nayuta-yanagisawa reported that the test mariabackup.huge_lsn,strict_full_crc32 would occasionally trigger AddressSanitizer heap-buffer-overflow on his system.

The following patch fixes it:

diff --git a/storage/innobase/log/log0recv.cc b/storage/innobase/log/log0recv.cc

index 0b6ddce30ce..37a4e722767 100644

--- a/storage/innobase/log/log0recv.cc

+++ b/storage/innobase/log/log0recv.cc

@@ -3713,7 +3713,7 @@ static bool recv_scan_log(bool last_phase)

       for (;;)

       {

-        const byte b{log_sys.buf[recv_sys.offset]};

+        const byte& b{log_sys.buf[recv_sys.offset]};

         r= recv_sys.parse_pmem(store);

         if (r == recv_sys_t::OK)

         {

In this test, some Perl code generates always the same log file that would wrap around at the end of the file. The recv_sys.offset will be equal to recv_sys.len, that is, b is pointing just past the end of log_sys.buf. We are actually only interested in the value of the byte (the first byte of the parsed record) at that offset if r == recv_sys_t::OK, which indicates that the entire mini-transaction was present in the buffer.

I do not think that this bug has much practical impact outside AddressSanitizer.