diff options
| author | Sergey Glukhov <Sergey.Glukhov@sun.com> | 2010-06-21 15:19:14 +0400 |
|---|---|---|
| committer | Sergey Glukhov <Sergey.Glukhov@sun.com> | 2010-06-21 15:19:14 +0400 |
| commit | bc401730d655ec434406f56bda65d2678a4ca7c3 (patch) | |
| tree | d90d07aa06f130b5e228628148a57653d997c150 /sql/sql_binlog.cc | |
| parent | 4d5d3553bfea4ccd58a570ca73c83167762e739e (diff) | |
| parent | f48306344ac2a17f19222d30ba8fc23b146bdf12 (diff) | |
| download | mariadb-git-bc401730d655ec434406f56bda65d2678a4ca7c3.tar.gz | |
5.1-bugteam->trunk-merge merge
Diffstat (limited to 'sql/sql_binlog.cc')
| -rw-r--r-- | sql/sql_binlog.cc | 29 |
1 files changed, 12 insertions, 17 deletions
diff --git a/sql/sql_binlog.cc b/sql/sql_binlog.cc index 0730f7df00c..e5ac1a3f1af 100644 --- a/sql/sql_binlog.cc +++ b/sql/sql_binlog.cc @@ -52,9 +52,13 @@ void mysql_client_binlog_statement(THD* thd) if (check_global_access(thd, SUPER_ACL)) DBUG_VOID_RETURN; - size_t coded_len= thd->lex->comment.length + 1; + size_t coded_len= thd->lex->comment.length; + if (!coded_len) + { + my_error(ER_SYNTAX_ERROR, MYF(0)); + DBUG_VOID_RETURN; + } size_t decoded_len= base64_needed_decoded_length(coded_len); - DBUG_ASSERT(coded_len > 0); /* Allocation @@ -155,14 +159,16 @@ void mysql_client_binlog_statement(THD* thd) /* Checking that the first event in the buffer is not truncated. */ - ulong event_len= uint4korr(bufptr + EVENT_LEN_OFFSET); - DBUG_PRINT("info", ("event_len=%lu, bytes_decoded=%d", - event_len, bytes_decoded)); - if (bytes_decoded < EVENT_LEN_OFFSET || (uint) bytes_decoded < event_len) + ulong event_len; + if (bytes_decoded < EVENT_LEN_OFFSET + 4 || + (event_len= uint4korr(bufptr + EVENT_LEN_OFFSET)) > + (uint) bytes_decoded) { my_error(ER_SYNTAX_ERROR, MYF(0)); goto end; } + DBUG_PRINT("info", ("event_len=%lu, bytes_decoded=%d", + event_len, bytes_decoded)); /* If we have not seen any Format_description_event, then we must @@ -200,17 +206,6 @@ void mysql_client_binlog_statement(THD* thd) bufptr += event_len; DBUG_PRINT("info",("ev->get_type_code()=%d", ev->get_type_code())); -#ifndef HAVE_purify - /* - This debug printout should not be used for valgrind builds - since it will read from unassigned memory. - */ - DBUG_PRINT("info",("bufptr+EVENT_TYPE_OFFSET: 0x%lx", - (long) (bufptr+EVENT_TYPE_OFFSET))); - DBUG_PRINT("info", ("bytes_decoded: %d bufptr: 0x%lx buf[EVENT_LEN_OFFSET]: %lu", - bytes_decoded, (long) bufptr, - (ulong) uint4korr(bufptr+EVENT_LEN_OFFSET))); -#endif ev->thd= thd; /* We go directly to the application phase, since we don't need |