MDEV-18046: Assortment of crashes, assertion failures and ASAN errors in mysql_show_binlog_events

Problem: ======== SHOW BINLOG EVENTS FROM <pos> reports following ASAN error AddressSanitizer: SEGV on unknown address The signal is caused by a READ memory access. User_var_log_event::User_var_log_event(char const*, unsigned int, Format_description_log_event const*) Implemented part of upstream patch. commit: mysql/mysql-server@a3a497ccf7ecacc900551fb1e47ea4078b45c351 Fix: === **Part8: added checks to avoid reading out of buffer limits**
author: Sujatha <sujatha.sivakumar@mariadb.com> 2019-12-18 15:03:32 +0530
committer: Sujatha <sujatha.sivakumar@mariadb.com> 2020-01-07 18:27:05 +0530
commit: bac33533617c6d77a2ec09250bb9b053c7216771 (patch)
tree: 7f2b482173d6c1f8d4dd955ef119fb1fe225f944
parent: 2187f1c2caacd5d6dcb93789473dbaffc9613776 (diff)
download: mariadb-git-bac33533617c6d77a2ec09250bb9b053c7216771.tar.gz
1 files changed, 5 insertions, 0 deletions
diff --git a/sql/log_event.cc b/sql/log_event.cc
index 577b9f1a149..5e26ba8e1bf 100644
--- a/sql/log_event.cc
+++ b/sql/log_event.cc
@@ -7957,6 +7957,11 @@ User_var_log_event(const char* buf, uint event_len,
       we keep the flags set to UNDEF_F.
     */
     uint bytes_read= ((val + val_len) - buf_start);
+    if (bytes_read > event_len)
+    {
+      error= true;
+      goto err;
+    }
     if ((data_written - bytes_read) > 0)
     {
       flags= (uint) *(buf + UV_VAL_IS_NULL + UV_VAL_TYPE_SIZE +
author	Sujatha <sujatha.sivakumar@mariadb.com>	2019-12-18 15:03:32 +0530
committer	Sujatha <sujatha.sivakumar@mariadb.com>	2020-01-07 18:27:05 +0530
commit	bac33533617c6d77a2ec09250bb9b053c7216771 (patch)
tree	7f2b482173d6c1f8d4dd955ef119fb1fe225f944
parent	2187f1c2caacd5d6dcb93789473dbaffc9613776 (diff)
download	mariadb-git-bac33533617c6d77a2ec09250bb9b053c7216771.tar.gz