Commit deac81af authored by unknown's avatar unknown
Browse files

Fixed possible access to unintialized memory in filesort when using many buffers 


include/my_sys.h:
  Added function to call if IO_CACHE is moved
mysys/mf_iocache.c:
  Added function to call if IO_CACHE is moved
sql/filesort.cc:
  Tell that io_cache is moved
parent d3ad1a91

include/my_sys.h

+1 −0
Original line number Diff line number Diff line
@@ -671,6 +671,7 @@ extern int init_io_cache(IO_CACHE *info,File file,uint cachesize, 
extern my_bool reinit_io_cache(IO_CACHE *info,enum cache_type type,

			       my_off_t seek_offset,pbool use_async_io,

			       pbool clear_cache);

extern void setup_io_cache(IO_CACHE* info);

extern int _my_b_read(IO_CACHE *info,byte *Buffer,uint Count);

#ifdef THREAD

extern int _my_b_read_r(IO_CACHE *info,byte *Buffer,uint Count);

mysys/mf_iocache.c

+35 −14
Original line number Diff line number Diff line
@@ -71,9 +71,40 @@ static void my_aiowait(my_aio_result *result); 
#define IO_ROUND_UP(X) (((X)+IO_SIZE-1) & ~(IO_SIZE-1))

#define IO_ROUND_DN(X) ( (X)            & ~(IO_SIZE-1))





/*

  Setup internal pointers inside IO_CACHE



  SYNOPSIS

    setup_io_cache()

    info		IO_CACHE handler



  NOTES

    This is called on automaticly on init or reinit of IO_CACHE

    It must be called externally if one moves or copies an IO_CACHE

    object.

*/



void setup_io_cache(IO_CACHE* info)

{

  /* Ensure that my_b_tell() and my_b_bytes_in_cache works */

  if (info->type == WRITE_CACHE)

  {

    info->current_pos= &info->write_pos;

    info->current_end= &info->write_end;

  }

  else

  {

    info->current_pos= &info->read_pos;

    info->current_end= &info->read_end;

  }

}





static void

init_functions(IO_CACHE* info, enum cache_type type)

init_functions(IO_CACHE* info)

{

  enum cache_type type= info->type;

  switch (type) {

  case READ_NET:

    /*
@@ -97,17 +128,7 @@ init_functions(IO_CACHE* info, enum cache_type type) 
    info->write_function = _my_b_write;

  }



  /* Ensure that my_b_tell() and my_b_bytes_in_cache works */

  if (type == WRITE_CACHE)

  {

    info->current_pos= &info->write_pos;

    info->current_end= &info->write_end;

  }

  else

  {

    info->current_pos= &info->read_pos;

    info->current_end= &info->read_end;

  }

  setup_io_cache(info);

}



	/*
@@ -211,7 +232,7 @@ int init_io_cache(IO_CACHE *info, File file, uint cachesize, 
  /* End_of_file may be changed by user later */

  info->end_of_file= end_of_file;

  info->error=0;

  init_functions(info,type);

  init_functions(info);

#ifdef HAVE_AIOWAIT

  if (use_async_io && ! my_disable_async_io)

  {
@@ -333,7 +354,7 @@ my_bool reinit_io_cache(IO_CACHE *info, enum cache_type type, 
  }

  info->type=type;

  info->error=0;

  init_functions(info,type);

  init_functions(info);



#ifdef HAVE_AIOWAIT

  if (use_async_io && ! my_disable_async_io &&

sql/filesort.cc

+2 −0
Original line number Diff line number Diff line
@@ -680,6 +680,8 @@ int merge_many_buff(SORTPARAM *param, uchar *sort_buffer, 
    if (flush_io_cache(to_file))

      break;					/* purecov: inspected */

    temp=from_file; from_file=to_file; to_file=temp;

    setup_io_cache(from_file);

    setup_io_cache(to_file);

    *maxbuffer= (uint) (lastbuff-buffpek)-1;

  }

  close_cached_file(to_file);			// This holds old result