mariadb

mirror of https://github.com/MariaDB/server.git synced 2025-01-17 20:42:30 +01:00

History

unknown dc91bc74c7 BUG#31793 (log event corruption causes crash): When running mysqlbinlog on a 64-bit machine with a corrupt relay log, it causes mysqlbinlog to crash. In this case, the crash is caused because a request for 18446744073709534806U bytes is issued, which apparantly can be served on a 64-bit machine (speculatively, I assume) but this causes the memcpy() issued later to copy the data to segfault. The request for the number of bytes is caused by a computation of data_len - server_vars_len where server_vars_len is corrupt in such a sense that it is > data_len. This causes a wrap-around, with the the data_len given above. This patch adds a check that if server_vars_len is greater than data_len before the substraction, and aborts reading the event in that case marking the event as invalid. It also adds checks to see that reading the server variables does not go outside the bounds of the available space, giving a limited amount of integrity check. mysql-test/r/mysqlbinlog.result: Result change. mysql-test/t/mysqlbinlog.test: Adding test that it fails gracefully for a corrupt relay log. sql/log_event.cc: Adding check that status var length does not cause wrap-around when performing subtraction. Extending get_str_len_and_pointer() to check that the string can actually be read without reading outside bounds. Adding checks when reading server variables from the Query- log_event so that the variable can really be read. Abort reading and mark the event as invalid otherwise. mysql-test/std_data/corrupt-relay-bin.000624: BitKeeper file /home/mats/devel/b31793-mysql-5.0-rpl/mysql-test/std_data/corrupt-relay-bin.000624		2007-11-09 13:43:09 +01:00
..
ndb_backup50_data_be	BUG#29674 Restore/backup are endian compatible in 5.0	2007-08-07 18:07:57 +00:00
ndb_backup50_data_le	BUG#29674 Restore/backup are endian compatible in 5.0	2007-08-07 18:07:57 +00:00
14897.frm
bad_gis_data.dat	bug #22372	2006-12-06 21:47:29 +04:00
bug15328.cnf
bug16266.000001
bug19371.frm	Bug#19371 VARBINARY() have trailing zeros after upgrade from 4.1	2006-11-09 12:00:27 +01:00
bug19371.MYD	Bug#19371 VARBINARY() have trailing zeros after upgrade from 4.1	2006-11-09 12:00:27 +01:00
bug19371.MYI	Bug#19371 VARBINARY() have trailing zeros after upgrade from 4.1	2006-11-09 12:00:27 +01:00
cacert.pem	SSL/Makefile.am mysql-test/Makefile.am:	2007-07-27 17:39:07 +02:00
client-cert.pem	SSL/Makefile.am mysql-test/Makefile.am:	2007-07-27 17:39:07 +02:00
client-key.pem	SSL/Makefile.am mysql-test/Makefile.am:	2007-07-27 17:39:07 +02:00
corrupt-relay-bin.000624	BUG#31793 (log event corruption causes crash):	2007-11-09 13:43:09 +01:00
des_key_file
Index.xml	Bug#28916 LDML doesn't work for utf8	2007-06-07 17:55:55 +05:00
init_file.dat	Bug#23240 --init_file statements with NOW() reports '1970-01-01 11:00:00'as the date time	2007-02-19 14:57:54 +01:00
loaddata1.dat
loaddata2.dat
loaddata3.dat
loaddata4.dat
loaddata5.dat
loaddata6.dat	Bug#15126 character_set_database is not replicated (LOAD DATA INFILE need it)	2007-02-28 17:06:57 +04:00
loaddata_dq.dat
loaddata_pair.dat
master-bin.000001
Moscow_leap
ndb_config_mycnf1.cnf
ndb_config_mycnf2.cnf
rpl_loaddata.dat
rpl_loaddata2.dat
rpl_timezone.dat
server-cert-des.pem	Bug#21868 Server crashes if encrypted certificate key provided	2006-09-25 16:44:15 +02:00
server-cert.pem	SSL/Makefile.am mysql-test/Makefile.am:	2007-07-27 17:39:07 +02:00
server-key-des.pem	Bug#21868 Server crashes if encrypted certificate key provided	2006-09-25 16:44:15 +02:00
server-key.pem	SSL/Makefile.am mysql-test/Makefile.am:	2007-07-27 17:39:07 +02:00
server8k-cert.pem	Bug #29784 YaSSL assertion failure when reading 8k key.	2007-07-17 14:43:56 -04:00
server8k-key.pem	Bug #29784 YaSSL assertion failure when reading 8k key.	2007-07-17 14:43:56 -04:00
trunc_binlog.000001
untrusted-cacert.pem
vchar.frm
warnings_loaddata.dat
words.dat