diff options
| author | Sergey Glukhov <Sergey.Glukhov@sun.com> | 2010-06-21 15:19:14 +0400 |
|---|---|---|
| committer | Sergey Glukhov <Sergey.Glukhov@sun.com> | 2010-06-21 15:19:14 +0400 |
| commit | 1704783e84f2c7b9b9bc1ab7a36e548e6631b0bc (patch) | |
| tree | d90d07aa06f130b5e228628148a57653d997c150 /sql/sql_binlog.cc | |
| parent | 100f88b86e44d01a6ff6974bdac644113f1a262c (diff) | |
| parent | b36a02822430ce90285f067f8e6e8d87859732aa (diff) | |
| download | mariadb-git-1704783e84f2c7b9b9bc1ab7a36e548e6631b0bc.tar.gz | |
5.1-bugteam->trunk-merge merge
Diffstat (limited to 'sql/sql_binlog.cc')
| -rw-r--r-- | sql/sql_binlog.cc | 29 |
1 files changed, 12 insertions, 17 deletions
diff --git a/sql/sql_binlog.cc b/sql/sql_binlog.cc index 0730f7df00c..e5ac1a3f1af 100644 --- a/sql/sql_binlog.cc +++ b/sql/sql_binlog.cc @@ -52,9 +52,13 @@ void mysql_client_binlog_statement(THD* thd) if (check_global_access(thd, SUPER_ACL)) DBUG_VOID_RETURN; - size_t coded_len= thd->lex->comment.length + 1; + size_t coded_len= thd->lex->comment.length; + if (!coded_len) + { + my_error(ER_SYNTAX_ERROR, MYF(0)); + DBUG_VOID_RETURN; + } size_t decoded_len= base64_needed_decoded_length(coded_len); - DBUG_ASSERT(coded_len > 0); /* Allocation @@ -155,14 +159,16 @@ void mysql_client_binlog_statement(THD* thd) /* Checking that the first event in the buffer is not truncated. */ - ulong event_len= uint4korr(bufptr + EVENT_LEN_OFFSET); - DBUG_PRINT("info", ("event_len=%lu, bytes_decoded=%d", - event_len, bytes_decoded)); - if (bytes_decoded < EVENT_LEN_OFFSET || (uint) bytes_decoded < event_len) + ulong event_len; + if (bytes_decoded < EVENT_LEN_OFFSET + 4 || + (event_len= uint4korr(bufptr + EVENT_LEN_OFFSET)) > + (uint) bytes_decoded) { my_error(ER_SYNTAX_ERROR, MYF(0)); goto end; } + DBUG_PRINT("info", ("event_len=%lu, bytes_decoded=%d", + event_len, bytes_decoded)); /* If we have not seen any Format_description_event, then we must @@ -200,17 +206,6 @@ void mysql_client_binlog_statement(THD* thd) bufptr += event_len; DBUG_PRINT("info",("ev->get_type_code()=%d", ev->get_type_code())); -#ifndef HAVE_purify - /* - This debug printout should not be used for valgrind builds - since it will read from unassigned memory. - */ - DBUG_PRINT("info",("bufptr+EVENT_TYPE_OFFSET: 0x%lx", - (long) (bufptr+EVENT_TYPE_OFFSET))); - DBUG_PRINT("info", ("bytes_decoded: %d bufptr: 0x%lx buf[EVENT_LEN_OFFSET]: %lu", - bytes_decoded, (long) bufptr, - (ulong) uint4korr(bufptr+EVENT_LEN_OFFSET))); -#endif ev->thd= thd; /* We go directly to the application phase, since we don't need |