From d0249764cf85e88023153b2e8b5b9d3e9cddd336 Mon Sep 17 00:00:00 2001 From: He Zhenxing Date: Tue, 30 Mar 2010 17:17:19 +0800 Subject: [PATCH 1/2] Bug#49492 rpl_semi_sync failed on PB2 After stopped slave, it is possible that the Dump thread on master is still running and has locked the semi-sync master plugin, and when uninstalling the semi-sync master plugin, a plugin busy warning could be generated. Fixed by disabling the warnings when uninstalling semi-sync plugin on master. --- mysql-test/suite/rpl/t/rpl_semi_sync.test | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/mysql-test/suite/rpl/t/rpl_semi_sync.test b/mysql-test/suite/rpl/t/rpl_semi_sync.test index b04541aba21..13f5ac70f18 100644 --- a/mysql-test/suite/rpl/t/rpl_semi_sync.test +++ b/mysql-test/suite/rpl/t/rpl_semi_sync.test @@ -602,7 +602,11 @@ source include/stop_slave.inc; UNINSTALL PLUGIN rpl_semi_sync_slave; connection master; +# The dump thread may still be running on the master, and so the following +# UNINSTALL could generate a warning about the plugin is busy. +disable_warnings; UNINSTALL PLUGIN rpl_semi_sync_master; +enable_warnings; connection slave; source include/start_slave.inc; From 9547a63ded3d6a522dc4edf9a8b77b7e2526300d Mon Sep 17 00:00:00 2001 From: He Zhenxing Date: Tue, 1 Jun 2010 16:54:52 +0800 Subject: [PATCH 2/2] BUG#52748 Semi-Sync ACK packet isn't check for length Check the length and use strncpy to make the code safer. plugin/semisync/semisync_master.cc: replace strcpy with strncpy to make the code safer --- plugin/semisync/semisync_master.cc | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) diff --git a/plugin/semisync/semisync_master.cc b/plugin/semisync/semisync_master.cc index 5b06180662e..20d1c6d609c 100644 --- a/plugin/semisync/semisync_master.cc +++ b/plugin/semisync/semisync_master.cc @@ -147,7 +147,8 @@ int ActiveTranx::insert_tranx_node(const char *log_file_name, } /* insert the binlog position in the active transaction list. */ - strcpy(ins_node->log_name_, log_file_name); + strncpy(ins_node->log_name_, log_file_name, FN_REFLEN-1); + ins_node->log_name_[FN_REFLEN-1] = 0; /* make sure it ends properly */ ins_node->log_pos_ = log_file_pos; if (!trx_front_) @@ -1007,13 +1008,15 @@ int ReplSemiSyncMaster::writeTranxInBinlog(const char* log_file_name, if (cmp > 0) { /* This is a larger position, let's update the maximum info. */ - strcpy(commit_file_name_, log_file_name); + strncpy(commit_file_name_, log_file_name, FN_REFLEN-1); + commit_file_name_[FN_REFLEN-1] = 0; /* make sure it ends properly */ commit_file_pos_ = log_file_pos; } } else { - strcpy(commit_file_name_, log_file_name); + strncpy(commit_file_name_, log_file_name, FN_REFLEN-1); + commit_file_name_[FN_REFLEN-1] = 0; /* make sure it ends properly */ commit_file_pos_ = log_file_pos; commit_file_name_inited_ = true; } @@ -1046,6 +1049,7 @@ int ReplSemiSyncMaster::readSlaveReply(NET *net, uint32 server_id, const unsigned char *packet; char log_file_name[FN_REFLEN]; my_off_t log_file_pos; + ulong log_file_len = 0; ulong packet_len; int result = -1; @@ -1121,7 +1125,13 @@ int ReplSemiSyncMaster::readSlaveReply(NET *net, uint32 server_id, } log_file_pos = uint8korr(packet + REPLY_BINLOG_POS_OFFSET); - strcpy(log_file_name, (const char*)packet + REPLY_BINLOG_NAME_OFFSET); + log_file_len = packet_len - REPLY_BINLOG_NAME_OFFSET; + if (log_file_len > FN_REFLEN) + { + sql_print_error("Read semi-sync reply binlog file length too large"); + goto l_end; + } + strncpy(log_file_name, (const char*)packet + REPLY_BINLOG_NAME_OFFSET, log_file_len); if (trc_level & kTraceDetail) sql_print_information("%s: Got reply (%s, %lu)",