Details
-
Bug
-
Status: Closed (View Workflow)
-
Major
-
Resolution: Fixed
-
10.2.2, 10.3.0, 10.4.0
Description
The following comparison may compare an uninitialized type when the redo log parsing buffer runs out (ptr==end_ptr), potentially causing an incorrect claim that the redo log is corrupted:
len = recv_parse_log_rec(
|
&type, ptr, end_ptr, &space, &page_no,
|
false, &body); |
|
|
if (recv_sys->found_corrupt_log |
|| type == MLOG_CHECKPOINT
|
|| (ptr != end_ptr
|
&& (*ptr & MLOG_SINGLE_REC_FLAG))) {
|
This was found by Valgrind:
|
10.2 69abd43703fcf68c4cf1056bf5bd56c690de5b4e |
innodb.log_data_file_size '4k,innodb' w7 [ fail ] Found warnings/errors in server log file!
|
Test ended at 2019-03-12 13:45:57
|
line
|
==372== Conditional jump or move depends on uninitialised value(s)
|
==372== at 0xC03A1E: recv_parse_log_recs(unsigned long, store_t, bool) (log0recv.cc:2701)
|
==372== by 0xC048CF: recv_scan_log_recs(unsigned long, store_t*, unsigned char const*, unsigned long, unsigned long, unsigned long, unsigned long*, unsigned long*) (log0recv.cc:3102)
|
==372== by 0xC04DCC: recv_group_scan_log_recs(log_group_t*, unsigned long, unsigned long*, bool) (log0recv.cc:3197)
|
==372== by 0xC060DD: recv_recovery_from_checkpoint_start(unsigned long) (log0recv.cc:3520)
|
==372== by 0xD21754: innobase_start_or_create_for_mysql() (srv0start.cc:2192)
|
==372== by 0xB5CB1B: innobase_init(void*) (ha_innodb.cc:4393)
|