MySQL patches by Codership

use of uninitialized memory in wsrep_rec_get_primary_key()

  1. Series 5.1
  2. Bug #967134
Bug #967134 reported by Teemu Ollakka
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
MySQL patches by Codership
Fix Released
Medium
Teemu Ollakka
MySQL patches by Codership 5.5.23-23.5
5.1
Won't Fix
Undecided
Unassigned
5.5
Fix Released
Medium
Teemu Ollakka
MySQL patches by Codership 5.5.23-23.5

Bug Description

Offsets array in wsrep_rec_get_primary_key() is initialized as

 ulint offsets_[REC_OFFS_NORMAL_SIZE];

 ut_ad(index);
 key_parts = dict_index_get_n_unique_in_tree(index);
 *offsets_ = (sizeof offsets_) / sizeof *offsets_;

 rec_get_offsets(rec, index, offsets_, ULINT_UNDEFINED, &heap);

However, rec_get_offsets() may allocate new block of memory if number of returned offsets won't fit in offsets_ array. In this case offsets_ array remains uninitialized. Code following this initialization should use pointer returned by rec_get_offsets() instead.

Related branches

lp:codership-mysql/5.5
Revision history for this message
Teemu Ollakka (teemu-ollakka) wrote :

Fix committed in lp:codership-mysql/5.5 revno 3734

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.