diff options
author | Venkatesh Duggirala <venkatesh.duggirala@oracle.com> | 2013-12-17 22:11:22 +0530 |
---|---|---|
committer | Venkatesh Duggirala <venkatesh.duggirala@oracle.com> | 2013-12-17 22:11:22 +0530 |
commit | 5fa9664b07f9b45f883abb138966c6e49239eb3e (patch) | |
tree | abc3738abd56fe93dd6a945ef5605b39f7cf6420 /sql/rpl_record.h | |
parent | afd24eb63d0ad230f62f041fa6123f2ad9c7b5c5 (diff) | |
download | mariadb-git-5fa9664b07f9b45f883abb138966c6e49239eb3e.tar.gz |
Bug#17632978 SLAVE CRASHES IF ROW EVENT IS CORRUPTED
(MYSQLBINLOG -V CRASHES WITH THAT BINLOG)
Problem: If slave receives a corrupted row event,
slave server is crashing.
Analysis: When slave is unpacking the row event, it is
not validating the data before applying the event. If the
data is corrupted for eg: the length of a field is wrong,
it could end up reading wrong data leading to a crash.
A similar problem happens when mysqlbinlog tool is used
against a corrupted binlog using '-v' option. Due to -v
option, the tool tries to print the values of all the
fields. Corrupted field length could lead to a crash.
Fix: Before unpacking the field, a verification
will be made on the length. If it falls into the event
range, only then it will be unpacked. Otherwise,
"ER_SLAVE_CORRUPT_EVENT" error will be thrown.
Incase mysqlbinlog -v case, the field value will not be
printed and the processing of the file will be stopped.
sql/field.h:
Removed a function which is not required anymore
sql/log_event.cc:
Adding a validation on the field length before
the tool tries to print the value.
sql/log_event.h:
Changing unpack_row call according to the new arguments
sql/log_event_old.h:
Changing unpack_row call according to the new arguments
sql/rpl_record.cc:
Adding a new argument 'row_end' which tells
the end position of the complete data in the
row event. It will be used to do validation
before doing 'unpack' field.
sql/rpl_record.h:
Adding a new argument 'row_end' which tells
the end position of the complete data in the
row event. It will be used to do validation
before doing 'unpack' field.
sql/rpl_utility.cc:
Now calc_field_size() is required for client too.
Diffstat (limited to 'sql/rpl_record.h')
-rw-r--r-- | sql/rpl_record.h | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/sql/rpl_record.h b/sql/rpl_record.h index e7d80960fe4..df3e6873af2 100644 --- a/sql/rpl_record.h +++ b/sql/rpl_record.h @@ -1,4 +1,4 @@ -/* Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved. +/* Copyright (c) 2007, 2013, Oracle and/or its affiliates. All rights reserved. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -32,7 +32,8 @@ size_t pack_row(TABLE* table, MY_BITMAP const* cols, int unpack_row(Relay_log_info const *rli, TABLE *table, uint const colcnt, uchar const *const row_data, MY_BITMAP const *cols, - uchar const **const row_end, ulong *const master_reclength); + uchar const **const curr_row_end, ulong *const master_reclength, + uchar const *const row_end); // Fill table's record[0] with default values. int prepare_record(TABLE *const table, const uint skip, const bool check); |