Commit 56d63c15 authored by Marko Mäkelä's avatar Marko Mäkelä

Bug#16463505 PESSIMISTIC PAGE_ZIP_AVAILABLE() MAY CAUSE INFINITE PAGE SPLIT

For a fresh insert, page_zip_available() was counting some fields twice.
In the worst case, the compressed page size grows by PAGE_ZIP_DIR_SLOT_SIZE
plus the size of the record that is being inserted. The size of the record
already includes the fields that will be stored in the uncompressed portion
of the compressed page.

page_zip_get_trailer_len(): Remove the output parameter entry_size,
because no caller is interested in it.

page_zip_max_ins_size(), page_zip_available(): Assume that the page grows
by PAGE_ZIP_DIR_SLOT_SIZE and the record size (which includes the fields
that would be stored in the uncompressed portion of the page).

rb#2169 approved by Sunny Bains
parent cc913429
2013-03-12 The InnoDB Team
* include/page0zip.ic, page/page0zip.c:
Fix Bug#16463505 PESSIMISTIC PAGE_ZIP_AVAILABLE()
MAY CAUSE INFINITE PAGE SPLIT
2013-02-27 The InnoDB Team 2013-02-27 The InnoDB Team
* page/page0zip.c: * page/page0zip.c:
......
...@@ -229,9 +229,7 @@ ibool ...@@ -229,9 +229,7 @@ ibool
page_zip_get_trailer_len( page_zip_get_trailer_len(
/*=====================*/ /*=====================*/
const page_zip_des_t* page_zip,/*!< in: compressed page */ const page_zip_des_t* page_zip,/*!< in: compressed page */
ibool is_clust,/*!< in: TRUE if clustered index */ ibool is_clust)/*!< in: TRUE if clustered index */
ulint* entry_size)/*!< out: size of the uncompressed
portion of a user record */
{ {
ulint uncompressed_size; ulint uncompressed_size;
...@@ -250,10 +248,6 @@ page_zip_get_trailer_len( ...@@ -250,10 +248,6 @@ page_zip_get_trailer_len(
ut_ad(!page_zip->n_blobs); ut_ad(!page_zip->n_blobs);
} }
if (entry_size) {
*entry_size = uncompressed_size;
}
return((page_dir_get_n_heap(page_zip->data) - 2) return((page_dir_get_n_heap(page_zip->data) - 2)
* uncompressed_size * uncompressed_size
+ page_zip->n_blobs * BTR_EXTERN_FIELD_REF_SIZE); + page_zip->n_blobs * BTR_EXTERN_FIELD_REF_SIZE);
...@@ -270,11 +264,9 @@ page_zip_max_ins_size( ...@@ -270,11 +264,9 @@ page_zip_max_ins_size(
const page_zip_des_t* page_zip,/*!< in: compressed page */ const page_zip_des_t* page_zip,/*!< in: compressed page */
ibool is_clust)/*!< in: TRUE if clustered index */ ibool is_clust)/*!< in: TRUE if clustered index */
{ {
ulint uncompressed_size;
ulint trailer_len; ulint trailer_len;
trailer_len = page_zip_get_trailer_len(page_zip, is_clust, trailer_len = page_zip_get_trailer_len(page_zip, is_clust);
&uncompressed_size);
/* When a record is created, a pointer may be added to /* When a record is created, a pointer may be added to
the dense directory. the dense directory.
...@@ -283,7 +275,7 @@ page_zip_max_ins_size( ...@@ -283,7 +275,7 @@ page_zip_max_ins_size(
Also the BLOB pointers will be allocated from there, but Also the BLOB pointers will be allocated from there, but
we may as well count them in the length of the record. */ we may as well count them in the length of the record. */
trailer_len += uncompressed_size; trailer_len += PAGE_ZIP_DIR_SLOT_SIZE;
return((lint) page_zip_get_size(page_zip) return((lint) page_zip_get_size(page_zip)
- trailer_len - page_zip->m_end - trailer_len - page_zip->m_end
...@@ -303,13 +295,11 @@ page_zip_available( ...@@ -303,13 +295,11 @@ page_zip_available(
ulint create) /*!< in: nonzero=add the record to ulint create) /*!< in: nonzero=add the record to
the heap */ the heap */
{ {
ulint uncompressed_size;
ulint trailer_len; ulint trailer_len;
ut_ad(length > REC_N_NEW_EXTRA_BYTES); ut_ad(length > REC_N_NEW_EXTRA_BYTES);
trailer_len = page_zip_get_trailer_len(page_zip, is_clust, trailer_len = page_zip_get_trailer_len(page_zip, is_clust);
&uncompressed_size);
/* Subtract the fixed extra bytes and add the maximum /* Subtract the fixed extra bytes and add the maximum
space needed for identifying the record (encoded heap_no). */ space needed for identifying the record (encoded heap_no). */
...@@ -323,7 +313,7 @@ page_zip_available( ...@@ -323,7 +313,7 @@ page_zip_available(
Also the BLOB pointers will be allocated from there, but Also the BLOB pointers will be allocated from there, but
we may as well count them in the length of the record. */ we may as well count them in the length of the record. */
trailer_len += uncompressed_size; trailer_len += PAGE_ZIP_DIR_SLOT_SIZE;
} }
return(UNIV_LIKELY(length return(UNIV_LIKELY(length
......
...@@ -2271,13 +2271,12 @@ page_zip_decompress_node_ptrs( ...@@ -2271,13 +2271,12 @@ page_zip_decompress_node_ptrs(
if (UNIV_UNLIKELY if (UNIV_UNLIKELY
(page_zip_get_trailer_len(page_zip, (page_zip_get_trailer_len(page_zip,
dict_index_is_clust(index), NULL) dict_index_is_clust(index))
+ page_zip->m_end >= page_zip_get_size(page_zip))) { + page_zip->m_end >= page_zip_get_size(page_zip))) {
page_zip_fail(("page_zip_decompress_node_ptrs:" page_zip_fail(("page_zip_decompress_node_ptrs:"
" %lu + %lu >= %lu, %lu\n", " %lu + %lu >= %lu, %lu\n",
(ulong) page_zip_get_trailer_len( (ulong) page_zip_get_trailer_len(
page_zip, dict_index_is_clust(index), page_zip, dict_index_is_clust(index)),
NULL),
(ulong) page_zip->m_end, (ulong) page_zip->m_end,
(ulong) page_zip_get_size(page_zip), (ulong) page_zip_get_size(page_zip),
(ulong) dict_index_is_clust(index))); (ulong) dict_index_is_clust(index)));
...@@ -2428,12 +2427,12 @@ page_zip_decompress_sec( ...@@ -2428,12 +2427,12 @@ page_zip_decompress_sec(
page_zip->m_nonempty = mod_log_ptr != d_stream->next_in; page_zip->m_nonempty = mod_log_ptr != d_stream->next_in;
} }
if (UNIV_UNLIKELY(page_zip_get_trailer_len(page_zip, FALSE, NULL) if (UNIV_UNLIKELY(page_zip_get_trailer_len(page_zip, FALSE)
+ page_zip->m_end >= page_zip_get_size(page_zip))) { + page_zip->m_end >= page_zip_get_size(page_zip))) {
page_zip_fail(("page_zip_decompress_sec: %lu + %lu >= %lu\n", page_zip_fail(("page_zip_decompress_sec: %lu + %lu >= %lu\n",
(ulong) page_zip_get_trailer_len( (ulong) page_zip_get_trailer_len(
page_zip, FALSE, NULL), page_zip, FALSE),
(ulong) page_zip->m_end, (ulong) page_zip->m_end,
(ulong) page_zip_get_size(page_zip))); (ulong) page_zip_get_size(page_zip)));
return(FALSE); return(FALSE);
...@@ -2759,12 +2758,12 @@ page_zip_decompress_clust( ...@@ -2759,12 +2758,12 @@ page_zip_decompress_clust(
page_zip->m_nonempty = mod_log_ptr != d_stream->next_in; page_zip->m_nonempty = mod_log_ptr != d_stream->next_in;
} }
if (UNIV_UNLIKELY(page_zip_get_trailer_len(page_zip, TRUE, NULL) if (UNIV_UNLIKELY(page_zip_get_trailer_len(page_zip, TRUE)
+ page_zip->m_end >= page_zip_get_size(page_zip))) { + page_zip->m_end >= page_zip_get_size(page_zip))) {
page_zip_fail(("page_zip_decompress_clust: %lu + %lu >= %lu\n", page_zip_fail(("page_zip_decompress_clust: %lu + %lu >= %lu\n",
(ulong) page_zip_get_trailer_len( (ulong) page_zip_get_trailer_len(
page_zip, TRUE, NULL), page_zip, TRUE),
(ulong) page_zip->m_end, (ulong) page_zip->m_end,
(ulong) page_zip_get_size(page_zip))); (ulong) page_zip_get_size(page_zip)));
return(FALSE); return(FALSE);
...@@ -4636,8 +4635,7 @@ page_zip_copy_recs( ...@@ -4636,8 +4635,7 @@ page_zip_copy_recs(
memcpy(page_zip, src_zip, sizeof *page_zip); memcpy(page_zip, src_zip, sizeof *page_zip);
page_zip->data = data; page_zip->data = data;
} }
ut_ad(page_zip_get_trailer_len(page_zip, ut_ad(page_zip_get_trailer_len(page_zip, dict_index_is_clust(index))
dict_index_is_clust(index), NULL)
+ page_zip->m_end < page_zip_get_size(page_zip)); + page_zip->m_end < page_zip_get_size(page_zip));
if (!page_is_leaf(src) if (!page_is_leaf(src)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment