Commit deac81af authored by unknown's avatar unknown

Fixed possible access to unintialized memory in filesort when using many buffers


include/my_sys.h:
  Added function to call if IO_CACHE is moved
mysys/mf_iocache.c:
  Added function to call if IO_CACHE is moved
sql/filesort.cc:
  Tell that io_cache is moved
parent d3ad1a91
...@@ -671,6 +671,7 @@ extern int init_io_cache(IO_CACHE *info,File file,uint cachesize, ...@@ -671,6 +671,7 @@ extern int init_io_cache(IO_CACHE *info,File file,uint cachesize,
extern my_bool reinit_io_cache(IO_CACHE *info,enum cache_type type, extern my_bool reinit_io_cache(IO_CACHE *info,enum cache_type type,
my_off_t seek_offset,pbool use_async_io, my_off_t seek_offset,pbool use_async_io,
pbool clear_cache); pbool clear_cache);
extern void setup_io_cache(IO_CACHE* info);
extern int _my_b_read(IO_CACHE *info,byte *Buffer,uint Count); extern int _my_b_read(IO_CACHE *info,byte *Buffer,uint Count);
#ifdef THREAD #ifdef THREAD
extern int _my_b_read_r(IO_CACHE *info,byte *Buffer,uint Count); extern int _my_b_read_r(IO_CACHE *info,byte *Buffer,uint Count);
......
...@@ -71,9 +71,40 @@ static void my_aiowait(my_aio_result *result); ...@@ -71,9 +71,40 @@ static void my_aiowait(my_aio_result *result);
#define IO_ROUND_UP(X) (((X)+IO_SIZE-1) & ~(IO_SIZE-1)) #define IO_ROUND_UP(X) (((X)+IO_SIZE-1) & ~(IO_SIZE-1))
#define IO_ROUND_DN(X) ( (X) & ~(IO_SIZE-1)) #define IO_ROUND_DN(X) ( (X) & ~(IO_SIZE-1))
/*
Setup internal pointers inside IO_CACHE
SYNOPSIS
setup_io_cache()
info IO_CACHE handler
NOTES
This is called on automaticly on init or reinit of IO_CACHE
It must be called externally if one moves or copies an IO_CACHE
object.
*/
void setup_io_cache(IO_CACHE* info)
{
/* Ensure that my_b_tell() and my_b_bytes_in_cache works */
if (info->type == WRITE_CACHE)
{
info->current_pos= &info->write_pos;
info->current_end= &info->write_end;
}
else
{
info->current_pos= &info->read_pos;
info->current_end= &info->read_end;
}
}
static void static void
init_functions(IO_CACHE* info, enum cache_type type) init_functions(IO_CACHE* info)
{ {
enum cache_type type= info->type;
switch (type) { switch (type) {
case READ_NET: case READ_NET:
/* /*
...@@ -97,17 +128,7 @@ init_functions(IO_CACHE* info, enum cache_type type) ...@@ -97,17 +128,7 @@ init_functions(IO_CACHE* info, enum cache_type type)
info->write_function = _my_b_write; info->write_function = _my_b_write;
} }
/* Ensure that my_b_tell() and my_b_bytes_in_cache works */ setup_io_cache(info);
if (type == WRITE_CACHE)
{
info->current_pos= &info->write_pos;
info->current_end= &info->write_end;
}
else
{
info->current_pos= &info->read_pos;
info->current_end= &info->read_end;
}
} }
/* /*
...@@ -211,7 +232,7 @@ int init_io_cache(IO_CACHE *info, File file, uint cachesize, ...@@ -211,7 +232,7 @@ int init_io_cache(IO_CACHE *info, File file, uint cachesize,
/* End_of_file may be changed by user later */ /* End_of_file may be changed by user later */
info->end_of_file= end_of_file; info->end_of_file= end_of_file;
info->error=0; info->error=0;
init_functions(info,type); init_functions(info);
#ifdef HAVE_AIOWAIT #ifdef HAVE_AIOWAIT
if (use_async_io && ! my_disable_async_io) if (use_async_io && ! my_disable_async_io)
{ {
...@@ -333,7 +354,7 @@ my_bool reinit_io_cache(IO_CACHE *info, enum cache_type type, ...@@ -333,7 +354,7 @@ my_bool reinit_io_cache(IO_CACHE *info, enum cache_type type,
} }
info->type=type; info->type=type;
info->error=0; info->error=0;
init_functions(info,type); init_functions(info);
#ifdef HAVE_AIOWAIT #ifdef HAVE_AIOWAIT
if (use_async_io && ! my_disable_async_io && if (use_async_io && ! my_disable_async_io &&
......
...@@ -680,6 +680,8 @@ int merge_many_buff(SORTPARAM *param, uchar *sort_buffer, ...@@ -680,6 +680,8 @@ int merge_many_buff(SORTPARAM *param, uchar *sort_buffer,
if (flush_io_cache(to_file)) if (flush_io_cache(to_file))
break; /* purecov: inspected */ break; /* purecov: inspected */
temp=from_file; from_file=to_file; to_file=temp; temp=from_file; from_file=to_file; to_file=temp;
setup_io_cache(from_file);
setup_io_cache(to_file);
*maxbuffer= (uint) (lastbuff-buffpek)-1; *maxbuffer= (uint) (lastbuff-buffpek)-1;
} }
close_cached_file(to_file); // This holds old result close_cached_file(to_file); // This holds old result
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment