ndb - bug#34107 patch 1, kernel

ndb/src/kernel/blocks/dbtup/Dbtup.hpp: bug#34107 check stored proc overflow ndb/src/kernel/blocks/dbtup/DbtupExecQuery.cpp: bug#34107 check stored proc overflow ndb/src/kernel/blocks/dbtup/DbtupStoredProcDef.cpp: bug#34107 check stored proc overflow ndb/src/ndbapi/ndberror.c: bug#34107 check stored proc overflow

ndb - bug#34107 patch 1, kernel
ndb/src/kernel/blocks/dbtup/Dbtup.hpp: bug#34107 check stored proc overflow ndb/src/kernel/blocks/dbtup/DbtupExecQuery.cpp: bug#34107 check stored proc overflow ndb/src/kernel/blocks/dbtup/DbtupStoredProcDef.cpp: bug#34107 check stored proc overflow ndb/src/ndbapi/ndberror.c: bug#34107 check stored proc overflow
3b5c7a03 · unknown · 507c8a13 · 3b5c7a03 · 3b5c7a03 · 3b5c7a03
Commit 3b5c7a03 authored Jan 31, 2008 by unknown
4 changed files
--- a/ndb/src/kernel/blocks/dbtup/Dbtup.hpp
+++ b/ndb/src/kernel/blocks/dbtup/Dbtup.hpp
@@ -198,6 +198,7 @@
 #define ZUNSUPPORTED_BRANCH 892

 #define ZSTORED_SEIZE_ATTRINBUFREC_ERROR 873 // Part of Scan
+#define ZSTORED_TOO_MUCH_ATTRINFO_ERROR 874

 #define ZREAD_ONLY_CONSTRAINT_VIOLATION 893
 #define ZVAR_SIZED_NOT_SUPPORTED 894
@@ -2173,7 +2174,8 @@ private:
                     Operationrec* regOperPtr,
                     Uint32 lenAttrInfo);
  void storedSeizeAttrinbufrecErrorLab(Signal* signal,
-                                       Operationrec* regOperPtr);
+                                       Operationrec* regOperPtr,
+                                       Uint32 errorCode);
  bool storedProcedureAttrInfo(Signal* signal,
                               Operationrec* regOperPtr,
                               Uint32 length,

--- a/ndb/src/kernel/blocks/dbtup/DbtupExecQuery.cpp
+++ b/ndb/src/kernel/blocks/dbtup/DbtupExecQuery.cpp
@@ -77,6 +77,14 @@ void Dbtup::copyAttrinfo(Signal* signal,
    RbufLen = copyAttrBufPtr.p->attrbuf[ZBUF_DATA_LEN];
    Rnext = copyAttrBufPtr.p->attrbuf[ZBUF_NEXT];
    Rfirst = cfirstfreeAttrbufrec;
+    /*
+     * ATTRINFO comes from 2 mutually exclusive places:
+     * 1) TUPKEYREQ (also interpreted part)
+     * 2) STORED_PROCREQ before scan start
+     * Assert here that both have a check for overflow.
+     * The "<" instead of "<=" is intentional.
+     */
+    ndbrequire(RinBufIndex + RbufLen < ZATTR_BUFFER_SIZE);
    MEMCOPY_NO_WORDS(&inBuffer[RinBufIndex],
                     &copyAttrBufPtr.p->attrbuf[0],
                     RbufLen);

--- a/ndb/src/kernel/blocks/dbtup/DbtupStoredProcDef.cpp
+++ b/ndb/src/kernel/blocks/dbtup/DbtupStoredProcDef.cpp
@@ -108,6 +108,11 @@ void Dbtup::scanProcedure(Signal* signal,
  regOperPtr->attrinbufLen = lenAttrInfo;
  regOperPtr->currentAttrinbufLen = 0;
  regOperPtr->pageOffset = storedPtr.i;
+  if (lenAttrInfo >= ZATTR_BUFFER_SIZE) { // yes ">="
+    jam();
+    // send REF and change state to ignore the ATTRINFO to come
+    storedSeizeAttrinbufrecErrorLab(signal, regOperPtr, ZSTORED_TOO_MUCH_ATTRINFO_ERROR);
+  }
 }//Dbtup::scanProcedure()

 void Dbtup::copyProcedure(Signal* signal,
@@ -146,7 +151,7 @@ bool Dbtup::storedProcedureAttrInfo(Signal* signal,
  Uint32 RnoFree = cnoFreeAttrbufrec;
  if (ERROR_INSERTED(4004) && !copyProcedure) {
    CLEAR_ERROR_INSERT_VALUE;
-    storedSeizeAttrinbufrecErrorLab(signal, regOperPtr);
+    storedSeizeAttrinbufrecErrorLab(signal, regOperPtr, ZSTORED_SEIZE_ATTRINBUFREC_ERROR);
    return false;
  }//if
  regOperPtr->currentAttrinbufLen += length;
@@ -162,7 +167,7 @@ bool Dbtup::storedProcedureAttrInfo(Signal* signal,
    regAttrPtr.p->attrbuf[ZBUF_NEXT] = RNIL;
  } else {
    ljam();
-    storedSeizeAttrinbufrecErrorLab(signal, regOperPtr);
+    storedSeizeAttrinbufrecErrorLab(signal, regOperPtr, ZSTORED_SEIZE_ATTRINBUFREC_ERROR);
    return false;
  }//if
  if (regOperPtr->firstAttrinbufrec == RNIL) {
@@ -190,7 +195,7 @@ bool Dbtup::storedProcedureAttrInfo(Signal* signal,
  }//if
  if (ERROR_INSERTED(4005) && !copyProcedure) {
    CLEAR_ERROR_INSERT_VALUE;
-    storedSeizeAttrinbufrecErrorLab(signal, regOperPtr);
+    storedSeizeAttrinbufrecErrorLab(signal, regOperPtr, ZSTORED_SEIZE_ATTRINBUFREC_ERROR);
    return false;
  }//if

@@ -211,7 +216,8 @@ bool Dbtup::storedProcedureAttrInfo(Signal* signal,
 }//Dbtup::storedProcedureAttrInfo()

 void Dbtup::storedSeizeAttrinbufrecErrorLab(Signal* signal,
-                                            Operationrec* regOperPtr)
+                                            Operationrec* regOperPtr,
+                                            Uint32 errorCode)
 {
  StoredProcPtr storedPtr;
  c_storedProcPool.getPtr(storedPtr, (Uint32)regOperPtr->pageOffset);
@@ -222,7 +228,7 @@ void Dbtup::storedSeizeAttrinbufrecErrorLab(Signal* signal,
  regOperPtr->lastAttrinbufrec = RNIL;
  regOperPtr->transstate = ERROR_WAIT_STORED_PROCREQ;
  signal->theData[0] = regOperPtr->userpointer;
-  signal->theData[1] = ZSTORED_SEIZE_ATTRINBUFREC_ERROR;
+  signal->theData[1] = errorCode;
  signal->theData[2] = regOperPtr->pageOffset;
  sendSignal(regOperPtr->userblockref, GSN_STORED_PROCREF, signal, 3, JBB);
 }//Dbtup::storedSeizeAttrinbufrecErrorLab()

--- a/ndb/src/ndbapi/ndberror.c
+++ b/ndb/src/ndbapi/ndberror.c
@@ -291,6 +291,7 @@ ErrorBundle ErrorCodes[] = {
  { 242,  AE, "Zero concurrency in scan"},
  { 244,  AE, "Too high concurrency in scan"},
  { 269,  AE, "No condition and attributes to read in scan"},
+  { 874,  AE, "Too much attrinfo (e.g. scan filter) for scan in tuple manager" },
  { 4600, AE, "Transaction is already started"},
  { 4601, AE, "Transaction is not started"},
  { 4602, AE, "You must call getNdbOperation before executeScan" },