Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-39582

mariadb-binlog missing sanity checks for ibb files

    XMLWordPrintable

Details

    • Can result in hang or crash

    Description

      e.g. this mtr test case:

      perl;
      		 
        use autodie;
      		 
        open F, '>', "$ENV{MYSQL_TMP_DIR}/bad-binlog.ibb";
      		 
        print F pack("V*", 0x10dfefe, 17, 1, 0, 1, 0, 16, 0, 0x11dd6, 0, 8, 0, 1, 0);
      		 
        print F "\xff" x 8, "\x00" x 444;
      		 
        print F pack("V", 0x81C60910);
      		 
        print F "\x00" x 1024 for 1..256;
      		 
      EOF
      		 
      --error 1
      		 
      --exec $MYSQL_BINLOG --short-form $MYSQL_TMP_DIR/bad-binlog.ibb
      		 
      --remove_file $MYSQL_TMP_DIR/bad-binlog.ibb

      This crashes because chunk_reader_mysqlbinlog::parse_file_header() doesn't check that binlog_page_size <= BINLOG_PAGE_SIZE_MAX.

      Reported by Shayaun Nejad

      Attachments

        Activity

          People

            serg Sergei Golubchik
            serg Sergei Golubchik
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Time Tracking

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0d
                0d
                Logged:
                Time Spent - 3h
                3h

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.