Merge bk-internal:/home/bk/mysql-4.1

into mysql.com:/home/jimw/my/mysql-4.1-clean

BitKeeper/etc/logging_ok

@@ -36,6 +36,7 @@ brian@private-client-ip-101.oz.net
 brian@zim.(none)
 carsten@tsort.bitbybit.dk
 davida@isil.mysql.com
+dean@mysql.com
 dellis@goetia.(none)
 dlenev@brandersnatch.localdomain
 dlenev@build.mysql.com

myisam/ft_nlq_search.c

@@ -261,6 +261,10 @@ FT_INFO *ft_init_nlq_search(MI_INFO *info, uint keynr, byte *query,
 
   }
 
+  /*
+    If ndocs == 0, this will not allocate RAM for FT_INFO.doc[],
+    so if ndocs == 0, FT_INFO.doc[] must not be accessed.
+   */
   dlist=(FT_INFO *)my_malloc(sizeof(FT_INFO)+
 			     sizeof(FT_DOC)*(aio.dtree.elements_in_tree-1),
 			     MYF(0));
@@ -329,7 +333,8 @@ float ft_nlq_find_relevance(FT_INFO *handler,
     else
       a=c;
   }
-  if (docs[a].dpos == docid)
+  /* bounds check to avoid accessing unallocated handler->doc  */
+  if (a < handler->ndocs && docs[a].dpos == docid)
     return (float) docs[a].weight;
   else
     return 0.0;

mysql-test/r/fulltext.result

@@ -402,6 +402,12 @@ select count(*) from t1;
 count(*)
 1
 drop table t1;
+CREATE TABLE t1 ( a TEXT, FULLTEXT (a) );
+INSERT INTO t1 VALUES ('testing ft_nlq_find_relevance');
+SELECT MATCH(a) AGAINST ('nosuchword') FROM t1;
+MATCH(a) AGAINST ('nosuchword')
+0
+DROP TABLE t1;
 create table t1 (a int primary key, b text, fulltext(b));
 create table t2 (a int, b text);
 insert t1 values (1, "aaaa"), (2, "bbbb");

mysql-test/t/fulltext.test

@@ -309,6 +309,14 @@ REPAIR TABLE t1;
 select count(*) from t1;
 drop table t1;
 
+#
+# testing out of bounds memory access in ft_nlq_find_relevance()
+# (bug#8522); visible in valgrind.
+#
+CREATE TABLE t1 ( a TEXT, FULLTEXT (a) );
+INSERT INTO t1 VALUES ('testing ft_nlq_find_relevance');
+SELECT MATCH(a) AGAINST ('nosuchword') FROM t1;
+DROP TABLE t1;
 #
 # bug#6784
 # mi_flush_bulk_insert (on dup key error in mi_write)