Skip to content

MDEV-30732 : wsrep_store_key_val_for_row() may invoke memcpy() on nul… #4314

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: 10.11
Choose a base branch
from
Open

MDEV-30732 : wsrep_store_key_val_for_row() may invoke memcpy() on nul… #4314

wants to merge 1 commit into from
+650 −126

Conversation

@janlindstrom
Copy link
Contributor

…lptr

  • The Jira issue number for this PR is: MDEV-30732

Description

Problem was that row_mysql_read_blob_ref can return NULL in case when blob datatype is used in a key and its real value is NULL. This NULL pointer is then used in memcpy function in wsrep_store_key_val_for_row. However,
memcpy is defined so that argument 2 must not be NULL.

Fixed by adding conditions before memcpy functions so that argument 2 is always non NULL.

Release Notes

TODO: What should the release notes say about this change?
Include any changed system variables, status variables or behaviour. Optionally list any https://mariadb.com/kb/ pages that need changing.

How can this PR be tested?

TODO: modify the automated test suite to verify that the PR causes MariaDB to behave as intended.
Consult the documentation on "Writing good test cases".

If the changes are not amenable to automated testing, please explain why not and carefully describe how to test manually.

Basing the PR against the correct MariaDB version

  • This is a new feature or a refactoring, and the PR is based against the main branch.
  • [x ] This is a bug fix, and the PR is based against the earliest maintained branch in which the bug can be reproduced.

PR quality check

  • [x ] I checked the CODING_STANDARDS.md file and my PR conforms to this where appropriate.
  • [x ] For any trivial modifications to the PR, I am ok with the reviewer making the changes themselves.

@janlindstrom janlindstrom self-assigned this Sep 24, 2025
@janlindstrom janlindstrom requested a review from dr-m September 24, 2025 06:49
@svoj svoj added the Codership Codership Galera label Sep 24, 2025
dr-m
dr-m requested changes Oct 3, 2025
View reviewed changes
@janlindstrom janlindstrom force-pushed the 10.11-MDEV-30732 branch 2 times, most recently from 99415e3 to 4e53039 Compare October 3, 2025 12:40
dr-m
dr-m reviewed Oct 7, 2025
View reviewed changes
@janlindstrom janlindstrom force-pushed the 10.11-MDEV-30732 branch 2 times, most recently from 12a363a to fa1fec8 Compare October 9, 2025 10:29
@janlindstrom
MDEV-30732 : wsrep_store_key_val_for_row() may invoke memcpy() on nul…
2effebc 
…lptr

Problem was that row_mysql_read_blob_ref can return NULL
in case when blob datatype is used in a key and its real
value is NULL. This NULL pointer is then used in memcpy
function in wsrep_store_key_val_for_row. However,
memcpy is defined so that argument 2 must not be NULL.

Fixed by adding conditions before memcpy functions so
that argument 2 is always non NULL.

Additional fixes after review
- Removed unnecessary copying key data from one buffer to another.
Use original key data buffer as input and temporary buffer as output.
Extra output buffer is needed because strnxfrm might expand input buffer
contents.
- Removed unnecessary initialization of variables and move
declaration where first time needed.
- Removed unnecessary intitialization of temporary buffer because
we already keep track actual filled length.
- Remove unneccessary extra call to charset->strnxfrm
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dr-m dr-m dr-m requested changes

Assignees

@janlindstrom janlindstrom

Labels

Codership Codership Galera

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@janlindstrom @dr-m @svoj