Skip to content

Commit

Permalink
MDEV-35665 Potential Buffer Overrun in Gtid_log_event::write()
Browse files Browse the repository at this point in the history 
Two-Phase ALTER added a sa_seq_no field, but `Gtid_log_event::write()`'s
size calculation doesn't have an addend in its name.

This patch resizes the buffer to match `write()`'s code.
  • Loading branch information
@ParadoxV5
ParadoxV5 committed Dec 18, 2024
1 parent c391fb1 commit e6e3672
Showing 1 changed file with 6 additions and 1 deletion.
7 changes: 6 additions & 1 deletion sql/log_event_server.cc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3729,7 +3729,12 @@ Gtid_log_event::peek(const uchar *event_start, size_t event_len,
bool
Gtid_log_event::write()
{
uchar buf[GTID_HEADER_LEN+2+sizeof(XID) + /* flags_extra: */ 1+4];
uchar buf[GTID_HEADER_LEN+2
+ sizeof(XID)
+ 1 // flags_extra:
+ 1 // extra_engines
+ 8 // sa_seq_no
];
size_t write_len= 13;

int8store(buf, seq_no);
Expand Down

0 comments on commit e6e3672

Please sign in to comment.