mysql8.0/mysql-innodb-crash.patch

115 lines
3.6 KiB
Diff

Back-port upstream fix for CVE-2007-5925.
diff -Naur mysql-5.0.45.orig/innobase/include/db0err.h mysql-5.0.45/innobase/include/db0err.h
--- mysql-5.0.45.orig/innobase/include/db0err.h 2007-07-04 09:06:59.000000000 -0400
+++ mysql-5.0.45/innobase/include/db0err.h 2007-12-13 12:44:05.000000000 -0500
@@ -57,6 +57,18 @@
buffer pool (for big transactions,
InnoDB stores the lock structs in the
buffer pool) */
+#define DB_FOREIGN_DUPLICATE_KEY 46 /* foreign key constraints
+ activated by the operation would
+ lead to a duplicate key in some
+ table */
+#define DB_TOO_MANY_CONCURRENT_TRXS 47 /* when InnoDB runs out of the
+ preconfigured undo slots, this can
+ only happen when there are too many
+ concurrent transactions */
+#define DB_UNSUPPORTED 48 /* when InnoDB sees any artefact or
+ a feature that it can't recoginize or
+ work with e.g., FT indexes created by
+ a later version of the engine. */
/* The following are partial failure codes */
#define DB_FAIL 1000
diff -Naur mysql-5.0.45.orig/innobase/include/page0cur.h mysql-5.0.45/innobase/include/page0cur.h
--- mysql-5.0.45.orig/innobase/include/page0cur.h 2007-07-04 09:06:10.000000000 -0400
+++ mysql-5.0.45/innobase/include/page0cur.h 2007-12-13 12:44:05.000000000 -0500
@@ -22,6 +22,7 @@
/* Page cursor search modes; the values must be in this order! */
+#define PAGE_CUR_UNSUPP 0
#define PAGE_CUR_G 1
#define PAGE_CUR_GE 2
#define PAGE_CUR_L 3
diff -Naur mysql-5.0.45.orig/sql/ha_innodb.cc mysql-5.0.45/sql/ha_innodb.cc
--- mysql-5.0.45.orig/sql/ha_innodb.cc 2007-07-04 09:06:48.000000000 -0400
+++ mysql-5.0.45/sql/ha_innodb.cc 2007-12-13 12:44:05.000000000 -0500
@@ -526,6 +526,9 @@
}
return(HA_ERR_LOCK_TABLE_FULL);
+ } else if (error == DB_UNSUPPORTED) {
+
+ return(HA_ERR_UNSUPPORTED);
} else {
return(-1); // Unknown error
}
@@ -3689,11 +3692,21 @@
and comparison of non-latin1 char type fields in
innobase_mysql_cmp() to get PAGE_CUR_LE_OR_EXTENDS to
work correctly. */
-
- default: assert(0);
+ case HA_READ_MBR_CONTAIN:
+ case HA_READ_MBR_INTERSECT:
+ case HA_READ_MBR_WITHIN:
+ case HA_READ_MBR_DISJOINT:
+ my_error(ER_TABLE_CANT_HANDLE_SPKEYS, MYF(0));
+ return(PAGE_CUR_UNSUPP);
+ /* do not use "default:" in order to produce a gcc warning:
+ enumeration value '...' not handled in switch
+ (if -Wswitch or -Wall is used)
+ */
}
- return(0);
+ my_error(ER_CHECK_NOT_IMPLEMENTED, MYF(0), "this functionality");
+
+ return(PAGE_CUR_UNSUPP);
}
/*
@@ -3831,11 +3844,18 @@
last_match_mode = (uint) match_mode;
- innodb_srv_conc_enter_innodb(prebuilt->trx);
+ if (mode != PAGE_CUR_UNSUPP) {
- ret = row_search_for_mysql((byte*) buf, mode, prebuilt, match_mode, 0);
+ innodb_srv_conc_enter_innodb(prebuilt->trx);
- innodb_srv_conc_exit_innodb(prebuilt->trx);
+ ret = row_search_for_mysql((byte*) buf, mode, prebuilt,
+ match_mode, 0);
+
+ innodb_srv_conc_exit_innodb(prebuilt->trx);
+ } else {
+
+ ret = DB_UNSUPPORTED;
+ }
if (ret == DB_SUCCESS) {
error = 0;
@@ -5150,8 +5170,16 @@
mode2 = convert_search_mode_to_innobase(max_key ? max_key->flag :
HA_READ_KEY_EXACT);
- n_rows = btr_estimate_n_rows_in_range(index, range_start,
- mode1, range_end, mode2);
+ if (mode1 != PAGE_CUR_UNSUPP && mode2 != PAGE_CUR_UNSUPP) {
+
+ n_rows = btr_estimate_n_rows_in_range(index, range_start,
+ mode1, range_end,
+ mode2);
+ } else {
+
+ n_rows = 0;
+ }
+
dtuple_free_for_mysql(heap1);
dtuple_free_for_mysql(heap2);