diff options
| author | Venkatesh Duggirala <venkatesh.duggirala@oracle.com> | 2013-12-17 22:11:22 +0530 |
|---|---|---|
| committer | Venkatesh Duggirala <venkatesh.duggirala@oracle.com> | 2013-12-17 22:11:22 +0530 |
| commit | 5fa9664b07f9b45f883abb138966c6e49239eb3e (patch) | |
| tree | abc3738abd56fe93dd6a945ef5605b39f7cf6420 /sql/log_event.cc | |
| parent | afd24eb63d0ad230f62f041fa6123f2ad9c7b5c5 (diff) | |
| download | mariadb-git-5fa9664b07f9b45f883abb138966c6e49239eb3e.tar.gz | |
Bug#17632978 SLAVE CRASHES IF ROW EVENT IS CORRUPTED
(MYSQLBINLOG -V CRASHES WITH THAT BINLOG)
Problem: If slave receives a corrupted row event,
slave server is crashing.
Analysis: When slave is unpacking the row event, it is
not validating the data before applying the event. If the
data is corrupted for eg: the length of a field is wrong,
it could end up reading wrong data leading to a crash.
A similar problem happens when mysqlbinlog tool is used
against a corrupted binlog using '-v' option. Due to -v
option, the tool tries to print the values of all the
fields. Corrupted field length could lead to a crash.
Fix: Before unpacking the field, a verification
will be made on the length. If it falls into the event
range, only then it will be unpacked. Otherwise,
"ER_SLAVE_CORRUPT_EVENT" error will be thrown.
Incase mysqlbinlog -v case, the field value will not be
printed and the processing of the file will be stopped.
sql/field.h:
Removed a function which is not required anymore
sql/log_event.cc:
Adding a validation on the field length before
the tool tries to print the value.
sql/log_event.h:
Changing unpack_row call according to the new arguments
sql/log_event_old.h:
Changing unpack_row call according to the new arguments
sql/rpl_record.cc:
Adding a new argument 'row_end' which tells
the end position of the complete data in the
row event. It will be used to do validation
before doing 'unpack' field.
sql/rpl_record.h:
Adding a new argument 'row_end' which tells
the end position of the complete data in the
row event. It will be used to do validation
before doing 'unpack' field.
sql/rpl_utility.cc:
Now calc_field_size() is required for client too.
Diffstat (limited to 'sql/log_event.cc')
| -rw-r--r-- | sql/log_event.cc | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/sql/log_event.cc b/sql/log_event.cc index 7d18b447084..122953b48ec 100644 --- a/sql/log_event.cc +++ b/sql/log_event.cc @@ -18,6 +18,7 @@ #ifdef MYSQL_CLIENT #include "sql_priv.h" +#include "mysqld_error.h" #else @@ -1945,6 +1946,14 @@ Rows_log_event::print_verbose_one_row(IO_CACHE *file, table_def *td, else { my_b_printf(file, "### @%d=", i + 1); + size_t fsize= td->calc_field_size((uint)i, (uchar*) value); + if (value + fsize > m_rows_end) + { + my_b_printf(file, "***Corrupted replication event was detected." + " Not printing the value***\n"); + value+= fsize; + return 0; + } size_t size= log_event_print_value(file, value, td->type(i), td->field_metadata(i), typestr, sizeof(typestr)); |