mirror of
https://github.com/MariaDB/server.git
synced 2025-01-15 19:42:28 +01:00
MariaDB server is a community developed fork of MySQL server. Started by core members of the original MySQL team, MariaDB actively works with outside developers to deliver the most featureful, stable, and sanely licensed open SQL server in the industry.
amazon-web-servicesdatabasefulltext-searchgalerageographical-information-systeminnodbjsonmariadbmysqlrdbmsrelational-databasessqlstorage-enginevector-database
dc91bc74c7
When running mysqlbinlog on a 64-bit machine with a corrupt relay log, it causes mysqlbinlog to crash. In this case, the crash is caused because a request for 18446744073709534806U bytes is issued, which apparantly can be served on a 64-bit machine (speculatively, I assume) but this causes the memcpy() issued later to copy the data to segfault. The request for the number of bytes is caused by a computation of data_len - server_vars_len where server_vars_len is corrupt in such a sense that it is > data_len. This causes a wrap-around, with the the data_len given above. This patch adds a check that if server_vars_len is greater than data_len before the substraction, and aborts reading the event in that case marking the event as invalid. It also adds checks to see that reading the server variables does not go outside the bounds of the available space, giving a limited amount of integrity check. mysql-test/r/mysqlbinlog.result: Result change. mysql-test/t/mysqlbinlog.test: Adding test that it fails gracefully for a corrupt relay log. sql/log_event.cc: Adding check that status var length does not cause wrap-around when performing subtraction. Extending get_str_len_and_pointer() to check that the string can actually be read without reading outside bounds. Adding checks when reading server variables from the Query- log_event so that the variable can really be read. Abort reading and mark the event as invalid otherwise. mysql-test/std_data/corrupt-relay-bin.000624: BitKeeper file /home/mats/devel/b31793-mysql-5.0-rpl/mysql-test/std_data/corrupt-relay-bin.000624 |
||
|---|---|---|
| bdb | ||
| BitKeeper | ||
| BUILD | ||
| client | ||
| cmd-line-utils | ||
| config/ac-macros | ||
| dbug | ||
| Docs | ||
| extra | ||
| heap | ||
| include | ||
| innobase | ||
| libmysql | ||
| libmysql_r | ||
| libmysqld | ||
| man | ||
| myisam | ||
| myisammrg | ||
| mysql-test | ||
| mysys | ||
| ndb | ||
| netware | ||
| os2 | ||
| pstack | ||
| regex | ||
| scripts | ||
| server-tools | ||
| sql | ||
| sql-bench | ||
| sql-common | ||
| SSL | ||
| strings | ||
| support-files | ||
| tests | ||
| tools | ||
| VC++Files | ||
| vio | ||
| win | ||
| zlib | ||
| .bzrignore | ||
| .cvsignore | ||
| CMakeLists.txt | ||
| configure.in | ||
| COPYING | ||
| EXCEPTIONS-CLIENT | ||
| Makefile.am | ||
| README | ||
This is a release of MySQL, a dual-license SQL database server. MySQL is brought to you by the MySQL team at MySQL AB. License information can be found in these files: - For GPL (free) distributions, see the COPYING file and the EXCEPTIONS-CLIENT file. - For commercial distributions, see the LICENSE.mysql file. For further information about MySQL or additional documentation, see: - The latest information about MySQL: http://www.mysql.com - The current MySQL documentation: http://dev.mysql.com/doc Some manual sections of special interest: - If you are migrating from an older version of MySQL, please read the "Upgrading from..." section first! - To see what MySQL can do, take a look at the features section. - For installation instructions, see the Installing and Upgrading chapter. - For the new features/bugfix history, see the Change History appendix. - For the currently known bugs/misfeatures (known errors) see the Problems and Common Errors appendix. - For a list of developers and other contributors, see the Credits appendix. A local copy of the MySQL Reference Manual can be found in the Docs directory in GNU Info format. You can also browse the manual online or download it in any of several formats at the URL given earlier in this file. ************************************************************ IMPORTANT: Bug or error reports should be sent to http://bugs.mysql.com.