MDEV-33045: Server crashes in Item_func_binlog_gtid_pos::val_str / Bi…

…nary_string::c_ptr_safe Item::val_str() sets the Item::null_value flag, so call it before checking the flag, not after. Signed-off-by: Kristian Nielsen <knielsen@knielsen-hq.org>
MariaDB · Dec 19, 2023 · a204ce2 · a204ce2
1 parent be69438
commit a204ce2
Show file tree

Hide file tree

Showing 4 changed files with 24 additions and 3 deletions.
diff --git a/mysql-test/suite/binlog_encryption/rpl_gtid_basic.result b/mysql-test/suite/binlog_encryption/rpl_gtid_basic.result
@@ -182,6 +182,13 @@ BINLOG_GTID_POS('master-bin.000001',18446744073709551616)
 NULL
 Warnings:
 Warning	1916	Got overflow when converting '18446744073709551616' to INT. Value truncated
+SET sql_log_bin= 0;
+CREATE TABLE t1 AS SELECT MASTER_POS_WAIT(@binlog_file, 4, 0);
+SELECT BINLOG_GTID_POS(@binlog_file, 4);
+BINLOG_GTID_POS(@binlog_file, 4)
+NULL
+DROP TABLE t1;
+SET sql_log_bin= 1;
 *** Some tests of @@GLOBAL.gtid_binlog_state ***
 connection server_2;
 include/sync_with_master_gtid.inc

diff --git a/mysql-test/suite/rpl/r/rpl_gtid_basic.result b/mysql-test/suite/rpl/r/rpl_gtid_basic.result
@@ -182,6 +182,13 @@ BINLOG_GTID_POS('master-bin.000001',18446744073709551616)
 NULL
 Warnings:
 Warning	1916	Got overflow when converting '18446744073709551616' to INT. Value truncated
+SET sql_log_bin= 0;
+CREATE TABLE t1 AS SELECT MASTER_POS_WAIT(@binlog_file, 4, 0);
+SELECT BINLOG_GTID_POS(@binlog_file, 4);
+BINLOG_GTID_POS(@binlog_file, 4)
+NULL
+DROP TABLE t1;
+SET sql_log_bin= 1;
 *** Some tests of @@GLOBAL.gtid_binlog_state ***
 connection server_2;
 include/sync_with_master_gtid.inc

diff --git a/mysql-test/suite/rpl/t/rpl_gtid_basic.test b/mysql-test/suite/rpl/t/rpl_gtid_basic.test
@@ -162,6 +162,13 @@ eval SELECT BINLOG_GTID_POS('$valid_binlog_name',0);
 eval SELECT BINLOG_GTID_POS('$valid_binlog_name',18446744073709551615);
 eval SELECT BINLOG_GTID_POS('$valid_binlog_name',18446744073709551616);
 
+# MDEV-33045: Server crashes in Item_func_binlog_gtid_pos::val_str / Binary_string::c_ptr_safe
+SET sql_log_bin= 0;
+CREATE TABLE t1 AS SELECT MASTER_POS_WAIT(@binlog_file, 4, 0);
+SELECT BINLOG_GTID_POS(@binlog_file, 4);
+DROP TABLE t1;
+SET sql_log_bin= 1;
+
 
 --echo *** Some tests of @@GLOBAL.gtid_binlog_state ***
 --connection server_2

diff --git a/sql/item_strfunc.cc b/sql/item_strfunc.cc
@@ -3232,12 +3232,12 @@ String *Item_func_binlog_gtid_pos::val_str(String *str)
   String name_str, *name;
   longlong pos;
 
-  if (args[0]->null_value || args[1]->null_value)
-    goto err;
-
   name= args[0]->val_str(&name_str);
   pos= args[1]->val_int();
 
+  if (args[0]->null_value || args[1]->null_value)
+    goto err;
+
   if (pos < 0 || pos > UINT_MAX32)
     goto err;