| Bug #108317 | clone_os_copy_file_to_buf partial read handling completely broken | ||
|---|---|---|---|
| Submitted: | 29 Aug 2022 11:00 | Modified: | 23 Sep 2022 14:06 |
| Reporter: | Laurynas Biveinis (OCA) | Email Updates: | |
| Status: | Closed | Impact on me: | |
| Category: | MySQL Server: Clone Plugin | Severity: | S2 (Serious) |
| Version: | 8.0.30 | OS: | Any |
| Assigned to: | CPU Architecture: | Any | |
| Tags: | Clone | ||
[29 Aug 2022 11:03]
MySQL Verification Team
Hello Laurynas, Thank you for the report and feedback! regards, Umesh
[8 Sep 2022 13:38]
Laurynas Biveinis
Bug 108317 fix for 8.0.30 (*) I confirm the code being submitted is offered under the terms of the OCA, and that I am authorized to contribute it.
Contribution: bug108317.patch (application/octet-stream, text), 2.67 KiB.
[23 Sep 2022 14:06]
Jon Stephens
Documented fix as follows in the MySQL 8.0.32 changelog:
The internal function clone_os_copy_file_to_buf() did not
advance the buffer position in the event of a partial read.
Our thanks to Laurynas Biveinis for the contribution.
Closed.
Description: clone_os_copy_file_to_buf appears to try to handle partial reads in a completely broken way: auto len_left = length; while (len_left > 0) { uint ret_length = 0; auto error = read_from_file(from_file, to_buffer, length, src_name, ret_length); if (error != 0) { ... } len_left -= ret_length; } If a partial read happens: - file position is advanced - len_left is reduced - buffer stays the same - length stays the same So the second loop iteration would try to read into the same buffer position the same number of bytes, but from advanced file position, overwriting the read bytes from the first loop iteration partial read. How to repeat: Code analysis Suggested fix: Pass len_length not length to read_from_file Add to_buffer += ret_length;