database/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-07-29 05:21:33 +03:00
Code Activity

Bug #30639: limit offset,rowcount wraps when rowcount >= 2^32 in windows

Browse Source 
The parser uses ulonglong to store the LIMIT number. This number
 then is stored into a variable of type ha_rows. ha_rows is either
 4 or 8 byte depending on the BIG_TABLES define from config.h
 So an overflow may occur (and LIMIT becomes zero) while storing an
 ulonglong value in ha_rows.
 Fixed by :
  1. Using the maximum possible value for ha_rows on overflow
  2. Defining BIG_TABLES for the windows builds (to match the others)
This commit is contained in:
gkodinov/kgeorge@magare.gmz
2007-09-19 17:47:52 +03:00
parent de14b6a502
commit c2abf960f9
4 changed files with 40 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
sql/sql_lex.cc
View File

@ -2372,10 +2372,19 @@ st_lex::copy_db_to(char **p_db, size_t *p_db_length) const
void st_select_lex_unit::set_limit(st_select_lex *sl)
{
ha_rows select_limit_val;
ulonglong val;
DBUG_ASSERT(! thd->stmt_arena->is_stmt_prepare());
select_limit_val= (ha_rows)(sl->select_limit ? sl->select_limit->val_uint() :
HA_POS_ERROR);
val= sl->select_limit ? sl->select_limit->val_uint() : HA_POS_ERROR;
select_limit_val= (ha_rows)val;
#ifndef BIG_TABLES
/*
Check for overflow : ha_rows can be smaller then ulonglong if
BIG_TABLES is off.
*/
if (val != (ulonglong)select_limit_val)
select_limit_val= HA_POS_ERROR;
#endif
offset_limit_cnt= (ha_rows)(sl->offset_limit ? sl->offset_limit->val_uint() :
ULL(0));
select_limit_cnt= select_limit_val + offset_limit_cnt;