From b80fa4000d6aa4b8f952049523d4fffb7e1e5438 Mon Sep 17 00:00:00 2001
From: Sergei Golubchik <serg@mariadb.org>
Date: Tue, 16 Jan 2018 23:10:53 +0100
Subject: [PATCH] bug: ha_heap was unilaterally increasing reclength

MEMORY engine needs the record length to be at least sizeof(void*),
because it stores a pointer there (linking deleted records into a list).
So when the reclength is less than sizeof(void*), it's set to sizeof(void*).
That is done inside heap_create(), and the upper layer doesn't know
that the engine writes beyond share->reclength.

While it's usually safe (in-memory record size is rounded up to
sizeof(double), so even if share->reclength is too small,
share->rec_buff_len is not), it could cause problems in the code that
copies records and expects them to fix in share->reclength,
e.g. in partitioning.
---
 storage/heap/ha_heap.cc | 1 +
 1 file changed, 1 insertion(+)

diff --git a/storage/heap/ha_heap.cc b/storage/heap/ha_heap.cc
index ec219c1590d..345ebb8419f 100644
--- a/storage/heap/ha_heap.cc
+++ b/storage/heap/ha_heap.cc
@@ -100,6 +100,7 @@ const char **ha_heap::bas_ext() const
 
 int ha_heap::open(const char *name, int mode, uint test_if_locked)
 {
+  set_if_bigger(table->s->reclength, sizeof (uchar*));
   internal_table= test(test_if_locked & HA_OPEN_INTERNAL_TABLE);
   if (internal_table || (!(file= heap_open(name, mode)) && my_errno == ENOENT))
   {