From 893a97e40479b4256b8bad187f55e96b8ec3b79f Mon Sep 17 00:00:00 2001 From: unknown Date: Tue, 12 Mar 2013 13:37:00 +0200 Subject: [PATCH 1/2] From daa28126f5740ba88d513f83f13927a56b42addd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marko=20M=C3=A4kel=C3=A4?= Date: Tue, 12 Mar 2013 13:42:12 +0200 Subject: [PATCH 2/2] Bug#16463505 PESSIMISTIC PAGE_ZIP_AVAILABLE() MAY CAUSE INFINITE PAGE SPLIT For a fresh insert, page_zip_available() was counting some fields twice. In the worst case, the compressed page size grows by PAGE_ZIP_DIR_SLOT_SIZE plus the size of the record that is being inserted. The size of the record already includes the fields that will be stored in the uncompressed portion of the compressed page. page_zip_get_trailer_len(): Remove the output parameter entry_size, because no caller is interested in it. page_zip_max_ins_size(), page_zip_available(): Assume that the page grows by PAGE_ZIP_DIR_SLOT_SIZE and the record size (which includes the fields that would be stored in the uncompressed portion of the page). rb#2169 approved by Sunny Bains --- storage/innodb_plugin/ChangeLog | 6 ++++++ storage/innodb_plugin/include/page0zip.ic | 20 +++++--------------- storage/innodb_plugin/page/page0zip.c | 16 +++++++--------- 3 files changed, 18 insertions(+), 24 deletions(-) diff --git a/storage/innodb_plugin/ChangeLog b/storage/innodb_plugin/ChangeLog index a05b38d8fc2..9285b9993e0 100644 --- a/storage/innodb_plugin/ChangeLog +++ b/storage/innodb_plugin/ChangeLog @@ -1,3 +1,9 @@ +2013-03-12 The InnoDB Team + + * include/page0zip.ic, page/page0zip.c: + Fix Bug#16463505 PESSIMISTIC PAGE_ZIP_AVAILABLE() + MAY CAUSE INFINITE PAGE SPLIT + 2013-02-27 The InnoDB Team * page/page0zip.c: diff --git a/storage/innodb_plugin/include/page0zip.ic b/storage/innodb_plugin/include/page0zip.ic index b5480604bdf..9e9dda90936 100644 --- a/storage/innodb_plugin/include/page0zip.ic +++ b/storage/innodb_plugin/include/page0zip.ic @@ -229,9 +229,7 @@ ibool page_zip_get_trailer_len( /*=====================*/ const page_zip_des_t* page_zip,/*!< in: compressed page */ - ibool is_clust,/*!< in: TRUE if clustered index */ - ulint* entry_size)/*!< out: size of the uncompressed - portion of a user record */ + ibool is_clust)/*!< in: TRUE if clustered index */ { ulint uncompressed_size; @@ -250,10 +248,6 @@ page_zip_get_trailer_len( ut_ad(!page_zip->n_blobs); } - if (entry_size) { - *entry_size = uncompressed_size; - } - return((page_dir_get_n_heap(page_zip->data) - 2) * uncompressed_size + page_zip->n_blobs * BTR_EXTERN_FIELD_REF_SIZE); @@ -270,11 +264,9 @@ page_zip_max_ins_size( const page_zip_des_t* page_zip,/*!< in: compressed page */ ibool is_clust)/*!< in: TRUE if clustered index */ { - ulint uncompressed_size; ulint trailer_len; - trailer_len = page_zip_get_trailer_len(page_zip, is_clust, - &uncompressed_size); + trailer_len = page_zip_get_trailer_len(page_zip, is_clust); /* When a record is created, a pointer may be added to the dense directory. @@ -283,7 +275,7 @@ page_zip_max_ins_size( Also the BLOB pointers will be allocated from there, but we may as well count them in the length of the record. */ - trailer_len += uncompressed_size; + trailer_len += PAGE_ZIP_DIR_SLOT_SIZE; return((lint) page_zip_get_size(page_zip) - trailer_len - page_zip->m_end @@ -303,13 +295,11 @@ page_zip_available( ulint create) /*!< in: nonzero=add the record to the heap */ { - ulint uncompressed_size; ulint trailer_len; ut_ad(length > REC_N_NEW_EXTRA_BYTES); - trailer_len = page_zip_get_trailer_len(page_zip, is_clust, - &uncompressed_size); + trailer_len = page_zip_get_trailer_len(page_zip, is_clust); /* Subtract the fixed extra bytes and add the maximum space needed for identifying the record (encoded heap_no). */ @@ -323,7 +313,7 @@ page_zip_available( Also the BLOB pointers will be allocated from there, but we may as well count them in the length of the record. */ - trailer_len += uncompressed_size; + trailer_len += PAGE_ZIP_DIR_SLOT_SIZE; } return(UNIV_LIKELY(length diff --git a/storage/innodb_plugin/page/page0zip.c b/storage/innodb_plugin/page/page0zip.c index 2330af8d6b3..ab9e8ffb49f 100644 --- a/storage/innodb_plugin/page/page0zip.c +++ b/storage/innodb_plugin/page/page0zip.c @@ -2271,13 +2271,12 @@ zlib_done: if (UNIV_UNLIKELY (page_zip_get_trailer_len(page_zip, - dict_index_is_clust(index), NULL) + dict_index_is_clust(index)) + page_zip->m_end >= page_zip_get_size(page_zip))) { page_zip_fail(("page_zip_decompress_node_ptrs:" " %lu + %lu >= %lu, %lu\n", (ulong) page_zip_get_trailer_len( - page_zip, dict_index_is_clust(index), - NULL), + page_zip, dict_index_is_clust(index)), (ulong) page_zip->m_end, (ulong) page_zip_get_size(page_zip), (ulong) dict_index_is_clust(index))); @@ -2428,12 +2427,12 @@ zlib_done: page_zip->m_nonempty = mod_log_ptr != d_stream->next_in; } - if (UNIV_UNLIKELY(page_zip_get_trailer_len(page_zip, FALSE, NULL) + if (UNIV_UNLIKELY(page_zip_get_trailer_len(page_zip, FALSE) + page_zip->m_end >= page_zip_get_size(page_zip))) { page_zip_fail(("page_zip_decompress_sec: %lu + %lu >= %lu\n", (ulong) page_zip_get_trailer_len( - page_zip, FALSE, NULL), + page_zip, FALSE), (ulong) page_zip->m_end, (ulong) page_zip_get_size(page_zip))); return(FALSE); @@ -2759,12 +2758,12 @@ zlib_done: page_zip->m_nonempty = mod_log_ptr != d_stream->next_in; } - if (UNIV_UNLIKELY(page_zip_get_trailer_len(page_zip, TRUE, NULL) + if (UNIV_UNLIKELY(page_zip_get_trailer_len(page_zip, TRUE) + page_zip->m_end >= page_zip_get_size(page_zip))) { page_zip_fail(("page_zip_decompress_clust: %lu + %lu >= %lu\n", (ulong) page_zip_get_trailer_len( - page_zip, TRUE, NULL), + page_zip, TRUE), (ulong) page_zip->m_end, (ulong) page_zip_get_size(page_zip))); return(FALSE); @@ -4636,8 +4635,7 @@ page_zip_copy_recs( memcpy(page_zip, src_zip, sizeof *page_zip); page_zip->data = data; } - ut_ad(page_zip_get_trailer_len(page_zip, - dict_index_is_clust(index), NULL) + ut_ad(page_zip_get_trailer_len(page_zip, dict_index_is_clust(index)) + page_zip->m_end < page_zip_get_size(page_zip)); if (!page_is_leaf(src)