summaryrefslogtreecommitdiff
path: root/sql/log_event_old.cc
diff options
context:
space:
mode:
authorSergei Golubchik <serg@mariadb.org>2018-04-19 22:27:02 +0200
committerSergei Golubchik <serg@mariadb.org>2018-04-19 22:31:26 +0200
commit1a019d08012db7b3fa6a42d39342792c3418e75b (patch)
treec116066b995f1c7a2d8c11e72aa9fa547a20407b /sql/log_event_old.cc
parent5e61e1716e763315009318081fba5994b8910242 (diff)
parentc0b4d74b52e7eec9b13af732193f7f8d7abe05de (diff)
downloadmariadb-git-1a019d08012db7b3fa6a42d39342792c3418e75b.tar.gz
Merge branch 'mysql/5.5' into 5.5
Diffstat (limited to 'sql/log_event_old.cc')
-rw-r--r--sql/log_event_old.cc12
1 files changed, 11 insertions, 1 deletions
diff --git a/sql/log_event_old.cc b/sql/log_event_old.cc
index 51fcf902f77..3d54ffdf7eb 100644
--- a/sql/log_event_old.cc
+++ b/sql/log_event_old.cc
@@ -1,4 +1,5 @@
-/* Copyright (c) 2007, 2016, Oracle and/or its affiliates.
+/* Copyright (c) 2007, 2018, Oracle and/or its affiliates.
+ Copyright (c) 2009, 2018, MariaDB
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@@ -1357,6 +1358,15 @@ Old_rows_log_event::Old_rows_log_event(const char *buf, uint event_len,
DBUG_PRINT("debug", ("Reading from %p", ptr_after_width));
m_width = net_field_length(&ptr_after_width);
DBUG_PRINT("debug", ("m_width=%lu", m_width));
+ /* Avoid reading out of buffer */
+ if (static_cast<unsigned int>(m_width +
+ (ptr_after_width -
+ (const uchar *)buf)) > event_len)
+ {
+ m_cols.bitmap= NULL;
+ DBUG_VOID_RETURN;
+ }
+
/* if bitmap_init fails, catched in is_valid() */
if (likely(!bitmap_init(&m_cols,
m_width <= sizeof(m_bitbuf)*8 ? m_bitbuf : NULL,
View Lorry Controller Status