Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-18902

Uninitialized variable in recv_parse_log_recs() comparison type==MLOG_CHECKPOINT

    Details

      Description

      The following comparison may compare an uninitialized type when the redo log parsing buffer runs out (ptr==end_ptr), potentially causing an incorrect claim that the redo log is corrupted:

      			len = recv_parse_log_rec(
      				&type, ptr, end_ptr, &space, &page_no,
      				false, &body);
       
      			if (recv_sys->found_corrupt_log
      			    || type == MLOG_CHECKPOINT
      			    || (ptr != end_ptr
      				&& (*ptr & MLOG_SINGLE_REC_FLAG))) {
      

      This was found by Valgrind:

      10.2 69abd43703fcf68c4cf1056bf5bd56c690de5b4e

      innodb.log_data_file_size '4k,innodb'    w7 [ fail ]  Found warnings/errors in server log file!
              Test ended at 2019-03-12 13:45:57
      line
      ==372== Conditional jump or move depends on uninitialised value(s)
      ==372==    at 0xC03A1E: recv_parse_log_recs(unsigned long, store_t, bool) (log0recv.cc:2701)
      ==372==    by 0xC048CF: recv_scan_log_recs(unsigned long, store_t*, unsigned char const*, unsigned long, unsigned long, unsigned long, unsigned long*, unsigned long*) (log0recv.cc:3102)
      ==372==    by 0xC04DCC: recv_group_scan_log_recs(log_group_t*, unsigned long, unsigned long*, bool) (log0recv.cc:3197)
      ==372==    by 0xC060DD: recv_recovery_from_checkpoint_start(unsigned long) (log0recv.cc:3520)
      ==372==    by 0xD21754: innobase_start_or_create_for_mysql() (srv0start.cc:2192)
      ==372==    by 0xB5CB1B: innobase_init(void*) (ha_innodb.cc:4393)
      

        Attachments

          Activity

            People

            • Assignee:
              marko Marko Mäkelä
              Reporter:
              marko Marko Mäkelä
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: