From 70f53b1a6550cd60caf11b849d0c7c2ac3329dea Mon Sep 17 00:00:00 2001 From: Narayanan V Date: Wed, 29 Apr 2009 16:51:14 +0530 Subject: [PATCH 1/2] Bug#44337 Select query using index merge fails with MCH3601 The storage engine was not correctly handling the case in which rnd_pos is executed for a handler without a preceding rnd_next or index read operation. As a result, an unitialized file handle was sometimes being passed to the QMY_READ API. The fix clears the rrnAssocHandle at the beginning of each read operation and then checks to see whether it has been set to a valid handle value before attempting to use it in rnd_pos. If rrnAssocHandle has not been set by a previous read operation, rnd_pos instead falls back to the use of the currently active handle. storage/ibmdb2i/ha_ibmdb2i.cc: Bug#44337 Select query using index merge fails with MCH3601 - clear the rrnAssocHandle at the beginning of each read operation - checks to see whether it has been set to a valid handle value before attempting to use it in rnd_pos --- storage/ibmdb2i/ha_ibmdb2i.cc | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/storage/ibmdb2i/ha_ibmdb2i.cc b/storage/ibmdb2i/ha_ibmdb2i.cc index ad80a80fc97..46c84de4aee 100644 --- a/storage/ibmdb2i/ha_ibmdb2i.cc +++ b/storage/ibmdb2i/ha_ibmdb2i.cc @@ -898,6 +898,8 @@ int ha_ibmdb2i::index_init(uint idx, bool sorted) releaseIndexFile(idx); } + rrnAssocHandle= 0; + DBUG_RETURN(rc); } @@ -1154,6 +1156,8 @@ int ha_ibmdb2i::rnd_init(bool scan) releaseDataFile(); } + rrnAssocHandle= 0; + DBUG_RETURN(0); // MySQL sometimes does not check the return code, causing // an assert in ha_rnd_end later on if we return a non-zero // value here. @@ -1251,7 +1255,8 @@ int ha_ibmdb2i::rnd_pos(uchar * buf, uchar *pos) int rc = 0; - if (activeHandle != rrnAssocHandle) + if (rrnAssocHandle && + (activeHandle != rrnAssocHandle)) { if (activeHandle) releaseActiveHandle(); rc = useFileByHandle(QMY_UPDATABLE, rrnAssocHandle); From 73d3be945ff5f224ae7197883617495a9e0002b2 Mon Sep 17 00:00:00 2001 From: Vladislav Vaintroub Date: Wed, 29 Apr 2009 13:51:10 +0200 Subject: [PATCH 2/2] Bug#43932 myisam index corruption with large index and large key_buffer_size. The cause of corruption was number overflow when multiplying two ulong values, number of used keycache blocks with size of a single block. The result of multiplication exceeded ulong range (4G) and this lead to incorrectly calculated buffer offset in the key cache. The fix is to use size_t for multiplication result. This patch also fixes pointless cast in safemalloc (size of allocated block to uint), that creates lot of false alarm warnings when using big keycache (> 4GB) in debug mode. --- mysys/mf_keycache.c | 6 ++++-- mysys/safemalloc.c | 2 +- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/mysys/mf_keycache.c b/mysys/mf_keycache.c index 397a3332740..16bcb11eb91 100644 --- a/mysys/mf_keycache.c +++ b/mysys/mf_keycache.c @@ -2044,13 +2044,15 @@ restart: } else { + size_t block_mem_offset; /* There are some never used blocks, take first of them */ DBUG_ASSERT(keycache->blocks_used < (ulong) keycache->disk_blocks); block= &keycache->block_root[keycache->blocks_used]; + block_mem_offset= + ((size_t) keycache->blocks_used) * keycache->key_cache_block_size; block->buffer= ADD_TO_PTR(keycache->block_mem, - ((ulong) keycache->blocks_used* - keycache->key_cache_block_size), + block_mem_offset, uchar*); keycache->blocks_used++; DBUG_ASSERT(!block->next_used); diff --git a/mysys/safemalloc.c b/mysys/safemalloc.c index 36d07b475e9..c484f1d4c54 100644 --- a/mysys/safemalloc.c +++ b/mysys/safemalloc.c @@ -174,7 +174,7 @@ void *_mymalloc(size_t size, const char *filename, uint lineno, myf MyFlags) data[size + 3]= MAGICEND3; irem->filename= (char *) filename; irem->linenum= lineno; - irem->datasize= (uint32) size; + irem->datasize= size; irem->prev= NULL; /* Add this remember structure to the linked list */