MDEV-18046: Assortment of crashes, assertion failures and ASAN errors…

… in mysql_show_binlog_events Problem: ======== SHOW BINLOG EVENTS FROM <pos> reports following ASAN error heap-buffer-overflow within "my_strndup" in Rotate_log_event my_strndup /mysys/my_malloc.c:254 Rotate_log_event::Rotate_log_event(char const*, unsigned int, Format_description_log_event const*) Fix: === **Part4: Improved the check for event_len validation**
MariaDB · Jan 7, 2020 · a42ef10 · a42ef10
1 parent 5a54e84
commit a42ef10
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/sql/log_event.cc b/sql/log_event.cc
@@ -6449,7 +6449,7 @@ Rotate_log_event::Rotate_log_event(const char* buf, uint event_len,
   // The caller will ensure that event_len is what we have at EVENT_LEN_OFFSET
   uint8 post_header_len= description_event->post_header_len[ROTATE_EVENT-1];
   uint ident_offset;
-  if (event_len < LOG_EVENT_MINIMAL_HEADER_LEN)
+  if (event_len < (uint)(LOG_EVENT_MINIMAL_HEADER_LEN + post_header_len))
     DBUG_VOID_RETURN;
   buf+= LOG_EVENT_MINIMAL_HEADER_LEN;
   pos= post_header_len ? uint8korr(buf + R_POS_OFFSET) : 4;