Bug #170 Memory overflow in storing a row with BLOB and many NULL columns
Submitted: 20 Mar 2003 11:10 Modified: 20 Mar 2003 11:11
Reporter: SINISA MILIVOJEVIC Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server: MyISAM storage engine Severity:S2 (Serious)
Version:3.23 and 4.0 OS:Any (ALL)
Assigned to: CPU Architecture:Any

[20 Mar 2003 11:10] SINISA MILIVOJEVIC 
Description:
This bug causes crashes or MyISAM table corruption, depending on setup, OS etc.

This bug occurs with  `MYISAM' tables, when a row is inserted into a table with a
large number of NULL columns. Bug was caused by wrong calculation of the record length, as a space required for storage of NULL bits was not added to the total record length.

How to repeat:
Entire test (rather large) was commited to myisam.test in the MySQL test suite.

Actually, no new test is added, only current test, added with a ChangeSet  1.676.238.3 was appended with a blob column.

Suggested fix:
===== myisam/mi_dynrec.c 1.23 vs edited =====
*** /tmp/mi_dynrec.c-1.23-14575 Thu Nov  7 03:53:06 2002
--- edited/myisam/mi_dynrec.c   Thu Mar 20 18:38:45 2003
***************
*** 62,68 ****
  
    extra= (ALIGN_SIZE(MI_MAX_DYN_BLOCK_HEADER)+MI_SPLIT_LENGTH+
          MI_DYN_DELETE_BLOCK_HEADER+1);
!   reclength= (info->s->base.pack_reclength+
              _my_calc_total_blob_length(info,record)+ extra);
  #ifdef NOT_USED                                       /* We now support big rows */
    if (reclength > MI_DYN_MAX_ROW_LENGTH)
--- 62,68 ----
  
    extra= (ALIGN_SIZE(MI_MAX_DYN_BLOCK_HEADER)+MI_SPLIT_LENGTH+
          MI_DYN_DELETE_BLOCK_HEADER+1);
!   reclength= (info->s->base.pack_reclength+ info->s->base.pack_bits+
              _my_calc_total_blob_length(info,record)+ extra);
  #ifdef NOT_USED                                       /* We now support big rows */
    if (reclength > MI_DYN_MAX_ROW_LENGTH)
[20 Mar 2003 11:11] MySQL Verification Team 
fix commited.