diff options
| author | Joao Gramacho <joao.gramacho@oracle.com> | 2018-02-02 11:45:56 +0000 |
|---|---|---|
| committer | Joao Gramacho <joao.gramacho@oracle.com> | 2018-02-02 11:45:56 +0000 |
| commit | 3fb2f8db179c2ea9a15fcc2f142c5b98c5aab17a (patch) | |
| tree | 730795e568eeeda2480567b628141657f154a083 /sql/sql_priv.h | |
| parent | 2af9e8af6efba951e33e148d0b1a34beb25be831 (diff) | |
| download | mariadb-git-3fb2f8db179c2ea9a15fcc2f142c5b98c5aab17a.tar.gz | |
BUG#24365972 BINLOG DECODING ISN'T RESILIENT TO CORRUPT BINLOG FILES
Problem
=======
When facing decoding of corrupt binary log files, server may misbehave
without detecting the events corruption.
This patch makes MySQL server more resilient to binary log decoding.
Fixes for events de-serialization and apply
===========================================
@sql/log_event.cc
Query_log_event::Query_log_event: added a check to ensure query length
is respecting event buffer limits.
Query_log_event::do_apply_event: extended a debug print, added a check
to character set to determine if it is "parseable" or not, verified if
database name is valid for system collation.
Start_log_event_v3::do_apply_event: report an error on applying a
non-supported binary log version.
Load_log_event::copy_log_event: added a check to table_name length.
User_var_log_event::User_var_log_event: added checks to avoid reading
out of buffer limits.
User_var_log_event::do_apply_event: reported an sanity check error
properly and added individual sanity checks for variable types that
expect fixed (or minimum) amount of bytes to be read.
Rows_log_event::Rows_log_event: added checks to avoid reading out of
buffer limits.
@sql/log_event_old.cc
Old_rows_log_event::Old_rows_log_event: added a sanity check to avoid
reading out of buffer limits.
@sql/sql_priv.h
Added a sanity check to available_buffer() function.
Diffstat (limited to 'sql/sql_priv.h')
| -rw-r--r-- | sql/sql_priv.h | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/sql/sql_priv.h b/sql/sql_priv.h index 523220b3c03..b12d22e3fc7 100644 --- a/sql/sql_priv.h +++ b/sql/sql_priv.h @@ -1,4 +1,4 @@ -/* Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved. +/* Copyright (c) 2000, 2018, Oracle and/or its affiliates. All rights reserved. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -191,6 +191,11 @@ template <class T> T available_buffer(const char* buf_start, const char* buf_current, T buf_len) { + /* Sanity check */ + if (buf_current < buf_start || + buf_len < static_cast<T>(buf_current - buf_start)) + return static_cast<T>(0); + return buf_len - (buf_current - buf_start); } |