Skip to content

Commit

Permalink
Bug #20535517 INCORRECT HANDLING OF UNSIGNED NOT NULL INTEGERS IN
Browse files Browse the repository at this point in the history 
              INNODB_MEMCACHED

PROBLEM

1)Column attribute can be both IB_COL_UNSIGNED and IB_COL_NOT_NULL,
  but in the code many times we are checking unsigned attribute in
  column meta data using "==" operator which will lead to wrong results.

2) When setting up the field value for unsigned integer we are calling
   innodb_api_write_uint64() without checking the column length which
   causes assert in innodb_api_write_uint64() if length is less than 8.

FIX

1) Check if the unsigned attribute in a column is set by using
   binary & operator.

2) Check column length before calling innodb_api_write_uint64()
   for unsigned integer

[ rb#9043 and rb#9054 Approved by Jimmy ]
  • Loading branch information
Aditya A committed May 31, 2015
1 parent ed7ebee commit 6ff8d5d
Showing 1 changed file with 12 additions and 11 deletions.
23 changes: 12 additions & 11 deletions plugin/innodb_memcached/innodb_memcache/src/innodb_api.c
View file
Original file line number Original file line Diff line number Diff line change
Expand Up @@ -295,7 +295,7 @@ innodb_api_read_uint64(
uint64_t value64; uint64_t value64;


assert (m_col->type == IB_INT && m_col->type_len == sizeof(uint64_t) assert (m_col->type == IB_INT && m_col->type_len == sizeof(uint64_t)
&& m_col->attr == IB_COL_UNSIGNED); && m_col->attr & IB_COL_UNSIGNED);


ib_cb_tuple_read_u64(read_tpl, i, &value64); ib_cb_tuple_read_u64(read_tpl, i, &value64);


Expand All @@ -322,7 +322,7 @@ innodb_api_read_int(
|| m_col->type_len == sizeof(uint16_t) || m_col->type_len == sizeof(uint16_t)
|| m_col->type_len == sizeof(uint8_t)); || m_col->type_len == sizeof(uint8_t));


if (m_col->attr == IB_COL_UNSIGNED) { if (m_col->attr & IB_COL_UNSIGNED) {
if (m_col->type_len == sizeof(uint64_t)) { if (m_col->type_len == sizeof(uint64_t)) {
/* We handle uint64 in innodb_api_read_uint64 */ /* We handle uint64 in innodb_api_read_uint64 */
assert(0); assert(0);
Expand Down Expand Up @@ -390,7 +390,7 @@ innodb_api_write_int(
assert(m_col->type_len == 8 || m_col->type_len == 4 assert(m_col->type_len == 8 || m_col->type_len == 4
|| m_col->type_len == 2 || m_col->type_len == 1); || m_col->type_len == 2 || m_col->type_len == 1);


if (m_col->attr == IB_COL_UNSIGNED) { if (m_col->attr & IB_COL_UNSIGNED) {
if (m_col->type_len == 8) { if (m_col->type_len == 8) {
src = &value; src = &value;


Expand Down Expand Up @@ -486,7 +486,7 @@ innodb_api_write_uint64(
ib_cb_col_get_meta(tpl, field, m_col); ib_cb_col_get_meta(tpl, field, m_col);


assert(m_col->type == IB_INT && m_col->type_len == 8 assert(m_col->type == IB_INT && m_col->type_len == 8
&& m_col->attr == IB_COL_UNSIGNED); && m_col->attr & IB_COL_UNSIGNED);


src = &value; src = &value;


Expand Down Expand Up @@ -536,7 +536,8 @@ innodb_api_setup_field_value(
memcpy(val_buf, value, val_len); memcpy(val_buf, value, val_len);
val_buf[val_len] = 0; val_buf[val_len] = 0;


if (col_info->col_meta.attr == IB_COL_UNSIGNED) { if (col_info->col_meta.attr & IB_COL_UNSIGNED
&& col_info->col_meta.type_len == 8) {
uint64_t int_value = 0; uint64_t int_value = 0;


int_value = strtoull(val_buf, &end_ptr, 10); int_value = strtoull(val_buf, &end_ptr, 10);
Expand Down Expand Up @@ -604,7 +605,7 @@ innodb_api_fill_mci(
mci_item->is_str = true; mci_item->is_str = true;
} else { } else {
if (col_meta.type == IB_INT) { if (col_meta.type == IB_INT) {
if (col_meta.attr == IB_COL_UNSIGNED if (col_meta.attr & IB_COL_UNSIGNED
&& data_len == 8) { && data_len == 8) {
mci_item->value_int = mci_item->value_int =
innodb_api_read_uint64(&col_meta, innodb_api_read_uint64(&col_meta,
Expand All @@ -620,7 +621,7 @@ innodb_api_fill_mci(
mci_item->value_str = NULL; mci_item->value_str = NULL;
mci_item->value_len = sizeof(mci_item->value_int); mci_item->value_len = sizeof(mci_item->value_int);
mci_item->is_str = false; mci_item->is_str = false;
mci_item->is_unsigned = (col_meta.attr == IB_COL_UNSIGNED); mci_item->is_unsigned = (col_meta.attr & IB_COL_UNSIGNED);
} else { } else {


mci_item->value_str = (char*)ib_cb_col_get_value( mci_item->value_str = (char*)ib_cb_col_get_value(
Expand Down Expand Up @@ -662,7 +663,7 @@ innodb_api_copy_mci(
mci_item->value_str = malloc(50); mci_item->value_str = malloc(50);
memset(mci_item->value_str, 0, 50); memset(mci_item->value_str, 0, 50);


if (col_meta.attr == IB_COL_UNSIGNED) { if (col_meta.attr & IB_COL_UNSIGNED) {
uint64_t int_val = 0; uint64_t int_val = 0;


int_val = innodb_api_read_uint64(&col_meta, int_val = innodb_api_read_uint64(&col_meta,
Expand Down Expand Up @@ -927,7 +928,7 @@ innodb_api_search(
if (data_len == IB_SQL_NULL) { if (data_len == IB_SQL_NULL) {
col_value->is_null = true; col_value->is_null = true;
} else { } else {
if (col_meta->attr == IB_COL_UNSIGNED if (col_meta->attr & IB_COL_UNSIGNED
&& data_len == 8) { && data_len == 8) {
col_value->value_int = col_value->value_int =
innodb_api_read_uint64(col_meta, innodb_api_read_uint64(col_meta,
Expand All @@ -953,7 +954,7 @@ innodb_api_search(
if (data_len == IB_SQL_NULL) { if (data_len == IB_SQL_NULL) {
col_value->is_null = true; col_value->is_null = true;
} else { } else {
if (col_meta->attr == IB_COL_UNSIGNED if (col_meta->attr & IB_COL_UNSIGNED
&& data_len == 8) { && data_len == 8) {
col_value->value_int = col_value->value_int =
innodb_api_read_uint64(col_meta, innodb_api_read_uint64(col_meta,
Expand Down Expand Up @@ -982,7 +983,7 @@ innodb_api_search(
if (data_len == IB_SQL_NULL) { if (data_len == IB_SQL_NULL) {
col_value->is_null = true; col_value->is_null = true;
} else { } else {
if (col_meta->attr == IB_COL_UNSIGNED if (col_meta->attr & IB_COL_UNSIGNED
&& data_len == 8) { && data_len == 8) {
col_value->value_int = col_value->value_int =
innodb_api_read_uint64(col_meta, innodb_api_read_uint64(col_meta,
Expand Down

0 comments on commit 6ff8d5d

Please sign in to comment.