Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-4203

Possible bug in maria's repair functions

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 10.0.1, 5.5.29, 5.1.67, 5.2.14, 5.3.12
    • Fix Version/s: 10.0.2, 5.5.31, 5.1.73, 5.2.15, 5.3.13
    • Component/s: None
    • Labels:
      None

      Description

      File storage/maria/ma_check.c in 10.0.1 tarball has very suspicious code on line 4028:

          my_off_t skr= (share->state.state.data_file_length +
                         (sort_info.org_data_file_type == COMPRESSED_RECORD) ?
                         MEMMAP_EXTRA_MARGIN : 0);

      It looks like the intention was to add to data_file_length either MEMMAP_EXTRA_MARGIN or 0. But according to C operator precedence '+' has a priority over '?:', so the result of the whole expression will be either 0 or something non-zero.
      I don't know how to hit this code in a test case, so I can't prove my theory. So could you please check what's the real intention here?

      I saw another instance of similar code at line 4548 at the same file. So if this one has bug then the one on line 4548 has it too I guess.

        Attachments

          Activity

            People

            • Assignee:
              wlad Vladislav Vaintroub
              Reporter:
              pivanof Pavel Ivanov
            • Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: