Bug #20719 Reading dynamic records with write buffer could fail
Submitted: 27 Jun 2006 10:24 Modified: 18 Aug 2006 12:40
Reporter: Ingo Strüwing Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server: MyISAM storage engine Severity:S2 (Serious)
Version:4.0 and up OS:Any (all)
Assigned to: Ingo Strüwing CPU Architecture:Any

[27 Jun 2006 10:24] Ingo Strüwing 
Description:
Table corruption can happen if a write buffer is used on a table with dynamic records and the table is also read.

In _mi_read_dynamic_record() and _mi_read_rnd_dynamic_record() there is a construct like this:

      if (info->opt_flag & WRITE_CACHE_USED &&
          info->rec_cache.pos_in_file < block_info.next_filepos &&
          flush_io_cache(&info->rec_cache))

The above sequence flushes the cache if it is (1) completely beyond
the read range or (2) intersects it from lower positions.

It would not flush the cache if it intersects the read range to higher
positions. That is, it does not flush if the write cache starts 4 bytes
above block_info.next_filepos.

How to repeat:
Unknown. This is more a hypothetical problem. Detected by code reading. But it exists and should be fixed.

Suggested fix:
The correct test should be:

     if (info->opt_flag & WRITE_CACHE_USED &&
         info->rec_cache.pos_in_file < (block_info.next_filepos +
                                        sizeof(info->header)) &&
         flush_io_cache(&info->rec_cache))

Also, after reading the header of the dynamic record, before reading the rest of the part, the check must be repeated with the upper bound of the read.
[30 Jun 2006 20:05] Bugs System 
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/8571
[5 Jul 2006 14:46] Ingo Strüwing 
This was an experimental patch only.
[21 Jul 2006 10:22] Bugs System 
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/9408
[29 Jul 2006 19:59] Bugs System 
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/9771

ChangeSet@1.2524, 2006-07-29 21:58:50+02:00, ingo@chilla.local +1 -0
  Bug#20719 - Reading dynamic records with write buffer could fail
  After merge fix
[30 Jul 2006 4:19] Bugs System 
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/9784

ChangeSet@1.2210, 2006-07-30 06:19:30+02:00, ingo@chilla.local +1 -0
  Bug#20719 - Reading dynamic records with write buffer could fail
  After merge fix
[30 Jul 2006 13:42] Ingo Strüwing 
Pushed to 5.1-engines and 5.0-engines (currently 5.1.12, 5.0.25).
[11 Aug 2006 8:53] Tomash Brechko 
Pushed to 5.0.25 and 5.1.12.
[18 Aug 2006 12:40] Jon Stephens 
This doesn't appear to have any impact for end users that requires changes in the Manual, so I'm closing.
[27 Sep 2006 9:55] Bugs System 
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/12594

ChangeSet@1.2551, 2006-09-27 11:55:30+02:00, istruewing@chilla.local +1 -0
  Bug#20719 - Reading dynamic records with write buffer could fail
  After merge fix.
[29 Sep 2006 18:24] Ingo Strüwing 
Also pushed to 4.1.22 and 4.0.28.