Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-39582

mariadb-binlog missing sanity checks for ibb files

    XMLWordPrintable

Details

    • Can result in hang or crash

    Description

      e.g. this mtr test case:

      perl;
      		 
        use autodie;
      		 
        open F, '>', "$ENV{MYSQL_TMP_DIR}/bad-binlog.ibb";
      		 
        print F pack("V*", 0x10dfefe, 17, 1, 0, 1, 0, 16, 0, 0x11dd6, 0, 8, 0, 1, 0);
      		 
        print F "\xff" x 8, "\x00" x 444;
      		 
        print F pack("V", 0x81C60910);
      		 
        print F "\x00" x 1024 for 1..256;
      		 
      EOF
      		 
      --error 1
      		 
      --exec $MYSQL_BINLOG --short-form $MYSQL_TMP_DIR/bad-binlog.ibb
      		 
      --remove_file $MYSQL_TMP_DIR/bad-binlog.ibb

      This crashes because chunk_reader_mysqlbinlog::parse_file_header() doesn't check that binlog_page_size <= BINLOG_PAGE_SIZE_MAX.

      Reported by Shayaun Nejad

      Attachments

        Activity

          People

            serg Sergei Golubchik
            serg Sergei Golubchik
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Git Integration

                Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.