Skip to content
Permalink
Browse files
MDEV-14929 - AddressSanitizer: memcpy-param-overlap in Field_longstr:… 
…:compress

Handle overlaping "from" and Field_blob_compressed::value for compressed
blobs similarily to regular blobs.
  • Loading branch information
Sergey Vojtovich committed Apr 2, 2018
1 parent 69efa13 commit 443b9a4
Show file tree
Hide file tree
Showing 3 changed files with 35 additions and 5 deletions.
13 mysql-test/main/column_compression.result
View file
@@ -1360,3 +1360,16 @@ SELECT a, LENGTH(a) FROM t1;
a LENGTH(a)
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa 255
DROP TABLE t1;
#
# MDEV-14929 - AddressSanitizer: memcpy-param-overlap in
# Field_longstr::compress
#
CREATE TABLE t1(b BLOB COMPRESSED);
INSERT INTO t1 VALUES('foo'),('bar');
SET SESSION optimizer_switch = 'derived_merge=off';
SELECT * FROM ( SELECT * FROM t1 ) AS sq ORDER BY b;
b
bar
foo
SET SESSION optimizer_switch=DEFAULT;
DROP TABLE t1;
12 mysql-test/main/column_compression.test
View file
@@ -79,3 +79,15 @@ INSERT INTO t1 VALUES(REPEAT('a', 255));
SET column_compression_threshold=DEFAULT;
SELECT a, LENGTH(a) FROM t1;
DROP TABLE t1;


--echo #
--echo # MDEV-14929 - AddressSanitizer: memcpy-param-overlap in
--echo # Field_longstr::compress
--echo #
CREATE TABLE t1(b BLOB COMPRESSED);
INSERT INTO t1 VALUES('foo'),('bar');
SET SESSION optimizer_switch = 'derived_merge=off';
SELECT * FROM ( SELECT * FROM t1 ) AS sq ORDER BY b;
SET SESSION optimizer_switch=DEFAULT;
DROP TABLE t1;
15 sql/field.cc
View file
@@ -8699,17 +8699,22 @@ int Field_blob_compressed::store(const char *from, size_t length,
{
ASSERT_COLUMN_MARKED_FOR_WRITE_OR_COMPUTED;
uint to_length= (uint)MY_MIN(max_data_length(), field_charset->mbmaxlen * length + 1);
String tmp(from, length, cs);
int rc;

if (from >= value.ptr() && from <= value.end() && tmp.copy(from, length, cs))
goto oom;

if (value.alloc(to_length))
{
set_ptr((uint32) 0, NULL);
return -1;
}
goto oom;

rc= compress((char*) value.ptr(), &to_length, from, (uint)length, cs);
rc= compress((char*) value.ptr(), &to_length, tmp.ptr(), (uint) length, cs);
set_ptr(to_length, (uchar*) value.ptr());
return rc;

oom:
set_ptr((uint32) 0, NULL);
return -1;
}


0 comments on commit 443b9a4

Please sign in to comment.