mirror of
				https://github.com/MariaDB/server.git
				synced 2025-10-24 07:13:33 +03:00 
			
		
		
		
	 a432d3dec4
			
		
	
	a432d3dec4
	
	
	
		
			
			When running mysqlbinlog on a 64-bit machine with a corrupt relay log, it causes mysqlbinlog to crash. In this case, the crash is caused because a request for 18446744073709534806U bytes is issued, which apparantly can be served on a 64-bit machine (speculatively, I assume) but this causes the memcpy() issued later to copy the data to segfault. The request for the number of bytes is caused by a computation of data_len - server_vars_len where server_vars_len is corrupt in such a sense that it is > data_len. This causes a wrap-around, with the the data_len given above. This patch adds a check that if server_vars_len is greater than data_len before the substraction, and aborts reading the event in that case marking the event as invalid. It also adds checks to see that reading the server variables does not go outside the bounds of the available space, giving a limited amount of integrity check.
		
			
				
	
	
		
			330 lines
		
	
	
		
			11 KiB
		
	
	
	
		
			Plaintext
		
	
	
	
	
	
			
		
		
	
	
			330 lines
		
	
	
		
			11 KiB
		
	
	
	
		
			Plaintext
		
	
	
	
	
	
| set timestamp=1000000000;
 | |
| drop table if exists t1,t2,t3,t4,t5,t03,t04;
 | |
| create table t1 (word varchar(20));
 | |
| create table t2 (id int auto_increment not null primary key);
 | |
| insert into t1 values ("abirvalg");
 | |
| insert into t2 values ();
 | |
| load data infile '../std_data_ln/words.dat' into table t1;
 | |
| load data infile '../std_data_ln/words.dat' into table t1;
 | |
| load data infile '../std_data_ln/words.dat' into table t1;
 | |
| load data infile '../std_data_ln/words.dat' into table t1;
 | |
| load data infile '../std_data_ln/words.dat' into table t1;
 | |
| insert into t1 values ("Alas");
 | |
| flush logs;
 | |
| 
 | |
| --- Local --
 | |
| /*!40019 SET @@session.max_insert_delayed_threads=0*/;
 | |
| /*!50003 SET @OLD_COMPLETION_TYPE=@@COMPLETION_TYPE,COMPLETION_TYPE=0*/;
 | |
| DELIMITER /*!*/;
 | |
| ROLLBACK/*!*/;
 | |
| use test/*!*/;
 | |
| SET TIMESTAMP=1000000000/*!*/;
 | |
| SET @@session.foreign_key_checks=1, @@session.sql_auto_is_null=1, @@session.unique_checks=1/*!*/;
 | |
| SET @@session.sql_mode=0/*!*/;
 | |
| /*!\C latin1 *//*!*/;
 | |
| SET @@session.character_set_client=8,@@session.collation_connection=8,@@session.collation_server=8/*!*/;
 | |
| drop table if exists t1,t2,t3,t4,t5,t03,t04/*!*/;
 | |
| SET TIMESTAMP=1000000000/*!*/;
 | |
| create table t1 (word varchar(20))/*!*/;
 | |
| SET TIMESTAMP=1000000000/*!*/;
 | |
| create table t2 (id int auto_increment not null primary key)/*!*/;
 | |
| SET TIMESTAMP=1000000000/*!*/;
 | |
| insert into t1 values ("abirvalg")/*!*/;
 | |
| SET INSERT_ID=1/*!*/;
 | |
| SET TIMESTAMP=1000000000/*!*/;
 | |
| insert into t2 values ()/*!*/;
 | |
| SET TIMESTAMP=1000000000/*!*/;
 | |
| load data LOCAL INFILE 'MYSQLTEST_VARDIR/tmp/SQL_LOAD_MB-1-0' INTO table t1/*!*/;
 | |
| SET TIMESTAMP=1000000000/*!*/;
 | |
| load data LOCAL INFILE 'MYSQLTEST_VARDIR/tmp/SQL_LOAD_MB-2-0' INTO table t1/*!*/;
 | |
| SET TIMESTAMP=1000000000/*!*/;
 | |
| load data LOCAL INFILE 'MYSQLTEST_VARDIR/tmp/SQL_LOAD_MB-3-0' INTO table t1/*!*/;
 | |
| SET TIMESTAMP=1000000000/*!*/;
 | |
| load data LOCAL INFILE 'MYSQLTEST_VARDIR/tmp/SQL_LOAD_MB-4-0' INTO table t1/*!*/;
 | |
| DELIMITER ;
 | |
| # End of log file
 | |
| ROLLBACK /* added by mysqlbinlog */;
 | |
| /*!50003 SET COMPLETION_TYPE=@OLD_COMPLETION_TYPE*/;
 | |
| 
 | |
| --- Broken LOAD DATA --
 | |
| /*!40019 SET @@session.max_insert_delayed_threads=0*/;
 | |
| /*!50003 SET @OLD_COMPLETION_TYPE=@@COMPLETION_TYPE,COMPLETION_TYPE=0*/;
 | |
| DELIMITER /*!*/;
 | |
| use test/*!*/;
 | |
| SET TIMESTAMP=1000000000/*!*/;
 | |
| SET @@session.foreign_key_checks=1, @@session.sql_auto_is_null=1, @@session.unique_checks=1/*!*/;
 | |
| SET @@session.sql_mode=0/*!*/;
 | |
| /*!\C latin1 *//*!*/;
 | |
| SET @@session.character_set_client=8,@@session.collation_connection=8,@@session.collation_server=8/*!*/;
 | |
| insert into t1 values ("Alas")/*!*/;
 | |
| DELIMITER ;
 | |
| # End of log file
 | |
| ROLLBACK /* added by mysqlbinlog */;
 | |
| /*!50003 SET COMPLETION_TYPE=@OLD_COMPLETION_TYPE*/;
 | |
| 
 | |
| --- --database --
 | |
| /*!40019 SET @@session.max_insert_delayed_threads=0*/;
 | |
| /*!50003 SET @OLD_COMPLETION_TYPE=@@COMPLETION_TYPE,COMPLETION_TYPE=0*/;
 | |
| DELIMITER /*!*/;
 | |
| ROLLBACK/*!*/;
 | |
| SET INSERT_ID=1/*!*/;
 | |
| DELIMITER ;
 | |
| # End of log file
 | |
| ROLLBACK /* added by mysqlbinlog */;
 | |
| /*!50003 SET COMPLETION_TYPE=@OLD_COMPLETION_TYPE*/;
 | |
| 
 | |
| --- --position --
 | |
| /*!40019 SET @@session.max_insert_delayed_threads=0*/;
 | |
| /*!50003 SET @OLD_COMPLETION_TYPE=@@COMPLETION_TYPE,COMPLETION_TYPE=0*/;
 | |
| DELIMITER /*!*/;
 | |
| use test/*!*/;
 | |
| SET TIMESTAMP=1000000000/*!*/;
 | |
| SET @@session.foreign_key_checks=1, @@session.sql_auto_is_null=1, @@session.unique_checks=1/*!*/;
 | |
| SET @@session.sql_mode=0/*!*/;
 | |
| /*!\C latin1 *//*!*/;
 | |
| SET @@session.character_set_client=8,@@session.collation_connection=8,@@session.collation_server=8/*!*/;
 | |
| insert into t1 values ("Alas")/*!*/;
 | |
| DELIMITER ;
 | |
| # End of log file
 | |
| ROLLBACK /* added by mysqlbinlog */;
 | |
| /*!50003 SET COMPLETION_TYPE=@OLD_COMPLETION_TYPE*/;
 | |
| 
 | |
| --- Remote --
 | |
| /*!40019 SET @@session.max_insert_delayed_threads=0*/;
 | |
| /*!50003 SET @OLD_COMPLETION_TYPE=@@COMPLETION_TYPE,COMPLETION_TYPE=0*/;
 | |
| DELIMITER /*!*/;
 | |
| ROLLBACK/*!*/;
 | |
| use test/*!*/;
 | |
| SET TIMESTAMP=1000000000/*!*/;
 | |
| SET @@session.foreign_key_checks=1, @@session.sql_auto_is_null=1, @@session.unique_checks=1/*!*/;
 | |
| SET @@session.sql_mode=0/*!*/;
 | |
| /*!\C latin1 *//*!*/;
 | |
| SET @@session.character_set_client=8,@@session.collation_connection=8,@@session.collation_server=8/*!*/;
 | |
| drop table if exists t1,t2,t3,t4,t5,t03,t04/*!*/;
 | |
| SET TIMESTAMP=1000000000/*!*/;
 | |
| create table t1 (word varchar(20))/*!*/;
 | |
| SET TIMESTAMP=1000000000/*!*/;
 | |
| create table t2 (id int auto_increment not null primary key)/*!*/;
 | |
| SET TIMESTAMP=1000000000/*!*/;
 | |
| insert into t1 values ("abirvalg")/*!*/;
 | |
| SET INSERT_ID=1/*!*/;
 | |
| SET TIMESTAMP=1000000000/*!*/;
 | |
| insert into t2 values ()/*!*/;
 | |
| SET TIMESTAMP=1000000000/*!*/;
 | |
| load data LOCAL INFILE 'MYSQLTEST_VARDIR/tmp/SQL_LOAD_MB-1-2' INTO table t1/*!*/;
 | |
| SET TIMESTAMP=1000000000/*!*/;
 | |
| load data LOCAL INFILE 'MYSQLTEST_VARDIR/tmp/SQL_LOAD_MB-2-2' INTO table t1/*!*/;
 | |
| SET TIMESTAMP=1000000000/*!*/;
 | |
| load data LOCAL INFILE 'MYSQLTEST_VARDIR/tmp/SQL_LOAD_MB-3-2' INTO table t1/*!*/;
 | |
| SET TIMESTAMP=1000000000/*!*/;
 | |
| load data LOCAL INFILE 'MYSQLTEST_VARDIR/tmp/SQL_LOAD_MB-4-2' INTO table t1/*!*/;
 | |
| DELIMITER ;
 | |
| # End of log file
 | |
| ROLLBACK /* added by mysqlbinlog */;
 | |
| /*!50003 SET COMPLETION_TYPE=@OLD_COMPLETION_TYPE*/;
 | |
| 
 | |
| --- Broken LOAD DATA --
 | |
| /*!40019 SET @@session.max_insert_delayed_threads=0*/;
 | |
| /*!50003 SET @OLD_COMPLETION_TYPE=@@COMPLETION_TYPE,COMPLETION_TYPE=0*/;
 | |
| DELIMITER /*!*/;
 | |
| use test/*!*/;
 | |
| SET TIMESTAMP=1000000000/*!*/;
 | |
| SET @@session.foreign_key_checks=1, @@session.sql_auto_is_null=1, @@session.unique_checks=1/*!*/;
 | |
| SET @@session.sql_mode=0/*!*/;
 | |
| /*!\C latin1 *//*!*/;
 | |
| SET @@session.character_set_client=8,@@session.collation_connection=8,@@session.collation_server=8/*!*/;
 | |
| insert into t1 values ("Alas")/*!*/;
 | |
| DELIMITER ;
 | |
| # End of log file
 | |
| ROLLBACK /* added by mysqlbinlog */;
 | |
| /*!50003 SET COMPLETION_TYPE=@OLD_COMPLETION_TYPE*/;
 | |
| 
 | |
| --- --database --
 | |
| /*!40019 SET @@session.max_insert_delayed_threads=0*/;
 | |
| /*!50003 SET @OLD_COMPLETION_TYPE=@@COMPLETION_TYPE,COMPLETION_TYPE=0*/;
 | |
| DELIMITER /*!*/;
 | |
| ROLLBACK/*!*/;
 | |
| SET INSERT_ID=1/*!*/;
 | |
| DELIMITER ;
 | |
| # End of log file
 | |
| ROLLBACK /* added by mysqlbinlog */;
 | |
| /*!50003 SET COMPLETION_TYPE=@OLD_COMPLETION_TYPE*/;
 | |
| 
 | |
| --- --position --
 | |
| /*!40019 SET @@session.max_insert_delayed_threads=0*/;
 | |
| /*!50003 SET @OLD_COMPLETION_TYPE=@@COMPLETION_TYPE,COMPLETION_TYPE=0*/;
 | |
| DELIMITER /*!*/;
 | |
| use test/*!*/;
 | |
| SET TIMESTAMP=1000000000/*!*/;
 | |
| SET @@session.foreign_key_checks=1, @@session.sql_auto_is_null=1, @@session.unique_checks=1/*!*/;
 | |
| SET @@session.sql_mode=0/*!*/;
 | |
| /*!\C latin1 *//*!*/;
 | |
| SET @@session.character_set_client=8,@@session.collation_connection=8,@@session.collation_server=8/*!*/;
 | |
| insert into t1 values ("Alas")/*!*/;
 | |
| DELIMITER ;
 | |
| # End of log file
 | |
| ROLLBACK /* added by mysqlbinlog */;
 | |
| /*!50003 SET COMPLETION_TYPE=@OLD_COMPLETION_TYPE*/;
 | |
| 
 | |
| --- reading stdin --
 | |
| /*!40019 SET @@session.max_insert_delayed_threads=0*/;
 | |
| /*!50003 SET @OLD_COMPLETION_TYPE=@@COMPLETION_TYPE,COMPLETION_TYPE=0*/;
 | |
| DELIMITER /*!*/;
 | |
| ROLLBACK/*!*/;
 | |
| use test/*!*/;
 | |
| SET TIMESTAMP=1108844556/*!*/;
 | |
| BEGIN/*!*/;
 | |
| SET TIMESTAMP=1108844555/*!*/;
 | |
| insert t1 values (1)/*!*/;
 | |
| DELIMITER ;
 | |
| # End of log file
 | |
| ROLLBACK /* added by mysqlbinlog */;
 | |
| /*!50003 SET COMPLETION_TYPE=@OLD_COMPLETION_TYPE*/;
 | |
| /*!40019 SET @@session.max_insert_delayed_threads=0*/;
 | |
| /*!50003 SET @OLD_COMPLETION_TYPE=@@COMPLETION_TYPE,COMPLETION_TYPE=0*/;
 | |
| DELIMITER /*!*/;
 | |
| use test/*!*/;
 | |
| SET TIMESTAMP=1108844556/*!*/;
 | |
| BEGIN/*!*/;
 | |
| SET TIMESTAMP=1108844555/*!*/;
 | |
| insert t1 values (1)/*!*/;
 | |
| DELIMITER ;
 | |
| # End of log file
 | |
| ROLLBACK /* added by mysqlbinlog */;
 | |
| /*!50003 SET COMPLETION_TYPE=@OLD_COMPLETION_TYPE*/;
 | |
| drop table t1,t2;
 | |
| flush logs;
 | |
| select * from t5  /* must be (1),(1) */;
 | |
| a
 | |
| 1
 | |
| 1
 | |
| drop table t5;
 | |
| flush logs;
 | |
| create table t5 (c1 int, c2 varchar(128) character set latin1 not null);
 | |
| insert into t5 values (1, date_format('2001-01-01','%W'));
 | |
| set lc_time_names=de_DE;
 | |
| insert into t5 values (2, date_format('2001-01-01','%W'));
 | |
| set lc_time_names=en_US;
 | |
| insert into t5 values (3, date_format('2001-01-01','%W'));
 | |
| select * from t5 order by c1;
 | |
| c1	c2
 | |
| 1	Monday
 | |
| 2	Montag
 | |
| 3	Monday
 | |
| flush logs;
 | |
| drop table t5;
 | |
| select * from t5 order by c1;
 | |
| c1	c2
 | |
| 1	Monday
 | |
| 2	Montag
 | |
| 3	Monday
 | |
| drop table t5;
 | |
| drop procedure if exists p1;
 | |
| flush logs;
 | |
| create procedure p1()
 | |
| begin
 | |
| select 1;
 | |
| end;
 | |
| //
 | |
| flush logs;
 | |
| call p1();
 | |
| 1
 | |
| 1
 | |
| drop procedure p1;
 | |
| call p1();
 | |
| ERROR 42000: PROCEDURE test.p1 does not exist
 | |
| /*!40019 SET @@session.max_insert_delayed_threads=0*/;
 | |
| /*!50003 SET @OLD_COMPLETION_TYPE=@@COMPLETION_TYPE,COMPLETION_TYPE=0*/;
 | |
| DELIMITER /*!*/;
 | |
| use test/*!*/;
 | |
| SET TIMESTAMP=1000000000/*!*/;
 | |
| SET @@session.foreign_key_checks=1, @@session.sql_auto_is_null=1, @@session.unique_checks=1/*!*/;
 | |
| SET @@session.sql_mode=0/*!*/;
 | |
| /*!\C latin1 *//*!*/;
 | |
| SET @@session.character_set_client=8,@@session.collation_connection=8,@@session.collation_server=8/*!*/;
 | |
| CREATE DEFINER=`root`@`localhost` procedure p1()
 | |
| begin
 | |
| select 1;
 | |
| end/*!*/;
 | |
| DELIMITER ;
 | |
| # End of log file
 | |
| ROLLBACK /* added by mysqlbinlog */;
 | |
| /*!50003 SET COMPLETION_TYPE=@OLD_COMPLETION_TYPE*/;
 | |
| call p1();
 | |
| 1
 | |
| 1
 | |
| drop procedure p1;
 | |
| flush logs;
 | |
| create table t1 (a varchar(64) character set utf8);
 | |
| load data infile '../std_data_ln/loaddata6.dat' into table t1;
 | |
| set character_set_database=koi8r;
 | |
| load data infile '../std_data_ln/loaddata6.dat' into table t1;
 | |
| set character_set_database=latin1;
 | |
| load data infile '../std_data_ln/loaddata6.dat' into table t1;
 | |
| load data infile '../std_data_ln/loaddata6.dat' into table t1;
 | |
| set character_set_database=koi8r;
 | |
| load data infile '../std_data_ln/loaddata6.dat' into table t1;
 | |
| set character_set_database=latin1;
 | |
| load data infile '../std_data_ln/loaddata6.dat' into table t1;
 | |
| load data infile '../std_data_ln/loaddata6.dat' into table t1 character set koi8r;
 | |
| select hex(a) from t1;
 | |
| hex(a)
 | |
| C3BF
 | |
| D0AA
 | |
| C3BF
 | |
| C3BF
 | |
| D0AA
 | |
| C3BF
 | |
| D0AA
 | |
| drop table t1;
 | |
| flush logs;
 | |
| /*!40019 SET @@session.max_insert_delayed_threads=0*/;
 | |
| /*!50003 SET @OLD_COMPLETION_TYPE=@@COMPLETION_TYPE,COMPLETION_TYPE=0*/;
 | |
| DELIMITER /*!*/;
 | |
| use test/*!*/;
 | |
| SET TIMESTAMP=1000000000/*!*/;
 | |
| SET @@session.foreign_key_checks=1, @@session.sql_auto_is_null=1, @@session.unique_checks=1/*!*/;
 | |
| SET @@session.sql_mode=0/*!*/;
 | |
| /*!\C latin1 *//*!*/;
 | |
| SET @@session.character_set_client=8,@@session.collation_connection=8,@@session.collation_server=8/*!*/;
 | |
| create table t1 (a varchar(64) character set utf8)/*!*/;
 | |
| SET TIMESTAMP=1000000000/*!*/;
 | |
| load data LOCAL INFILE 'MYSQLTEST_VARDIR/tmp/SQL_LOAD_MB-6-0' INTO table t1/*!*/;
 | |
| SET TIMESTAMP=1000000000/*!*/;
 | |
| SET @@session.collation_database=7/*!*/;
 | |
| load data LOCAL INFILE 'MYSQLTEST_VARDIR/tmp/SQL_LOAD_MB-7-0' INTO table t1/*!*/;
 | |
| SET TIMESTAMP=1000000000/*!*/;
 | |
| SET @@session.collation_database=DEFAULT/*!*/;
 | |
| load data LOCAL INFILE 'MYSQLTEST_VARDIR/tmp/SQL_LOAD_MB-8-0' INTO table t1/*!*/;
 | |
| SET TIMESTAMP=1000000000/*!*/;
 | |
| load data LOCAL INFILE 'MYSQLTEST_VARDIR/tmp/SQL_LOAD_MB-9-0' INTO table t1/*!*/;
 | |
| SET TIMESTAMP=1000000000/*!*/;
 | |
| SET @@session.collation_database=7/*!*/;
 | |
| load data LOCAL INFILE 'MYSQLTEST_VARDIR/tmp/SQL_LOAD_MB-a-0' INTO table t1/*!*/;
 | |
| SET TIMESTAMP=1000000000/*!*/;
 | |
| SET @@session.collation_database=DEFAULT/*!*/;
 | |
| load data LOCAL INFILE 'MYSQLTEST_VARDIR/tmp/SQL_LOAD_MB-b-0' INTO table t1/*!*/;
 | |
| SET TIMESTAMP=1000000000/*!*/;
 | |
| load data LOCAL INFILE 'MYSQLTEST_VARDIR/tmp/SQL_LOAD_MB-c-0' INTO table t1 character set koi8r/*!*/;
 | |
| SET TIMESTAMP=1000000000/*!*/;
 | |
| drop table t1/*!*/;
 | |
| DELIMITER ;
 | |
| # End of log file
 | |
| ROLLBACK /* added by mysqlbinlog */;
 | |
| /*!50003 SET COMPLETION_TYPE=@OLD_COMPLETION_TYPE*/;
 | |
| CREATE TABLE t1 (c1 CHAR(10));
 | |
| flush logs;
 | |
| INSERT INTO t1 VALUES ('0123456789');
 | |
| flush logs;
 | |
| DROP TABLE t1;
 | |
| # 	Query	thread_id=REMOVED	exec_time=REMOVED	error_code=REMOVED
 | |
| flush logs;
 | |
| create table t1(a int);
 | |
| insert into t1 values(connection_id());
 | |
| flush logs;
 | |
| drop table t1;
 | |
| 1
 | |
| drop table t1;
 | |
| shell> mysqlbinlog std_data/corrupt-relay-bin.000624 > var/tmp/bug31793.sql
 | |
| End of 5.0 tests
 |