Fix for bug #28436: Incorrect position in SHOW BINLOG EVENTS causes server coredump

Problem: there is an ASSERT() in the Log_event::read_log_event() checking the integrity of the event's data that may fail. Fix: move the assert's condition to an explicit check. mysql-test/r/ctype_cp932_binlog_stm.result: Fix for bug #28436: Incorrect position in SHOW BINLOG EVENTS causes server coredump - test result. mysql-test/t/ctype_cp932_binlog_stm.test: Fix for bug #28436: Incorrect position in SHOW BINLOG EVENTS causes server coredump - test case. sql/log_event.cc: Fix for bug #28436: Incorrect position in SHOW BINLOG EVENTS causes server coredump - assert's condition moved to the explicit integrity check.

Fix for bug #28436: Incorrect position in SHOW BINLOG EVENTS causes server coredump
Problem: there is an ASSERT() in the Log_event::read_log_event() checking the integrity of the event's data that may fail. Fix: move the assert's condition to an explicit check. mysql-test/r/ctype_cp932_binlog_stm.result: Fix for bug #28436: Incorrect position in SHOW BINLOG EVENTS causes server coredump - test result. mysql-test/t/ctype_cp932_binlog_stm.test: Fix for bug #28436: Incorrect position in SHOW BINLOG EVENTS causes server coredump - test case. sql/log_event.cc: Fix for bug #28436: Incorrect position in SHOW BINLOG EVENTS causes server coredump - assert's condition moved to the explicit integrity check.
6a22fbf9 · unknown · aa78ae99 · 6a22fbf9 · 6a22fbf9 · 6a22fbf9
Commit 6a22fbf9 authored May 30, 2007 by unknown
3 changed files
--- a/mysql-test/r/ctype_cp932_binlog_stm.result
+++ b/mysql-test/r/ctype_cp932_binlog_stm.result
@@ -43,3 +43,7 @@ END
 master-bin.000001	783	Query	1	1002	use `test`; INSERT INTO t4 VALUES ( NAME_CONST('ins1',_latin1 0x466F6F2773206120426172),  NAME_CONST('ins2',_cp932 0xED40ED41ED42),  NAME_CONST('ind',47.93))
 master-bin.000001	1002	Query	1	1091	use `test`; DROP PROCEDURE bug18293
 master-bin.000001	1091	Query	1	1170	use `test`; DROP TABLE t4
+End of 5.0 tests
+SHOW BINLOG EVENTS FROM 364;
+ERROR HY000: Error when executing command SHOW BINLOG EVENTS: Wrong offset or I/O error
+End of 5.1 tests
--- a/mysql-test/t/ctype_cp932_binlog_stm.test
+++ b/mysql-test/t/ctype_cp932_binlog_stm.test
@@ -25,5 +25,13 @@ DROP TABLE t4|
 SHOW BINLOG EVENTS FROM 369|
 delimiter ;|

-# End of 5.0 tests
+--echo End of 5.0 tests

+#
+# #28436: Incorrect position in SHOW BINLOG EVENTS causes server coredump 
+# Note: 364 is a magic position (found experimentally, depends on 
+# the log's contents) that caused the server crash.
+--error 1220
+SHOW BINLOG EVENTS FROM 364;
+
+--echo End of 5.1 tests
--- a/sql/log_event.cc
+++ b/sql/log_event.cc
@@ -911,16 +911,15 @@ Log_event* Log_event::read_log_event(const char* buf, uint event_len,
  DBUG_ENTER("Log_event::read_log_event(char*,...)");
  DBUG_ASSERT(description_event != 0);
  DBUG_PRINT("info", ("binlog_version: %d", description_event->binlog_version));
+  /* Check the integrity */
  if (event_len < EVENT_LEN_OFFSET ||
+      buf[EVENT_TYPE_OFFSET] >= ENUM_END_EVENT ||
      (uint) event_len != uint4korr(buf+EVENT_LEN_OFFSET))
  {
    *error="Sanity check failed";		// Needed to free buffer
    DBUG_RETURN(NULL); // general sanity check - will fail on a partial read
  }

-  /* To check the integrity of the Log_event_type enumeration */
-  DBUG_ASSERT(buf[EVENT_TYPE_OFFSET] < ENUM_END_EVENT);
-
  switch(buf[EVENT_TYPE_OFFSET]) {
  case QUERY_EVENT:
    ev  = new Query_log_event(buf, event_len, description_event, QUERY_EVENT);