Out-of-bound reads in mysqlbinlog
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
MySQL Server |
Unknown
|
Unknown
|
|||
Percona Server moved to https://jira.percona.com/projects/PS |
Fix Released
|
High
|
Unassigned | ||
5.1 |
Fix Released
|
High
|
Unassigned | ||
5.5 |
Fix Released
|
High
|
Unassigned |
Bug Description
Found using AddressSanitizer testing.
The mysqlbinlog utility may result in out-of-bound heap buffer reads and thus, undefined behavior, when processing RBR events in the old (pre-5.1 GA) format.
The following code in process_event() would only be correct if Rows_log_event was the base class for {Write,
case WRITE_ROWS_EVENT:
case DELETE_ROWS_EVENT:
case UPDATE_ROWS_EVENT:
case PRE_GA_
case PRE_GA_
case PRE_GA_
...
...
if (e->get_
{
...
}
However, Rows_log_event is only the base class for the {Write,
How to repeat:
Examine the code in process_event() or run binlog.
tags: | added: asan |
Likely fixed under "Bug#14771299 OUT-OF-BOUND READS WRITE IN MYSQLBINLOG" in 5.5.