From 1f01df0e72a97a7a2ae91488bb1094390e85f4f8 Mon Sep 17 00:00:00 2001
From: unknown <guilhem@mysql.com>
Date: Thu, 8 Apr 2004 22:12:22 +0200
Subject: [PATCH] Fix for BUG#3422 "In 3.23 -> 4.0 replication, slave segfault
 when replicating LOAD DATA INFILE": as we transform the 3.23 Load_log_event
 into a 4.0 Create_file_log_event which is one byte longer, we need to
 increment event_len. The bug was that we did not increment it, so later in
 code the end 0 was not seen so there was for example a segfault in
 strlen(fname) because fname was not 0-terminated. Other problems remain in
 3.23->4.0 replication of LOAD DATA INFILE but they are less serious:
 Exec_master_log_pos and Relay_log_space are incorrect. I'll document them.
 They are not fixable without significant code changes (if you fix those
 problems in 4.0, you get assertion failures somewhere else etc), * which are
 already done in 5.0.0 *.

sql/slave.cc:
  In 3.23->4.0 replication of LOAD DATA INFILE:
  as we transform the 3.23 Load_log_event into a 4.0 Create_file_log_event which is one
  byte longer, we need to increment event_len.
  So we need to modify the event_len stored in the event.
  And we need to decrement event_len when we compute the offset in the master's binlog.
---
 sql/slave.cc | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

diff --git a/sql/slave.cc b/sql/slave.cc
index 1ef572e3a0a..e79e70e0395 100644
--- a/sql/slave.cc
+++ b/sql/slave.cc
@@ -3030,8 +3030,16 @@ static int queue_old_event(MASTER_INFO *mi, const char *buf,
       DBUG_RETURN(1);
     }
     memcpy(tmp_buf,buf,event_len);
-    tmp_buf[event_len]=0; // Create_file constructor wants null-term buffer
+    /*
+      Create_file constructor wants a 0 as last char of buffer, this 0 will
+      serve as the string-termination char for the file's name (which is at the
+      end of the buffer)
+      We must increment event_len, otherwise the event constructor will not see
+      this end 0, which leads to segfault.
+    */
+    tmp_buf[event_len++]=0;
     buf = (const char*)tmp_buf;
+    int4store(buf+EVENT_LEN_OFFSET, event_len);
   }
   /*
     This will transform LOAD_EVENT into CREATE_FILE_EVENT, ask the master to
@@ -3079,7 +3087,11 @@ static int queue_old_event(MASTER_INFO *mi, const char *buf,
     DBUG_ASSERT(tmp_buf);
     int error = process_io_create_file(mi,(Create_file_log_event*)ev);
     delete ev;
-    mi->master_log_pos += event_len;
+    /*
+      We had incremented event_len, but now when it is used to calculate the
+      position in the master's log, we must use the original value.
+    */
+    mi->master_log_pos += --event_len;
     DBUG_PRINT("info", ("master_log_pos: %d", (ulong) mi->master_log_pos));
     pthread_mutex_unlock(&mi->data_lock);
     my_free((char*)tmp_buf, MYF(0));
-- 
2.30.9