From 1807f3a15642bbebbe141cf0a211d33a44635795 Mon Sep 17 00:00:00 2001 From: "mats@capulet.net" <> Date: Thu, 12 Apr 2007 09:47:45 +0200 Subject: [PATCH 1/5] Adding build file for Solaris on AMD64 --- BUILD/compile-solaris-amd64 | 55 +++++++++++++++++++++++++++++++++++++ 1 file changed, 55 insertions(+) create mode 100755 BUILD/compile-solaris-amd64 diff --git a/BUILD/compile-solaris-amd64 b/BUILD/compile-solaris-amd64 new file mode 100755 index 00000000000..f128fb12973 --- /dev/null +++ b/BUILD/compile-solaris-amd64 @@ -0,0 +1,55 @@ +#!/usr/bin/bash + +function _find_mysql_root () ( + while [ "x$PWD" != "x/" ]; do + # Check if some directories are present + if [ -d BUILD -a -d sql -a -d mysys ]; then + echo "$PWD" + return 0 + fi + cd .. + done + return 1 +) + +make -k clean || true +/bin/rm -f */.deps/*.P config.cache + +path=`dirname $0` +. "$path/autorun.sh" + +warning_flags="-Wimplicit -Wreturn-type -Wswitch -Wtrigraphs -Wcomment -W -Wchar-subscripts -Wformat -Wparentheses -Wsign-compare -Wwrite-strings -Wunused" +compiler_flags="-g -O3 -fno-omit-frame-pointer" + +export CC CXX CFLAGS CXXFLAGS LDFLAGS LIBS +CC="gcc" +CXX="gcc" +CFLAGS="$warning_flags $compiler_flags" +CXXFLAGS="" +LDFLAGS="-O3 -g -static-libgcc" +LIBS=-lmtmalloc +root=$(_find_mysql_root) + +$root/configure \ + --prefix=/usr/local/mysql \ + --localstatedir=/usr/local/mysql/data \ + --libexecdir=/usr/local/mysql/bin \ + --with-extra-charsets=complex \ + --enable-thread-safe-client \ + --enable-local-infile \ + --with-zlib-dir=bundled \ + --with-big-tables \ + --with-readline \ + --with-archive-storage-engine \ + --with-named-curses=-lcurses \ + --with-big-tables \ + --with-innodb \ + --with-berkeley-db \ + --with-example-storage-engine \ + --with-blackhole-storage-engine \ + --with-ndbcluster \ + --with-federated-storage-engine \ + --with-csv-storage-engine \ + --with-ssl \ + --with-embedded-server \ + --disable-shared From a432d3dec4c4f63c206db62b1dd6112197f5512a Mon Sep 17 00:00:00 2001 From: "mats@capulet.net" <> Date: Fri, 9 Nov 2007 13:43:09 +0100 Subject: [PATCH 2/5] BUG#31793 (log event corruption causes crash): When running mysqlbinlog on a 64-bit machine with a corrupt relay log, it causes mysqlbinlog to crash. In this case, the crash is caused because a request for 18446744073709534806U bytes is issued, which apparantly can be served on a 64-bit machine (speculatively, I assume) but this causes the memcpy() issued later to copy the data to segfault. The request for the number of bytes is caused by a computation of data_len - server_vars_len where server_vars_len is corrupt in such a sense that it is > data_len. This causes a wrap-around, with the the data_len given above. This patch adds a check that if server_vars_len is greater than data_len before the substraction, and aborts reading the event in that case marking the event as invalid. It also adds checks to see that reading the server variables does not go outside the bounds of the available space, giving a limited amount of integrity check. --- mysql-test/r/mysqlbinlog.result | 1 + mysql-test/std_data/corrupt-relay-bin.000624 | Bin 0 -> 91418 bytes mysql-test/t/mysqlbinlog.test | 4 + sql/log_event.cc | 95 ++++++++++++++++--- 4 files changed, 89 insertions(+), 11 deletions(-) create mode 100644 mysql-test/std_data/corrupt-relay-bin.000624 diff --git a/mysql-test/r/mysqlbinlog.result b/mysql-test/r/mysqlbinlog.result index d16a4c39a11..9f001c293de 100644 --- a/mysql-test/r/mysqlbinlog.result +++ b/mysql-test/r/mysqlbinlog.result @@ -325,4 +325,5 @@ flush logs; drop table t1; 1 drop table t1; +shell> mysqlbinlog std_data/corrupt-relay-bin.000624 > var/tmp/bug31793.sql End of 5.0 tests diff --git a/mysql-test/std_data/corrupt-relay-bin.000624 b/mysql-test/std_data/corrupt-relay-bin.000624 new file mode 100644 index 0000000000000000000000000000000000000000..21b4901211c939eff162cc9e3d12ea56240c0b65 GIT binary patch literal 91418 zcmdsg2Y_8wwe}E-6-7`~RJ@O;Z-P#e)5}0YPP=hPW)fy5U=WQd0|};?48~vqpCCnw z4a5ebf>IQbA}9g^3W|Ufp9NIj14SP{`eQ-F!u!@fXP>fXpSkzk%Z>NuDq%8vW^vB` zR$ptc{m+$aH+=gWFIn)yn@0Nj-qP3Cw-W#K_3hGU&Q@j{)~tyQlM|aaZC<-&V%AZc z*3DYC@hG-l_Qzh%?tRbh+p}*MeD>_?TiCbDK8)Orp#J*wmu9|yXZH2_ZCl>HZWf+k zwxTMUrI_>}^rQ43@h5%|U3mr`WG<-B_{{72`VIi;RqPSI{LW|d|IkbD#r(d$o%r8( z`L{m$U!NZ>7#g8p-Iadzl~|^K`ub)Z^t^jMKwqR}Uy0v!*za?)yY=(9@T-EHSB zldBWjqtPO7JnCD!Vavqk$=cctlN)QJQLuP4tj#4K=Qri<3q#IK&?Ky zczAi>jVvA+3cN*ZeSER-4fZqR%a-8Bu{Ja^9*vB%FO%;@W8=%mqVe&ekp*Ln!qD)N z(P(UJXz|GYwRfyocg)0=+Du0usP$`#V$V{QS*l%AltEn`RNVf7nyI*>g!&^l%>ONIQo3z~#^Y@1qivuu zPekKY_>Z^@4NkU~(a^1F&~Qw`1AA|{rfQm|okIgCs)j3rBl-Zr@mm=j$FrqRwgJb* zJI}6xdWP~P_{**Iojy*sIvh))(XquNwV6wol30Y0o#nx3gnxw@+xEM4OE*l_k95~| z6wS8HFs#=@$ICa$hK7_^j+6feAV(bUkUX7fpT78rh=aP zd8g8Izv&~fsn|Zx?OCQ78is1C^|}=(fnxZI9=JOGrKpzK@VQB;*4cBPi~VM5u&=MO ziMym+iaFU1NwH?@ieWe*MA$M+Pjy3EsT&Y&*Q?usrB;$+UzFlkV?$;zDQ^8Wx<`st z9fnxS$C()012x@-VK6na&xshjE*T0#BikYx>s6-_)6ct6FxDgwuQ;8S-oGv8tL-8W zuB-Zv=V@N3N1<*RifK8%6?uMLa}9`enLNznE+0Mjz3jR7-JWtBhH7Z*j^l?`5L&Jg zd5UiaKG@p#>XELX^uONRAsTU^(YXt#K&IF?rli zvrTFJHM&QRiypVs8pj^DX=n};-9{ew%nuRg+%F0-i+|YCC2bgoK!!#f|8TO^nW|gS zD8@hJ8^J4rQdMTV_><=orPW==+`w)O&Z&tVMi zWNNEoNEs{|3Kq^xoF+KVQzJ+*fXoG-<6^8h8XdBfzQ;nz7_B%mU9uPfD~lix^%mhr zW}3RA>bB$B0|*jbg!h($uXICoVB815>=Y&T6N%yBXao)%ez`;+4(R*SmZXtn-$!XD zue>GO$y8Y$z?Qz2IGOmVX`LP!2n!OvPC?ig01Pq^IN4t2Yn7tI>AVHgGVv3JV(7Y~ zxJAZR4b{YNkMtMu_|V4)k6UDT+|HKBSx7#W@%Tz&yiz=}P?D3ajz@E$WJ9k*vXNxI z3vBfed+`}{k*zZ0)%t7nj=Ho=ayp?2Y}Ev7$<-z8TPozgI-8j4j)bWW`lV3vcEtS?Tk_ji<%Xkz6xHM#l@jx=w)=kn;It0mb)LfDtaLCowZ$Cq5yfHx| z^?*oSz2;n6x~L6DcSz=u!~q;9yW^mdhSRa}a5PJGY%(5}X=!juO3)~HBwNp;Enh7| z<7;f`Lv5gOa5);BY%il>Qrs}5oCs$brd+X9RaY%aZlK<1I2jfy(^@D$;Fpo1ETFOL z`Gm%iGBoD1r5Vsv$!A*2LH0OLprH?HlvX#PpA=LR zVJ=DwKZIohM;v&=$C+fVIN$T;Hs_d4t5-};)KKUiu5Fo^tSucKn%lp1>(<#@S8Q3c zcEeGV8#ip)xMgzos*UUCY~3_#^|lRjR&7K>!iLE?D>hHAUA1mv4zbi6RhgrjbG%Xd zi>koZDYos*UNgCV9bPDm#)8qIC6r#6+ds6S=5JhC^H*$s+r;K0`nS}^)@+>EGEfUv zY@XOw3-R@aBl;(6W0S|MU%74qzfI4^k{u|N&sA*;+mfY6=F&dqOHXq%7RRP)g9_Xu zyT7(|&BW%3+S=7~(;Y2v@?D=NPF^FkxzGIqEuGYc&3#PdQMqYW*;s9ei)vO5kM+yi1- z9ynMqvo2);EXrUjT1miGkc~$#Bs4xKla2rQA}y_LLpB~4Wh2w_oNO`4RcU~ zY_Jv{6r~Uq*oYuB+caFbKuJyp-(gnQb*ZYDglnmJT*{)^8UH=+Z`k_2zBGXT3jVS) zvjDAc98>lJ)n>+_FY8cZ-zl_0Wi1~Xd^x03bOnO$xU;D;lBwa`TNeY* z@FL=#Gej|`LgC-p(#I1q2M6qjZ_e*%qk?7{bzKQe%W`bpusjb900uJXq3UUVU4c5w zUMVM5%p*!06|TIPUg>k&^SQkUHZinp4QVacGgQ~sL&MSQW~c`E4jhUG&rPAs@7Z&I zw~ZX}h^SUGLFQz8S&)nFS`L45*AUw~EShA_g`z0TkB*HT$u!H6ad$0^^Mgx?SAHO} zKf&={wsd?Oa14uZWIhKc+skmskw8P?j%|yUYy>~L7qhRIk{xYF)r-%kA zqf@>@OGXmQY!_t&{bOsM>8g$e`L;seaY7#*x~_t3wPSbJ%GrzmpylC#fbag&7S*(ZFm(=h+ahvM)N>sI62u~=6;pZ zCYe@OpkW40b5Nnmg{j%drzj2ukB)1aj>6pvR{UXNp|Iv)<1tWD1k6)*(N<$I9y-6j!7iVINBJ0u@B+&Z_}oqmf%qcD{o^S##g?82Kv=@MfrQYnipib}6Tc)So3+++vef};&M&bn-M3tH zdZ_5Nbde~eiew!PuxJTVl|Y^ebK~Qd>1#ZMt-A1Nw!|2e%_fe*f6)){hnqd9-ZNyfW$>jVVwzR1YIe%}toO80( z*{XZ+C_9#wDqh1hp>3cg$exg!clmel2Bdl?Y9;~vky(On(g z+^n*TVxxsNvyzNYK|HR$ozVD$OgtWEOY_N8%V#J8jqyl@%jXflx&tN;beOm4SA|W zp@TpsI)OAtwNv9^Q(IOsRgx6vXme8Aaqpc3$Lw3<%vEZ1S^f7eS~|K7mt;^>RT&(d z><$P=+~aZM1R15E2$>kB_%vAzML07H(A?>-6z(InOp0NH5TRN=`UA0iuRat`s zC)>+#Ojo@|X%?MwwhMcK>a}K?hLy`Q=yXo5q@m;M(v|lcd zXgS&HXfzek1`X$c$%43&h&B?1d>?GcKiHd9+y+a1shp)a*$%Ok=7fP6grV-B=S&YZo94@Drmy;z8lm5_ zQj)|KS&AI1*lTY6HM)nTO8nf^u>wn>EYG0$t~x-*RZp;`_qD-Q z7nE}qC)**e^4y^A_}Bz9)ICQx@P((iK2D(Ha3@-ED{+-3a#dCmZ2dL5hpVQwe(}^z zas!c8aB-lK!rE9_6|7&u7un+hVybyEUt}R$dS@HH$QKf(N?n{RpUcU1h^Z6{?elJg z(#xy0OjTn2()1xz6}U)8 zBZ=m+Tw`hhkqFKzn+2!ps9z9Uc?nw;g22zQrGFrOn0zW1(vDB?NXce}G)}fUTXhc} zW%*n-EX6{K3M0{C+fkuz^W-lHkWdDQ{va*!VXN85nFG!*DpOPXVlH@?_-aVTR}ZqK-QkoZpUTQ=l?X_dLgZwt^Hui%f+H@n z@@x!<=1__~nfI^YSiPR5bPa`$ZL6AtKc|dow0}*AEJ_eb{W(fmZDvaYZMccgP7q1S zW+^L9wwDnp(YvXCWx_XQde<~{n|hXHPJ6+-`pzSS#)wQl`hG)8Z)ih4jxCoDPPUiP z5K`=|pFu2G!oz+`+rC6Zgif=*@PBEE2By#lTelznHNT@H0Tc}bo$jajO8Pu6F5?`nVRKf zdl`-rHOt*w8%K%>1A;}>O~Rm2Ze-vwLSw1S=pDtD#@aA?uM>@4RyX5hdm0USlNhV> zqe%>x!qC+dIFXAIGp5L-Xb4SW1+#bE?+A~>WO)3AE&TyWg;x76W{G%Y(!t60G#*l~ zkfy`L^Kea<4Z)=@7z}I3yuw1}uz<$F|DVuUCYn4l9VfD-$u^vj(?rverFb~mUPglz zk1`va&cn4B9Eh24;Rm87-PLpp6-~$GO93mQ52u;jEDEJ`vKTd$WNe0N?f1ss$ z8-ScD0+NXbC)>+_$c;xXiq%ze%yk`uL0rAWcofiB`$yXHH_OoYLcG)l8fS`VWX9vo z3E5soqhV4(SLreV&BFZ|G=D4=57upL&c5NjeX@h3L1dH?Kt$|HhaO0QnbP={z_Z9I=7W+`{SqC(pTDus810Y zJJb7|Y)><`G-ybyFm(o?I~YNOX<>|ynmb1=1Puk&e*7uI<3ln$2L47%SGIx2St1^p zqTytF8V_mEka$NnSD;Sm(l1< z=JG}VBt#b6CYk%Nh%NoOjY|FJMMN_B;ADFl5xF5&;wTQnVJqwsTusGnyV8R`1#NZS z(}c#542_?$B@Ob?OahRoiZ=Yxax^&E9TW}2!i--G)1pJim{AY&PA6X*x<#{g+68DV zl%cVPEm2m#RWzQ7w%XP?5&8=qx}JGXA1n35_Kp8dSOa9$TU-R0s`hTjwixI+g80RkiE7=HUuV z9do_wL16muc!R)0x;D!ia%O}-R;=9ZvKzh9>^5}MdF4}2Ioax5^vq2?)o?0}?h9+M z7isfO2M*Mz5RTAiP|M=J@QITy^t5oCSYEO4b` zdokzobUri|*$L^;*-M^7Vmu~lCMvM}nk^mQhJ;@xB9awYIN6>?gfd{6dMFfFFboI- zn=G4B38+8P3GhOJ1vcBJNflEJ_kqtNK;9?=WGh>GM;m}#UJeK++tYwhxwimF{U7;cH0xoKkamW>;huU$Q`bzrZ_*2dqQ zoY*qC9M@G%;)bd%@zSb|n^!NNT)TcEyOo69zzFZfp;RO^2JXJbN%(B@QvHI{dh}vx zKkmlsKF)dpEghY`bLZ_~WYmqoH|maq6BoXMvtu|W>*8Vq%g3yJt1h*J zYWzy+a}U3eo;x>(qVvxkScV@sx@8%fK^FkHZr#MmH`UM`zaDCS*>h9Ko#uK^X3zbc zHWb3OqC&_#c}})E>voULY_6tcP}UdGRqDu3Q&PHr4`P*1%hdDUFQTQFwt>d=A{tqR zkCW|XG%PBamfW$3^sYk(+@YQEm5l=^nRZqw!KK-ev2FC?#>HIdr-0zmd z!O8YA9P+F~oOs7YXbw)c^Q;3}smO&)dfDQvgS7s=7s2u2@5OoE)E-idboq;E>Dr_Y zf_>|}j*XyH^*{@asBU;BMz8rk?jeXm$5bN4tcOkM*#F0#`;ScyqLO7qZxY!k^MX0q zUS=ctq&CJzxM>SKWKt^&OI|rR+@7)#>S@d)X18`@dPN~c?e9(8^7(|33P$feY^kpe zHG7u`2nC7H+d+u#*aMGP3CuQyvC)>-MR7`}X5doE+(Eo(No)}#T zd4|QtRW9si8%eiwL9X}NhgjvXgo_GjEM-f7X+zQeKtv;RpE%iGMx$u2isC)>+#l%1gF zX8|y?i4Fh&kLgcP7lP}-R}mn0%K$lsE%D&G6+ph8#xy0F>6ujBB_|qVZ~`)YJ#EalgVzf<6;isPft)6 znCi?|6I0zUW2*17C7St|d@4)%gCZK4(&c2UGgbGXQB=Cz1ZLey7|jNoM@pAmT|mIm zh=U~L6ez=6fMef(BRC$H!Lf`j@wwpmsmgHtM1&*rNI2PEhNCDP1vuzJM_k*@A`Cbr zlmg5$I)xJ^1vD<*kI;DT?SfxRCh!rq#M6SUpm9yP#^q$IqtTScZJb}MpmBdGW2#u= zw*DI3BjeLBRdSV?1{tSw8R!VrN;(h=OtsT%iK(71W2yt$(&9EW?!zJ)nP0`pR%fd2 zK|}DX3RN{6HMVR6XDhj1OlAV9PPkV4#X2V3F|7>%Tyel>MSk~6PY z%j)O1f)ZMSv%Zdw)Xy7sa>%4SY2`>?Bk`+#l<-x$JDFeA`fGF#Up1C;l?Ahg>L?~V zw-JE=NOSBE5hNx|+sVANX)fX_0OBYF$UGS!Ti6mW zAL6Gf19EM7EXK)J2c)T3tZ^MuzLQL!r$#LC(ta=URpzC&{u8o{8kKRHzs$r1txG_S{c5d1i`4Eajra6?#g>Me%jmoNRSr=yon*7b+OGgMolJ zsY6_(A)s`%%zl@1(Y*$-N+@y>rHNi((h|+nNj{ZT(?3NtGH;5L?P)Y1rc$m>#=_uA z9ys`{a0M{3{EBemwqPn&S+wbO86M}dC0>rkPgTa_8|9{gldXLPEU0c4BQd994 zk*zXQ(fVt2yO0-51roCf10%SS-fI;%#-|ZI@4d!%rj$yC1__XbA|PbD zcRGNUh7&-rbDg){cBn>v=vp|CZrN%*KnFP;0dqq=QXIcz;-T1Ud@XzKbGB!*jA`TU z0~fh#14rmXFY+TFK`VykI-%w{boqf)I~RS9Ke6Y2R~rJblPCaLMvIf}WdSJhT-A8m zmWp$B)agdeGAcSF zFRc5f;x)xZgY)Q>oHn@VS>;^B$?l+BL?cOT$8yL)!ufKV64p#!^z?&h%SS~nBG2_U zwzNwdXgps;BQt88Y%ilRb%b8ljDhAu3<$GnFc{34gIgSWOMV-GyjTPzQ?i_FF9T9kvbo$h3nerg!@=Srj)O~YnZ9kLWH0pzjYDNGH(p z;ioFcb$f|$WWvG8_A(qr;Yf35u?ON(t%A*5#Xx?Hi_V>|DbIR*FCsJ!m!YvsotBoi zAsqiMqLI}sIN4rCqcb&&H!YxT-ylQeY__zb4MaYhOk_wy)T{8{x*Pvsh+;yvIwH^9 zL1zPPRIWbrB-PkpNS4u!EaZ2oW@e>zbRp z7)4bG8o9%`cp(9Dg$$5W+0uL4konh$fMhn2lkH_drn8C23mTYRO3h@3hGdSCn<`sw z6Mw#l(6~y5#><9jX>%KB>{pHkC%Xfpp-_$x2|~?QF^GWGWn4GD+`5tb{Hv*XjdHzTw1P>=_;n&vkYL?!#mRPvuNs%1Wjk4N5a-q9 zeAW7EbP->%3lOHxE8y`IZctzsDLd#$cJ16{FY(D{jcz)d65qaJjQHw08DAaBmM(0= zx#|}I$!s|%Tb-}E2axG(Ij&AHs3(LfOel1i81d6YhW(;(LgNM*8V|Fj%i2KW1tJ<* z@`sb{Wi+Ns{^%}lvBzv$=INqF5S#VHmX{}goI?qYZ_D7=!j>*=1CG7R;oxL@8IIy` zm10A+ikrdElgHq|MPaU!o7Z0)u2KjDZ#|6QxLF3rj5pE}uRr0-%D&b0#xy0Y&E^@!1Mxk0Ee-aqvnrs#ld+4(a}MixVx3)SAM`Nw|h*K(?Og^uAu#RDz_i3t&pUA-<7mPBZ%k& z)zo<@S4<~DGnuWco?;r1b=}wex*uXlQ-s@4jp?L3eeVBa&;6yu{%@D(w!Fykbi-AH zAhayc39P{KkcW)wKITfU8lReSUVP7zmoaC z<>iA{P7tf?a))Hz#9?fSCVeKK%6`g%ax^&E9SRL=&`<}p_$nM!ax|PI02;W<)Uopy znwFz+@sWha5*Zr5VoS@~Kx3hZM%LiK$@VfDf|YN5&R`+waNrt3WW9(8Y1u!qrQD2* z&TCo24{@VU;3@T}jz(`yu{=`?l_*5TFi>6jH4FKcZ)&rgvzA_o-(ZL@E6cSfa#B_` z=VW`DlcvmVHwQIkP@_?52AYjEl*(CV7jxSUi;ZcBbBX-y0CEshGVLcGO}qX+86(Yo z8!hE->FhisX_{}$avfH>dp1?73HNPq!`%abIOrcX2Na zqBYlzEVZsicA&fPn+z*z%B}nII@<63w&!z4IOTv-8aQOBYASff2ysOUq*&MSkE`en zpPK~tH|)7-c4YFYEV#?c1(%cEfdn@fs!&p}#X~>yHW0U*E($IIvW+eAxCY;-49JbL z1VTKkhm)-iNK-^h^@{P*@_&C;kVP$vSYVnxa|6BXsZZ3Q5w^tI?m6y^#Fy-Fw`uZD?sl; zc~UG5mv`Mv&z(CW+<80Z`3`Qysw;lo#>r_P3N{Rb$oE{hL>B&N_}nDM^VxIra2emI zEXFsLi!mqLAu(dz+=DyB2LM~sWn^VDWY%yxpL;uyYb;zsvO zjLYM-!zYR3KPCz>G1XaYiO(a%H!3sLY8e{wPy|l4I#cxs8YUbin_YndG%Uk%2$`sG!9+KMxW}t8Y~(L7S4>lpyfm1Kz(%a z@bbVLSv)cnc#G&eXcQ2$~}(b)L%v1ojJXk@_{ePc8_WGQ`beA$u+e+d?k zhRer?hNFQci}5?S0Bir+q240=$V~LFV+0p+w*$JP<2aszB)X0}zA&K+tPCdtRcUpg zpJ)sZMg4csZo{w`%pG(E3X zu6mmYN0x8oWUF&k_rTGaeB-6>CPaK0B9E{oO1HF%$al)+oRh7NNKHAT*|>|;``<~JDWj^*YYqgc-A3|2DZotX$9+~V&Hrs}JPR%Bw7lM3YfiSa{W4l&tWtcj1Da!Gdj25KW59C z+VI50=9aAM0QTrF7(@Sk3BL_dCF#pVrkqa=v1&J{Ax zFxPWcT&p=y%MAKl+D@3-Xn8Oi;a}n0ERscAqBdw+gYa@{Th~l%o~W%|J(t>i*v1y> z0O9c@m+zLz<#B9@>Hw|E<;~@C$;oy|E*lpVD#+y;Q7*IavGv#J9=R-rk3#X4-Go6^ zfn*j&Q^nU${3kKhIWnfYk1g%j22*{voT)h34lz~ZWOoIo+EmU|t-nUMGL;Z^#Z1L2 z`skQON+Rdf(L4`T)_M556NstKmoe4;C(;rn=vviOx0N#$C)**WYMkk-z*KKNeg-xo zH~ee{Hsn`qQ(AwGVCmTS;^Am?`O-1`fe@2>M#Tk$l(j52%~`7KGUWdHj&vwbSd&%MRHb-8FK!f{u}u^?%I3eCxe%@I zPWOl$UOV5LTBs6n2aBaT4AdG;hgvvzsskN0=n}+lj|i9OtU8$_>xVL-JC`ld7}HjT z?idk|tf`5UtuA!kgGbS>auuki=h}3aU5$=XJEj^L&7@@?KZVfvFBuvGr_$1&+d$*k zax^&E9TW|NU7m_MDtS3*m35gc@GL{AK|1b(wB^4|(3me7|Ena8vb4rxmh8s*)(`#1 zI<|9-vdD-cORZq$MdLSk?VF z?{wOazssccXKd-DHXN4Y%cYf*t-h5#p*s!AMdMaf=02jM7za`j7&nyGS!WU&FS{#F z38oTBb?INRrPH=&JGAF`b;r~q%!=|A)pIq6Ci#bT3w2Ml7R%eAwb(eP3G&*9=#^-y zZL1deT_P7{6R|njUgjcse?v05*u-G~i*6j#bqq}_v=yrgwHV9$8;M%8U~&g zxSkeSPCf8ZVu~;;%}0NR7NAj2T0NS={~x9OrU`$o^8Xnk|JOk2Kt_#|?PdP&Oe%lt z$7tK%@?6L7MySelhiK)^0lS_}Xsk@o zD9H7<*i!Bqv(D=y%kxyvx1f7485Av{A*#k`V1i+DpkqDx^kPx2pJdNX!wFlJ>kpT6 z5huIja8a7EjjzPERTonTSS+I}iVD-v1Q#tlhq&lCnM{9xE$!0=8XpnS$h-_rwwKYM z&>)wi1003Imf>QYA|+T{T-bzbX^?`+=UprsXFMhEa{ng?kN=e6vG*rw$!`OX(?mS7 zmLE>Gm+>$Zlq>SZFtvDo35`A^9*84U)5Uc46pwhIkZV&KO-zKX`xNc^CuM5(HJ_%X zT%UR8)hsf2j<4ysWWY8&7xx+=Xm{#$%W^T9*$QxhUiSWJ;z@M-9$?R%yCtpj&+V$A ztKv+$7b%_{1vpUYo4TrbwiPHLjtn$>Zt6gM>1Sxa|JdYl0kVi7F#d7P}}t>9$P-lVCWqtB%+KUd^_LgNCqWI!DypK1F+ zWoUe+91Tu(M@0kYxbZ)-4oEyA4UE)ds*TFgc=9|#IR&&&@+;e4{cKeLtz-r80d9sKh5u zIN9o4#4BA(mr`{r-))gAYIzM~@SHUgwQ;JNk`pKAiNcWe0JZ)a-ILcV_5kHJBP-y+ zU1bw#OboNngrU&uSI|wneV$nU^P)5mS9xq{_cnCX`7$_M7M5_b)w!yB;IImwl29?k z$rHzZr8&OjC>7v1>k9OHOa>}P4?LxaVBOGF|mf{ zJeQjBZL=tNoFY;5I7 z07kw<&%Iqw*4v?Lhjo-lFd)WIeZ|7$mAX^MAi2ncb#6`oPGQf@Z@9)QRJP97iUN>% z+?;GL3&1oUx2YI58k~|AIzz#@&SreP2QDI3`GLs&q>f&CF)cl-4Rv&lh{nrd(M)F5 zIN4rCqgeLg=`lSXRE>m~Vw2s&-3%5hB4!y@cIKx)6fD|Nm(YIyPzJ^4*b)!@@l%xr zC`sl`zjHQtgOY!R%fd2LE{-KYZVX~xr`9`gA9>V*wUNZK;%jh zk<9*avb~H*Q9h=Gb+~eZjd0gBoUqi(uKy^Y@xWIJjX%lIct6b@F zvenUOO6fLEmQ+x>H^`VOR=TafM)!z$1EwOSOIZQjvW84%etIqZtF(o@z*OoL#5qsM zm}(tc;>qwJ^ykI+3Ze1XSy<(LGF6OhCbs7ivSylC$~k2#{dO ziN6x}Fit?BZbXOB3S4#4Rm4?)6}gH6zJso&r9HQ2po;vfUDusRQ9|2N>KZa2mKKJ( z8R@3w*UhHVvB$FK<`@08A`Q2QY?K*1PPV!Gs zPmySai@sCNMV#!8!$rmPE1ma5))m?ZM@vz(!?cAaxM;6$5UcdvBP7izZ7{-?_HV<9 z{h^3P7FKYwy^IF#49xcph+ZuED_xtNpFv8;U^594+h8D34s6(jtSR~M3%*H+%#b1S zAY0;TO#D=3NA~V=pM#UFj!09EY~y@r1)t+yk+HJuLF=#46UHJrmlYp9(G3j!vYW{c zKJ_hPs$FDEWnNE9JjdJ$Q{7X}RGe&wn5uEIx&l+(Co)y$$hQ6(-NRHxM^;o;%#n?i zm1^j^ksbD9fjA1R5=VB)jl??7l5y1s*%F<~OForV)z3sYvYay~Tb--A2aaZQ&bWND zXvgI_=lj1+P%M-|vG+~1#Lti6%gRvvT!bRC#xy0>T;U+nY%=!CUKv-YT}4rDx&30al7A2 zO!XESQ@w#Ly|0bP=K&FoOk;Ag)tRb$(CAD-<-FSnkrgsTe#Vym(S|$mu!snGcX4AD zC)>-26urANO^L?t8g2kYZor`ME}9a4cJi93Q>rCDYIIU7PgW-(=7I>FwEViW4lM7e=@+EDThfeT?)- z(=l~E^a90E!qQXCX~aNz+9%j^AKiwx@;gy#Guz0?R#!gVBeg}_Sjc=Bj;33hPG`Ev zHX62)8*`LoJ}Aj6mhcX~n|OSWdnHGjPh?A90UNRYxCXX>W-E$j)lT3@XF+GBFiy6Y z;V4m}Y|IfFgLTVvsdlRCaO91q=AHlK9zx?SGBozOmzJ(<0}V?=BWuOxWP2HnvR3SL z>XfP5ae;gKR_wx%(6#r`t{<5ILfT5?aZk*B>;Y*RU=s87OaoWEVc}ny`+!r8DTL@% zhqJ8=;NUJsBDqQ4Lu+={xsdnx>W^p}Ps(j$>Ty2Gmj2L2K=i1n^fN8P$@Vf|7qv{W zRI1~oiiv4Dq-8W0L+M#LE(wTA3-0rNOlX`bqCu|16Kv_J1PyFk=UpBXH{ao=J9s=1 zF6CBq+@pnKWnn$CFis)xN(TZJTnF_h^h*5FLws2|Zh5kti#XXGhl_Y-IPMHb+z4r> zn^H8J<|g3I(Iy=J6Mjlte!a|A-N2SEZo^iMinc0~X-;;>K_hkKQd4ChR}To#P>ue+ zrtYoT^L|3(Mp358tsZ7e{MN2kWaDq5Y-CA5PPUiP=u8su3l9(?H^~tBC0jbBjX>uw zA|hF!!^!qCBE>)l+DaQVl)*$>VS+0f&5|S_0v(+uzBEh%>c1d3ZV}-iqxUFV$~6vm z-smZ6sCXC|gbKAD;hr|QSalWmZAYq$;iw7}K~}~~)k6~Jiyo+6p1h>-rSz%J3ms2h zYRuRJH+k|hhk3Dt_P1XWjz5>-c*TRXlxwo=JdR#q*@1>k4Vq3>HF7Mk4i`qZea)$> zN9eZw`AHyqDc3yr|o^<78TV;XT%xOmeG)}ZtNV+~PYPBrs+WKpBPx_|l z$rno-C^}PHKULv%cwx9ewwZ3IXFo(7zuSG1rpJISo!Ewr*>(4OJ^<={siU0@ui|8@ zGgbGXQS4jEDcNKo1BQx|jj>G)?c=$VJ7@|f*NhgYWYf-hnDBUx43B%+(mQ}hGubp* zrr~)a9+?-$$@VfHf)~aCLG=nK;P@0~Gt+!3Of=9;6IX$zMxVkL`~`zFC5XK4*M!J? z86p#GiH3i+ipcHdY8PZnCq0#D#8>t8J;sDBHSoz~6n-!T^7p$;8ndRpDyLJPLJDh_ jn@0NjUXN|rXM*0GHi$l(C)TalHf!bD4YOg*EY18s!pkWV literal 0 HcmV?d00001 diff --git a/mysql-test/t/mysqlbinlog.test b/mysql-test/t/mysqlbinlog.test index 451eef17108..c83fe94f2eb 100644 --- a/mysql-test/t/mysqlbinlog.test +++ b/mysql-test/t/mysqlbinlog.test @@ -237,4 +237,8 @@ let $c= `select $a=$b`; --echo $c drop table t1; +echo shell> mysqlbinlog std_data/corrupt-relay-bin.000624 > var/tmp/bug31793.sql; +error 1; +exec $MYSQL_BINLOG $MYSQL_TEST_DIR/std_data/corrupt-relay-bin.000624 > $MYSQLTEST_VARDIR/tmp/bug31793.sql; + --echo End of 5.0 tests diff --git a/sql/log_event.cc b/sql/log_event.cc index 3899e772bf8..0e257bf7f6c 100644 --- a/sql/log_event.cc +++ b/sql/log_event.cc @@ -1400,17 +1400,46 @@ Query_log_event::Query_log_event(THD* thd_arg, const char* query_arg, /* 2 utility functions for the next method */ -/* - Get the pointer for a string (src) that contains the length in - the first byte. Set the output string (dst) to the string value - and place the length of the string in the byte after the string. +/** + Read a string with length from memory. + + This function reads the string-with-length stored at + src and extract the length into *len and + a pointer to the start of the string into *dst. The + string can then be copied using memcpy() with the + number of bytes given in *len. + + @param src Pointer to variable holding a pointer to the memory to + read the string from. + @param dst Pointer to variable holding a pointer where the actual + string starts. Starting from this position, the string + can be copied using @c memcpy(). + @param len Pointer to variable where the length will be stored. + @param end One-past-the-end of the memory where the string is + stored. + + @return Zero if the entire string can be copied successfully, + @c UINT_MAX if the length could not be read from memory + (that is, if *src >= end), otherwise the + number of bytes that are missing to read the full + string, which happends *dst + *len >= end. */ -static void get_str_len_and_pointer(const Log_event::Byte **src, - const char **dst, - uint *len) +static int +get_str_len_and_pointer(const Log_event::Byte **src, + const char **dst, + uint *len, + const Log_event::Byte *end) { - if ((*len= **src)) - *dst= (char *)*src + 1; // Will be copied later + if (*src >= end) + return -1; // Will be UINT_MAX in two-complement arithmetics + uint length= **src; + if (length > 0) + { + if (*src + length >= end) + return *src + length - end; // Number of bytes missing + *dst= (char *)*src + 1; // Will be copied later + } + *len= length; (*src)+= *len + 1; } @@ -1424,6 +1453,23 @@ static void copy_str_and_move(const char **src, *(*dst)++= 0; } + +/** + Macro to check that there is enough space to read from memory. + + @param PTR Pointer to memory + @param END End of memory + @param CNT Number of bytes that should be read. + */ +#define CHECK_SPACE(PTR,END,CNT) \ + do { \ + DBUG_ASSERT((PTR) + (CNT) <= (END)); \ + if ((PTR) + (CNT) > (END)) { \ + query= 0; \ + DBUG_VOID_RETURN; \ + } \ + } while (0) + /* Query_log_event::Query_log_event() This is used by the SQL slave thread to prepare the event before execution. @@ -1475,6 +1521,17 @@ Query_log_event::Query_log_event(const char* buf, uint event_len, if (tmp) { status_vars_len= uint2korr(buf + Q_STATUS_VARS_LEN_OFFSET); + /* + Check if status variable length is corrupt and will lead to very + wrong data. We could be even more strict and require data_len to + be even bigger, but this will suffice to catch most corruption + errors that can lead to a crash. + */ + if (status_vars_len >= min(data_len + 1, MAX_SIZE_LOG_EVENT_STATUS)) + { + query= 0; + DBUG_VOID_RETURN; + } data_len-= status_vars_len; DBUG_PRINT("info", ("Query_log_event has status_vars_len: %u", (uint) status_vars_len)); @@ -1494,6 +1551,7 @@ Query_log_event::Query_log_event(const char* buf, uint event_len, { switch (*pos++) { case Q_FLAGS2_CODE: + CHECK_SPACE(pos, end, 4); flags2_inited= 1; flags2= uint4korr(pos); DBUG_PRINT("info",("In Query_log_event, read flags2: %lu", (ulong) flags2)); @@ -1504,6 +1562,7 @@ Query_log_event::Query_log_event(const char* buf, uint event_len, #ifndef DBUG_OFF char buff[22]; #endif + CHECK_SPACE(pos, end, 8); sql_mode_inited= 1; sql_mode= (ulong) uint8korr(pos); // QQ: Fix when sql_mode is ulonglong DBUG_PRINT("info",("In Query_log_event, read sql_mode: %s", @@ -1512,15 +1571,21 @@ Query_log_event::Query_log_event(const char* buf, uint event_len, break; } case Q_CATALOG_NZ_CODE: - get_str_len_and_pointer(&pos, &catalog, &catalog_len); + if (get_str_len_and_pointer(&pos, &catalog, &catalog_len, end)) + { + query= 0; + DBUG_VOID_RETURN; + } break; case Q_AUTO_INCREMENT: + CHECK_SPACE(pos, end, 4); auto_increment_increment= uint2korr(pos); auto_increment_offset= uint2korr(pos+2); pos+= 4; break; case Q_CHARSET_CODE: { + CHECK_SPACE(pos, end, 6); charset_inited= 1; memcpy(charset, pos, 6); pos+= 6; @@ -1528,20 +1593,28 @@ Query_log_event::Query_log_event(const char* buf, uint event_len, } case Q_TIME_ZONE_CODE: { - get_str_len_and_pointer(&pos, &time_zone_str, &time_zone_len); + if (get_str_len_and_pointer(&pos, &time_zone_str, &time_zone_len, end)) + { + query= 0; + DBUG_VOID_RETURN; + } break; } case Q_CATALOG_CODE: /* for 5.0.x where 0<=x<=3 masters */ + CHECK_SPACE(pos, end, 1); if ((catalog_len= *pos)) catalog= (char*) pos+1; // Will be copied later + CHECK_SPACE(pos, end, catalog_len + 2); pos+= catalog_len+2; // leap over end 0 catalog_nz= 0; // catalog has end 0 in event break; case Q_LC_TIME_NAMES_CODE: + CHECK_SPACE(pos, end, 2); lc_time_names_number= uint2korr(pos); pos+= 2; break; case Q_CHARSET_DATABASE_CODE: + CHECK_SPACE(pos, end, 2); charset_database_number= uint2korr(pos); pos+= 2; break; From 0f42488cb434d91dd7c6527503c06c0561cec098 Mon Sep 17 00:00:00 2001 From: "mats@kindahl-laptop.dnsalias.net" <> Date: Mon, 12 Nov 2007 22:02:12 +0100 Subject: [PATCH 3/5] BUG#31793 (log event corruption causes crash): Corrections to get_str_len_and_pointer(). --- sql/log_event.cc | 47 +++++++++++++++++++++++++++++++++++++---------- 1 file changed, 37 insertions(+), 10 deletions(-) diff --git a/sql/log_event.cc b/sql/log_event.cc index f2b7fcbd236..5c3fcf2f86b 100644 --- a/sql/log_event.cc +++ b/sql/log_event.cc @@ -1436,11 +1436,12 @@ get_str_len_and_pointer(const Log_event::Byte **src, if (length > 0) { if (*src + length >= end) - return *src + length - end; // Number of bytes missing + return *src + length - end + 1; // Number of bytes missing *dst= (char *)*src + 1; // Will be copied later } *len= length; - (*src)+= *len + 1; + *src+= length + 1; + return 0; } static void copy_str_and_move(const char **src, @@ -1454,6 +1455,23 @@ static void copy_str_and_move(const char **src, } +static char const *code_name(int code) { + char buf[255]; + switch (code) { + case Q_FLAGS2_CODE: return "Q_FLAGS2_CODE"; + case Q_SQL_MODE_CODE: return "Q_SQL_MODE_CODE"; + case Q_CATALOG_CODE: return "Q_CATALOG_CODE"; + case Q_AUTO_INCREMENT: return "Q_AUTO_INCREMENT"; + case Q_CHARSET_CODE: return "Q_CHARSET_CODE"; + case Q_TIME_ZONE_CODE: return "Q_TIME_ZONE_CODE"; + case Q_CATALOG_NZ_CODE: return "Q_CATALOG_NZ_CODE"; + case Q_LC_TIME_NAMES_CODE: return "Q_LC_TIME_NAMES_CODE"; + case Q_CHARSET_DATABASE_CODE: return "Q_CHARSET_DATABASE_CODE"; + } + sprintf(buf, "CODE#%d", code); + return buf; +} + /** Macro to check that there is enough space to read from memory. @@ -1461,13 +1479,15 @@ static void copy_str_and_move(const char **src, @param END End of memory @param CNT Number of bytes that should be read. */ -#define CHECK_SPACE(PTR,END,CNT) \ - do { \ - DBUG_ASSERT((PTR) + (CNT) <= (END)); \ - if ((PTR) + (CNT) > (END)) { \ - query= 0; \ - DBUG_VOID_RETURN; \ - } \ +#define CHECK_SPACE(PTR,END,CNT) \ + do { \ + DBUG_PRINT("info", ("Read %s", code_name(pos[-1]))); \ + DBUG_ASSERT((PTR) + (CNT) <= (END)); \ + if ((PTR) + (CNT) > (END)) { \ + DBUG_PRINT("info", ("query= 0")); \ + query= 0; \ + DBUG_VOID_RETURN; \ + } \ } while (0) /* @@ -1527,8 +1547,10 @@ Query_log_event::Query_log_event(const char* buf, uint event_len, be even bigger, but this will suffice to catch most corruption errors that can lead to a crash. */ - if (status_vars_len >= min(data_len + 1, MAX_SIZE_LOG_EVENT_STATUS)) + if (status_vars_len > min(data_len, MAX_SIZE_LOG_EVENT_STATUS)) { + DBUG_PRINT("info", ("status_vars_len: %d; data_len: %d; query= 0", + status_vars_len, data_len)); query= 0; DBUG_VOID_RETURN; } @@ -1571,8 +1593,11 @@ Query_log_event::Query_log_event(const char* buf, uint event_len, break; } case Q_CATALOG_NZ_CODE: + DBUG_PRINT("info", ("case Q_CATALOG_NZ_CODE; pos: 0x%lx; end: 0x%lx", + pos, end)); if (get_str_len_and_pointer(&pos, &catalog, &catalog_len, end)) { + DBUG_PRINT("info", ("query= 0")); query= 0; DBUG_VOID_RETURN; } @@ -1595,6 +1620,7 @@ Query_log_event::Query_log_event(const char* buf, uint event_len, { if (get_str_len_and_pointer(&pos, &time_zone_str, &time_zone_len, end)) { + DBUG_PRINT("info", ("Q_TIME_ZONE_CODE: query= 0")); query= 0; DBUG_VOID_RETURN; } @@ -2124,6 +2150,7 @@ end: */ thd->catalog= 0; thd->set_db(NULL, 0); /* will free the current database */ + DBUG_PRINT("info", ("end: query= 0")); thd->query= 0; // just to be sure thd->query_length= 0; VOID(pthread_mutex_unlock(&LOCK_thread_count)); From 0cf6e38cb5878fd76052f802b3e948b5c8b5779a Mon Sep 17 00:00:00 2001 From: "mats@kindahl-laptop.dnsalias.net" <> Date: Tue, 13 Nov 2007 09:01:42 +0100 Subject: [PATCH 4/5] Fixes to eliminate warnings. --- sql/log_event.cc | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/sql/log_event.cc b/sql/log_event.cc index 5c3fcf2f86b..13c15924210 100644 --- a/sql/log_event.cc +++ b/sql/log_event.cc @@ -1455,8 +1455,10 @@ static void copy_str_and_move(const char **src, } -static char const *code_name(int code) { - char buf[255]; +static char const * +code_name(int code) +{ + static char buf[255]; switch (code) { case Q_FLAGS2_CODE: return "Q_FLAGS2_CODE"; case Q_SQL_MODE_CODE: return "Q_SQL_MODE_CODE"; @@ -1549,7 +1551,7 @@ Query_log_event::Query_log_event(const char* buf, uint event_len, */ if (status_vars_len > min(data_len, MAX_SIZE_LOG_EVENT_STATUS)) { - DBUG_PRINT("info", ("status_vars_len: %d; data_len: %d; query= 0", + DBUG_PRINT("info", ("status_vars_len (%u) > data_len (%lu); query= 0", status_vars_len, data_len)); query= 0; DBUG_VOID_RETURN; @@ -1594,7 +1596,7 @@ Query_log_event::Query_log_event(const char* buf, uint event_len, } case Q_CATALOG_NZ_CODE: DBUG_PRINT("info", ("case Q_CATALOG_NZ_CODE; pos: 0x%lx; end: 0x%lx", - pos, end)); + (ulong) pos, (ulong) end)); if (get_str_len_and_pointer(&pos, &catalog, &catalog_len, end)) { DBUG_PRINT("info", ("query= 0")); From 6e1f5f6eedd838f05692662673d94a31d5245704 Mon Sep 17 00:00:00 2001 From: "mats@kindahl-laptop.dnsalias.net" <> Date: Tue, 13 Nov 2007 09:43:29 +0100 Subject: [PATCH 5/5] Elimination of warning for unused function code_name() in non-debug mode. --- sql/log_event.cc | 2 ++ 1 file changed, 2 insertions(+) diff --git a/sql/log_event.cc b/sql/log_event.cc index 13c15924210..d22973d12a3 100644 --- a/sql/log_event.cc +++ b/sql/log_event.cc @@ -1455,6 +1455,7 @@ static void copy_str_and_move(const char **src, } +#ifndef DBUG_OFF static char const * code_name(int code) { @@ -1473,6 +1474,7 @@ code_name(int code) sprintf(buf, "CODE#%d", code); return buf; } +#endif /** Macro to check that there is enough space to read from memory.