Details
-
Bug
-
Status: Closed (View Workflow)
-
Critical
-
Resolution: Fixed
-
12.3.1
-
Can result in hang or crash
-
-
Q3/2026 Replic. Maintenance
Description
If the first Partial_rows_log_event in a group provides an
original_event_size that is smaller than the actual size of the
underlying Rows_log_event, the slave will not allocate enough memory
to hold the actual Rows_log_event content, but still try to copy
that much memory, resulting in the slave crashing.
To reproduce, an MTR test and .patch to apply debug_dbug modification of
the Partial_rows_log_event.
MTR test:
--source include/have_innodb.inc
|
--source include/have_binlog_format_row.inc
|
--source include/master-slave.inc
|
|
|
--connection master
|
create table t1 (a int, b blob) engine=innodb;
|
|
|
set @old_dbug= @@debug_dbug;
|
set debug_dbug= "+d,too_small_orig_event_size";
|
insert into t1 values (0, repeat("a",1536));
|
--source include/save_master_gtid.inc
|
set debug_dbug= @old_dbug;
|
|
|
# Slave crashes while replicating the modified insert
|
--connection slave
|
--source include/sync_with_master_gtid.inc
|
Patch
diff --git a/sql/log_event_server.cc b/sql/log_event_server.cc
|
index aea8028db10..196fc3f6505 100644
|
--- a/sql/log_event_server.cc
|
+++ b/sql/log_event_server.cc
|
@@ -5992,7 +5992,9 @@ bool Partial_rows_log_event::write_data_header(Log_event_writer *writer)
|
if(flags2 & FL_ORIG_EVENT_SIZE)
|
{
|
DBUG_ASSERT(original_event_size && seq_no == 1);
|
- int8store(buf + header_size, original_event_size);
|
+ int8store(buf + header_size, DBUG_IF("too_small_orig_event_size")
|
+ ? original_event_size - 512
|
+ : original_event_size);
|
header_size+= 8;
|
}
|
Reported by V3rtical
Attachments
Issue Links
- is caused by
-
MDEV-32570 Fragment ROW replication events larger than max_packet_size
-
- Closed
-