Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

MDEV-35665 Potential Buffer Overrun in Gtid_log_event::write() #3717

Merged
merged 1 commit into from
Jan 21, 2025

Conversation

ParadoxV5
Copy link
Contributor

  • The Jira issue number for this PR is: MDEV-35665

Description

Two-Phase ALTER added a sa_seq_no field, but Gtid_log_event::write()’s size calculation doesn’t have an addend in its name.
This means sa_seq_no can overrun Gtid_log_event::write()’s buffer.

This patch resizes the buffer to match write()'s code.

Gtid_log_event is variable-sized, but it’s possible that an instance flags all its fields for writing.

Release Notes

Fixed internal buffer overrun when writing a GTID event with all flags active.

How can this PR be tested?

TODO: We need a test that writes a Gtid_log_event with every field flagged active, not only so Valgrind (or a manual DBUG_ASSERT) can catch buffer overruns, but also to validate future new fields that they don’t impact any existing fields.

Basing the PR against the correct MariaDB version

  • [ ] This is a new feature or a refactoring, and the PR is based against the main branch.
  • This is a bug fix, and the PR is based against the earliest maintained branch in which the bug can be reproduced.

PR quality check

  • I checked the CODING_STANDARDS.md file and my PR conforms to this where appropriate.
  • For any trivial modifications to the PR, I am ok with the reviewer making the changes themselves.

Two-Phase ALTER added a sa_seq_no field, but `Gtid_log_event::write()`'s
size calculation doesn't have an addend in its name.

This patch resizes the buffer to match `write()`'s code.
@ParadoxV5 ParadoxV5 enabled auto-merge (rebase) January 21, 2025 16:48
@ParadoxV5 ParadoxV5 merged commit 91585ff into 10.11 Jan 21, 2025
12 of 13 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Development

Successfully merging this pull request may close these issues.

2 participants