Bug #28436 Incorrect position in SHOW BINLOG EVENTS causes server coredump
Submitted: 15 May 2007 8:05 Modified: 15 Jun 2007 8:43
Reporter: Alexander Nozdrin Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server: Replication Severity:S2 (Serious)
Version:5.1 OS:Linux
Assigned to: Ramil Kalimullin CPU Architecture:Any

[15 May 2007 8:05] Alexander Nozdrin
Description:
"SHOW BINLOG EVENTS FROM" may lead to server crash if the FROM-position is incorrect under some circumstances.

The problem apppears on Linux SuSE 10.2 in 5.1. I'm not sure it does not exist in 5.0 and/or other platforms.

How to repeat:
1. Open mysql-test/t/ctype_cp932_binlog_stm.test

2. Line 25:
    SHOW BINLOG EVENTS FROM 410|
   Change to:
    SHOW BINLOG EVENTS FROM 419|
   (Change FROM-position from 410 to 419)

3. Run the test case:
---------------------------------------------------------------------
(ibm)[~/Documents/MySQL/devel/5.1-rt-cs-2-base/mysql-test]> run_tests  ctype_cp932_binlog_stm
Logging: ./mysql-test-run.pl --tmpdir=/dev/shm/t1/tmp --vardir=/dev/shm/t1/var ctype_cp932_binlog_stm
MySQL Version 5.1.18
Using binlog format 'mixed'
Using ndbcluster when necessary, mysqld supports it
Setting mysqld to support SSL connections
Binaries are debug compiled
Using MTR_BUILD_THREAD      = 0
Using MASTER_MYPORT         = 9306
Using MASTER_MYPORT1        = 9307
Using SLAVE_MYPORT          = 9308
Using SLAVE_MYPORT1         = 9309
Using SLAVE_MYPORT2         = 9310
Using NDBCLUSTER_PORT       = 9310
Using NDBCLUSTER_PORT_SLAVE = 9311
Using IM_PORT               = 9312
Using IM_MYSQLD1_PORT       = 9313
Using IM_MYSQLD2_PORT       = 9314
Killing Possible Leftover Processes
Removing Stale Files
Creating Directories
Installing Master Database
Installing Master Database
=======================================================
Starting Tests in the 'main' suite

TEST                           RESULT         TIME (ms)
-------------------------------------------------------

ctype_cp932_binlog_stm         [ fail ]

Errors are (from /dev/shm/t1/var/log/mysqltest-time) :
mysqltest: At line 25: query 'SHOW BINLOG EVENTS FROM 419' failed: 2013: Lost connection to MySQL server during query
(the last lines may be the most important ones)
Result from queries before failure can be found in /dev/shm/t1/var/log/ctype_cp932_binlog_stm.log

Aborting: ctype_cp932_binlog_stm failed in default mode. To continue, re-run with '--force'.
Stopping All Servers
---------------------------------------------------------------------

I failed to reproduce the problem w/o test environment -- the server returns error "ERROR 1220 (HY000): Error when executing command SHOW BINLOG EVENTS: Wrong offset or I/O error". So, it seems, some specific server settings are needed to get the problem.

Coredump:

(gdb) bt
#0  0xb7f47410 in ?? ()
#1  0xb7c3d908 in ?? ()
#2  0x00000006 in ?? ()
#3  0x0842d7cf in write_core (sig=6) at stacktrace.c:229
#4  0x082773fc in handle_segfault (sig=6) at mysqld.cc:2280
#5  0xb7f47420 in ?? ()
#6  0x00000006 in ?? ()
#7  0xb7d80801 in abort () from /lib/libc.so.6
#8  0xb7d787bb in __assert_fail () from /lib/libc.so.6
#9  0x083544b5 in Log_event::read_log_event (buf=0x89be8b8 "", event_len=256, error=0xb7c3decc, description_event=0x89be7e8) at log_event.cc:922
#10 0x08356895 in Log_event::read_log_event (file=0xb7c3e3d4, log_lock=0x0, description_event=0x89be7e8) at log_event.cc:874
#11 0x08419402 in mysql_show_binlog_events (thd=0x89bbbb8) at sql_repl.cc:1402
#12 0x082855a3 in mysql_execute_command (thd=0x89bbbb8) at sql_parse.cc:1950
#13 0x0828dca0 in mysql_parse (thd=0x89bbbb8, inBuf=0x8a07228 "SHOW BINLOG EVENTS FROM 419", length=27, found_semicolon=0xb7c3f280) at sql_parse.cc:5338
#14 0x0828e7d4 in dispatch_command (command=COM_QUERY, thd=0x89bbbb8, packet=0x89ff1c9 "", packet_length=28) at sql_parse.cc:906
#15 0x0828f97f in do_command (thd=0x89bbbb8) at sql_parse.cc:667
#16 0x0827d692 in handle_one_connection (arg=0x89bbbb8) at sql_connect.cc:1090
#17 0xb7ef9112 in start_thread () from /lib/libpthread.so.0
#18 0xb7e152ee in clone () from /lib/libc.so.6

(gdb) f 9
#9  0x083544b5 in Log_event::read_log_event (buf=0x89be8b8 "", event_len=256, error=0xb7c3decc, description_event=0x89be7e8) at log_event.cc:922
922       DBUG_ASSERT(buf[EVENT_TYPE_OFFSET] < ENUM_END_EVENT);
[15 May 2007 8:14] Sveta Smirnova
Thank you for the report.

Verified as described.
[30 May 2007 10:24] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/27666

ChangeSet@1.2511, 2007-05-30 15:23:47+05:00, ramil@mysql.com +3 -0
  Fix for bug #28436: Incorrect position in SHOW BINLOG EVENTS causes server coredump
  
  Problem: there is an ASSERT() in the Log_event::read_log_event() checking the integrity 
  of the event's data that may fail.
  Fix: move the assert's condition to an explicit check.
[6 Jun 2007 16:54] Bugs System
Pushed into 5.1.20-beta
[15 Jun 2007 8:43] MC Brown
Internal change only; no documentation required.