Skip to content

Commit 36eb0b7

Browse files
vuvovavuvova
committed
improve ASAN instrumentation: table->record[0]
instrument table->record[0], table->record[1] and share->default_values. One should not access record image beyond share->reclength, even if table->record[0] has some unused space after it (functions that work with records, might get a copy of the record as an argument, and that copy - not being record[0] - might not have this buffer space at the end). See b80fa40 and 444587d
1 parent fa331ac commit 36eb0b7

File tree

2 files changed

+15
-3
lines changed

2 files changed

+15
-3
lines changed

sql/table.cc

Lines changed: 6 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1269,9 +1269,10 @@ static int open_binary_frm(THD *thd, TABLE_SHARE *share, uchar *head,
12691269
extra_rec_buf_length= uint2korr(head+59);
12701270
rec_buff_length= ALIGN_SIZE(share->reclength + 1 + extra_rec_buf_length);
12711271
share->rec_buff_length= rec_buff_length;
1272-
if (!(record= (uchar *) alloc_root(&share->mem_root,
1273-
rec_buff_length)))
1272+
if (!(record= (uchar *) alloc_root(&share->mem_root, rec_buff_length)))
12741273
goto err; /* purecov: inspected */
1274+
MEM_NOACCESS(record, rec_buff_length);
1275+
MEM_UNDEFINED(record, share->reclength);
12751276
share->default_values= record;
12761277
if (mysql_file_pread(file, record, (size_t) share->reclength,
12771278
record_offset, MYF(MY_NABP)))
@@ -2430,6 +2431,7 @@ int open_table_from_share(THD *thd, TABLE_SHARE *share, const char *alias,
24302431
if (!(record= (uchar*) alloc_root(&outparam->mem_root,
24312432
share->rec_buff_length * records)))
24322433
goto err; /* purecov: inspected */
2434+
MEM_NOACCESS(record, share->rec_buff_length * records);
24332435

24342436
if (records == 0)
24352437
{
@@ -2444,6 +2446,8 @@ int open_table_from_share(THD *thd, TABLE_SHARE *share, const char *alias,
24442446
else
24452447
outparam->record[1]= outparam->record[0]; // Safety
24462448
}
2449+
MEM_UNDEFINED(outparam->record[0], share->reclength);
2450+
MEM_UNDEFINED(outparam->record[1], share->reclength);
24472451

24482452
if (!(field_ptr = (Field **) alloc_root(&outparam->mem_root,
24492453
(uint) ((share->fields+1)*

storage/heap/ha_heap.cc

Lines changed: 9 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -100,7 +100,15 @@ const char **ha_heap::bas_ext() const
100100

101101
int ha_heap::open(const char *name, int mode, uint test_if_locked)
102102
{
103-
set_if_bigger(table->s->reclength, sizeof (uchar*));
103+
if (table->s->reclength < sizeof (char*))
104+
{
105+
MEM_UNDEFINED(table->s->default_values + table->s->reclength,
106+
sizeof(char*) - table->s->reclength);
107+
table->s->reclength= sizeof(char*);
108+
MEM_UNDEFINED(table->record[0], table->s->reclength);
109+
MEM_UNDEFINED(table->record[1], table->s->reclength);
110+
}
111+
104112
internal_table= test(test_if_locked & HA_OPEN_INTERNAL_TABLE);
105113
if (internal_table || (!(file= heap_open(name, mode)) && my_errno == ENOENT))
106114
{

0 commit comments

Comments
 (0)