Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-16518

MYSQL57_GENERATED_FIELD: The code in TABLE_SHARE::init_from_binary_frm_image() is not safe

Details

    Description

      This problem is similar to MDEV-15834, but for a 10.2 specific code in the code branch for MYSQL57_GENERATED_FIELD:

      vcol_info_length= uint2korr(vcol_screen_pos + 1);
      ...
      DBUG_ASSERT(vcol_info_length);
      ...
      vcol_screen_pos+= vcol_info_length + MYSQL57_GCOL_HEADER_SIZE;
      

      In case of a broke FRM file, this can crash in the debug build or behave unpredictably in a release build.

      Attachments

        Issue Links

          Activity

            bar Alexander Barkov added a comment - - edited

            If I put the attached mdev16518.frm into mysql-test/std_data/frm, then this mtr test crashes on the mentioned DBUG_ASSERT:

            --copy_file std_data/frm/mdev16518.frm $MYSQLD_DATADIR/test/t1.frm
            SHOW TABLES;
            --replace_result $MYSQLD_DATADIR ./
            SHOW CREATE TABLE t1;
            

            bar Alexander Barkov added a comment - - edited If I put the attached mdev16518.frm into mysql-test/std_data/frm , then this mtr test crashes on the mentioned DBUG_ASSERT: --copy_file std_data/frm/mdev16518.frm $MYSQLD_DATADIR/test/t1.frm SHOW TABLES; --replace_result $MYSQLD_DATADIR ./ SHOW CREATE TABLE t1;

            People

              bar Alexander Barkov
              bar Alexander Barkov
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.