Commit 6153b007 authored by monty@narttu.mysql.fi's avatar monty@narttu.mysql.fi

Correct fix for buffer overruns for compressed blobs.

(Bugs #770, #1304 and maybe #1295)
parent 45a41e85
...@@ -743,7 +743,7 @@ static void uf_blob(MI_COLUMNDEF *rec, MI_BIT_BUFF *bit_buff, ...@@ -743,7 +743,7 @@ static void uf_blob(MI_COLUMNDEF *rec, MI_BIT_BUFF *bit_buff,
{ {
ulong length=get_bits(bit_buff,rec->space_length_bits); ulong length=get_bits(bit_buff,rec->space_length_bits);
uint pack_length=(uint) (end-to)-mi_portable_sizeof_char_ptr; uint pack_length=(uint) (end-to)-mi_portable_sizeof_char_ptr;
if (bit_buff->blob_pos+length > bit_buff->end) if (bit_buff->blob_pos+length > bit_buff->blob_end)
{ {
bit_buff->error=1; bit_buff->error=1;
bzero((byte*) to,(end-to)); bzero((byte*) to,(end-to));
...@@ -1067,6 +1067,7 @@ uint _mi_pack_get_block_info(MI_INFO *myisam, MI_BLOCK_INFO *info, File file, ...@@ -1067,6 +1067,7 @@ uint _mi_pack_get_block_info(MI_INFO *myisam, MI_BLOCK_INFO *info, File file,
&myisam->rec_buff))) &myisam->rec_buff)))
return BLOCK_FATAL_ERROR; /* not enough memory */ return BLOCK_FATAL_ERROR; /* not enough memory */
myisam->bit_buff.blob_pos=(uchar*) myisam->rec_buff+info->rec_len; myisam->bit_buff.blob_pos=(uchar*) myisam->rec_buff+info->rec_len;
myisam->bit_buff.blob_end= myisam->bit_buff.blob_pos+info->blob_len;
myisam->blob_length=info->blob_len; myisam->blob_length=info->blob_len;
} }
info->filepos=filepos+head_length; info->filepos=filepos+head_length;
...@@ -1243,6 +1244,7 @@ static uchar *_mi_mempack_get_block_info(MI_INFO *myisam,MI_BLOCK_INFO *info, ...@@ -1243,6 +1244,7 @@ static uchar *_mi_mempack_get_block_info(MI_INFO *myisam,MI_BLOCK_INFO *info,
&myisam->rec_buff))) &myisam->rec_buff)))
return 0; /* not enough memory */ return 0; /* not enough memory */
myisam->bit_buff.blob_pos=(uchar*) myisam->rec_buff; myisam->bit_buff.blob_pos=(uchar*) myisam->rec_buff;
myisam->bit_buff.blob_end= (uchar*) myisam->rec_buff + info->blob_len;
} }
return header; return header;
} }
......
...@@ -213,7 +213,7 @@ typedef uint mi_bit_type; ...@@ -213,7 +213,7 @@ typedef uint mi_bit_type;
typedef struct st_mi_bit_buff { /* Used for packing of record */ typedef struct st_mi_bit_buff { /* Used for packing of record */
mi_bit_type current_byte; mi_bit_type current_byte;
uint bits; uint bits;
uchar *pos,*end,*blob_pos; uchar *pos,*end,*blob_pos,*blob_end;
uint error; uint error;
} MI_BIT_BUFF; } MI_BIT_BUFF;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment