From a42ef108157e3791c57c5b0a5bce6b360b477e3d Mon Sep 17 00:00:00 2001
From: Sujatha <sujatha.sivakumar@mariadb.com>
Date: Wed, 18 Dec 2019 15:01:19 +0530
Subject: MDEV-18046: Assortment of crashes, assertion failures and ASAN errors
 in mysql_show_binlog_events

Problem:
========
SHOW BINLOG EVENTS FROM <pos> reports following ASAN error

heap-buffer-overflow within "my_strndup" in Rotate_log_event

my_strndup /mysys/my_malloc.c:254
Rotate_log_event::Rotate_log_event(char const*, unsigned int,
    Format_description_log_event const*)

Fix:
===
**Part4: Improved the check for event_len validation**
---
 sql/log_event.cc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sql/log_event.cc b/sql/log_event.cc
index c22743501aa..aa5ae9e2eb9 100644
--- a/sql/log_event.cc
+++ b/sql/log_event.cc
@@ -6449,7 +6449,7 @@ Rotate_log_event::Rotate_log_event(const char* buf, uint event_len,
   // The caller will ensure that event_len is what we have at EVENT_LEN_OFFSET
   uint8 post_header_len= description_event->post_header_len[ROTATE_EVENT-1];
   uint ident_offset;
-  if (event_len < LOG_EVENT_MINIMAL_HEADER_LEN)
+  if (event_len < (uint)(LOG_EVENT_MINIMAL_HEADER_LEN + post_header_len))
     DBUG_VOID_RETURN;
   buf+= LOG_EVENT_MINIMAL_HEADER_LEN;
   pos= post_header_len ? uint8korr(buf + R_POS_OFFSET) : 4;
-- 
cgit v1.2.1