From: Sergei Golubchik <[email protected]>
validate xid.gtrid_length and xid.bqual_length just like XID_EVENT does
---
mysql-test/main/mysqlbinlog.result | 20 +++++++++++++++++++
mysql-test/main/mysqlbinlog.test | 8 ++++++++
mysql-test/std_data/mdev-39404-binlog.000001 | Bin 0 -> 657 bytes
sql/log_event.cc | 4 +++-
4 files changed, 31 insertions(+), 1 deletion(-)
create mode 100644 mysql-test/std_data/mdev-39404-binlog.000001
diff --git a/mysql-test/main/mysqlbinlog.result
b/mysql-test/main/mysqlbinlog.result
index 1d4df621ebb..53f59b67c93 100644
--- a/mysql-test/main/mysqlbinlog.result
+++ b/mysql-test/main/mysqlbinlog.result
@@ -1332,3 +1332,23 @@ FOUND 1 /Number of rows: 2/ in mdev24959_2.txt
FOUND 1 /DROP TABLE/ in mdev24959_2.txt
FOUND 1 /INSERT INTO .* VALUES/ in mdev24959_2.txt
FOUND 1 /SET /[*] no columns [*]// in mdev24959_2.txt
+#
+# MDEV-39404 Gtid_log_event crash
+#
+/*!50530 SET @@SESSION.PSEUDO_SLAVE_MODE=1*/;
+/*!40019 SET @@session.max_insert_delayed_threads=0*/;
+/*!50003 SET @OLD_COMPLETION_TYPE=@@COMPLETION_TYPE,COMPLETION_TYPE=0*/;
+DELIMITER /*!*/;
+# at 4
+#260422 10:44:37 server id 1 end_log_pos 256 CRC32 0xcb5fac99 Start:
binlog v 4, server v 10.6.26-MariaDB-debug-log created 260422 10:44:37 at
startup
+ROLLBACK/*!*/;
+BINLOG '
+laboaQ8BAAAA/AAAAAABAAAAAAQAMTAuNi4yNi1NYXJpYURCLWRlYnVnLWxvZwAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAACVpuhpEzgNAAgAEgAEBAQEEgAA5AAEGggAAAAICAgCAAAACgoKAAAAAAAA
+CgoKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAEEwQADQgICAoKCgGZrF/L
+'/*!*/;
+ERROR: Error in Log_event::read_log_event(): 'Found invalid event in binary
log', data_len: 401, event_type: 162
+ERROR: Could not read entry at offset 256: Error in log format or read error.
+# End of 10.6 tests
diff --git a/mysql-test/main/mysqlbinlog.test b/mysql-test/main/mysqlbinlog.test
index ceb6ff2eee6..3cb216e0994 100644
--- a/mysql-test/main/mysqlbinlog.test
+++ b/mysql-test/main/mysqlbinlog.test
@@ -716,3 +716,11 @@ SET SESSION binlog_row_image= default;
--remove_file $MYSQLTEST_VARDIR/tmp/mdev24959_1.txt
--remove_file $MYSQLTEST_VARDIR/tmp/mdev24959_2.txt
+
+--echo #
+--echo # MDEV-39404 Gtid_log_event crash
+--echo #
+--error 1
+--exec $MYSQL_BINLOG $MYSQL_TEST_DIR/std_data/mdev-39404-binlog.000001 2>& 1
+
+--echo # End of 10.6 tests
diff --git a/mysql-test/std_data/mdev-39404-binlog.000001
b/mysql-test/std_data/mdev-39404-binlog.000001
new file mode 100644
index
0000000000000000000000000000000000000000..3f1a11b3d53bd77e03cea3096fc956ece6ef2c37
GIT binary patch
literal 657
zcmeyDl$kem*^5kmMg|6kKS0a?Vlc2U7#irA=^2^n`X&}-Cb~H3rlcm7rt9Y9r-P)i
z0+2Dn7Q74`3_=VnKp@1x@PvUyiUX*agM)(!NO5s-L3F|ySPi13Ad4^y1251yKo>C1
tToZqK8qm>;Kwh2*B;EoY$-%&kWPb)oYSnII#{U^Iv8RzFMwv7U0RXFC9wz_*
literal 0
HcmV?d00001
diff --git a/sql/log_event.cc b/sql/log_event.cc
index 04385e886c9..1175b3be7c7 100644
--- a/sql/log_event.cc
+++ b/sql/log_event.cc
@@ -2676,8 +2676,10 @@ Gtid_log_event::Gtid_log_event(const uchar *buf, uint
event_len,
buf+= 2;
long data_length= xid.bqual_length + xid.gtrid_length;
- if (event_len < static_cast<uint>(buf - buf_0) + data_length)
+ if (event_len < static_cast<uint>(buf - buf_0) + data_length ||
+ xid.gtrid_length > MAXGTRIDSIZE || xid.bqual_length > MAXBQUALSIZE)
{
+ xid.formatID= -1;
seq_no= 0;
return;
}
--
2.47.3
_______________________________________________
commits mailing list -- [email protected]
To unsubscribe send an email to [email protected]
