NdbScanOperation::takeOverScanOp(Operati
const NdbReceiver *receiver= m_api_receivers[m_current_api_receiver];
/* Get this row's KeyInfo data */
- int res= receiver->get_keyinfo20(infoword, len, (const char*&) src);
+ int res= receiver->get_keyinfo20(infoword, len, src);
if (res == -1)
return NULL;
@@ -2170,11 +2170,10 @@ NdbScanOperation::takeOverScanOp(Operati
// Copy the first 8 words of key info from KEYINF20 into TCKEYREQ
TcKeyReq * tcKeyReq = CAST_PTR(TcKeyReq,newOp->theTCREQ->getDataPtrSend());
- Uint32 i = 0;
- for (i = 0; i < TcKeyReq::MaxKeyInfo && i < len; i++) {
- tcKeyReq->keyInfo[i] = * src++;
- }
-
+ Uint32 i = MIN(TcKeyReq::MaxKeyInfo, len);
+ memcpy(tcKeyReq->keyInfo, src, 4*i);
+ src += i * 4;
+
if(i < len){
NdbApiSignal* tSignal = theNdb->getSignal();
newOp->theTCREQ->next(tSignal);
@@ -2184,7 +2183,7 @@ NdbScanOperation::takeOverScanOp(Operati
tSignal->setSignal(GSN_KEYINFO);
KeyInfo * keyInfo = CAST_PTR(KeyInfo, tSignal->getDataPtrSend());
memcpy(keyInfo->keyData, src, 4 * KeyInfo::DataLength);
- src += KeyInfo::DataLength;
+ src += 4 * KeyInfo::DataLength;
left -= KeyInfo::DataLength;
tSignal->next(theNdb->getSignal());
| Thread |
|---|
| • bzr push into mysql-5.1 branch (jonas:2649) Bug#38628 | Jonas Oreland | 13 Aug |
