Fixed LP bug #663840.

When adding a new record into the join buffer that is employed by BNLH join algorithm the writing procedure JOIN_CACHE::write_record_data checks whether there is enough space for the record in the buffer. When doing this it must take into account a possible new key entry added to the buffer. It might happen, as it has been demonstrated by the bug test case, that there is enough remaining space in the buffer for the record, but not for the additional key entry for this record. In this case the key entry overwrites the end of the record that might cause a crash or wrong results. Fixed by taking into account a possible addition of new key entry when estimating the remaining free space in the buffer.
2025-07-27 18:02:13 +03:00 · 2010-10-22 10:53:29 -07:00
parent ac58b4b7e0
commit ca862231f7
4 changed files with 166 additions and 16 deletions
--- a/sql/sql_select.h
+++ b/sql/sql_select.h
@ -790,6 +790,12 @@ protected:
    return max(buff_size-(end_pos-buff)-aux_buff_size,0);
  }

+  /* 
+    Shall calculate how much space is taken by allocation of the key
+    for a record in the join buffer
+  */
+  virtual uint extra_key_length() { return 0; }
+
  /*  Read all flag and data fields of a record from the join buffer */
  uint read_all_record_fields();
  
@ -1272,6 +1278,12 @@ protected:
    return max(last_key_entry-end_pos-aux_buff_size,0);
  }

+  /* 
+    Calculate how much space is taken by allocation of the key
+    entry for a record in the join buffer
+  */
+  virtual uint extra_key_length() { return key_entry_length; }
+
  /* 
    Skip record from a hashed join buffer if its match flag
    is set to MATCH_FOUND