1berry/MariaDB-server
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

BUG#13556441: CHECK AND REPAIR TABLE SHOULD BE MORE ROBUST [4]

Browse Source 
Problem description:
mysql server crashes when we run repair table on currupted table.

Analysis:
The problem with this bug seem to be key_reflength out of bounds
(186 according to debugger). We read this value from meta-data
segment of .MYI file while doing mi_open().

If you look into _mi_kpointer() you can see that the upper limit
for key_reflength is 7.

Solution:
In mi_open() there is a line like:
  if (share->base.keystart > 65535 || share->base.rec_reflength > 8)
we should verify key_reflength here as well.
This commit is contained in:
Venkata Sidagam 2012-10-31 18:32:53 +05:30
parent 23dc49cd3b
commit 48cbd14165
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
storage/myisam/mi_open.c
View File

@ -232,7 +232,8 @@ MI_INFO *mi_open(const char *name, int mode, uint open_flags)
} }
/* sanity check */ /* sanity check */
if (share->base.keystart > 65535 || share->base.rec_reflength > 8) if (share->base.keystart > 65535 ||
share->base.rec_reflength > 8 || share->base.key_reflength > 7)
{ {
my_errno=HA_ERR_CRASHED; my_errno=HA_ERR_CRASHED;
goto err; goto err;