Hi,

The point I do not understant is at ha_savepoint

we have again:

if ((err= ht->savepoint_set(ht, thd, (uchar *)(sv+1)+ht->savepoint_offset)))

(gdb) p *sv
$3 = {prev = 0xa5a5a5a5a5a5a5a5, name = 0x7f505c007390 "A", length = 1, ha_list = 0xa5a5a5a5a5a5a5a5, mdl_savepoint = {m_stmt_ticket = 0xa5a5a5a5a5a5a5a5, m_trans_ticket = 0xa5a5a5a5a5a5a5a5}}
(gdb) p *(sv+1)
$2 = {prev = 0xa5a5a5a5a5a5a5a5, name = 0xa5a5a5a5a5a5a5a5 <Address 0xa5a5a5a5a5a5a5a5 out of bounds>, length = 2779096485, ha_list = 0xa5a5a5a5a5a5a5a5, mdl_savepoint = {m_stmt_ticket = 0xa5a5a5a5a5a5a5a5, m_trans_ticket = 0xa5a5a5a5a5a5a5a5}}

Again access to unitialized memory, sv is ok but sv+1 not

R:

--

Jan Lindström
Principal Engineer

MariaDB | MaxScale | skype: jan_p_lindstrom

www.skysql.com

Twitter Blog Facebook LinkedIn Google+