mirror/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-01-16 03:52:35 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

MDEV-22070 MSAN use-of-uninitialized-value in encryption.innodb-redo-badkey

Browse source 
On a checksum failure of a ROW_FORMAT=COMPRESSED page,
buf_LRU_free_one_page() would invoke buf_LRU_block_remove_hashed()
which will read the uncompressed page frame, although it would not
be initialized. With bad enough luck, fil_page_get_type(page)
could return an unrecognized value and cause the server to abort.

buf_page_io_complete(): On the corruption of a ROW_FORMAT=COMPRESSED
page, zerofill the uncompressed page frame.
This commit is contained in:
Marko Mäkelä 2020-05-14 17:41:37 +03:00
parent 31f34b20f3
commit ee5152fc4b
2 changed files with 14 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
storage/innobase/buf/buf0buf.cc
View file

@ -2,7 +2,7 @@
Copyright (c) 1995, 2016, Oracle and/or its affiliates. All Rights Reserved.
Copyright (c) 2008, Google Inc.
Copyright (c) 2013, 2019, MariaDB Corporation.
Copyright (c) 2013, 2020, MariaDB Corporation.
Portions of this file contain modifications contributed and copyrighted by
Google, Inc. Those modifications are gratefully acknowledged and are described
@ -4931,9 +4931,8 @@ buf_page_io_complete(buf_page_t* bpage, bool evict)
err = buf_page_check_corrupt(bpage, space);
database_corrupted:
if (err != DB_SUCCESS) {
database_corrupted:
/* Not a real corruption if it was triggered by
error injection */
DBUG_EXECUTE_IF("buf_page_import_corrupt_failure",
@ -4948,6 +4947,11 @@ database_corrupted:
goto page_not_corrupt;
);
if (uncompressed && bpage->zip.data) {
memset(reinterpret_cast<buf_block_t*>(bpage)
->frame, 0, srv_page_size);
}
if (err == DB_PAGE_CORRUPTED) {
ib_logf(IB_LOG_LEVEL_ERROR,
"Database page corruption on disk"

10
storage/xtradb/buf/buf0buf.cc
View file

@ -2,7 +2,7 @@
Copyright (c) 1995, 2016, Oracle and/or its affiliates. All Rights Reserved.
Copyright (c) 2008, Google Inc.
Copyright (c) 2013, 2019, MariaDB Corporation.
Copyright (c) 2013, 2020, MariaDB Corporation.
Portions of this file contain modifications contributed and copyrighted by
Google, Inc. Those modifications are gratefully acknowledged and are described
@ -4936,9 +4936,8 @@ buf_page_io_complete(buf_page_t* bpage)
err = buf_page_check_corrupt(bpage, space);
}
database_corrupted:
if (err != DB_SUCCESS) {
database_corrupted:
/* Not a real corruption if it was triggered by
error injection */
DBUG_EXECUTE_IF("buf_page_import_corrupt_failure",
@ -4953,6 +4952,11 @@ database_corrupted:
goto page_not_corrupt;
);
if (uncompressed && bpage->zip.data) {
memset(reinterpret_cast<buf_block_t*>(bpage)
->frame, 0, srv_page_size);
}
if (err == DB_PAGE_CORRUPTED) {
ib_logf(IB_LOG_LEVEL_ERROR,
"Database page corruption on disk"