From: Date: August 13 2008 10:29pm
Subject: bzr push into mysql-5.1 branch (jonas:2649) Bug#38628
List-Archive: http://lists.mysql.com/commits/51574
X-Bug: 38628
Message-Id: <20080813202900.07275917AF1@perch.localdomain>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit

 2649 Jonas Oreland	2008-08-13
      ndb - bug#38628 - Fix invalid memory access in takeOverScanOp
        (causes bus-error on i.e sparc)
modified:
  storage/ndb/src/ndbapi/NdbScanOperation.cpp

=== modified file 'storage/ndb/src/ndbapi/NdbScanOperation.cpp'
--- a/storage/ndb/src/ndbapi/NdbScanOperation.cpp	2008-08-11 12:44:24 +0000
+++ b/storage/ndb/src/ndbapi/NdbScanOperation.cpp	2008-08-13 20:04:01 +0000
@@ -2122,7 +2122,7 @@ NdbScanOperation::takeOverScanOp(Operati
    */
   Uint32 infoword= 0;
   Uint32 len= 0;
-  const Uint32 *src= NULL;
+  const char *src= NULL;
 
   Uint32 idx= m_current_api_receiver;
   if (idx >= m_api_receivers_count)
@@ -2130,7 +2130,7 @@ NdbScanOperation::takeOverScanOp(Operati
   const NdbReceiver *receiver= m_api_receivers[m_current_api_receiver];
 
   /* Get this row's KeyInfo data */
-  int res= receiver->get_keyinfo20(infoword, len, (const char*&) src);
+  int res= receiver->get_keyinfo20(infoword, len, src);
   if (res == -1)
     return NULL;
 
@@ -2170,11 +2170,10 @@ NdbScanOperation::takeOverScanOp(Operati
   
   // Copy the first 8 words of key info from KEYINF20 into TCKEYREQ
   TcKeyReq * tcKeyReq = CAST_PTR(TcKeyReq,newOp->theTCREQ->getDataPtrSend());
-  Uint32 i = 0;
-  for (i = 0; i < TcKeyReq::MaxKeyInfo && i < len; i++) {
-    tcKeyReq->keyInfo[i] = * src++;
-  }
-  
+  Uint32 i = MIN(TcKeyReq::MaxKeyInfo, len);
+  memcpy(tcKeyReq->keyInfo, src, 4*i);
+  src += i * 4;
+
   if(i < len){
     NdbApiSignal* tSignal = theNdb->getSignal();
     newOp->theTCREQ->next(tSignal); 
@@ -2184,7 +2183,7 @@ NdbScanOperation::takeOverScanOp(Operati
       tSignal->setSignal(GSN_KEYINFO);
       KeyInfo * keyInfo = CAST_PTR(KeyInfo, tSignal->getDataPtrSend());
       memcpy(keyInfo->keyData, src, 4 * KeyInfo::DataLength);
-      src += KeyInfo::DataLength;
+      src += 4 * KeyInfo::DataLength;
       left -= KeyInfo::DataLength;
       
       tSignal->next(theNdb->getSignal());