List:Commits« Previous MessageNext Message »
From:Sergey Vojtovich Date:October 25 2007 9:20pm
Subject:bk commit into 4.1 tree (svoj:1.2688) BUG#11392
View as plain text  
Below is the list of changes that have just been committed into a local
4.1 repository of svoj. When svoj does a push these changes will
be propagated to the main repository and, within 24 hours after the
push, to the public repository.
For information on how to access the public repository
see http://dev.mysql.com/doc/mysql/en/installing-source-tree.html

ChangeSet@stripped, 2007-10-26 02:09:13+05:00, svoj@stripped +3 -0
  BUG#11392 - fulltext search bug
  
  Fulltext boolean mode phrase search may crash server on platforms
  where size of pointer is not equal to size of unsigned integer
  (in other words some 64-bit platforms).
  
  The problem was integer overflow.
  
  Affects 4.1 only.

  myisam/ft_boolean_search.c@stripped, 2007-10-26 02:08:31+05:00, svoj@april.(none) +2 -1
    m[1].beg may be 0, e.g. when searching for 'aaaa' in 'aaaaa' causing
    uint overflow.
    
    This is not a problem on platforms where sizeof(pointer) equals to
    sizeof(uint). That means ptr[(uint)-1] = ptr[(uint)MAX_UINT] = ptr - 1.
    
    On some 64-bit platforms where sizeof(pointer) is 8 and sizeof(uint)
    is 4, wrong address gets accessed. In other words ptr[(uint)-1] is
    equal to ptr + MAX_UINT.

  mysql-test/r/fulltext.result@stripped, 2007-10-26 02:08:31+05:00, svoj@april.(none) +6 -0
    A test case for BUG#11392.

  mysql-test/t/fulltext.test@stripped, 2007-10-26 02:08:31+05:00, svoj@april.(none) +8 -0
    A test case for BUG#11392.

diff -Nrup a/myisam/ft_boolean_search.c b/myisam/ft_boolean_search.c
--- a/myisam/ft_boolean_search.c	2005-07-28 23:24:02 +05:00
+++ b/myisam/ft_boolean_search.c	2007-10-26 02:08:31 +05:00
@@ -446,7 +446,8 @@ static int _ftb_strstr(const byte *s0, c
   {
     if (cs->coll->instr(cs, p0, e0 - p0, s1, e1 - s1, m, 2) != 2)
       return(0);
-    if ((!s_after || p0 + m[1].beg == s0 || !true_word_char(cs, p0[m[1].beg-1])) &&
+    if ((!s_after || p0 + m[1].beg == s0 ||
+         !true_word_char(cs, *(p0 + m[1].beg - 1))) &&
         (!e_before || p0 + m[1].end == e0 || !true_word_char(cs, p0[m[1].end])))
       return(1);
     p0+= m[1].beg;
diff -Nrup a/mysql-test/r/fulltext.result b/mysql-test/r/fulltext.result
--- a/mysql-test/r/fulltext.result	2007-04-13 02:31:32 +05:00
+++ b/mysql-test/r/fulltext.result	2007-10-26 02:08:31 +05:00
@@ -454,3 +454,9 @@ ALTER TABLE t1 DISABLE KEYS;
 SELECT * FROM t1 WHERE MATCH(a) AGAINST('test');
 ERROR HY000: Can't find FULLTEXT index matching the column list
 DROP TABLE t1;
+CREATE TABLE t1(a TEXT);
+INSERT INTO t1 VALUES(' aaaaa aaaa');
+SELECT * FROM t1 WHERE MATCH(a) AGAINST ('"aaaa"' IN BOOLEAN MODE);
+a
+ aaaaa aaaa
+DROP TABLE t1;
diff -Nrup a/mysql-test/t/fulltext.test b/mysql-test/t/fulltext.test
--- a/mysql-test/t/fulltext.test	2007-04-13 02:31:32 +05:00
+++ b/mysql-test/t/fulltext.test	2007-10-26 02:08:31 +05:00
@@ -379,4 +379,12 @@ ALTER TABLE t1 DISABLE KEYS;
 SELECT * FROM t1 WHERE MATCH(a) AGAINST('test');
 DROP TABLE t1;
 
+#
+# BUG#11392 - fulltext search bug
+#
+CREATE TABLE t1(a TEXT);
+INSERT INTO t1 VALUES(' aaaaa aaaa');
+SELECT * FROM t1 WHERE MATCH(a) AGAINST ('"aaaa"' IN BOOLEAN MODE);
+DROP TABLE t1;
+
 # End of 4.1 tests
Thread
bk commit into 4.1 tree (svoj:1.2688) BUG#11392Sergey Vojtovich25 Oct
  • Re: bk commit into 4.1 tree (svoj:1.2688) BUG#11392Sergei Golubchik26 Oct
Re: bk commit into 4.1 tree (svoj:1.2688) BUG#11392Sergei Golubchik26 Oct