• Venkatesh Duggirala's avatar
    Bug#17632978 SLAVE CRASHES IF ROW EVENT IS CORRUPTED · 5fa9664b
    Venkatesh Duggirala authored
    (MYSQLBINLOG -V CRASHES WITH THAT BINLOG)
    
    Problem: If slave receives a corrupted row event,
    slave server is crashing.
    
    Analysis: When slave is unpacking the row event, it is
    not validating the data before applying the event. If the
    data is corrupted for eg: the length of a field is wrong,
    it could end up reading wrong data leading to a crash.
    A similar problem happens when mysqlbinlog tool is used
    against a corrupted binlog using '-v' option. Due to -v
    option, the tool tries to print the values of all the
    fields. Corrupted field length could lead to a crash.
    
    Fix: Before unpacking the field, a verification
    will be made on the length. If it falls into the event
    range, only then it will be unpacked. Otherwise,
    "ER_SLAVE_CORRUPT_EVENT" error will be thrown.
    Incase mysqlbinlog -v case, the field value will not be
    printed and the processing of the file will be stopped.
    
    sql/field.h:
      Removed a function which is not required anymore
    sql/log_event.cc:
      Adding a validation on the field length before
      the tool tries to print the value.
    sql/log_event.h:
      Changing unpack_row call according to the new arguments
    sql/log_event_old.h:
      Changing unpack_row call according to the new arguments
    sql/rpl_record.cc:
      Adding a new argument 'row_end' which tells
      the end position of the complete data in the
      row event. It will be used to do validation
      before doing 'unpack' field.
    sql/rpl_record.h:
      Adding a new argument 'row_end' which tells
      the end position of the complete data in the
      row event. It will be used to do validation
      before doing 'unpack' field.
    sql/rpl_utility.cc:
      Now calc_field_size() is required for client too.
    5fa9664b
rpl_record.cc 15.7 KB