database/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-07-30 16:24:05 +03:00
Code Activity

Fixed bug #32403: query causes a crash due to stack and

Browse Source 
memory corruptions.

The right pointer field of the SEL_ARG structure was not
initialized in the constructor and sometimes that led to
server crashes.

There is no testcase because the bug occurs only when
uninitialized memory has particular values, which can't be
re-created in the test suite.


sql/opt_range.cc:
  Fixed bug #32403.
  
  The eq_tree function requires that SEL_ARG::left and
  SEL_ARG::right are equal to null pointer if SEL_ARG
  type is MAYBE_KEY, but SEL_ARG::right was not initialized
  and contained garbage.
This commit is contained in:
unknown
2007-11-27 19:14:48 +04:00
parent ea73989828
commit d068dd1aab
1 changed files with 4 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
sql/opt_range.cc
View File

@ -250,6 +250,9 @@ public:
Field *field;
char *min_value,*max_value; // Pointer to range
/*
eq_tree() requires that left == right == 0 if the type is MAYBE_KEY.
*/
SEL_ARG *left,*right; /* R-B tree children */
SEL_ARG *next,*prev; /* Links for bi-directional interval list */
SEL_ARG *parent; /* R-B tree parent */
@ -265,7 +268,7 @@ public:
SEL_ARG(Field *field, uint8 part, char *min_value, char *max_value,
uint8 min_flag, uint8 max_flag, uint8 maybe_flag);
SEL_ARG(enum Type type_arg)
:min_flag(0),elements(1),use_count(1),left(0),next_key_part(0),
:min_flag(0),elements(1),use_count(1),left(0),right(0),next_key_part(0),
color(BLACK), type(type_arg)
{}
inline bool is_same(SEL_ARG *arg)