From cf356816f70189cee136d67d76139b0c1d0ab52a Mon Sep 17 00:00:00 2001
From: Aleksey Demakov <ademakov@gmail.com>
Date: Fri, 3 Feb 2012 19:13:44 +0400
Subject: [PATCH] Fix out-of-bounds access to key parts array in tree indexes
 (Bug #926080)

---
 mod/box/tree.m          | 6 ++++--
 test/box_big/sql.result | 2 ++
 test/box_big/sql.test   | 2 ++
 3 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/mod/box/tree.m b/mod/box/tree.m
index d44e13efa8..424158b431 100644
--- a/mod/box/tree.m
+++ b/mod/box/tree.m
@@ -471,7 +471,8 @@ sparse_key_node_compare(struct key_def *key_def,
 			struct box_tuple *tuple,
 			const union sparse_part* parts)
 {
-	for (int part = 0; part < key_data->part_count; ++part) {
+	int part_count = MIN(key_def->part_count, key_data->part_count);
+	for (int part = 0; part < part_count; ++part) {
 		int r = sparse_part_compare(key_def->parts[part].type,
 					    key_data->data,
 					    key_data->parts[part],
@@ -616,7 +617,8 @@ dense_key_node_compare(struct key_def *key_def,
 	}
 
 	/* compare key parts */
-	for (int part = 0; part < key_data->part_count; ++part) {
+	int part_count = MIN(key_def->part_count, key_data->part_count);
+	for (int part = 0; part < part_count; ++part) {
 		int field = key_def->parts[part].fieldno;
 		int r = dense_key_part_compare(key_def->parts[part].type,
 					       key_data->data,
diff --git a/test/box_big/sql.result b/test/box_big/sql.result
index 0353b951ac..eaa1569245 100644
--- a/test/box_big/sql.result
+++ b/test/box_big/sql.result
@@ -88,6 +88,8 @@ Delete OK, 1 row affected
 #
 insert into t1 values ('key1', 'part1', 'part2')
 Insert OK, 1 row affected
+insert into t1 values ('key1', 'part1', 'part2')
+Insert OK, 1 row affected
 insert into t1 values ('key2', 'part1', 'part2_a')
 Insert OK, 1 row affected
 insert into t1 values ('key3', 'part1', 'part2_b')
diff --git a/test/box_big/sql.test b/test/box_big/sql.test
index 5105d3a66e..6aa607d720 100644
--- a/test/box_big/sql.test
+++ b/test/box_big/sql.test
@@ -58,6 +58,8 @@ print """#
 # Test composite keys with trees
 #"""
 exec sql "insert into t1 values ('key1', 'part1', 'part2')"
+# Test a duplicate insert on unique index that once resulted in a crash (bug #926080)
+exec sql "insert into t1 values ('key1', 'part1', 'part2')"
 exec sql "insert into t1 values ('key2', 'part1', 'part2_a')"
 exec sql "insert into t1 values ('key3', 'part1', 'part2_b')"
 exec admin "lua for k, v in box.space[1]:pairs() do print(v) end"
-- 
GitLab