MDEV-18046: Assortment of crashes, assertion failures and ASAN errors in mysql_show_binlog_events

Problem: ======== SHOW BINLOG EVENTS FROM <pos> reports following ASAN error AddressSanitizer: heap-buffer-overflow on address String::append(char const*, unsigned int) Query_log_event::pack_info(Protocol*) Fix: === **Part5: Added check to catch buffer overflow**
author: Sujatha <sujatha.sivakumar@mariadb.com> 2019-12-18 15:01:48 +0530
committer: Sujatha <sujatha.sivakumar@mariadb.com> 2020-01-07 18:27:05 +0530
commit: 15781283eb4ec0eaf814565b9a4edd581eec6d3b (patch)
tree: c152f1d86f33816efb8af902edd5fe595d381b83
parent: a42ef108157e3791c57c5b0a5bce6b360b477e3d (diff)
download: mariadb-git-15781283eb4ec0eaf814565b9a4edd581eec6d3b.tar.gz
1 files changed, 3 insertions, 1 deletions
diff --git a/sql/log_event.cc b/sql/log_event.cc
index aa5ae9e2eb9..ebc14e6571d 100644
--- a/sql/log_event.cc
+++ b/sql/log_event.cc
@@ -3815,7 +3815,9 @@ Query_log_event::Query_log_event(const char* buf, uint event_len,
 
   uint32 max_length= uint32(event_len - ((const char*)(end + db_len + 1) -
                                          (buf - common_header_len)));
-  if (q_len != max_length)
+  if (q_len != max_length ||
+      (event_len < uint((const char*)(end + db_len + 1) -
+                        (buf - common_header_len))))
   {
     q_len= 0;
     query= NULL;
author	Sujatha <sujatha.sivakumar@mariadb.com>	2019-12-18 15:01:48 +0530
committer	Sujatha <sujatha.sivakumar@mariadb.com>	2020-01-07 18:27:05 +0530
commit	15781283eb4ec0eaf814565b9a4edd581eec6d3b (patch)
tree	c152f1d86f33816efb8af902edd5fe595d381b83
parent	a42ef108157e3791c57c5b0a5bce6b360b477e3d (diff)
download	mariadb-git-15781283eb4ec0eaf814565b9a4edd581eec6d3b.tar.gz