Commit e7ad04ea authored by unknown's avatar unknown

Fix for bug #28436: Incorrect position in SHOW BINLOG EVENTS causes server coredump

Problem: there is an ASSERT() in the Log_event::read_log_event() checking the integrity 
of the event's data that may fail.
Fix: move the assert's condition to an explicit check.


mysql-test/r/ctype_cp932_binlog_stm.result:
  Fix for bug #28436: Incorrect position in SHOW BINLOG EVENTS causes server coredump
    - test result.
mysql-test/t/ctype_cp932_binlog_stm.test:
  Fix for bug #28436: Incorrect position in SHOW BINLOG EVENTS causes server coredump
    - test case.
sql/log_event.cc:
  Fix for bug #28436: Incorrect position in SHOW BINLOG EVENTS causes server coredump
    - assert's condition moved to the explicit integrity check.
parent 7e96711a
...@@ -43,3 +43,7 @@ END ...@@ -43,3 +43,7 @@ END
master-bin.000001 783 Query 1 1002 use `test`; INSERT INTO t4 VALUES ( NAME_CONST('ins1',_latin1 0x466F6F2773206120426172), NAME_CONST('ins2',_cp932 0xED40ED41ED42), NAME_CONST('ind',47.93)) master-bin.000001 783 Query 1 1002 use `test`; INSERT INTO t4 VALUES ( NAME_CONST('ins1',_latin1 0x466F6F2773206120426172), NAME_CONST('ins2',_cp932 0xED40ED41ED42), NAME_CONST('ind',47.93))
master-bin.000001 1002 Query 1 1091 use `test`; DROP PROCEDURE bug18293 master-bin.000001 1002 Query 1 1091 use `test`; DROP PROCEDURE bug18293
master-bin.000001 1091 Query 1 1170 use `test`; DROP TABLE t4 master-bin.000001 1091 Query 1 1170 use `test`; DROP TABLE t4
End of 5.0 tests
SHOW BINLOG EVENTS FROM 364;
ERROR HY000: Error when executing command SHOW BINLOG EVENTS: Wrong offset or I/O error
End of 5.1 tests
...@@ -25,5 +25,13 @@ DROP TABLE t4| ...@@ -25,5 +25,13 @@ DROP TABLE t4|
SHOW BINLOG EVENTS FROM 369| SHOW BINLOG EVENTS FROM 369|
delimiter ;| delimiter ;|
# End of 5.0 tests --echo End of 5.0 tests
#
# #28436: Incorrect position in SHOW BINLOG EVENTS causes server coredump
# Note: 364 is a magic position (found experimentally, depends on
# the log's contents) that caused the server crash.
--error 1220
SHOW BINLOG EVENTS FROM 364;
--echo End of 5.1 tests
...@@ -911,16 +911,15 @@ Log_event* Log_event::read_log_event(const char* buf, uint event_len, ...@@ -911,16 +911,15 @@ Log_event* Log_event::read_log_event(const char* buf, uint event_len,
DBUG_ENTER("Log_event::read_log_event(char*,...)"); DBUG_ENTER("Log_event::read_log_event(char*,...)");
DBUG_ASSERT(description_event != 0); DBUG_ASSERT(description_event != 0);
DBUG_PRINT("info", ("binlog_version: %d", description_event->binlog_version)); DBUG_PRINT("info", ("binlog_version: %d", description_event->binlog_version));
/* Check the integrity */
if (event_len < EVENT_LEN_OFFSET || if (event_len < EVENT_LEN_OFFSET ||
buf[EVENT_TYPE_OFFSET] >= ENUM_END_EVENT ||
(uint) event_len != uint4korr(buf+EVENT_LEN_OFFSET)) (uint) event_len != uint4korr(buf+EVENT_LEN_OFFSET))
{ {
*error="Sanity check failed"; // Needed to free buffer *error="Sanity check failed"; // Needed to free buffer
DBUG_RETURN(NULL); // general sanity check - will fail on a partial read DBUG_RETURN(NULL); // general sanity check - will fail on a partial read
} }
/* To check the integrity of the Log_event_type enumeration */
DBUG_ASSERT(buf[EVENT_TYPE_OFFSET] < ENUM_END_EVENT);
switch(buf[EVENT_TYPE_OFFSET]) { switch(buf[EVENT_TYPE_OFFSET]) {
case QUERY_EVENT: case QUERY_EVENT:
ev = new Query_log_event(buf, event_len, description_event, QUERY_EVENT); ev = new Query_log_event(buf, event_len, description_event, QUERY_EVENT);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment