file name is not escaped in binlog for LOAD DATA INFILE statement

Bug #1277351 reported by Laurynas Biveinis on 2014-02-07
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
MySQL Server
Unknown
Unknown
Percona Server
Status tracked in 5.6
5.1
Undecided
Vlad Lesin
5.5
Undecided
Vlad Lesin
5.6
Undecided
Vlad Lesin

Bug Description

This is a copy of http://bugs.mysql.com/bug.php?id=71603:

[6 Feb 9:34] Vlad Lesin

Description:
Load_log_event::print_query() function does not escape file name for "LOAD DATA INFILE" statement, as a result unescaped file name can be written in replication binlog.

How to repeat:
.tar.bz2 archive will be attached to this bug report. This archive contains MTR test which repeats the bug. Just unpack this archive to the root of 5.5.36 source tree and launch it with mysqltestrun.

Suggested fix:
Escape file name in Load_log_event::print_query().

[6 Feb 9:35] Vlad Lesin

MTR test to repeat the bug

Attachment: rpl_load_data_file_escape.tar.bz2 (application/x-bzip, text), 886 bytes.

tags: added: upstream

Oracle fix in 5.5.39:

5.5 $ bzr log -r 4644
------------------------------------------------------------
revno: 4644
committer: Neeraj Bisht <email address hidden>
branch nick: 5.5
timestamp: Thu 2014-05-15 15:50:52 +0530
message:
  Bug#18207212 : FILE NAME IS NOT ESCAPED IN BINLOG FOR LOAD DATA INFILE STATEMENT

  Problem:
  Load_log_event::print_query() function does not put escape character in file name
  for "LOAD DATA INFILE" statement.

  Analysis:
  When we have "'" in our file name for "LOAD DATA INFILE" statement,
  Load_log_event::print_query() function does not put escape character
  in our file name.

  This one result that when we show binary-log, we get file name without
  escape character.

  Solution:
  To put escape character when we have "'" in file name, for this instead of using
  simple memcpy() to put file-name, we will use pretty_print_str().

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.