MDEV-29555 ASAN heap-buffer-overflow in mariabackup.huge_lsn,strict_full_crc32

recv_scan_log(): Do not dereference the first byte of the log record
before recv_sys.parse_pmem() (or recv_sys_t::parse_mtr()) returns OK.

In the case of the failure that was analyzed, we had
recv_sys.offset == recv_sys.len and recv_sys_t::parse_mtr() would return
PREMATURE_EOF. This would lead us to reading more data and parsing again.

When a memory-mapped interface to the log is being used, that is,
log_sys.is_pmem() holds, recv_sys.offset cannot point past the
end of the memory-mapped log_sys.buf[]. This is guaranteed by
log_sys.calc_lsn_offset().

Thanks to Nayuta Yanagisawa for providing a core dump for analysis.

0 files changed, 0 insertions, 0 deletions