diff options
author | Vicențiu Ciorbaru <vicentiu@mariadb.org> | 2016-06-20 23:43:01 +0300 |
---|---|---|
committer | Vicențiu Ciorbaru <vicentiu@mariadb.org> | 2016-06-22 16:41:38 +0300 |
commit | b449612907bd09bebf8d1280d80839cd16784fd3 (patch) | |
tree | 01c38cd89c830ecb466b3767542872d9c49bcfdd /sql/log_event.cc | |
parent | 5fd80875909c88e624a79a528eaaf9418089a211 (diff) | |
download | mariadb-git-b449612907bd09bebf8d1280d80839cd16784fd3.tar.gz |
MDEV-8638: REVOKE ALL PRIVILEGES, GRANT OPTION FROM CURRENT_ROLE breaks replication
Fix the replication failure caused by incorect initialization of
THD::invoker_host && THD::invoker_user.
Breakdown of the failure is this:
Query_log_event::host and Query_log_event::user can have their
LEX_STRING's set to length 0, but the actual str member points to
garbage. Code afterwards copies Query_log_event::host and user to
THD::invoker_host and THD::invoker_user.
Calling code for these members expects both members to be initialized.
Eg. the str member be a NULL terminated string and length have
appropriate size.
Diffstat (limited to 'sql/log_event.cc')
-rw-r--r-- | sql/log_event.cc | 19 |
1 files changed, 17 insertions, 2 deletions
diff --git a/sql/log_event.cc b/sql/log_event.cc index 82cd82b5e7a..4a1d13a8004 100644 --- a/sql/log_event.cc +++ b/sql/log_event.cc @@ -3631,10 +3631,25 @@ Query_log_event::Query_log_event(const char* buf, uint event_len, if (time_zone_len) copy_str_and_move(&time_zone_str, &start, time_zone_len); - if (user.length > 0) + if (user.length) + { copy_str_and_move((const char **)&(user.str), &start, user.length); - if (host.length > 0) + } + else + { + user.str= (char *) start++; + user.str[0]= '\0'; + } + + if (host.length) + { copy_str_and_move((const char **)&(host.str), &start, host.length); + } + else + { + host.str= (char *) start++; + host.str[0]= '\0'; + } /** if time_zone_len or catalog_len are 0, then time_zone and catalog |