MySQL Bugs: #51: A bug in reading BLOB form comressed MyISAM record

Bug #51	A bug in reading BLOB form comressed MyISAM record
Submitted:	30 Jan 2003 20:42	Modified:	30 Jan 2003 20:45
Reporter:	SINISA MILIVOJEVIC	Email Updates:
Status:	Closed	Impact on me:	None
Category:	MySQL Server: MyISAM storage engine	Severity:	S3 (Non-critical)
Version:	ALL	OS:	Any (ALL)
Assigned to:	Sergei Golubchik	CPU Architecture:	Any

Description:
A bug would pop-up if compressed MyISAM record containing one or more BLOB's
would be read.

How to repeat:

| contig_data | CREATE TABLE `contig_data` (
  `id` int(11) NOT NULL default '0',
  `contig_data_id` int(11) NOT NULL default '0',
  `contig_data_code` varchar(100) NOT NULL default '',
  `code` varchar(100) NOT NULL default '',
  `descr` varchar(255) default NULL,
  `dat` longtext,
  `created` varchar(100) NOT NULL default '',
  PRIMARY KEY  (`id`),
  KEY `contig_data_id` (`contig_data_id`),
  KEY `contig_data_code` (`contig_data_code`),
  KEY `code` (`code`),
  KEY `descr` (`descr`)
) TYPE=MyISAM |

Fill up with data and run , e.g.:

select * from contig_data order by id;

Suggested fix:
This is a stack trace:
#0  0x40154c75 in memcpy () at memcpy:-1
#1  0x08250534 in _mi_pack_get_block_info (myisam=0x839e018, info=0xbff1ee43, 
    file=177, filepos=160247205498716160, 
    rec_buff=0x7 <Address 0x7 out of bounds>) at mi_packrec.c:1070
#2  0x0825024f in _mi_read_rnd_pack_record (info=0x839e018, 
    buf=0x7 <Address 0x7 out of bounds>, filepos=13831097305161269425, 
    skip_deleted_blocks=0 '\0') at mi_packrec.c:969
#3  0x0824d38f in mi_rrnd (info=0x839e018, 
    buf=0x7 <Address 0x7 out of bounds>, filepos=13831097305161269425)
    at mi_rrnd.c:56
#4  0x08154ed8 in ha_myisam::rnd_pos(char*, char*) (this=0x839d5c0, buf=0x0, 
    pos=0x7 <Address 0x7 out of bounds>) at ha_myisam.cc:879
#5  0x0814e36a in rr_from_pointers (info=0x83a3c14) at records.cc:211
#6  0x08121eb9 in join_init_read_record (tab=0x83a3bf0) at sql_select.cc:4940
#7  0x08121208 in sub_select (join=0xbff1f0dc, join_tab=0x83a3bf0, 
    end_of_records=60) at sql_select.cc:4528
#8  0x08120f91 in do_select (join=0xbff1f0dc, fields=0x83a3bf0, table=0x0, 
    procedure=0x7) at sql_select.cc:4443
#9  0x08118cae in mysql_select(THD*, st_table_list*, List<Item>&, Item*, st_order*, st_order*, Item*, st_order*, unsigned long, select_result*) (
    thd=0x8394e50, tables=0x83a3790, fields=@0x8394ffc, conds=0x0, 
    order=0x83a3828, group=0x0, having=0x0, proc_param=0x7, 
    select_options=17339392, result=0x83a3848) at sql_select.cc:957
---Type <return> to continue, or q <return> to quit---
#10 0x08116634 in handle_select(THD*, st_lex*, select_result*) (thd=0x8394e50, 
    lex=0x0, result=0x83a3848) at sql_select.cc:183
#11 0x080fae0b in mysql_execute_command() () at sql_parse.cc:1950
#12 0x080fd47c in mysql_parse(THD*, char*, unsigned) (thd=0x8394e50, 
    inBuf=0x8394f80 "\001", length=37) at sql_parse.cc:2821
#13 0x080f82ab in dispatch_command(enum_server_command, THD*, char*, unsigned)
    (command=COM_QUERY, thd=0x8394e50, packet=0x8397ff1 "", packet_length=37)
    at sql_parse.cc:1037
#14 0x080f7c57 in do_command(THD*) (thd=0x8394e50) at sql_parse.cc:912
#15 0x080f720c in handle_one_connection (arg=0x7) at sql_parse.cc:702
#16 0x4003f2c2 in pthread_start_thread (arg=0xbff1fbe0) at manager.c:291
#17 0x4003f349 in pthread_start_thread_event (arg=0xbff1fbe0) at manager.c:315
(gdb) 

A fix was to remove rec_buff parameter from _mi_pack_get_block_info function.

A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/internals/33284