From e0f3a0fae98bea144b962ef8dbbe62e0935aebb1 Mon Sep 17 00:00:00 2001 From: Tor Didriksen <tor.didriksen@oracle.com> Date: Fri, 1 Nov 2013 16:39:19 +0100 Subject: [PATCH] Bug#17617945 BUFFER OVERFLOW IN GET_MERGE_MANY_BUFFS_COST WITH SMALL SORT_BUFFER_SIZE get_cost_calc_buff_size() could return wrong value for the size of imerge_cost_buff. --- sql/sql_class.h | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/sql/sql_class.h b/sql/sql_class.h index 9a9b2058e2..fd83930a8e 100644 --- a/sql/sql_class.h +++ b/sql/sql_class.h @@ -2987,11 +2987,13 @@ public: bool get(TABLE *table); static double get_use_cost(uint *buffer, uint nkeys, uint key_size, ulonglong max_in_memory_size); + + // Returns the number of bytes needed in imerge_cost_buf. inline static int get_cost_calc_buff_size(ulong nkeys, uint key_size, ulonglong max_in_memory_size) { register ulonglong max_elems_in_tree= - (1 + max_in_memory_size / ALIGN_SIZE(sizeof(TREE_ELEMENT)+key_size)); + (max_in_memory_size / ALIGN_SIZE(sizeof(TREE_ELEMENT)+key_size)); return (int) (sizeof(uint)*(1 + nkeys/max_elems_in_tree)); } -- 2.30.9