diff options
| author | Venkatesh Duggirala <venkatesh.duggirala@oracle.com> | 2013-12-17 22:11:22 +0530 |
|---|---|---|
| committer | Venkatesh Duggirala <venkatesh.duggirala@oracle.com> | 2013-12-17 22:11:22 +0530 |
| commit | 5fa9664b07f9b45f883abb138966c6e49239eb3e (patch) | |
| tree | abc3738abd56fe93dd6a945ef5605b39f7cf6420 /sql/log_event.h | |
| parent | afd24eb63d0ad230f62f041fa6123f2ad9c7b5c5 (diff) | |
| download | mariadb-git-5fa9664b07f9b45f883abb138966c6e49239eb3e.tar.gz | |
Bug#17632978 SLAVE CRASHES IF ROW EVENT IS CORRUPTED
(MYSQLBINLOG -V CRASHES WITH THAT BINLOG)
Problem: If slave receives a corrupted row event,
slave server is crashing.
Analysis: When slave is unpacking the row event, it is
not validating the data before applying the event. If the
data is corrupted for eg: the length of a field is wrong,
it could end up reading wrong data leading to a crash.
A similar problem happens when mysqlbinlog tool is used
against a corrupted binlog using '-v' option. Due to -v
option, the tool tries to print the values of all the
fields. Corrupted field length could lead to a crash.
Fix: Before unpacking the field, a verification
will be made on the length. If it falls into the event
range, only then it will be unpacked. Otherwise,
"ER_SLAVE_CORRUPT_EVENT" error will be thrown.
Incase mysqlbinlog -v case, the field value will not be
printed and the processing of the file will be stopped.
sql/field.h:
Removed a function which is not required anymore
sql/log_event.cc:
Adding a validation on the field length before
the tool tries to print the value.
sql/log_event.h:
Changing unpack_row call according to the new arguments
sql/log_event_old.h:
Changing unpack_row call according to the new arguments
sql/rpl_record.cc:
Adding a new argument 'row_end' which tells
the end position of the complete data in the
row event. It will be used to do validation
before doing 'unpack' field.
sql/rpl_record.h:
Adding a new argument 'row_end' which tells
the end position of the complete data in the
row event. It will be used to do validation
before doing 'unpack' field.
sql/rpl_utility.cc:
Now calc_field_size() is required for client too.
Diffstat (limited to 'sql/log_event.h')
| -rw-r--r-- | sql/log_event.h | 8 |
1 files changed, 2 insertions, 6 deletions
diff --git a/sql/log_event.h b/sql/log_event.h index fa17b32bef2..460d7244d07 100644 --- a/sql/log_event.h +++ b/sql/log_event.h @@ -3732,12 +3732,8 @@ protected: DBUG_ASSERT(m_table); ASSERT_OR_RETURN_ERROR(m_curr_row < m_rows_end, HA_ERR_CORRUPT_EVENT); - int const result= ::unpack_row(rli, m_table, m_width, m_curr_row, &m_cols, - &m_curr_row_end, &m_master_reclength); - if (m_curr_row_end > m_rows_end) - my_error(ER_SLAVE_CORRUPT_EVENT, MYF(0)); - ASSERT_OR_RETURN_ERROR(m_curr_row_end <= m_rows_end, HA_ERR_CORRUPT_EVENT); - return result; + return ::unpack_row(rli, m_table, m_width, m_curr_row, &m_cols, + &m_curr_row_end, &m_master_reclength, m_rows_end); } #endif |