Commit a3eb2b3f authored by Michael Widenius's avatar Michael Widenius

Fix for lp:909635: MariaDB crashes on a select with long varchar and blob fields

Problem was a crash in internal temporary (Maria) files when row length exceeded 65535

mysql-test/suite/maria/r/maria3.result:
  Added test case
mysql-test/suite/maria/t/maria3.test:
  Added test case
storage/maria/ma_open.c:
  Added support for row length > 65535.
  This fixes crash when using tables with longer row lengths.
parent 5d269e46
......@@ -617,3 +617,27 @@ ERROR 23000: Duplicate entry '2' for key 'a'
insert into t1 values(3);
insert into t2 values(3);
drop table t1, t2;
CREATE TABLE t1 (
a INT PRIMARY KEY,
b CHAR(255),
c VARCHAR(2048),
d VARCHAR(18990),
e CHAR(128),
f CHAR(192)
) ENGINE=MyISAM DEFAULT CHARSET=utf8;
INSERT INTO t1 VALUES
(1,'A','B','C','','D'),
(2,'Abcdefghi','E','F','','G');
CREATE TABLE t2 (
g INT PRIMARY KEY,
h CHAR(32),
i CHAR(255),
j TEXT
) ENGINE=MyISAM DEFAULT CHARSET=utf8;
INSERT INTO t2 VALUES (1,'M','','H'),
(2,'N','','H');
SELECT * FROM t1, t2 WHERE a = g ORDER BY b;
a b c d e f g h i j
1 A B C D 1 M H
2 Abcdefghi E F G 2 N H
drop table t1,t2;
......@@ -524,6 +524,37 @@ insert into t2 values(3);
connection default;
drop table t1, t2;
#
# BUG#909635 - MariaDB crashes on a select with long varchar and blob fields
#
CREATE TABLE t1 (
a INT PRIMARY KEY,
b CHAR(255),
c VARCHAR(2048),
d VARCHAR(18990),
e CHAR(128),
f CHAR(192)
) ENGINE=MyISAM DEFAULT CHARSET=utf8;
INSERT INTO t1 VALUES
(1,'A','B','C','','D'),
(2,'Abcdefghi','E','F','','G');
CREATE TABLE t2 (
g INT PRIMARY KEY,
h CHAR(32),
i CHAR(255),
j TEXT
) ENGINE=MyISAM DEFAULT CHARSET=utf8;
INSERT INTO t2 VALUES (1,'M','','H'),
(2,'N','','H');
SELECT * FROM t1, t2 WHERE a = g ORDER BY b;
drop table t1,t2;
# End of 5.1 tests
--disable_result_log
......
......@@ -1669,9 +1669,11 @@ my_bool _ma_columndef_write(File file, MARIA_COLUMNDEF *columndef)
{
uchar buff[MARIA_COLUMNDEF_SIZE];
uchar *ptr=buff;
uint low_offset= (uint) (columndef->offset & 0xffff);
uint high_offset= (uint) (columndef->offset >> 16);
mi_int2store(ptr,(ulong) columndef->column_nr); ptr+= 2;
mi_int2store(ptr,(ulong) columndef->offset); ptr+= 2;
mi_int2store(ptr, low_offset); ptr+= 2;
mi_int2store(ptr,columndef->type); ptr+= 2;
mi_int2store(ptr,columndef->length); ptr+= 2;
mi_int2store(ptr,columndef->fill_length); ptr+= 2;
......@@ -1680,12 +1682,14 @@ my_bool _ma_columndef_write(File file, MARIA_COLUMNDEF *columndef)
(*ptr++)= columndef->null_bit;
(*ptr++)= columndef->empty_bit;
ptr[0]= ptr[1]= ptr[2]= ptr[3]= 0; ptr+= 4; /* For future */
mi_int2store(ptr, high_offset); ptr+= 2;
ptr[0]= ptr[1]= 0; ptr+= 2; /* For future */
return my_write(file, buff, (size_t) (ptr-buff), MYF(MY_NABP)) != 0;
}
uchar *_ma_columndef_read(uchar *ptr, MARIA_COLUMNDEF *columndef)
{
uint high_offset;
columndef->column_nr= mi_uint2korr(ptr); ptr+= 2;
columndef->offset= mi_uint2korr(ptr); ptr+= 2;
columndef->type= mi_sint2korr(ptr); ptr+= 2;
......@@ -1695,7 +1699,9 @@ uchar *_ma_columndef_read(uchar *ptr, MARIA_COLUMNDEF *columndef)
columndef->empty_pos= mi_uint2korr(ptr); ptr+= 2;
columndef->null_bit= (uint8) *ptr++;
columndef->empty_bit= (uint8) *ptr++;
ptr+= 4;
high_offset= mi_uint2korr(ptr); ptr+= 2;
columndef->offset|= ((ulong) high_offset << 16);
ptr+= 2;
return ptr;
}
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment