MDEV-29555 ASAN heap-buffer-overflow in mariabackup.huge_lsn,strict_full_crc32

recv_scan_log(): Do not dereference the first byte of the log record
before recv_sys.parse_pmem() (or recv_sys_t::parse_mtr()) returns OK.

In the case of the failure that was analyzed, we had
recv_sys.offset == recv_sys.len and recv_sys_t::parse_mtr() would return
PREMATURE_EOF. This would lead us to reading more data and parsing again.

When a memory-mapped interface to the log is being used, that is,
log_sys.is_pmem() holds, recv_sys.offset cannot point past the
end of the memory-mapped log_sys.buf[]. This is guaranteed by
log_sys.calc_lsn_offset().

Thanks to Nayuta Yanagisawa for providing a core dump for analysis.

storage/innobase/log/log0recv.cc

@@ -3713,7 +3713,7 @@ static bool recv_scan_log(bool last_phase)
 
       for (;;)
       {
-        const byte b{log_sys.buf[recv_sys.offset]};
+        const byte& b{log_sys.buf[recv_sys.offset]};
         r= recv_sys.parse_pmem(store);
         if (r == recv_sys_t::OK)
         {