| Bug #61017 | compare_tables in mysql cluster 7.2 accesses past end of table->field array | ||
|---|---|---|---|
| Submitted: | 30 Apr 2011 17:29 | Modified: | 14 Mar 2014 19:45 |
| Reporter: | Zardosht Kasheff (OCA) | Email Updates: | |
| Status: | Can't repeat | Impact on me: | |
| Category: | MySQL Cluster: Cluster (NDB) storage engine | Severity: | S3 (Non-critical) |
| Version: | 7.1.10 | OS: | Any |
| Assigned to: | CPU Architecture: | Any | |
[2 May 2011 19:40]
Zardosht Kasheff
The title is wrong. It should be "mysql cluster 7.1", not 7.2
[14 Mar 2014 19:45]
Sveta Smirnova
"Can't repeat": this code in version 7.2 contains additional check if the index is not out of the range.
Description: I have not tried verifying this bug by running code, it comes via code inspection. in the function compare_tables, in file sql_table.cc, there is the following code at line 6065: if ((field= table->field[key_part->fieldnr])) field->flags|= FIELD_IN_ADD_INDEX; key_part->fieldnr references the field index of a column in the new table resulting after the alter. The new table (or altered_table) may have more columns. As a result, this can point to bad memory. This may cause a crash. Something similar MAY happen at line 6101, but I am not sure How to repeat: Take the following example: create table foo (a int, b int, key(b)); alter table foo add column c int first, add column d int first, add column e int first; Set a break point at that line 6065. You will see the field object that will be used is garbage. Suggested fix: n/a