summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSujatha <sujatha.sivakumar@mariadb.com>2019-12-18 15:01:48 +0530
committerSujatha <sujatha.sivakumar@mariadb.com>2020-01-07 18:27:05 +0530
commit15781283eb4ec0eaf814565b9a4edd581eec6d3b (patch)
treec152f1d86f33816efb8af902edd5fe595d381b83
parenta42ef108157e3791c57c5b0a5bce6b360b477e3d (diff)
downloadmariadb-git-15781283eb4ec0eaf814565b9a4edd581eec6d3b.tar.gz
MDEV-18046: Assortment of crashes, assertion failures and ASAN errors in mysql_show_binlog_events
Problem: ======== SHOW BINLOG EVENTS FROM <pos> reports following ASAN error AddressSanitizer: heap-buffer-overflow on address String::append(char const*, unsigned int) Query_log_event::pack_info(Protocol*) Fix: === **Part5: Added check to catch buffer overflow**
-rw-r--r--sql/log_event.cc4
1 files changed, 3 insertions, 1 deletions
diff --git a/sql/log_event.cc b/sql/log_event.cc
index aa5ae9e2eb9..ebc14e6571d 100644
--- a/sql/log_event.cc
+++ b/sql/log_event.cc
@@ -3815,7 +3815,9 @@ Query_log_event::Query_log_event(const char* buf, uint event_len,
uint32 max_length= uint32(event_len - ((const char*)(end + db_len + 1) -
(buf - common_header_len)));
- if (q_len != max_length)
+ if (q_len != max_length ||
+ (event_len < uint((const char*)(end + db_len + 1) -
+ (buf - common_header_len))))
{
q_len= 0;
query= NULL;