From 1f01df0e72a97a7a2ae91488bb1094390e85f4f8 Mon Sep 17 00:00:00 2001 From: unknown <guilhem@mysql.com> Date: Thu, 8 Apr 2004 22:12:22 +0200 Subject: [PATCH] Fix for BUG#3422 "In 3.23 -> 4.0 replication, slave segfault when replicating LOAD DATA INFILE": as we transform the 3.23 Load_log_event into a 4.0 Create_file_log_event which is one byte longer, we need to increment event_len. The bug was that we did not increment it, so later in code the end 0 was not seen so there was for example a segfault in strlen(fname) because fname was not 0-terminated. Other problems remain in 3.23->4.0 replication of LOAD DATA INFILE but they are less serious: Exec_master_log_pos and Relay_log_space are incorrect. I'll document them. They are not fixable without significant code changes (if you fix those problems in 4.0, you get assertion failures somewhere else etc), * which are already done in 5.0.0 *. sql/slave.cc: In 3.23->4.0 replication of LOAD DATA INFILE: as we transform the 3.23 Load_log_event into a 4.0 Create_file_log_event which is one byte longer, we need to increment event_len. So we need to modify the event_len stored in the event. And we need to decrement event_len when we compute the offset in the master's binlog. --- sql/slave.cc | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/sql/slave.cc b/sql/slave.cc index 1ef572e3a0a..e79e70e0395 100644 --- a/sql/slave.cc +++ b/sql/slave.cc @@ -3030,8 +3030,16 @@ static int queue_old_event(MASTER_INFO *mi, const char *buf, DBUG_RETURN(1); } memcpy(tmp_buf,buf,event_len); - tmp_buf[event_len]=0; // Create_file constructor wants null-term buffer + /* + Create_file constructor wants a 0 as last char of buffer, this 0 will + serve as the string-termination char for the file's name (which is at the + end of the buffer) + We must increment event_len, otherwise the event constructor will not see + this end 0, which leads to segfault. + */ + tmp_buf[event_len++]=0; buf = (const char*)tmp_buf; + int4store(buf+EVENT_LEN_OFFSET, event_len); } /* This will transform LOAD_EVENT into CREATE_FILE_EVENT, ask the master to @@ -3079,7 +3087,11 @@ static int queue_old_event(MASTER_INFO *mi, const char *buf, DBUG_ASSERT(tmp_buf); int error = process_io_create_file(mi,(Create_file_log_event*)ev); delete ev; - mi->master_log_pos += event_len; + /* + We had incremented event_len, but now when it is used to calculate the + position in the master's log, we must use the original value. + */ + mi->master_log_pos += --event_len; DBUG_PRINT("info", ("master_log_pos: %d", (ulong) mi->master_log_pos)); pthread_mutex_unlock(&mi->data_lock); my_free((char*)tmp_buf, MYF(0)); -- 2.30.9