Skip to content

MDEV-39450: Memory corruption: overlapping memory ranges in Field_longstr::compress on UPDATE of compressed column#5256

Open
raghunandanbhat wants to merge 1 commit into
10.6from
10.6-mdev-39450
Open

MDEV-39450: Memory corruption: overlapping memory ranges in Field_longstr::compress on UPDATE of compressed column#5256
raghunandanbhat wants to merge 1 commit into
10.6from
10.6-mdev-39450

Conversation

@raghunandanbhat

@raghunandanbhat raghunandanbhat commented Jun 18, 2026

Copy link
Copy Markdown
Contributor

fixes MDEV-39450

Problem:

Values shorter than column_compression_threshold (default 100) are stored uncompressed. Reading such a column returns a pointer into that buffer rather than a copy.

When the new value is a substring of the column that aliases this buffer at a non-zero offset, e.g. RIGHT(c,n) or SUBSTRING(c,n), the source and destination overlap, and the memcpy() in the "store uncompressed" path copies overlapping regions, which is undefined behaviour.

Fix:
Replace memcpy with memmove to avoid copying between overlapping memory regions.

gemini-code-assist[bot]
gemini-code-assist Bot reviewed Jun 18, 2026
View reviewed changes

@gemini-code-assist gemini-code-assist Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request fixes a memory corruption issue (MDEV-39450) caused by overlapping memory ranges in Field_longstr::compress during an UPDATE of a compressed column by replacing memcpy with memmove in sql/field.cc. It also adds corresponding regression tests. Feedback points out a typo in the test file (10.6s instead of 10.6) that will cause a mismatch with the expected result file and lead to test failures.

Important

The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.

Comment thread mysql-test/main/column_compression.test Outdated
@raghunandanbhat
MDEV-39450: Memory corruption: overlapping memory ranges in `Field_lo…
1d16297 
…ngstr::compress` on UPDATE of compressed column

Problem:
  Values shorter than `column_compression_threshold` (default 100) are
  stored uncompressed. Reading such a column returns a pointer into that
  buffer rather than a copy.

  When the new value is a substring of the column that aliases this
  buffer at a non-zero offset, e.g. `RIGHT(c,n)` or `SUBSTRING(c,n)`,
  the source and destination overlap, and the `memcpy()` in the "store
  uncompressed" path copies overlapping regions, which is undefined
  behaviour.

Fix:
  Replace `memcpy` with `memmove` to avoid copying between overlapping
  memory regions.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@gemini-code-assist gemini-code-assist[bot] gemini-code-assist[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

MariaDB Corporation

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@raghunandanbhat @gkodinov