From 30894fe9a9024d4dfe85f7fc93cf702040a9ef67 Mon Sep 17 00:00:00 2001 From: Nikita Malyavin Date: Tue, 22 Sep 2020 20:17:02 +1000 Subject: [PATCH] Add DBUG_ASSERT in Field::ptr_in_record 1. Subtracting table->record[0] from record is UB (non-contiguous buffers) 2. It is very popular to use move_field_offset, which changes Field::ptr, but leaves table->record[0] unchanged. This makes a ptr_in_record result incorrect, since it relies on table->record[0] value. The check ensures the result is within the queried record boundaries. --- sql/field.h | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/sql/field.h b/sql/field.h index be4d279ce61..dfc02149f9d 100644 --- a/sql/field.h +++ b/sql/field.h @@ -1151,8 +1151,9 @@ public: virtual void reset_fields() {} const uchar *ptr_in_record(const uchar *record) const { - my_ptrdiff_t l_offset= (my_ptrdiff_t) (record - table->record[0]); - return ptr + l_offset; + my_ptrdiff_t l_offset= (my_ptrdiff_t) (ptr - table->record[0]); + DBUG_ASSERT(l_offset >= 0 && table->s->rec_buff_length - l_offset > 0); + return record + l_offset; } virtual int set_default();