database/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-07-30 16:24:05 +03:00
Code Activity

BUG#24365972 BINLOG DECODING ISN'T RESILIENT TO CORRUPT BINLOG FILES

Browse Source 
Problem
=======

When facing decoding of corrupt binary log files, server may misbehave
without detecting the events corruption.

This patch makes MySQL server more resilient to binary log decoding.

Fixes for events de-serialization and apply
===========================================

@sql/log_event.cc

Query_log_event::Query_log_event: added a check to ensure query length
is respecting event buffer limits.

Query_log_event::do_apply_event: extended a debug print, added a check
to character set to determine if it is "parseable" or not, verified if
database name is valid for system collation.

Start_log_event_v3::do_apply_event: report an error on applying a
non-supported binary log version.

Load_log_event::copy_log_event: added a check to table_name length.

User_var_log_event::User_var_log_event: added checks to avoid reading
out of buffer limits.

User_var_log_event::do_apply_event: reported an sanity check error
properly and added individual sanity checks for variable types that
expect fixed (or minimum) amount of bytes to be read.

Rows_log_event::Rows_log_event: added checks to avoid reading out of
buffer limits.

@sql/log_event_old.cc

Old_rows_log_event::Old_rows_log_event: added a sanity check to avoid
reading out of buffer limits.

@sql/sql_priv.h

Added a sanity check to available_buffer() function.
This commit is contained in:
Joao Gramacho
2018-02-02 11:45:56 +00:00
parent 2af9e8af6e
commit 3fb2f8db17
3 changed files with 136 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
sql/sql_priv.h
View File

@ -1,4 +1,4 @@
/* Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved.
/* Copyright (c) 2000, 2018, Oracle and/or its affiliates. All rights reserved.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@ -191,6 +191,11 @@ template <class T> T available_buffer(const char* buf_start,
const char* buf_current,
T buf_len)
{
/* Sanity check */
if (buf_current < buf_start ||
buf_len < static_cast<T>(buf_current - buf_start))
return static_cast<T>(0);
return buf_len - (buf_current - buf_start);
}