mariadb/mysql-test/std_data
unknown dc91bc74c7 BUG#31793 (log event corruption causes crash):
When running mysqlbinlog on a 64-bit machine with a corrupt relay log,
it causes mysqlbinlog to crash. In this case, the crash is caused
because a request for 18446744073709534806U bytes is issued, which
apparantly can be served on a 64-bit machine (speculatively, I assume)
but this causes the memcpy() issued later to copy the data to segfault.

The request for the number of bytes is caused by a computation
of data_len - server_vars_len where server_vars_len is corrupt in such
a sense that it is > data_len. This causes a wrap-around, with the
the data_len given above.

This patch adds a check that if server_vars_len is greater than
data_len before the substraction, and aborts reading the event in
that case marking the event as invalid. It also adds checks to see
that reading the server variables does not go outside the bounds
of the available space, giving a limited amount of integrity check.


mysql-test/r/mysqlbinlog.result:
  Result change.
mysql-test/t/mysqlbinlog.test:
  Adding test that it fails gracefully for a corrupt relay log.
sql/log_event.cc:
  Adding check that status var length does not cause wrap-around
  when performing subtraction. Extending get_str_len_and_pointer() to
  check that the string can actually be read without reading outside
  bounds. Adding checks when reading server variables from the Query-
  log_event so that the variable can really be read. Abort reading
  and mark the event as invalid otherwise.
mysql-test/std_data/corrupt-relay-bin.000624:
  BitKeeper file /home/mats/devel/b31793-mysql-5.0-rpl/mysql-test/std_data/corrupt-relay-bin.000624
2007-11-09 13:43:09 +01:00
..
ndb_backup50_data_be BUG#29674 Restore/backup are endian compatible in 5.0 2007-08-07 18:07:57 +00:00
ndb_backup50_data_le BUG#29674 Restore/backup are endian compatible in 5.0 2007-08-07 18:07:57 +00:00
14897.frm A fix for Bug#14897 "ResultSet.getString("table.column") sometimes 2006-08-30 00:38:58 +04:00
bad_gis_data.dat bug #22372 2006-12-06 21:47:29 +04:00
bug15328.cnf Bug#15328 Segmentation fault occured if my.cnf is invalid for escape sequence 2006-05-11 14:13:14 +02:00
bug16266.000001 Fix for BUG#16266: Definer is not fully qualified error during replication. 2006-03-01 14:13:07 +03:00
bug19371.frm Bug#19371 VARBINARY() have trailing zeros after upgrade from 4.1 2006-11-09 12:00:27 +01:00
bug19371.MYD Bug#19371 VARBINARY() have trailing zeros after upgrade from 4.1 2006-11-09 12:00:27 +01:00
bug19371.MYI Bug#19371 VARBINARY() have trailing zeros after upgrade from 4.1 2006-11-09 12:00:27 +01:00
cacert.pem SSL/Makefile.am mysql-test/Makefile.am: 2007-07-27 17:39:07 +02:00
client-cert.pem SSL/Makefile.am mysql-test/Makefile.am: 2007-07-27 17:39:07 +02:00
client-key.pem SSL/Makefile.am mysql-test/Makefile.am: 2007-07-27 17:39:07 +02:00
corrupt-relay-bin.000624 BUG#31793 (log event corruption causes crash): 2007-11-09 13:43:09 +01:00
des_key_file
Index.xml Bug#28916 LDML doesn't work for utf8 2007-06-07 17:55:55 +05:00
init_file.dat Bug#23240 --init_file statements with NOW() reports '1970-01-01 11:00:00'as the date time 2007-02-19 14:57:54 +01:00
loaddata1.dat Fixed that reading a DATE string of 000000 is interpreted as 0000-00-00 instead of 2000-00-00 2003-05-05 14:52:39 +03:00
loaddata2.dat Move test that uses many tables (in query_cache.test) to separate test so that we can get it 'skipped' instead of 'failed' on system where we can't open many files. 2003-08-22 04:07:40 +03:00
loaddata3.dat Extend max_allowed_packet to 2G in mysql and mysqldump (Bug #2105) 2003-12-14 06:39:52 +02:00
loaddata4.dat Extend max_allowed_packet to 2G in mysql and mysqldump (Bug #2105) 2003-12-14 06:39:52 +02:00
loaddata5.dat Fix LOAD DATA to handle having the escape and enclosed-by character 2005-06-22 16:14:14 -07:00
loaddata6.dat Bug#15126 character_set_database is not replicated (LOAD DATA INFILE need it) 2007-02-28 17:06:57 +04:00
loaddata_dq.dat Merge mysql.com:/home/jimw/my/mysql-4.1-clean 2005-10-26 14:11:08 -07:00
loaddata_pair.dat Bug#11401: Setting thd->lex so that engines (i.e., InnoDB) recognizes 2005-07-05 13:55:54 +02:00
master-bin.000001
Moscow_leap Fix for bug #6387 "Queried timestamp values do not match the inserted 2004-11-03 17:59:03 +00:00
ndb_config_mycnf1.cnf ndb 2005-09-30 12:19:15 +02:00
ndb_config_mycnf2.cnf Bug #13009 No gaps allowed in node id number sequence 2005-10-12 14:17:39 +02:00
rpl_loaddata.dat
rpl_loaddata2.dat Fix for BUG#1391: 2003-09-25 00:14:46 +02:00
rpl_timezone.dat testing repl of timezone with LOAD DATA INFILE (hourra!) 2005-03-24 16:43:50 +01:00
server-cert-des.pem Bug#21868 Server crashes if encrypted certificate key provided 2006-09-25 16:44:15 +02:00
server-cert.pem SSL/Makefile.am mysql-test/Makefile.am: 2007-07-27 17:39:07 +02:00
server-key-des.pem Bug#21868 Server crashes if encrypted certificate key provided 2006-09-25 16:44:15 +02:00
server-key.pem SSL/Makefile.am mysql-test/Makefile.am: 2007-07-27 17:39:07 +02:00
server8k-cert.pem Bug #29784 YaSSL assertion failure when reading 8k key. 2007-07-17 14:43:56 -04:00
server8k-key.pem Bug #29784 YaSSL assertion failure when reading 8k key. 2007-07-17 14:43:56 -04:00
trunc_binlog.000001 fix rpl_trunc_binlog to test the new behaviour 2005-02-19 22:24:13 +01:00
untrusted-cacert.pem Add an untrusted cacert used when testing 2006-05-03 14:10:22 +02:00
vchar.frm Update results for new varchar handling 2004-12-07 15:47:00 +02:00
warnings_loaddata.dat update the test for LOAD DATA INFILE warnings 2003-04-22 00:54:33 -07:00
words.dat Fixed multi-table-delete for InnoDB tables 2003-02-17 02:14:37 +02:00