From f2415eb426d4fa824291bae7031fb5018bab067c Mon Sep 17 00:00:00 2001
From: Sergey Vojtovich <svoj@sun.com>
Date: Thu, 1 Apr 2010 16:58:02 +0400
Subject: [PATCH] Applying InnoDB snapshot

Detailed revision comments:

r6868 | mmakela | 2010-03-25 13:03:08 +0200 (Thu, 25 Mar 2010) | 1 line
branches/zip: page_validate(): Check the buf[] bounds.
---
 storage/innodb_plugin/page/page0page.c | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/storage/innodb_plugin/page/page0page.c b/storage/innodb_plugin/page/page0page.c
index 1068a413e0c..10008f9ac25 100644
--- a/storage/innodb_plugin/page/page0page.c
+++ b/storage/innodb_plugin/page/page0page.c
@@ -2414,8 +2414,13 @@ page_validate(
 		}
 
 		offs = page_offset(rec_get_start(rec, offsets));
+		i = rec_offs_size(offsets);
+		if (UNIV_UNLIKELY(offs + i >= UNIV_PAGE_SIZE)) {
+			fputs("InnoDB: record offset out of bounds\n", stderr);
+			goto func_exit;
+		}
 
-		for (i = rec_offs_size(offsets); i--; ) {
+		while (i--) {
 			if (UNIV_UNLIKELY(buf[offs + i])) {
 				/* No other record may overlap this */
 
@@ -2523,8 +2528,13 @@ n_owned_zero:
 
 		count++;
 		offs = page_offset(rec_get_start(rec, offsets));
+		i = rec_offs_size(offsets);
+		if (UNIV_UNLIKELY(offs + i >= UNIV_PAGE_SIZE)) {
+			fputs("InnoDB: record offset out of bounds\n", stderr);
+			goto func_exit;
+		}
 
-		for (i = rec_offs_size(offsets); i--; ) {
+		while (i--) {
 
 			if (UNIV_UNLIKELY(buf[offs + i])) {
 				fputs("InnoDB: Record overlaps another"