Commit 1f01df0e authored by unknown's avatar unknown
Browse files

Fix for BUG#3422 "In 3.23 -> 4.0 replication, slave segfault when replicating LOAD DATA INFILE": 

as we transform the 3.23 Load_log_event into a 4.0 Create_file_log_event which is one
byte longer, we need to increment event_len. The bug was that we did not increment it,
so later in code the end 0 was not seen so there was for example a segfault in
strlen(fname) because fname was not 0-terminated.
Other problems remain in 3.23->4.0 replication of LOAD DATA INFILE but they are less serious:
Exec_master_log_pos and Relay_log_space are incorrect. I'll document them.
They are not fixable without significant code changes (if you fix those problems in 4.0,
you get assertion failures somewhere else etc), * which are already done in 5.0.0 *.


sql/slave.cc:
  In 3.23->4.0 replication of LOAD DATA INFILE:
  as we transform the 3.23 Load_log_event into a 4.0 Create_file_log_event which is one
  byte longer, we need to increment event_len.
  So we need to modify the event_len stored in the event.
  And we need to decrement event_len when we compute the offset in the master's binlog.
parent a5d016ec

sql/slave.cc

+14 −2
Original line number Diff line number Diff line
@@ -3030,8 +3030,16 @@ static int queue_old_event(MASTER_INFO *mi, const char *buf, 
      DBUG_RETURN(1);

    }

    memcpy(tmp_buf,buf,event_len);

    tmp_buf[event_len]=0; // Create_file constructor wants null-term buffer

    /*

      Create_file constructor wants a 0 as last char of buffer, this 0 will

      serve as the string-termination char for the file's name (which is at the

      end of the buffer)

      We must increment event_len, otherwise the event constructor will not see

      this end 0, which leads to segfault.

    */

    tmp_buf[event_len++]=0;

    buf = (const char*)tmp_buf;

    int4store(buf+EVENT_LEN_OFFSET, event_len);

  }

  /*

    This will transform LOAD_EVENT into CREATE_FILE_EVENT, ask the master to
@@ -3079,7 +3087,11 @@ static int queue_old_event(MASTER_INFO *mi, const char *buf, 
    DBUG_ASSERT(tmp_buf);

    int error = process_io_create_file(mi,(Create_file_log_event*)ev);

    delete ev;

    mi->master_log_pos += event_len;

    /*

      We had incremented event_len, but now when it is used to calculate the

      position in the master's log, we must use the original value.

    */

    mi->master_log_pos += --event_len;

    DBUG_PRINT("info", ("master_log_pos: %d", (ulong) mi->master_log_pos));

    pthread_mutex_unlock(&mi->data_lock);

    my_free((char*)tmp_buf, MYF(0));