database/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-07-30 16:24:05 +03:00
Code Activity

BUG#11392 - fulltext search bug

Browse Source 
Fulltext boolean mode phrase search may crash server on platforms
where size of pointer is not equal to size of unsigned integer
(in other words some 64-bit platforms).

The problem was integer overflow.

Affects 4.1 only.


myisam/ft_boolean_search.c:
  my_match_t::beg is unsigned int, that means type of expression
  (m[0].beg - 1) has unsigned type too. It may happen that instr()
  finds substring in the beggining of passed string, returning
  m[0].beg equal to 0. In this case value of expression (m[0].beg - 1)
  is equal to MAX_UINT.
  
  This is not a problem on platforms where sizeof(pointer) equals to
  sizeof(uint). That means ptr[(uint)-1] = ptr[(uint)MAX_UINT] = ptr - 1.
  
  On some 64-bit platforms where sizeof(pointer) is 8 and sizeof(uint)
  is 4, wrong address gets accessed. In other words ptr[(uint)-1] is
  equal to ptr + MAX_UINT.
mysql-test/r/fulltext.result:
  A test case for BUG#11392.
mysql-test/t/fulltext.test:
  A test case for BUG#11392.
This commit is contained in:
unknown
2007-10-30 14:46:43 +04:00
parent 4fda18a3ec
commit b698b6fd94
3 changed files with 16 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
mysql-test/r/fulltext.result
View File

@ -454,3 +454,9 @@ ALTER TABLE t1 DISABLE KEYS;
SELECT * FROM t1 WHERE MATCH(a) AGAINST('test');
ERROR HY000: Can't find FULLTEXT index matching the column list
DROP TABLE t1;
CREATE TABLE t1(a TEXT);
INSERT INTO t1 VALUES(' aaaaa aaaa');
SELECT * FROM t1 WHERE MATCH(a) AGAINST ('"aaaa"' IN BOOLEAN MODE);
a
aaaaa aaaa
DROP TABLE t1;