List:Internals« Previous MessageNext Message »
From:Benjamin Pflugmann Date:August 30 2001 1:02am
Subject:bug confirmed (was: Re: understanding the source)
View as plain text  
Hi.

It's a low risk bug, which results in a crash: It only occurs after
editing a .MRG file by hand: myrg_open intends to ignore empty lines
and comments, but crashes if the file _starts_ with either of both.

On Thu, Aug 30, 2001 at 02:32:13AM +0200, philemon@stripped wrote:
[...]
> If it doesn't, is there any reason it is written as it is? As IMHO
> some stuff is executed needlessy, and "luckily" points to the valid
> data of the last loop. Concretely, if the first line is empty or a
> comment, I believe that "info.reclength=isam->s->base.reclength;"
> tries to access undefined data? No harm intended, just being curious.

Okay, I just confirmed that it crashes. Just create some kind of MERGE
table, stop the server, insert an empty line as first line of the .MRG
file, restart the server and try to access the MERGE table => crash.

Patch as suggested in my last mail should help, if there is no other
problem with it (patch included again for the bugs-list).

Bye,

	Benjamin.


test-case:

Used MySQL-Version, as can seen in the patch, is 3.23.40.

----------------------------------------------------------------------
mysql> DROP TABLE IF EXISTS merge_crash_test_1, merge_crash_test_union;
mysql> CREATE TABLE merge_crash_test_1( a int ) TYPE=MYISAM;
mysql> CREATE TABLE merge_crash_test_union( a int ) TYPE=MERGE UNION=(a);

Stop server, insert an empty at start of merge_crash_test_untion.MRG,
restart server and execute something like

mysql> SELECT * FROM merge_crash_test_union;
----------------------------------------------------------------------

patch:

--- mysql-3.23.40/myisammrg/myrg_open.c	Wed Jul 18 23:19:16 2001
+++ mysql-3.23.40-philemon/myisammrg/myrg_open.c	Thu Aug 30 01:22:25 2001
@@ -61,32 +61,31 @@
   info.reclength=0;
   while ((length=my_b_gets(&file,buff,FN_REFLEN-1)))
   {
     if ((end=buff+length)[-1] == '\n')
       end[-1]='\0';
     if (buff[0] && buff[0] != '#')	/* Skipp empty lines and comments */
     {
-      last_isam=isam;
       if (!test_if_hard_path(buff))
       {
 	VOID(strmake(name_buff+dir_length,buff,
 		     sizeof(name_buff)-1-dir_length));
 	VOID(cleanup_dirname(buff,name_buff));
       }
       if (!(isam=mi_open(buff,mode,test(handle_locking))))
 	goto err;
       files++;
-    }
     last_isam=isam;
     if (info.reclength && info.reclength != isam->s->base.reclength)
     {
       my_errno=HA_ERR_WRONG_IN_RECORD;
       goto err;
     }
     info.reclength=isam->s->base.reclength;
+    }
   }
   if (!(m_info= (MYRG_INFO*) my_malloc(sizeof(MYRG_INFO)+
 				       files*sizeof(MYRG_TABLE),
 				       MYF(MY_WME))))
     goto err;
   *m_info=info;
   m_info->open_tables=(files) ? (MYRG_TABLE *) (m_info+1) : 0;
----------------------------------------------------------------------
Thread
understanding the sourceBenjamin Pflugmann30 Aug
  • bug confirmed (was: Re: understanding the source)Benjamin Pflugmann30 Aug
  • Re: understanding the sourceBenjamin Pflugmann30 Aug
    • Re: understanding the sourceMichael Widenius30 Aug
    • Re: understanding the sourceTimothy Smith30 Aug
      • Re: understanding the sourceMichael Widenius2 Sep
  • understanding the sourceMichael Widenius2 Sep