List:Commits« Previous MessageNext Message »
From:lars-erik.bjork Date:March 2 2009 8:17am
Subject:bzr commit into mysql-6.0-falcon-team branch (lars-erik.bjork:3043)
Bug#38130 Bug#42341
View as plain text  
#At file:///home/lb200670/devel/mysql/pong/ based on revid:vvaintroub@stripped

 3043 lars-erik.bjork@stripped	2009-03-02
      This is a patch for 
      bug#42341 Falcon assertion (key - (UCHAR*) 
      indexNode < 14) in IndexNode::parseNode
      and
      bug#38130 Falcon assertion in IndexNode::expandKey 
      offset + length <= MAX_PHYSICAL_KEY_LENGTH
      
      
      These crashes happen because we are trying to use the 
      data behind the last node in the bucket, when we 
      are walking the index. The reason for this is that 
      the node with the special record number -1 (which 
      indicates END_BUCKET) is the only node in the page.
      
      WalkIndex::getNextNode has the following piece of code:
      
      int32 WalkIndex::getNextNode(void)
      {
          for (;; first = true)
              {
                  if (first)
                      {
                      first = false;
                      recordNumber = node.getNumber();
      
                      if (recordNumber >= 0)
                          return recordNumber;
                      else if (recordNumber == END_LEVEL)
                          return -1;
                      }
      								
                  node.getNext(endNodes);
      
      We fail to check if recordNumber == END_BUCKET.
      In the case of bug#42341, we try to parse some
      garbage data in IndexNode::parseNode and assert on
      a consistency check.
      In the case of bug#38130, we slip through this
      consistency check, but assert on a second check
      in IndexNode::expandKey 
      
      Changing the if from
      
      else if (recordNumber == END_LEVEL)
      
      to
      
      else if (recordNumber == END_LEVEL || recordNumber == END_BUCKET)
      
      prevents both crashes.
      
      
      modified file 'storage/falcon/WalkIndex.cpp'
      -----------------------------------------------
      Changed the if to prevent reading behind the
      END_BUCKET node.
modified:
  storage/falcon/WalkIndex.cpp

=== modified file 'storage/falcon/WalkIndex.cpp'
--- a/storage/falcon/WalkIndex.cpp	2008-07-15 18:57:27 +0000
+++ b/storage/falcon/WalkIndex.cpp	2009-03-02 08:16:53 +0000
@@ -89,7 +89,7 @@ int32 WalkIndex::getNextNode(void)
 			
 			if (recordNumber >= 0)
 				return recordNumber;
-			else if (recordNumber == END_LEVEL)
+			else if (recordNumber == END_LEVEL || recordNumber == END_BUCKET)
 				return -1;
 			}
 			

Thread
bzr commit into mysql-6.0-falcon-team branch (lars-erik.bjork:3043)Bug#38130 Bug#42341lars-erik.bjork2 Mar