• Davi Arnaut's avatar
    Bug#42634: % character in query can cause mysqld signal 11 segfault · bab4ff1a
    Davi Arnaut authored
    The problem is that a unfiltered user query was being passed as
    the format string parameter of sql_print_warning which later
    performs printf-like formatting, leading to crashes if the user
    query contains formatting instructions (ie: %s). Also, it was
    using THD::query as the source of the user query, but this
    variable is not meaningful in some situations -- in a delayed
    insert, it points to the table name.
    
    The solution is to pass the user query as a parameter for the
    format string and use the function parameter query_arg as the
    source of the user query.
    
    mysql-test/suite/binlog/r/binlog_unsafe.result:
      Add test case result for Bug#42634
    mysql-test/suite/binlog/t/binlog_unsafe.test:
      Add test case for Bug#42634
    sql/sql_class.cc:
      Don't pass the user query as a format string.
    bab4ff1a
binlog_unsafe.result 8.12 KB