MDEV-18046: Assortment of crashes, assertion failures and ASAN errors in mysql_show_binlog_events

Problem: ======== SHOW BINLOG EVENTS FROM <pos> reports following assert when ASAN is enabled. Rows_log_event::Rows_log_event(const char*, uint, const Format_description_log_event*): Assertion `var_header_len >= 2' Implemented part of upstream patch. commit: mysql/mysql-server@a3a497ccf7ecacc900551fb1e47ea4078b45c351 Fix: === **Part2: Avoid reading out of buffer limits**
author: Sujatha <sujatha.sivakumar@mariadb.com> 2019-12-18 15:00:20 +0530
committer: Sujatha <sujatha.sivakumar@mariadb.com> 2020-01-07 18:27:05 +0530
commit: 913f405d95d757d229892a0a5e3bd1d72efb2838 (patch)
tree: 6cdf2326fb6d0e0a5aeb8b4d28aabaf8212a17cb /sql/log_event.cc
parent: a6dd827a4d987a5c779ac0ce2658214f8678832f (diff)
download: mariadb-git-913f405d95d757d229892a0a5e3bd1d72efb2838.tar.gz
1 files changed, 8 insertions, 1 deletions
diff --git a/sql/log_event.cc b/sql/log_event.cc
index 65f29441e1a..588647fc390 100644
--- a/sql/log_event.cc
+++ b/sql/log_event.cc
@@ -9546,7 +9546,14 @@ Rows_log_event::Rows_log_event(const char *buf, uint event_len,
       which includes length bytes
     */
     var_header_len= uint2korr(post_start);
-    assert(var_header_len >= 2);
+    /* Check length and also avoid out of buffer read */
+    if (var_header_len < 2 ||
+        event_len < static_cast<unsigned int>(var_header_len +
+          (post_start - buf)))
+    {
+      m_cols.bitmap= 0;
+      DBUG_VOID_RETURN;
+    }
     var_header_len-= 2;
 
     /* Iterate over var-len header, extracting 'chunks' */
author	Sujatha <sujatha.sivakumar@mariadb.com>	2019-12-18 15:00:20 +0530
committer	Sujatha <sujatha.sivakumar@mariadb.com>	2020-01-07 18:27:05 +0530
commit	913f405d95d757d229892a0a5e3bd1d72efb2838 (patch)
tree	6cdf2326fb6d0e0a5aeb8b4d28aabaf8212a17cb /sql/log_event.cc
parent	a6dd827a4d987a5c779ac0ce2658214f8678832f (diff)
download	mariadb-git-913f405d95d757d229892a0a5e3bd1d72efb2838.tar.gz