Bug #60904 plugin of full text index has a string address error
Submitted: 18 Apr 2011 8:10 Modified: 17 Jul 2011 12:31
Reporter: fan zhenyong Email Updates:
Status: Verified Impact on me:
None 
Category:MySQL Server: FULLTEXT search Severity:S1 (Critical)
Version:5.1.49, 5.1.59 OS:Any
Assigned to: CPU Architecture:Any
Tags: plugin phrase match
Triage: Needs Triage: D2 (Serious)

[18 Apr 2011 8:10] fan zhenyong
Description:
storage\myisam\ft_boolean_search.c  line 214 - 230
      memcpy(ftbw->word + 1, word, word_len);
      ... ...
      phrase_word= (FT_WORD *)alloc_root(&ftb_param->ftb->mem_root, sizeof(FT_WORD));
      tmp_element= (LIST *)alloc_root(&ftb_param->ftb->mem_root, sizeof(LIST));
      phrase_word->pos= (uchar*) word;

the word is temp param,if it 's memory is freed,mysql maybe down

How to repeat:
delvelop a fti plugin ,call mysql_add_word and free memory of the param "word" 

Suggested fix:
fix storage\myisam\ft_boolean_search.c  230
  phrase_word->pos= (uchar*) ftbw->word + 1;
[17 Jul 2011 12:31] Valeriy Kravchuk
Thank you for the bug report and suggested fix. Verified by code review of current mysql-5.1 from bzr.