Commit c8163a16 authored by Marko Mäkelä's avatar Marko Mäkelä

Merge mysql-5.1-security to mysql-5.5-security.

parents 0215807a f2f4b196
/*****************************************************************************
Copyright (c) 1996, 2010, Innobase Oy. All Rights Reserved.
Copyright (c) 1996, 2011, Oracle and/or its affiliates. All Rights Reserved.
This program is free software; you can redistribute it and/or modify it under
the terms of the GNU General Public License as published by the Free Software
......@@ -356,33 +356,6 @@ btr_pcur_restore_position_func(
return(FALSE);
}
/**************************************************************//**
If the latch mode of the cursor is BTR_LEAF_SEARCH or BTR_LEAF_MODIFY,
releases the page latch and bufferfix reserved by the cursor.
NOTE! In the case of BTR_LEAF_MODIFY, there should not exist changes
made by the current mini-transaction to the data protected by the
cursor latch, as then the latch must not be released until mtr_commit. */
UNIV_INTERN
void
btr_pcur_release_leaf(
/*==================*/
btr_pcur_t* cursor, /*!< in: persistent cursor */
mtr_t* mtr) /*!< in: mtr */
{
buf_block_t* block;
ut_a(cursor->pos_state == BTR_PCUR_IS_POSITIONED);
ut_ad(cursor->latch_mode != BTR_NO_LATCHES);
block = btr_pcur_get_block(cursor);
btr_leaf_page_release(block, cursor->latch_mode, mtr);
cursor->latch_mode = BTR_NO_LATCHES;
cursor->pos_state = BTR_PCUR_WAS_POSITIONED;
}
/*********************************************************//**
Moves the persistent cursor to the first record on the next page. Releases the
latch on the current page, and bufferunfixes it. Note that there must not be
......
/*****************************************************************************
Copyright (c) 2000, 2011, MySQL AB & Innobase Oy. All Rights Reserved.
Copyright (c) 2000, 2011, Oracle and/or its affiliates. All Rights Reserved.
Copyright (c) 2008, 2009 Google Inc.
Copyright (c) 2009, Percona Inc.
......@@ -4037,25 +4037,6 @@ field_in_record_is_null(
return(0);
}
/**************************************************************//**
Sets a field in a record to SQL NULL. Uses the record format
information in table to track the null bit in record. */
static inline
void
set_field_in_record_to_null(
/*========================*/
TABLE* table, /*!< in: MySQL table object */
Field* field, /*!< in: MySQL field object */
char* record) /*!< in: a row in MySQL format */
{
int null_offset;
null_offset = (uint) ((char*) field->null_ptr
- (char*) table->record[0]);
record[null_offset] = record[null_offset] | field->null_bit;
}
/*************************************************************//**
InnoDB uses this function to compare two data fields for which the data type
is such that we must use MySQL code to compare them. NOTE that the prototype
......
/*****************************************************************************
Copyright (c) 1996, 2010, Innobase Oy. All Rights Reserved.
Copyright (c) 1996, 2011, Oracle and/or its affiliates. All Rights Reserved.
This program is free software; you can redistribute it and/or modify it under
the terms of the GNU General Public License as published by the Free Software
......@@ -244,18 +244,6 @@ btr_pcur_restore_position_func(
mtr_t* mtr); /*!< in: mtr */
#define btr_pcur_restore_position(l,cur,mtr) \
btr_pcur_restore_position_func(l,cur,__FILE__,__LINE__,mtr)
/**************************************************************//**
If the latch mode of the cursor is BTR_LEAF_SEARCH or BTR_LEAF_MODIFY,
releases the page latch and bufferfix reserved by the cursor.
NOTE! In the case of BTR_LEAF_MODIFY, there should not exist changes
made by the current mini-transaction to the data protected by the
cursor latch, as then the latch must not be released until mtr_commit. */
UNIV_INTERN
void
btr_pcur_release_leaf(
/*==================*/
btr_pcur_t* cursor, /*!< in: persistent cursor */
mtr_t* mtr); /*!< in: mtr */
/*********************************************************//**
Gets the rel_pos field for a cursor whose position has been stored.
@return BTR_PCUR_ON, ... */
......@@ -266,10 +254,9 @@ btr_pcur_get_rel_pos(
const btr_pcur_t* cursor);/*!< in: persistent cursor */
/**************************************************************//**
Commits the mtr and sets the pcur latch mode to BTR_NO_LATCHES,
that is, the cursor becomes detached. If there have been modifications
to the page where pcur is positioned, this can be used instead of
btr_pcur_release_leaf. Function btr_pcur_store_position should be used
before calling this, if restoration of cursor is wanted later. */
that is, the cursor becomes detached.
Function btr_pcur_store_position should be used before calling this,
if restoration of cursor is wanted later. */
UNIV_INLINE
void
btr_pcur_commit_specify_mtr(
......
/*****************************************************************************
Copyright (c) 1996, 2010, Innobase Oy. All Rights Reserved.
Copyright (c) 1996, 2011, Oracle and/or its affiliates. All Rights Reserved.
This program is free software; you can redistribute it and/or modify it under
the terms of the GNU General Public License as published by the Free Software
......@@ -369,10 +369,9 @@ btr_pcur_move_to_next(
/**************************************************************//**
Commits the mtr and sets the pcur latch mode to BTR_NO_LATCHES,
that is, the cursor becomes detached. If there have been modifications
to the page where pcur is positioned, this can be used instead of
btr_pcur_release_leaf. Function btr_pcur_store_position should be used
before calling this, if restoration of cursor is wanted later. */
that is, the cursor becomes detached.
Function btr_pcur_store_position should be used before calling this,
if restoration of cursor is wanted later. */
UNIV_INLINE
void
btr_pcur_commit_specify_mtr(
......
/*****************************************************************************
Copyright (c) 1995, 2009, Innobase Oy. All Rights Reserved.
Copyright (c) 1995, 2011, Oracle and/or its affiliates. All Rights Reserved.
This program is free software; you can redistribute it and/or modify it under
the terms of the GNU General Public License as published by the Free Software
......@@ -213,16 +213,6 @@ ulint
mtr_set_savepoint(
/*==============*/
mtr_t* mtr); /*!< in: mtr */
/**********************************************************//**
Releases the latches stored in an mtr memo down to a savepoint.
NOTE! The mtr must not have made changes to buffer pages after the
savepoint, as these can be handled only by mtr_commit. */
UNIV_INTERN
void
mtr_rollback_to_savepoint(
/*======================*/
mtr_t* mtr, /*!< in: mtr */
ulint savepoint); /*!< in: savepoint */
#ifndef UNIV_HOTBACKUP
/**********************************************************//**
Releases the (index tree) s-latch stored in an mtr memo after a
......
/*****************************************************************************
Copyright (c) 1994, 2009, Innobase Oy. All Rights Reserved.
Copyright (c) 1994, 2011, Oracle and/or its affiliates. All Rights Reserved.
This program is free software; you can redistribute it and/or modify it under
the terms of the GNU General Public License as published by the Free Software
......@@ -209,43 +209,6 @@ ut_strlcpy_rev(
const char* src, /*!< in: source buffer */
ulint size); /*!< in: size of destination buffer */
/**********************************************************************//**
Compute strlen(ut_strcpyq(str, q)).
@return length of the string when quoted */
UNIV_INLINE
ulint
ut_strlenq(
/*=======*/
const char* str, /*!< in: null-terminated string */
char q); /*!< in: the quote character */
/**********************************************************************//**
Make a quoted copy of a NUL-terminated string. Leading and trailing
quotes will not be included; only embedded quotes will be escaped.
See also ut_strlenq() and ut_memcpyq().
@return pointer to end of dest */
UNIV_INTERN
char*
ut_strcpyq(
/*=======*/
char* dest, /*!< in: output buffer */
char q, /*!< in: the quote character */
const char* src); /*!< in: null-terminated string */
/**********************************************************************//**
Make a quoted copy of a fixed-length string. Leading and trailing
quotes will not be included; only embedded quotes will be escaped.
See also ut_strlenq() and ut_strcpyq().
@return pointer to end of dest */
UNIV_INTERN
char*
ut_memcpyq(
/*=======*/
char* dest, /*!< in: output buffer */
char q, /*!< in: the quote character */
const char* src, /*!< in: string to be quoted */
ulint len); /*!< in: length of src */
/**********************************************************************//**
Return the number of times s2 occurs in s1. Overlapping instances of s2
are only counted once.
......
/*****************************************************************************
Copyright (c) 1994, 2009, Innobase Oy. All Rights Reserved.
Copyright (c) 1994, 2011, Oracle and/or its affiliates. All Rights Reserved.
This program is free software; you can redistribute it and/or modify it under
the terms of the GNU General Public License as published by the Free Software
......@@ -98,27 +98,6 @@ ut_strcmp(const char* str1, const char* str2)
return(strcmp(str1, str2));
}
/**********************************************************************//**
Compute strlen(ut_strcpyq(str, q)).
@return length of the string when quoted */
UNIV_INLINE
ulint
ut_strlenq(
/*=======*/
const char* str, /*!< in: null-terminated string */
char q) /*!< in: the quote character */
{
ulint len;
for (len = 0; *str; len++, str++) {
if (*str == q) {
len++;
}
}
return(len);
}
/**********************************************************************//**
Converts a raw binary data to a NUL-terminated hex string. The output is
truncated if there is not enough space in "hex", make sure "hex_size" is at
......
/*****************************************************************************
Copyright (c) 1995, 2009, Innobase Oy. All Rights Reserved.
Copyright (c) 1995, 2011, Oracle and/or its affiliates. All Rights Reserved.
This program is free software; you can redistribute it and/or modify it under
the terms of the GNU General Public License as published by the Free Software
......@@ -282,44 +282,6 @@ mtr_commit(
}
#ifndef UNIV_HOTBACKUP
/**********************************************************//**
Releases the latches stored in an mtr memo down to a savepoint.
NOTE! The mtr must not have made changes to buffer pages after the
savepoint, as these can be handled only by mtr_commit. */
UNIV_INTERN
void
mtr_rollback_to_savepoint(
/*======================*/
mtr_t* mtr, /*!< in: mtr */
ulint savepoint) /*!< in: savepoint */
{
mtr_memo_slot_t* slot;
dyn_array_t* memo;
ulint offset;
ut_ad(mtr);
ut_ad(mtr->magic_n == MTR_MAGIC_N);
ut_ad(mtr->state == MTR_ACTIVE);
memo = &(mtr->memo);
offset = dyn_array_get_data_size(memo);
ut_ad(offset >= savepoint);
while (offset > savepoint) {
offset -= sizeof(mtr_memo_slot_t);
slot = dyn_array_get_element(memo, offset);
ut_ad(slot->type != MTR_MEMO_MODIFY);
/* We do not call mtr_memo_slot_note_modification()
because there MUST be no changes made to the buffer
pages after the savepoint */
mtr_memo_slot_release(mtr, slot);
}
}
/***************************************************//**
Releases an object in the memo stack. */
UNIV_INTERN
......
......@@ -2541,6 +2541,8 @@ row_sel_field_store_in_mysql_format(
ut_ad(len != UNIV_SQL_NULL);
UNIV_MEM_ASSERT_RW(data, len);
UNIV_MEM_ASSERT_W(dest, templ->mysql_col_len);
UNIV_MEM_INVALID(dest, templ->mysql_col_len);
switch (templ->type) {
const byte* field_end;
......@@ -2579,14 +2581,16 @@ row_sel_field_store_in_mysql_format(
dest = row_mysql_store_true_var_len(
dest, len, templ->mysql_length_bytes);
/* Copy the actual data. Leave the rest of the
buffer uninitialized. */
memcpy(dest, data, len);
break;
}
/* Copy the actual data */
ut_memcpy(dest, data, len);
/* Pad with trailing spaces. We pad with spaces also the
unused end of a >= 5.0.3 true VARCHAR column, just in case
MySQL expects its contents to be deterministic. */
/* Pad with trailing spaces. */
pad = dest + len;
......@@ -3112,6 +3116,39 @@ sel_restore_position_for_mysql(
return(TRUE);
}
/********************************************************************//**
Copies a cached field for MySQL from the fetch cache. */
static
void
row_sel_copy_cached_field_for_mysql(
/*================================*/
byte* buf, /*!< in/out: row buffer */
const byte* cache, /*!< in: cached row */
const mysql_row_templ_t*templ) /*!< in: column template */
{
ulint len;
buf += templ->mysql_col_offset;
cache += templ->mysql_col_offset;
UNIV_MEM_ASSERT_W(buf, templ->mysql_col_len);
if (templ->mysql_type == DATA_MYSQL_TRUE_VARCHAR
&& templ->type != DATA_INT) {
/* Check for != DATA_INT to make sure we do
not treat MySQL ENUM or SET as a true VARCHAR!
Find the actual length of the true VARCHAR field. */
row_mysql_read_true_varchar(
&len, cache, templ->mysql_length_bytes);
len += templ->mysql_length_bytes;
UNIV_MEM_INVALID(buf, templ->mysql_col_len);
} else {
len = templ->mysql_col_len;
}
ut_memcpy(buf, cache, len);
}
/********************************************************************//**
Pops a cached row for MySQL from the fetch cache. */
UNIV_INLINE
......@@ -3124,26 +3161,22 @@ row_sel_pop_cached_row_for_mysql(
{
ulint i;
const mysql_row_templ_t*templ;
byte* cached_rec;
const byte* cached_rec;
ut_ad(prebuilt->n_fetch_cached > 0);
ut_ad(prebuilt->mysql_prefix_len <= prebuilt->mysql_row_len);
UNIV_MEM_ASSERT_W(buf, prebuilt->mysql_row_len);
cached_rec = prebuilt->fetch_cache[prebuilt->fetch_cache_first];
if (UNIV_UNLIKELY(prebuilt->keep_other_fields_on_keyread)) {
/* Copy cache record field by field, don't touch fields that
are not covered by current key */
cached_rec = prebuilt->fetch_cache[
prebuilt->fetch_cache_first];
for (i = 0; i < prebuilt->n_template; i++) {
templ = prebuilt->mysql_template + i;
#if 0 /* Some of the cached_rec may legitimately be uninitialized. */
UNIV_MEM_ASSERT_RW(cached_rec
+ templ->mysql_col_offset,
templ->mysql_col_len);
#endif
ut_memcpy(buf + templ->mysql_col_offset,
cached_rec + templ->mysql_col_offset,
templ->mysql_col_len);
row_sel_copy_cached_field_for_mysql(
buf, cached_rec, templ);
/* Copy NULL bit of the current field from cached_rec
to buf */
if (templ->mysql_null_bit_mask) {
......@@ -3153,17 +3186,24 @@ row_sel_pop_cached_row_for_mysql(
& (byte)templ->mysql_null_bit_mask;
}
}
} else if (prebuilt->mysql_prefix_len > 63) {
/* The record is long. Copy it field by field, in case
there are some long VARCHAR column of which only a
small length is being used. */
UNIV_MEM_INVALID(buf, prebuilt->mysql_prefix_len);
/* First copy the NULL bits. */
ut_memcpy(buf, cached_rec, prebuilt->null_bitmap_len);
/* Then copy the requested fields. */
for (i = 0; i < prebuilt->n_template; i++) {
row_sel_copy_cached_field_for_mysql(
buf, cached_rec, prebuilt->mysql_template + i);
}
} else {
ut_memcpy(buf, cached_rec, prebuilt->mysql_prefix_len);
}
else {
#if 0 /* Some of the cached_rec may legitimately be uninitialized. */
UNIV_MEM_ASSERT_RW(prebuilt->fetch_cache
[prebuilt->fetch_cache_first],
prebuilt->mysql_prefix_len);
#endif
ut_memcpy(buf,
prebuilt->fetch_cache[prebuilt->fetch_cache_first],
prebuilt->mysql_prefix_len);
}
prebuilt->n_fetch_cached--;
prebuilt->fetch_cache_first++;
......
/*****************************************************************************
Copyright (c) 1994, 2009, Innobase Oy. All Rights Reserved.
Copyright (c) 1994, 2011, Oracle and/or its affiliates. All Rights Reserved.
This program is free software; you can redistribute it and/or modify it under
the terms of the GNU General Public License as published by the Free Software
......@@ -483,53 +483,6 @@ ut_strlcpy_rev(
return(src_size);
}
/**********************************************************************//**
Make a quoted copy of a NUL-terminated string. Leading and trailing
quotes will not be included; only embedded quotes will be escaped.
See also ut_strlenq() and ut_memcpyq().
@return pointer to end of dest */
UNIV_INTERN
char*
ut_strcpyq(
/*=======*/
char* dest, /*!< in: output buffer */
char q, /*!< in: the quote character */
const char* src) /*!< in: null-terminated string */
{
while (*src) {
if ((*dest++ = *src++) == q) {
*dest++ = q;
}
}
return(dest);
}
/**********************************************************************//**
Make a quoted copy of a fixed-length string. Leading and trailing
quotes will not be included; only embedded quotes will be escaped.
See also ut_strlenq() and ut_strcpyq().
@return pointer to end of dest */
UNIV_INTERN
char*
ut_memcpyq(
/*=======*/
char* dest, /*!< in: output buffer */
char q, /*!< in: the quote character */
const char* src, /*!< in: string to be quoted */
ulint len) /*!< in: length of src */
{
const char* srcend = src + len;
while (src < srcend) {
if ((*dest++ = *src++) == q) {
*dest++ = q;
}
}
return(dest);
}
#ifndef UNIV_HOTBACKUP
/**********************************************************************//**
Return the number of times s2 occurs in s1. Overlapping instances of s2
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment