2 files changed, 17 insertions, 2 deletions

diff --git a/sql/log_event.cc b/sql/log_event.cc
index e8881c77f2b..d731c39d9c5 100644
--- a/sql/log_event.cc
+++ b/sql/log_event.cc
@@ -5902,7 +5902,7 @@ int Load_log_event::copy_log_event(const char *buf, ulong event_len,
 {
   DBUG_ENTER("Load_log_event::copy_log_event");
   uint data_len;
-  if ((int) event_len < body_offset)
+  if ((int) event_len <= body_offset)
     DBUG_RETURN(1);
   char* buf_end = (char*)buf + event_len;
   /* this is the beginning of the post-header */
@@ -9535,6 +9535,12 @@ Rows_log_event::Rows_log_event(const char *buf, uint event_len,
 
   uint8 const post_header_len= description_event->post_header_len[event_type-1];
 
+  if (event_len < (uint)(common_header_len + post_header_len))
+  {
+    m_cols.bitmap= 0;
+    DBUG_VOID_RETURN;
+  }
+
   DBUG_PRINT("enter",("event_len: %u  common_header_len: %d  "
 		      "post_header_len: %d",
 		      event_len, common_header_len,
@@ -11043,6 +11049,7 @@ Table_map_log_event::Table_map_log_event(const char *buf, uint event_len,
   const char *post_start= buf + common_header_len;
 
   post_start+= TM_MAPID_OFFSET;
+  VALIDATE_BYTES_READ(post_start, buf, event_len);
   if (post_header_len == 6)
   {
     /* Master is of an intermediate source tree before 5.1.4. Id is 4 bytes */
diff --git a/sql/log_event.h b/sql/log_event.h
index 2c8dc3d7353..1337e9a7d69 100644
--- a/sql/log_event.h
+++ b/sql/log_event.h
@@ -2057,7 +2057,15 @@ public:        /* !!! Public in this patch to allow old usage */
  ****************************************************************************/
 struct sql_ex_info
 {
-  sql_ex_info() {}                            /* Remove gcc warning */
+  sql_ex_info():
+    cached_new_format(-1),
+    field_term_len(0),
+    enclosed_len(0),
+    line_term_len(0),
+    line_start_len(0),
+    escaped_len(0),
+    empty_flags(0)
+  {}                            /* Remove gcc warning */
   const char* field_term;
   const char* enclosed;
   const char* line_term;