Commit 05c4a351 authored by Vasil Dimov's avatar Vasil Dimov

Fix BUG#11798085 - INCORRECT INTEGER TYPES USED IN CALCULATION RESULT

IN OVERFLOW

Do not assign the result of the difference to a signed variable and
checking whether it is negative afterwards because this limits the max diff
to 2G on 32 bit systems. E.g. "signed = 3.5G - 1G" would be negative and the
code would assume that 3.5G < 1G. Instead compare the two variables directly
and assign to unsigned only if we know that the result of the subtraction
will be positive.

Discussed with:	Jimmy and Sunny (via IRC)
parent db55cf85
......@@ -1893,16 +1893,19 @@ buf_block_align(
/* TODO: protect buf_pool->chunks with a mutex (it will
currently remain constant after buf_pool_init()) */
for (chunk = buf_pool->chunks, i = buf_pool->n_chunks; i--; chunk++) {
lint offs = ptr - chunk->blocks->frame;
ulint offs;
if (UNIV_UNLIKELY(offs < 0)) {
if (UNIV_UNLIKELY(ptr < chunk->blocks->frame)) {
continue;
}
/* else */
offs = ptr - chunk->blocks->frame;
offs >>= UNIV_PAGE_SIZE_SHIFT;
if (UNIV_LIKELY((ulint) offs < chunk->size)) {
if (UNIV_LIKELY(offs < chunk->size)) {
buf_block_t* block = &chunk->blocks[offs];
/* The function buf_chunk_init() invokes
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment