Permalink
Browse files

Bug #20535517 INCORRECT HANDLING OF UNSIGNED NOT NULL INTEGERS IN

              INNODB_MEMCACHED

PROBLEM

1)Column attribute can be both IB_COL_UNSIGNED and IB_COL_NOT_NULL,
  but in the code many times we are checking unsigned attribute in
  column meta data using "==" operator which will lead to wrong results.

2) When setting up the field value for unsigned integer we are calling
   innodb_api_write_uint64() without checking the column length which
   causes assert in innodb_api_write_uint64() if length is less than 8.

FIX

1) Check if the unsigned attribute in a column is set by using
   binary & operator.

2) Check column length before calling innodb_api_write_uint64()
   for unsigned integer

[ rb#9043 and rb#9054 Approved by Jimmy ]
  • Loading branch information...
Aditya A
Aditya A committed May 31, 2015
1 parent ed7ebee commit 6ff8d5d2940b9c9079e07641b2beb12e8dd84b38
Showing with 12 additions and 11 deletions.
  1. +12 −11 plugin/innodb_memcached/innodb_memcache/src/innodb_api.c
@@ -295,7 +295,7 @@ innodb_api_read_uint64(
uint64_t value64;
assert (m_col->type == IB_INT && m_col->type_len == sizeof(uint64_t)
&& m_col->attr == IB_COL_UNSIGNED);
&& m_col->attr & IB_COL_UNSIGNED);
ib_cb_tuple_read_u64(read_tpl, i, &value64);
@@ -322,7 +322,7 @@ innodb_api_read_int(
|| m_col->type_len == sizeof(uint16_t)
|| m_col->type_len == sizeof(uint8_t));
if (m_col->attr == IB_COL_UNSIGNED) {
if (m_col->attr & IB_COL_UNSIGNED) {
if (m_col->type_len == sizeof(uint64_t)) {
/* We handle uint64 in innodb_api_read_uint64 */
assert(0);
@@ -390,7 +390,7 @@ innodb_api_write_int(
assert(m_col->type_len == 8 || m_col->type_len == 4
|| m_col->type_len == 2 || m_col->type_len == 1);
if (m_col->attr == IB_COL_UNSIGNED) {
if (m_col->attr & IB_COL_UNSIGNED) {
if (m_col->type_len == 8) {
src = &value;
@@ -486,7 +486,7 @@ innodb_api_write_uint64(
ib_cb_col_get_meta(tpl, field, m_col);
assert(m_col->type == IB_INT && m_col->type_len == 8
&& m_col->attr == IB_COL_UNSIGNED);
&& m_col->attr & IB_COL_UNSIGNED);
src = &value;
@@ -536,7 +536,8 @@ innodb_api_setup_field_value(
memcpy(val_buf, value, val_len);
val_buf[val_len] = 0;
if (col_info->col_meta.attr == IB_COL_UNSIGNED) {
if (col_info->col_meta.attr & IB_COL_UNSIGNED
&& col_info->col_meta.type_len == 8) {
uint64_t int_value = 0;
int_value = strtoull(val_buf, &end_ptr, 10);
@@ -604,7 +605,7 @@ innodb_api_fill_mci(
mci_item->is_str = true;
} else {
if (col_meta.type == IB_INT) {
if (col_meta.attr == IB_COL_UNSIGNED
if (col_meta.attr & IB_COL_UNSIGNED
&& data_len == 8) {
mci_item->value_int =
innodb_api_read_uint64(&col_meta,
@@ -620,7 +621,7 @@ innodb_api_fill_mci(
mci_item->value_str = NULL;
mci_item->value_len = sizeof(mci_item->value_int);
mci_item->is_str = false;
mci_item->is_unsigned = (col_meta.attr == IB_COL_UNSIGNED);
mci_item->is_unsigned = (col_meta.attr & IB_COL_UNSIGNED);
} else {
mci_item->value_str = (char*)ib_cb_col_get_value(
@@ -662,7 +663,7 @@ innodb_api_copy_mci(
mci_item->value_str = malloc(50);
memset(mci_item->value_str, 0, 50);
if (col_meta.attr == IB_COL_UNSIGNED) {
if (col_meta.attr & IB_COL_UNSIGNED) {
uint64_t int_val = 0;
int_val = innodb_api_read_uint64(&col_meta,
@@ -927,7 +928,7 @@ innodb_api_search(
if (data_len == IB_SQL_NULL) {
col_value->is_null = true;
} else {
if (col_meta->attr == IB_COL_UNSIGNED
if (col_meta->attr & IB_COL_UNSIGNED
&& data_len == 8) {
col_value->value_int =
innodb_api_read_uint64(col_meta,
@@ -953,7 +954,7 @@ innodb_api_search(
if (data_len == IB_SQL_NULL) {
col_value->is_null = true;
} else {
if (col_meta->attr == IB_COL_UNSIGNED
if (col_meta->attr & IB_COL_UNSIGNED
&& data_len == 8) {
col_value->value_int =
innodb_api_read_uint64(col_meta,
@@ -982,7 +983,7 @@ innodb_api_search(
if (data_len == IB_SQL_NULL) {
col_value->is_null = true;
} else {
if (col_meta->attr == IB_COL_UNSIGNED
if (col_meta->attr & IB_COL_UNSIGNED
&& data_len == 8) {
col_value->value_int =
innodb_api_read_uint64(col_meta,

0 comments on commit 6ff8d5d

Please sign in to comment.