From 95f4a7da460a2b72c60070f291b7dfbdafd0356c Mon Sep 17 00:00:00 2001 From: Tom Yu Date: Wed, 7 Sep 2016 17:28:34 -0400 Subject: [PATCH] Fix unaligned accesses in bt_split.c In the libdb2 btree back end, splitting a page at an overflow key could result in an unaligned access, causing a crash (and data corruption) on platforms with strict alignment. This probably occurs only rarely in practice. (cherry picked from commit 537aba0dda3a1f696f10fde56348fde06d88939c) ticket: 8493 version_fixed: 1.13.7 --- src/plugins/kdb/db2/libdb2/btree/bt_split.c | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/src/plugins/kdb/db2/libdb2/btree/bt_split.c b/src/plugins/kdb/db2/libdb2/btree/bt_split.c index 2460aa54f8..c5f151d813 100644 --- a/src/plugins/kdb/db2/libdb2/btree/bt_split.c +++ b/src/plugins/kdb/db2/libdb2/btree/bt_split.c @@ -245,9 +245,12 @@ __bt_split(t, sp, key, data, flags, ilen, argskip) WR_BINTERNAL(dest, nksize ? nksize : bl->ksize, rchild->pgno, bl->flags & P_BIGKEY); memmove(dest, bl->bytes, nksize ? nksize : bl->ksize); - if (bl->flags & P_BIGKEY && - bt_preserve(t, *(db_pgno_t *)bl->bytes) == RET_ERROR) - goto err1; + if (bl->flags & P_BIGKEY) { + db_pgno_t pgno; + memcpy(&pgno, bl->bytes, sizeof(pgno)); + if (bt_preserve(t, pgno) == RET_ERROR) + goto err1; + } break; case P_RINTERNAL: /* @@ -568,9 +571,12 @@ bt_broot(t, h, l, r) * If the key is on an overflow page, mark the overflow chain * so it isn't deleted when the leaf copy of the key is deleted. */ - if (bl->flags & P_BIGKEY && - bt_preserve(t, *(db_pgno_t *)bl->bytes) == RET_ERROR) - return (RET_ERROR); + if (bl->flags & P_BIGKEY) { + db_pgno_t pgno; + memcpy(&pgno, bl->bytes, sizeof(pgno)); + if (bt_preserve(t, pgno) == RET_ERROR) + return (RET_ERROR); + } break; case P_BINTERNAL: bi = GETBINTERNAL(r, 0); -- 2.47.2