#At file:///home/lb200670/devel/mysql/pong/ based on revid:vvaintroub@stripped
3043 lars-erik.bjork@stripped 2009-03-02
This is a patch for
bug#42341 Falcon assertion (key - (UCHAR*)
indexNode < 14) in IndexNode::parseNode
and
bug#38130 Falcon assertion in IndexNode::expandKey
offset + length <= MAX_PHYSICAL_KEY_LENGTH
These crashes happen because we are trying to use the
data behind the last node in the bucket, when we
are walking the index. The reason for this is that
the node with the special record number -1 (which
indicates END_BUCKET) is the only node in the page.
WalkIndex::getNextNode has the following piece of code:
int32 WalkIndex::getNextNode(void)
{
for (;; first = true)
{
if (first)
{
first = false;
recordNumber = node.getNumber();
if (recordNumber >= 0)
return recordNumber;
else if (recordNumber == END_LEVEL)
return -1;
}
node.getNext(endNodes);
We fail to check if recordNumber == END_BUCKET.
In the case of bug#42341, we try to parse some
garbage data in IndexNode::parseNode and assert on
a consistency check.
In the case of bug#38130, we slip through this
consistency check, but assert on a second check
in IndexNode::expandKey
Changing the if from
else if (recordNumber == END_LEVEL)
to
else if (recordNumber == END_LEVEL || recordNumber == END_BUCKET)
prevents both crashes.
modified file 'storage/falcon/WalkIndex.cpp'
-----------------------------------------------
Changed the if to prevent reading behind the
END_BUCKET node.
modified:
storage/falcon/WalkIndex.cpp
=== modified file 'storage/falcon/WalkIndex.cpp'
--- a/storage/falcon/WalkIndex.cpp 2008-07-15 18:57:27 +0000
+++ b/storage/falcon/WalkIndex.cpp 2009-03-02 08:16:53 +0000
@@ -89,7 +89,7 @@ int32 WalkIndex::getNextNode(void)
if (recordNumber >= 0)
return recordNumber;
- else if (recordNumber == END_LEVEL)
+ else if (recordNumber == END_LEVEL || recordNumber == END_BUCKET)
return -1;
}
Thread |
---|
• bzr commit into mysql-6.0-falcon-team branch (lars-erik.bjork:3043)Bug#38130 Bug#42341 | lars-erik.bjork | 2 Mar |