summaryrefslogtreecommitdiff
path: root/sql/log_event.cc
diff options
context:
space:
mode:
authorunknown <mats@kindahl-laptop.dnsalias.net>2007-11-12 22:02:12 +0100
committerunknown <mats@kindahl-laptop.dnsalias.net>2007-11-12 22:02:12 +0100
commit06d24289296bc315ed24d300a5a54ec1e6f0bab2 (patch)
tree03d0b20d9ceb412da4e30d06a0cfbf4349b622fc /sql/log_event.cc
parent4c1caa9d4c6cd499b1c2757a4060ab9268298927 (diff)
downloadmariadb-git-06d24289296bc315ed24d300a5a54ec1e6f0bab2.tar.gz
BUG#31793 (log event corruption causes crash):
Corrections to get_str_len_and_pointer(). sql/log_event.cc: Adding missing return at end of get_str_len_and_pointer() and correcting computation of missing bytes.
Diffstat (limited to 'sql/log_event.cc')
-rw-r--r--sql/log_event.cc47
1 files changed, 37 insertions, 10 deletions
diff --git a/sql/log_event.cc b/sql/log_event.cc
index f2b7fcbd236..5c3fcf2f86b 100644
--- a/sql/log_event.cc
+++ b/sql/log_event.cc
@@ -1436,11 +1436,12 @@ get_str_len_and_pointer(const Log_event::Byte **src,
if (length > 0)
{
if (*src + length >= end)
- return *src + length - end; // Number of bytes missing
+ return *src + length - end + 1; // Number of bytes missing
*dst= (char *)*src + 1; // Will be copied later
}
*len= length;
- (*src)+= *len + 1;
+ *src+= length + 1;
+ return 0;
}
static void copy_str_and_move(const char **src,
@@ -1454,6 +1455,23 @@ static void copy_str_and_move(const char **src,
}
+static char const *code_name(int code) {
+ char buf[255];
+ switch (code) {
+ case Q_FLAGS2_CODE: return "Q_FLAGS2_CODE";
+ case Q_SQL_MODE_CODE: return "Q_SQL_MODE_CODE";
+ case Q_CATALOG_CODE: return "Q_CATALOG_CODE";
+ case Q_AUTO_INCREMENT: return "Q_AUTO_INCREMENT";
+ case Q_CHARSET_CODE: return "Q_CHARSET_CODE";
+ case Q_TIME_ZONE_CODE: return "Q_TIME_ZONE_CODE";
+ case Q_CATALOG_NZ_CODE: return "Q_CATALOG_NZ_CODE";
+ case Q_LC_TIME_NAMES_CODE: return "Q_LC_TIME_NAMES_CODE";
+ case Q_CHARSET_DATABASE_CODE: return "Q_CHARSET_DATABASE_CODE";
+ }
+ sprintf(buf, "CODE#%d", code);
+ return buf;
+}
+
/**
Macro to check that there is enough space to read from memory.
@@ -1461,13 +1479,15 @@ static void copy_str_and_move(const char **src,
@param END End of memory
@param CNT Number of bytes that should be read.
*/
-#define CHECK_SPACE(PTR,END,CNT) \
- do { \
- DBUG_ASSERT((PTR) + (CNT) <= (END)); \
- if ((PTR) + (CNT) > (END)) { \
- query= 0; \
- DBUG_VOID_RETURN; \
- } \
+#define CHECK_SPACE(PTR,END,CNT) \
+ do { \
+ DBUG_PRINT("info", ("Read %s", code_name(pos[-1]))); \
+ DBUG_ASSERT((PTR) + (CNT) <= (END)); \
+ if ((PTR) + (CNT) > (END)) { \
+ DBUG_PRINT("info", ("query= 0")); \
+ query= 0; \
+ DBUG_VOID_RETURN; \
+ } \
} while (0)
/*
@@ -1527,8 +1547,10 @@ Query_log_event::Query_log_event(const char* buf, uint event_len,
be even bigger, but this will suffice to catch most corruption
errors that can lead to a crash.
*/
- if (status_vars_len >= min(data_len + 1, MAX_SIZE_LOG_EVENT_STATUS))
+ if (status_vars_len > min(data_len, MAX_SIZE_LOG_EVENT_STATUS))
{
+ DBUG_PRINT("info", ("status_vars_len: %d; data_len: %d; query= 0",
+ status_vars_len, data_len));
query= 0;
DBUG_VOID_RETURN;
}
@@ -1571,8 +1593,11 @@ Query_log_event::Query_log_event(const char* buf, uint event_len,
break;
}
case Q_CATALOG_NZ_CODE:
+ DBUG_PRINT("info", ("case Q_CATALOG_NZ_CODE; pos: 0x%lx; end: 0x%lx",
+ pos, end));
if (get_str_len_and_pointer(&pos, &catalog, &catalog_len, end))
{
+ DBUG_PRINT("info", ("query= 0"));
query= 0;
DBUG_VOID_RETURN;
}
@@ -1595,6 +1620,7 @@ Query_log_event::Query_log_event(const char* buf, uint event_len,
{
if (get_str_len_and_pointer(&pos, &time_zone_str, &time_zone_len, end))
{
+ DBUG_PRINT("info", ("Q_TIME_ZONE_CODE: query= 0"));
query= 0;
DBUG_VOID_RETURN;
}
@@ -2124,6 +2150,7 @@ end:
*/
thd->catalog= 0;
thd->set_db(NULL, 0); /* will free the current database */
+ DBUG_PRINT("info", ("end: query= 0"));
thd->query= 0; // just to be sure
thd->query_length= 0;
VOID(pthread_mutex_unlock(&LOCK_thread_count));
View Lorry Controller Status