From bdfc4dc6c6927d4dc46e3cd0c4ff2a1595c174a3 Mon Sep 17 00:00:00 2001 From: Libing Song Date: Sat, 1 Dec 2012 08:04:33 +0800 Subject: Bug#11764602 ASSERTION IN FORMAT_DESCRIPTION_LOG_EVENT::CALC_SERVER_VERSION_SPLIT Problem: When reading a Format_description_log_event, it supposes MySQL version is always valid and DBUG_ASSERTION is used check the version number. However, user may give a wrong binlog offset, even give a faked binary event which includes an invalid MySQL version. This will cause server crash. Fix: The assertions are removed and an error will be reported if MySQL version in Format_description_log_event is invalid. --- sql/log_event.h | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) (limited to 'sql/log_event.h') diff --git a/sql/log_event.h b/sql/log_event.h index c36564fcde8..4c8580eb2fd 100644 --- a/sql/log_event.h +++ b/sql/log_event.h @@ -969,7 +969,7 @@ public: return thd ? thd->db : 0; } #else - Log_event() : temp_buf(0) {} + Log_event() : temp_buf(0), flags(0) {} /* avoid having to link mysqlbinlog against libpthread */ static Log_event* read_log_event(IO_CACHE* file, const Format_description_log_event @@ -2244,12 +2244,26 @@ public: #ifndef MYSQL_CLIENT bool write(IO_CACHE* file); #endif - bool is_valid() const + bool header_is_valid() const { return ((common_header_len >= ((binlog_version==1) ? OLD_HEADER_LEN : LOG_EVENT_MINIMAL_HEADER_LEN)) && (post_header_len != NULL)); } + + bool version_is_valid() const + { + /* It is invalid only when all version numbers are 0 */ + return !(server_version_split[0] == 0 && + server_version_split[1] == 0 && + server_version_split[2] == 0); + } + + bool is_valid() const + { + return header_is_valid() && version_is_valid(); + } + int get_data_size() { /* -- cgit v1.2.1