MDEV-18046: Assortment of crashes, assertion failures and ASAN errors in mysql_show_binlog_events

Problem: ======== SHOW BINLOG EVENTS FROM <pos> reports following ASAN error heap-buffer-overflow within "my_strndup" in Rotate_log_event my_strndup /mysys/my_malloc.c:254 Rotate_log_event::Rotate_log_event(char const*, unsigned int, Format_description_log_event const*) Fix: === **Part4: Improved the check for event_len validation**
author: Sujatha <sujatha.sivakumar@mariadb.com> 2019-12-18 15:01:19 +0530
committer: Sujatha <sujatha.sivakumar@mariadb.com> 2020-01-07 18:27:05 +0530
commit: a42ef108157e3791c57c5b0a5bce6b360b477e3d (patch)
tree: 07e7b5e1904bbd973ec6bcc829ef9e30d1dd7619
parent: 5a54e84e5d60602a97392eb284ba3b3b69a61bda (diff)
download: mariadb-git-a42ef108157e3791c57c5b0a5bce6b360b477e3d.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/sql/log_event.cc b/sql/log_event.cc
index c22743501aa..aa5ae9e2eb9 100644
--- a/sql/log_event.cc
+++ b/sql/log_event.cc
@@ -6449,7 +6449,7 @@ Rotate_log_event::Rotate_log_event(const char* buf, uint event_len,
   // The caller will ensure that event_len is what we have at EVENT_LEN_OFFSET
   uint8 post_header_len= description_event->post_header_len[ROTATE_EVENT-1];
   uint ident_offset;
-  if (event_len < LOG_EVENT_MINIMAL_HEADER_LEN)
+  if (event_len < (uint)(LOG_EVENT_MINIMAL_HEADER_LEN + post_header_len))
     DBUG_VOID_RETURN;
   buf+= LOG_EVENT_MINIMAL_HEADER_LEN;
   pos= post_header_len ? uint8korr(buf + R_POS_OFFSET) : 4;
author	Sujatha <sujatha.sivakumar@mariadb.com>	2019-12-18 15:01:19 +0530
committer	Sujatha <sujatha.sivakumar@mariadb.com>	2020-01-07 18:27:05 +0530
commit	a42ef108157e3791c57c5b0a5bce6b360b477e3d (patch)
tree	07e7b5e1904bbd973ec6bcc829ef9e30d1dd7619
parent	5a54e84e5d60602a97392eb284ba3b3b69a61bda (diff)
download	mariadb-git-a42ef108157e3791c57c5b0a5bce6b360b477e3d.tar.gz