Test for MDEV-39788#5147
Open
ParadoxV5 wants to merge 30 commits into
Open
Conversation
Calling itself will cause extensive memory usage that can kill the machine when it runs out of memory (happend to me). Fixed by having mtr.out-of-source checking that it is not calling itself. In addition added a check for cmake to expand symlinks to make the check if we are running mtr 'out of source' safer. Author: Sergei Golubchik <serg@mariadb.org> (CMakeList.txt changes)
Add verification of wsrep_sst_donor, wsrep_sst_method and wsrep_sst_receive_address so that they contain only supported characters. But allow NULL or empty value.
Joiner mariadbd exits when SST is aborted; the exit code varies by platform (clean 0 on some systems, signalled 134 / 1 on others). pkill exit code can also vary by platform (clean 0 on some systems, signalled 1 others).
check for tablename-safe characters in backed up table files
according to the rfc, the length is 2 bytes, but the max length is 226 and there's a validity check for length <= 240.
…mpare let's show stable values that don't change between runs
check data length for Gis_point
max_subnet estimate was off by one. * only allow address with a known family (trips an assert in addr_matches_subnet()) * adjust max_subnet estimate accordinly
GROUP_CONCAT is limited by group_concat_max_len, but also, as a string function it must respect max_allowed_packet. Let's introduce THD::gconcat_max_len() helper to simplify checks. Also: * make max group_concat_max_len value the same as max max_allowed_packet * use the same MY_MIN((ulonglong) ..., UINT_MAX32) in Item_func_json_objectagg as in Item_func_group_concat * use overflow-safe type for lengths in Item_func_quote (MAX_MAX_ALLOWED_PACKET is 1G so uint cannot overflow yet, but it's a fragile assumption)
…eters Issue: wsrep_sst_rsync.sh interpolated WSREP_SST_OPT_REMOTE_USER and WSREP_SST_OPT_REMOTE_PSWD verbatim. Because both values originate from the joiner side of the SST request, a newline in either could splice an extra directive into the donor-written stunnel.conf (silently downgrading peer-cert verification) or an extra line into the rsync magic file. MDEV-39413 had introduced safe() for the same threat class in wsrep_sst_mariabackup but did not extend it to the rsync script. Solution: Routing the rsync interpolations through safe() closes the gap, and extending safe() to also reject tab and newline ensures multi-line values cannot survive into a config-file heredoc.
it crashes in galera.mdev-28433
This is regression caused by MDEV-28750 commit 1f34996. In multi-table update table list could contain tables that are not yet opened because update does not really change them. This can happen e.g. when update changes table that is referenced by foreign key by table that is not part of multi-table update. Fixed by first checking is wsrep write set size limited. If it is not multi-table update can continue normally. If write set size is limited then check has update updated both transactional and non-transactional tables and those tables that have not yet been opened can be safely skipped as they are not updated.
This reverts commit 895b28d.
…ails to parse add tests
…-supplied member fields Issue: wsrep_notify_status() interpolated members[i].name() (the peer's wsrep_node_name) and members[i].incoming() verbatim into a command string that is then executed via 'sh -c' by wsp::process. A peer joining the cluster with shell metacharacters in its wsrep_node_name or wsrep_node_incoming_address caused arbitrary commands to run on every cluster member that had wsrep_notify_cmd configured. MDEV-39413 introduced safe() for the same threat class in the SST scripts but did not cover the C++ wsrep_notify path. Solution: Validate each substituted field against a narrow whitelist before interpolating. Node name allows alnum and -_. ; node address additionally allows :[]/ for host:port and [ipv6] forms. On bad input the notification is skipped with an error log instead of forwarding the unsafe value to sh -c.
MDEV-39788 found that the recent refactor on the `main` (now 12.3) branch forgot that the line count includes the line count line itself. This test checks future changes in any supported version that they don’t make this mistake again.
|
|
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
This comment was marked as spam.
This comment was marked as spam.
Sorry, something went wrong.
… update the result
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
8 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
MDEV-39788 found that the recent refactor on the
main(now 12.3) branch forgot that the line count includes the line count line itself.This test checks future changes in any supported version that they don’t make this mistake again.
This PR is currently based on tag
mariadb-10.11.18, so the MDEV-39788 fix can build on it; though somehow this tag and the10.11branch are currently well divergent.(Heh, our spambot is gonna stress out.)