Details
-
Bug
-
Status: Closed (View Workflow)
-
Minor
-
Resolution: Fixed
-
5.5.22, 5.5.23
-
None
-
None
Description
The code in question is
if (!memcmp(from, tmp_file_prefix, tmp_file_prefix_length))
The problem here is that 'from' can have length < 4 (=tmp_file_prefix_length), and there might be anything past the end of from, for example another page with unmapped memory
The problem is found with Windows Application verifier, that tweaks heap allocations in a way that they are places at the end of the page. Quite a lot of innodb tests crash in this function, when mysqld is run under application verifier.