MXS-870: Handle non-contiguous session command responses

Session command responses with multiple packets could be spread across multiple, non-contiguous buffers. If a buffer contained a complete packet and some extra data but it wasn't contiguous, the debug assertion in gwbuf_clone_portion would fail. With release builds, it would cause eventual out-of-bounds memory access when the response would be sent to the client.
2016-09-19 05:34:03 +03:00
parent 7fc7249349
commit 92ef33327e
4 changed files with 12 additions and 27 deletions
--- a/server/modules/protocol/mysql_backend.c
+++ b/server/modules/protocol/mysql_backend.c
@ -2011,22 +2011,17 @@ static GWBUF* process_response_data(DCB* dcb,
            outbuf = gwbuf_append(outbuf, readbuf);
            readbuf = NULL;
        }
-            /**
-             * Packet was read. There should be more since bytes were
-             * left over.
-             * Move the next packet to its own buffer and add that next
-             * to the prev packet's buffer.
-             */
-        else /*< nbytes_left < nbytes_to_process */
+        /**
+         * Buffer contains more data than we need. Split the complete packet and
+         * the extra data into two separate buffers.
+         */
+        else
        {
-            ss_dassert(nbytes_left >= 0);
-            nbytes_to_process -= nbytes_left;
-
-            /** Move the prefix of the buffer to outbuf from redbuf */
-            outbuf = gwbuf_append(outbuf,
-                                  gwbuf_clone_portion(readbuf, 0, (size_t) nbytes_left));
-            readbuf = gwbuf_consume(readbuf, (size_t) nbytes_left);
+            ss_dassert(nbytes_left < nbytes_to_process);
+            ss_dassert(nbytes_left > 0);
            ss_dassert(npackets_left > 0);
+            outbuf = gwbuf_append(outbuf, gwbuf_split(&readbuf, nbytes_left));
+            nbytes_to_process -= nbytes_left;
            npackets_left -= 1;
            nbytes_left = 0;
        }