| Bug #97372 | Constructor Query_event must check enough space | ||
|---|---|---|---|
| Submitted: | 25 Oct 2019 2:13 | Modified: | 25 Oct 2019 10:45 |
| Reporter: | pengbo shi | Email Updates: | |
| Status: | Verified | Impact on me: | |
| Category: | MySQL Server: Replication | Severity: | S3 (Non-critical) |
| Version: | 5.7,5.7.28,8.0.12 | OS: | Any |
| Assigned to: | CPU Architecture: | Any | |
[25 Oct 2019 10:45]
MySQL Verification Team
Thanks for the report In order to submit contributions you must first sign the Oracle Contribution Agreement (OCA). For additional information please check http://www.oracle.com/technetwork/community/oca-486395.html. If you have any questions, please contact the MySQL community team. https://dev.mysql.com/community/
Description: Query_event::Query_event(const char* buf, unsigned int event_len, const Format_description_event *description_event, Log_event_type event_type) { ..... case Q_CATALOG_NZ_CODE: if ((catalog_len= *pos)) ------>must check space before read pos catalog= (const char*) (pos + 1); CHECK_SPACE(pos, end, catalog_len + 1); pos+= catalog_len + 1; break; ..... case Q_TIME_ZONE_CODE: { if ((time_zone_len= *pos)) ------>must check space before read pos time_zone_str= (const char*)(pos + 1); pos+= time_zone_len + 1; break; } } How to repeat: read coad Suggested fix: Query_event::Query_event(const char* buf, unsigned int event_len, const Format_description_event *description_event, Log_event_type event_type) { ..... case Q_CATALOG_NZ_CODE: CHECK_SPACE(pos, end, 1); -->add line check space if ((catalog_len= *pos)) catalog= (const char*) (pos + 1); CHECK_SPACE(pos, end, catalog_len + 1); pos+= catalog_len + 1; break; ..... case Q_TIME_ZONE_CODE: { CHECK_SPACE(pos, end, 1); -->add line check space if ((time_zone_len= *pos)) time_zone_str= (const char*)(pos + 1); pos+= time_zone_len + 1; break; } }