From 0dac084850050ea3091132fa4542c1170a8bd7cb Mon Sep 17 00:00:00 2001 From: Hope Lee Date: Fri, 26 Apr 2024 18:02:30 +0800 Subject: [PATCH] Bugfix Arithmetic overflow when calculating the length of used fields involving blob --- sql/sql_select.cc | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/sql/sql_select.cc b/sql/sql_select.cc index b5299fb013e..90f8f18d92a 100644 --- a/sql/sql_select.cc +++ b/sql/sql_select.cc @@ -2007,8 +2007,13 @@ void calc_used_field_length(TABLE *table, bool needs_rowid, rec_length += (table->s->null_fields + 7) / 8; if (table->is_nullable()) rec_length += sizeof(bool); if (blobs) { - uint blob_length = (uint)(table->file->stats.mean_rec_length - - (table->s->reclength - rec_length)); + uint blob_length = 0; + // Average length of records could be small, to avoid arithmetic overflow. + if (table->file->stats.mean_rec_length > + (table->s->reclength - rec_length)) { + blob_length = (uint)(table->file->stats.mean_rec_length - + (table->s->reclength - rec_length)); + } rec_length += max(4U, blob_length); } -- 2.19.1.6.gb485710b