diff options
| author | Andrei <andrei.elkin@mariadb.com> | 2022-08-30 00:26:20 +0300 |
|---|---|---|
| committer | Andrei <andrei.elkin@mariadb.com> | 2022-09-07 20:35:43 +0300 |
| commit | 5563202089e78855ad9295a3526a70e766d8a42d (patch) | |
| tree | 6915bcd142b3b73ab59e4f07251fd627da09fb64 /sql/log_event.cc | |
| parent | 80cf7a4c43209a91ac6514ac3ea0dd0b592e17f0 (diff) | |
| download | mariadb-git-5563202089e78855ad9295a3526a70e766d8a42d.tar.gz | |
MDEV-29322 ASAN heap-use-after-free in Query_log_event::do_apply_event
The ASAN report was made in the parallel slave execution of a query
event and implicitly involved (so also parallelly run) Format-Description
event.
The Query actually had unexpected impossible dependency on a preceding
"old" FD whose instance got destructed, to cause the ASAN error.
The case is fixed with storing the FD's value into Query-log-event
at its instantiating on slave. The stored value is from the very
FD of the Query's original binlog so remains to be correct
at the query event applying.
The branch C. of a new rpl_parallel_29322.test also demonstrates
(may need few --repeat though) the bug in its simple form of the same
server version binlog.
Diffstat (limited to 'sql/log_event.cc')
| -rw-r--r-- | sql/log_event.cc | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/sql/log_event.cc b/sql/log_event.cc index 4c4514bb4e2..20cf4d45073 100644 --- a/sql/log_event.cc +++ b/sql/log_event.cc @@ -1528,7 +1528,7 @@ Query_log_event::Query_log_event(const char* buf, uint event_len, switch (*pos++) { case Q_FLAGS2_CODE: CHECK_SPACE(pos, end, 4); - flags2_inited= 1; + flags2_inited= description_event->options_written_to_bin_log; flags2= uint4korr(pos); DBUG_PRINT("info",("In Query_log_event, read flags2: %lu", (ulong) flags2)); pos+= 4; |