Bug #42674 | Random crash of mysqld when "Statement is not safe to log in statement format" | ||
---|---|---|---|
Submitted: | 7 Feb 2009 22:16 | Modified: | 8 Feb 2009 2:11 |
Reporter: | Mark Plomer | Email Updates: | |
Status: | Duplicate | Impact on me: | |
Category: | MySQL Server: General | Severity: | S1 (Critical) |
Version: | 5.1.30 | OS: | Linux (Debian 4.0) |
Assigned to: | CPU Architecture: | Any | |
Tags: | binlog, crash, error handler, insecure statement |
[7 Feb 2009 22:16]
Mark Plomer
[8 Feb 2009 0:33]
Mark Plomer
Now I tracked things down ... here is the simple but important fix: Have a look into "mysql-5.1.31/sql/sql_class.cc" in function "THD::binlog_query" at this part: ------------- /* If we are in statement mode and trying to log an unsafe statement, we should print a warning. */ if (lex->is_stmt_unsafe() && variables.binlog_format == BINLOG_FORMAT_STMT) { DBUG_ASSERT(this->query != NULL); push_warning(this, MYSQL_ERROR::WARN_LEVEL_WARN, ER_BINLOG_UNSAFE_STATEMENT, ER(ER_BINLOG_UNSAFE_STATEMENT)); if (!(binlog_flags & BINLOG_FLAG_UNSAFE_STMT_PRINTED)) { char warn_buf[MYSQL_ERRMSG_SIZE]; my_snprintf(warn_buf, MYSQL_ERRMSG_SIZE, "%s Statement: %s", ER(ER_BINLOG_UNSAFE_STATEMENT), this->query); sql_print_warning(warn_buf); binlog_flags|= BINLOG_FLAG_UNSAFE_STMT_PRINTED; } } ------------ I think line "sql_print_warning(warn_buf);" should be "sql_print_warning("%s", warn_buf);" or so, because sql_print_warning is defined as "void sql_print_warning(const char *format, ...)". So when binlog-format is "statement" you can possibly crash every server with a simple unsafe query that contains for example "%c" or similar, which is the case in the query above. :-)
[8 Feb 2009 2:11]
Davi Arnaut
Duplicate of Bug#42634