MDEV-38010: Master & relay log info files ignore trailing garbage in numeric lines

This patch fixes an issue where Int_IO_CACHE::from_chars stops parsing at the
first invalid character but fails to consume the remainder of the line. This
caused trailing garbage on a numeric field (like Master_Port) to be interpreted
as the value for the subsequent field.

The fix introduces a strict validation helper is_string_blank_or_empty which
ensures that only whitespace or control characters follow the parsed numeric
value. The init_*_from_file functions now zero-initialize variables, perform
error checking immediately after string conversion, and safely reject files with
trailing garbage.

The test master_info_numeric_validation has been updated to use --move_file
for robust backup and restoration of the master.info file.

Author: ayush-jha123

mysql-test/main/master_info_numeric_validation.result

@@ -0,0 +1,17 @@
+include/master-slave.inc
+[connection master]
+connection slave;
+call mtr.add_suppression("Error reading master configuration");
+call mtr.add_suppression("Failed to initialize the master info structure");
+call mtr.add_suppression("error connecting to master");
+include/rpl_stop_server.inc [server_number=2]
+include/rpl_start_server.inc [server_number=2]
+connection slave;
+# Verifying that trailing garbage causes parsing to fail.
+# Rejection successful. The server refused to parse the garbage.
+# Restoring the slave to original replication state
+include/rpl_restart_server.inc [server_number=2]
+include/start_slave.inc
+connection master;
+include/rpl_end.inc
+# End of master_info_numeric_validation.test

mysql-test/main/master_info_numeric_validation.test

@@ -0,0 +1,83 @@
+#
+# MDEV-38010: Trailing garbage in master.info numeric fields leads to corruption.
+# This test verifis that the server strictly validates numeric lines in master.info.
+# If trailing non-whitespace characters are found, the line is rejected as corrupted.
+#
+
+--source include/master-slave.inc
+--source include/have_binlog_format_mixed.inc
+
+--connection slave
+
+# Step1: Capture the current working replication state.
+# We need these to restore a clean environment after we've intentionally
+# "broken" the master.info file for the test.
+--let $master_port= query_get_value(SHOW SLAVE STATUS, Master_Port, 1)
+
+# Suppress the err we expect to see in the log during this test.
+# The server will log these when it hits our new strict validation logic.
+call mtr.add_suppression("Error reading master configuration");
+call mtr.add_suppression("Failed to initialize the master info structure");
+call mtr.add_suppression("error connecting to master");
+
+--let $MYSQLD_DATADIR= `select @@datadir`
+
+--let $rpl_server_number= 2
+--source include/rpl_stop_server.inc
+
+# Step2: Simulate a corrupted master.info file.
+# The server is now fully stopped, preventing it from flushing its clean
+# in-memory state and overwriting our manually hacked file on shutdown.
+--move_file $MYSQLD_DATADIR/master.info $MYSQLD_DATADIR/master.info.backup
+--write_file $MYSQLD_DATADIR/master.info
+17
+master-bin.000001
+4
+127.0.0.1
+root
+
+9999 60
+60
+0
+0
+
+
+
+0
+
+60.000abcdefghijklm
+1 1
+EOF
+
+# Step3: Start the server to force it to parse the corrupted file.
+--let $rpl_server_number= 2
+--source include/rpl_start_server.inc
+
+--connection slave
+
+--echo # Verifying that trailing garbage causes parsing to fail.
+--let $port= query_get_value(SHOW SLAVE STATUS, Master_Port, 1)
+
+if ($port == 9999) {
+  --echo Error: The garbage in master.info was silently accepted! Port evaluated to $port.
+  --die "Test failed: Fix is not preventing garbage parsing."
+}
+
+--echo # Rejection successful. The server refused to parse the garbage.
+
+# Step4: Cleanup and Restoration.
+# We remove the bad master.info and restore the original from the temp dir.
+--remove_file $MYSQLD_DATADIR/master.info
+--move_file $MYSQLD_DATADIR/master.info.backup $MYSQLD_DATADIR/master.info
+
+--echo # Restoring the slave to original replication state
+--let $rpl_server_number= 2
+--source include/rpl_restart_server.inc
+
+--source include/start_slave.inc
+
+--connection master
+--source include/rpl_end.inc
+
+
+--echo # End of master_info_numeric_validation.test

sql/rpl_mi.cc

@@ -49,6 +49,8 @@ Master_info::Master_info(LEX_CSTRING *connection_name_arg,
 {
   char *tmp;
   host[0] = 0; user[0] = 0; password[0] = 0;
+  master_log_pos = 0;
+  master_log_name[0] = 0;
   ssl_ca[0]= 0; ssl_capath[0]= 0; ssl_cert[0]= 0;
   ssl_cipher[0]= 0; ssl_key[0]= 0;
   ssl_crl[0]= 0; ssl_crlpath[0]= 0;

sql/slave.cc

@@ -1699,69 +1699,99 @@ int init_strvar_from_file(char *var, int max_size, IO_CACHE *f,
   DBUG_RETURN(1);
 }
 
-/*
-  when moving these functions to mysys, don't forget to
-  remove slave.cc from libmysqld/CMakeLists.txt
-*/
+/* Check if numeric string parsing has trailing garbage */
+static bool is_string_blank_or_empty(const char *endptr)
+{
+  while (*endptr != '\0' &&
+         (my_isspace(system_charset_info, *endptr) ||
+          my_iscntrl(system_charset_info, *endptr)))
+  {
+    endptr++;
+  }
+
+  return *endptr != '\0';
+}
+
 int init_intvar_from_file(int* var, IO_CACHE* f, int default_val)
 {
-  char buf[32];
+  char buf[32]= {0};
   DBUG_ENTER("init_intvar_from_file");
 
+  *var= 0;
 
-  if (my_b_gets(f, buf, sizeof(buf)))
-  {
-    *var = atoi(buf);
-    DBUG_RETURN(0);
-  }
-  else if (default_val)
+  if (!my_b_gets(f, buf, sizeof(buf)))
   {
-    *var = default_val;
+    if (!default_val)
+      DBUG_RETURN(1);
+    *var= default_val;
     DBUG_RETURN(0);
   }
-  DBUG_RETURN(1);
+
+  char *endptr= buf + strlen(buf);
+  int error= 0;
+  longlong val= my_strtoll10(buf, &endptr, &error);
+
+  if (error || is_string_blank_or_empty(endptr))
+    DBUG_RETURN(1);
+
+  if (val < 0 || val > UINT_MAX)
+    DBUG_RETURN(1);
+
+  *var= (int) val;
+  DBUG_RETURN(0);
 }
 
 int init_ulonglongvar_from_file(ulonglong* var, IO_CACHE* f,
                                 ulonglong default_val)
 {
-  char buf[MY_INT64_NUM_DECIMAL_DIGITS];
-  int error;
+  char buf[MY_INT64_NUM_DECIMAL_DIGITS]= {0};
+  int error= 0;
   DBUG_ENTER("init_ulonglongvar_from_file");
 
+  *var= 0;
 
-  if (my_b_gets(f, buf, sizeof(buf)))
-  {
-    *var = (ulonglong) my_strtoll10(buf, (char**) 0, &error);
-    DBUG_RETURN(0);
-  }
-  else if (default_val)
+  if (!my_b_gets(f, buf, sizeof(buf)))
   {
-    *var = default_val;
+    if (!default_val)
+      DBUG_RETURN(1);
+    *var= default_val;
     DBUG_RETURN(0);
   }
-  DBUG_RETURN(1);
+
+  char *endptr= buf + strlen(buf);
+  ulonglong val= (ulonglong) my_strtoll10(buf, &endptr, &error);
+
+  if (error || is_string_blank_or_empty(endptr))
+    DBUG_RETURN(1);
+
+  *var= val;
+  DBUG_RETURN(0);
 }
 
 int init_floatvar_from_file(float* var, IO_CACHE* f, float default_val)
 {
-  char buf[16];
+  char buf[16]= {0};
   DBUG_ENTER("init_floatvar_from_file");
 
+  *var= 0.0;
 
-  if (my_b_gets(f, buf, sizeof(buf)))
+  if (!my_b_gets(f, buf, sizeof(buf)))
   {
-    if (sscanf(buf, "%f", var) != 1)
+    if (default_val == 0.0)
       DBUG_RETURN(1);
-    else
-      DBUG_RETURN(0);
-  }
-  else if (default_val != 0.0)
-  {
-    *var = default_val;
+    *var= default_val;
     DBUG_RETURN(0);
   }
-  DBUG_RETURN(1);
+
+  char *endptr= buf + strlen(buf);
+  int error= 0;
+  double val= my_strtod(buf, &endptr, &error);
+
+  if (error || is_string_blank_or_empty(endptr))
+    DBUG_RETURN(1);
+
+  *var= (float) val;
+  DBUG_RETURN(0);
 }