From e1f12f149c198829e130eacbeddc19dce3f55b3b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marko=20M=C3=A4kel=C3=A4?= <marko.makela@mariadb.com>
Date: Wed, 24 Sep 2025 10:20:06 +0300
Subject: [PATCH] MDEV-37626 clang -fsanitize=undefined errors in row0log.cc

row_log_apply_ops(), row_log_table_apply_ops(): Instead of adding
an offset to a potentially null pointer, subtract the offset from a
never-null pointer and then compare to the potentially null pointer.
Also, instead of adding a negative (wrapped-around) pointer offset,
subtract a positive pointer offset.

Reviewed by: Daniel Black
---
 storage/innobase/row/row0log.cc | 20 ++++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/storage/innobase/row/row0log.cc b/storage/innobase/row/row0log.cc
index ab049a11018..daa2036ee39 100644
--- a/storage/innobase/row/row0log.cc
+++ b/storage/innobase/row/row0log.cc
@@ -2691,8 +2691,8 @@ all_done:
 	ut_ad((mrec == NULL) == (index->online_log->head.bytes == 0));
 
 #ifdef UNIV_DEBUG
-	if (next_mrec_end == index->online_log->head.block
-	    + srv_sort_buf_size) {
+	if (next_mrec_end - srv_sort_buf_size
+	    == index->online_log->head.block) {
 		/* If tail.bytes == 0, next_mrec_end can also be at
 		the end of tail.block. */
 		if (index->online_log->tail.bytes == 0) {
@@ -2706,8 +2706,8 @@ all_done:
 			ut_ad(index->online_log->tail.blocks
 			      > index->online_log->head.blocks);
 		}
-	} else if (next_mrec_end == index->online_log->tail.block
-		   + index->online_log->tail.bytes) {
+	} else if (next_mrec_end - index->online_log->tail.bytes
+		   == index->online_log->tail.block) {
 		ut_ad(next_mrec == index->online_log->tail.block
 		      + index->online_log->head.bytes);
 		ut_ad(index->online_log->tail.blocks == 0);
@@ -2808,7 +2808,7 @@ process_next_block:
 		} else {
 			memcpy(index->online_log->head.buf, mrec,
 			       ulint(mrec_end - mrec));
-			mrec_end += ulint(index->online_log->head.buf - mrec);
+			mrec_end -= ulint(mrec - index->online_log->head.buf);
 			mrec = index->online_log->head.buf;
 			goto process_next_block;
 		}
@@ -3601,8 +3601,8 @@ all_done:
 	ut_ad((mrec == NULL) == (index->online_log->head.bytes == 0));
 
 #ifdef UNIV_DEBUG
-	if (next_mrec_end == index->online_log->head.block
-	    + srv_sort_buf_size) {
+	if (next_mrec_end - srv_sort_buf_size
+            == index->online_log->head.block) {
 		/* If tail.bytes == 0, next_mrec_end can also be at
 		the end of tail.block. */
 		if (index->online_log->tail.bytes == 0) {
@@ -3616,8 +3616,8 @@ all_done:
 			ut_ad(index->online_log->tail.blocks
 			      > index->online_log->head.blocks);
 		}
-	} else if (next_mrec_end == index->online_log->tail.block
-		   + index->online_log->tail.bytes) {
+	} else if (next_mrec_end - index->online_log->tail.bytes
+                   == index->online_log->tail.block) {
 		ut_ad(next_mrec == index->online_log->tail.block
 		      + index->online_log->head.bytes);
 		ut_ad(index->online_log->tail.blocks == 0);
@@ -3700,7 +3700,7 @@ process_next_block:
 		} else {
 			memcpy(index->online_log->head.buf, mrec,
 			       ulint(mrec_end - mrec));
-			mrec_end += ulint(index->online_log->head.buf - mrec);
+			mrec_end -= ulint(mrec - index->online_log->head.buf);
 			mrec = index->online_log->head.buf;
 			goto process_next_block;
 		}