database/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-08-08 11:22:35 +03:00
Code Activity

MDEV-36220 Correct length in memcpy saving and restoring found NULL record in loose index scan of min

Browse Source 
Use reclength because rec_buff_length is the actual reclength with
padding, whose use could cause ASAN unknown-crash, presumably caused
by memory violation.
This commit is contained in:
Yuchen Pei
2025-03-06 11:21:18 +11:00
parent 15848a75a7
commit b50df7bbd4
3 changed files with 24 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
sql/opt_range.cc
View File

@@ -16017,7 +16017,7 @@ int QUICK_GROUP_MIN_MAX_SELECT::next_min_in_range()
Remember this key, and continue looking for a non-NULL key that
satisfies some other condition.
*/
memcpy(tmp_record, record, head->s->rec_buff_length);
memcpy(tmp_record, record, head->s->reclength);
found_null= TRUE;
continue;
}
@@ -16057,7 +16057,7 @@ int QUICK_GROUP_MIN_MAX_SELECT::next_min_in_range()
*/
if (found_null && result)
{
memcpy(record, tmp_record, head->s->rec_buff_length);
memcpy(record, tmp_record, head->s->reclength);
result= 0;
}
return result;