List:Commits« Previous MessageNext Message »
From:Sergey Vojtovich Date:November 12 2009 8:34am
Subject:bzr commit into mysql-5.1-bugteam branch (svoj:3167) Bug#47598
View as plain text  
#At file:///home/svoj/devel/bzr-mysql/mysql-5.1-bugteam-bug47598/ based on revid:joro@stripped

 3167 Sergey Vojtovich	2009-11-12
      BUG#47598 - MyISAM may write uninitialized data to disk
      
      When MyISAM writes newly created index page it may be
      initialized partially. In other words some bytes of
      sensible data and uninitialized tail of the page may
      go into index file.
      
      Under certain rare circumstances these hunks of memory
      may contain data that would be otherwise inaccessible
      to user, like passwords or data from other tables.
      
      Fixed by initializing memory for temporary MyISAM key
      buffer to '\0'.
      
      No test case for this fix as it is covered by lots of
      tests already.
     @ storage/myisam/mi_open.c
        When creating new MI_INFO object, initialize MI_INFO::buff.
        This is done to ensure that we never write uninitialized
        memory hunks to index file.
     @ storage/myisam/mi_page.c
        Disabled legacy code.

    modified:
      storage/myisam/mi_open.c
      storage/myisam/mi_page.c
=== modified file 'storage/myisam/mi_open.c'
--- a/storage/myisam/mi_open.c	2009-10-27 13:20:34 +0000
+++ b/storage/myisam/mi_open.c	2009-11-12 08:34:42 +0000
@@ -592,6 +592,8 @@ MI_INFO *mi_open(const char *name, int m
   strmov(info.filename,name);
   memcpy(info.blobs,share->blobs,sizeof(MI_BLOB)*share->base.blobs);
   info.lastkey2=info.lastkey+share->base.max_key_length;
+  bzero(info.buff, share->base.max_key_block_length * 2 +
+                   share->base.max_key_length);
 
   info.s=share;
   info.lastpos= HA_OFFSET_ERROR;

=== modified file 'storage/myisam/mi_page.c'
--- a/storage/myisam/mi_page.c	2008-03-29 08:02:54 +0000
+++ b/storage/myisam/mi_page.c	2009-11-12 08:34:42 +0000
@@ -86,7 +86,11 @@ int _mi_write_keypage(register MI_INFO *
   if ((length=keyinfo->block_length) > IO_SIZE*2 &&
       info->state->key_file_length != page+length)
     length= ((mi_getint(buff)+IO_SIZE-1) & (uint) ~(IO_SIZE-1));
-#ifdef HAVE_purify
+#ifdef LEGACY_CODE_HAVE_purify
+  /*
+    This is legacy code to shut up valgrind. Must not be needed after
+    BUG#47598 - "MyISAM may write uninitialized data to disk" is fixed.
+  */
   {
     length=mi_getint(buff);
     bzero((uchar*) buff+length,keyinfo->block_length-length);


Attachment: [text/bzr-bundle] bzr/svoj@sun.com-20091112083442-thb0a3jrvoce1pgs.bundle
Thread
bzr commit into mysql-5.1-bugteam branch (svoj:3167) Bug#47598Sergey Vojtovich12 Nov
  • Re: bzr commit into mysql-5.1-bugteam branch (svoj:3167) Bug#47598Sergei Golubchik17 Nov
    • Re: bzr commit into mysql-5.1-bugteam branch (svoj:3167) Bug#47598Sergey Vojtovich17 Nov