Details
Blocker Description
wsrep_store_key_val_for_row() in ha_innodb.cc has the following code
if (mysql_type == MYSQL_TYPE_VARCHAR) { |
if (wsrep_protocol_version > 1) { |
...
|
if (true_len > buff_space) { |
WSREP_DEBUG (
|
"write set key truncated for: %s\n", |
wsrep_thd_query(thd));
|
true_len = buff_space;
|
}
|
memcpy(buff, sorted, true_len); |
buff += true_len;
|
buff_space -= true_len;
|
} else { |
buff += key_len;
|
}
|
which looks reasonable, but below it has
} else if (mysql_type == MYSQL_TYPE_TINY_BLOB |
|| mysql_type == MYSQL_TYPE_MEDIUM_BLOB
|
|| mysql_type == MYSQL_TYPE_BLOB
|
|| mysql_type == MYSQL_TYPE_LONG_BLOB
|
|| mysql_type == MYSQL_TYPE_GEOMETRY) {
|
...
|
if (wsrep_protocol_version > 1) { |
if (true_len > buff_space) { |
fprintf (stderr, |
"WSREP: key truncated: %s\n", |
wsrep_thd_query(thd));
|
true_len = buff_space;
|
}
|
buff += true_len;
|
buff_space -= true_len;
|
} else { |
buff += key_len;
|
}
|
memcpy(buff, sorted, true_len); |
which makes no sense — first it moves buff and then copies? Clearly a copy-paste mistake.
It causes crashes too:
source include/galera_cluster.inc;
|
source include/have_innodb.inc;
|
create table t1 ( |
id int auto_increment primary key, |
blob_data longblob not null, |
unique key idx_blob_prefix (blob_data(3072)) |
) engine=innodb;
|
insert into t1 (blob_data) values ('a'); |
update t1 set blob_data = repeat('x', 4000) where id = 1; |