[#CONC-657] mariadb_rpl_fetch() crashes when extra

[CONC-657] mariadb_rpl_fetch() crashes when extra_data is present Created: 2023-07-16 Updated: 2023-07-21 Resolved: 2023-07-21
Status:	Closed
Project:	MariaDB Connector/C
Component/s:	Replication/Binlog API
Affects Version/s:	3.3.5
Fix Version/s:	3.3.6

Type:

Bug

Priority:

Critical

Reporter:

Sruli Ganor

Assignee:

Georg Richter

Resolution:

Fixed

Votes:

Labels:

None

Environment:

Windows / Linux, MySQL 8

Description

This bug occurs when mariadb_rpl_fetch() reads a Rows event that contains extra_data. This occurs, for example, in MySQL 8, if the table is partitioned by range.

This code is wrong and leads to a crash:

if (rpl_event->event.rows.extra_data_size - 2 > 0) {

rpl_set_string_and_len(rpl_event->event.rows.extra_data, ev, rpl_event-
>event.rows.extra_data_size - 2);

ev+= rpl_event->event.rows.extra_data_size;

}

The correct code should be something like this:

if (rpl_event->event.rows.extra_data_size - 2 > 0) {

rpl_alloc_set_string_and_len(...);

ev += (rpl_event->event.rows.extra_data_size - 2);

}

Comments

Comment by Georg Richter [ 2023-07-21 ]

Hello Sruli,

thank your for reporting this issue and providing a fix.

fixed in rev. 681fbd98ee1c874e9443e45d0c0bc7c98b8cf717

Generated at Thu Feb 08 03:06:53 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.

[CONC-657] mariadb_rpl_fetch() crashes when extra_data is present Created: 2023-07-16 Updated: 2023-07-21 Resolved: 2023-07-21