From 2b0f929e1488726448dbff4d2ecc37c033fa4aa5 Mon Sep 17 00:00:00 2001
From: Vladimir Davydov <vdavydov.dev@gmail.com>
Date: Thu, 25 Jul 2019 12:43:09 +0300
Subject: [PATCH] txn: fix txn::sub_stmt_begin array size

We may write to txn->sub_stmt_begin[TXN_SUB_STMT_MAX] so the array size
must be TXN_SUB_STMT_MAX+1 (see txn_begin_stmt). This didn't lead to any
problems, because we would only overwrite txn::signature, which wouldn't
break anything. However, should we change the txn struct, we could get
an unexpected error or even a crash.

(cherry picked from commit 4e72874a7bbfa759425cd70c8c01d46eefe2f3c7)
---
 src/box/txn.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/box/txn.h b/src/box/txn.h
index 19330b1f02..21858a6e28 100644
--- a/src/box/txn.h
+++ b/src/box/txn.h
@@ -127,7 +127,7 @@ struct txn {
 	 * First statement at each statement-level.
 	 * Needed to rollback sub statements.
 	 */
-	struct stailq_entry *sub_stmt_begin[TXN_SUB_STMT_MAX];
+	struct stailq_entry *sub_stmt_begin[TXN_SUB_STMT_MAX + 1];
 	/** LSN of this transaction when written to WAL. */
 	int64_t signature;
 	/** Engine involved in multi-statement transaction. */
-- 
GitLab