Commit db4c6f56 authored by unknown's avatar unknown Committed by Bjorn Munch

Merge from mysql-5.5.12-release

parents 6875f4df d5db1540
......@@ -12807,3 +12807,19 @@ DROP TABLE t1;
#
CREATE TABLE `a/../`(a INT) ENGINE=ARCHIVE;
DROP TABLE `a/../`;
#
# BUG#57162 - valgrind errors, random data when returning
# ordered data from archive tables
#
SET sort_buffer_size=32804;
CREATE TABLE t1(a INT, b CHAR(255), c CHAR(255), d CHAR(255),
e CHAR(255), f INT) ENGINE=ARCHIVE DEFAULT CHARSET utf8;
INSERT INTO t1 VALUES(-1,'b','c','d','e',1);
INSERT INTO t1 SELECT * FROM t1;
INSERT INTO t1 SELECT * FROM t1;
INSERT INTO t1 SELECT t1.* FROM t1,t1 t2,t1 t3,t1 t4,t1 t5,t1 t6;
SELECT * FROM t1 ORDER BY f LIMIT 1;
a b c d e f
-1 b c d e 1
DROP TABLE t1;
SET sort_buffer_size=DEFAULT;
......@@ -451,4 +451,21 @@ SELECT CONVERT(t2.a USING UTF8) FROM t1, t1 t2 LIMIT 1
1
1
DROP TABLE t1;
#
# Bug #11765023: 57934: DOS POSSIBLE SINCE BINARY CASTING
# DOESN'T ADHERE TO MAX_ALLOWED_PACKET
SET @@GLOBAL.max_allowed_packet=2048;
Warnings:
Warning 1708 The value of 'max_allowed_packet' should be no less than the value of 'net_buffer_length'
SELECT CONVERT('a', BINARY(2049));
CONVERT('a', BINARY(2049))
NULL
Warnings:
Warning 1301 Result of cast_as_binary() was larger than max_allowed_packet (2048) - truncated
SELECT CONVERT('a', CHAR(2049));
CONVERT('a', CHAR(2049))
NULL
Warnings:
Warning 1301 Result of cast_as_char() was larger than max_allowed_packet (2048) - truncated
SET @@GLOBAL.max_allowed_packet=default;
End of 5.1 tests
......@@ -180,7 +180,6 @@ ERROR 42000: Mixing of GROUP columns (MIN(),MAX(),COUNT(),...) with no GROUP col
SHOW WARNINGS;
Level Code Message
Error 1140 Mixing of GROUP columns (MIN(),MAX(),COUNT(),...) with no GROUP columns is illegal if there is no GROUP BY clause
Note 1003 select 1 AS `1` from `test`.`t1` where <not>(<exists>(...))
SET SESSION sql_mode=@old_sql_mode;
DROP TABLE t1;
End of 5.0 tests.
......@@ -318,3 +317,17 @@ id select_type table type possible_keys key key_len ref rows Extra
DEALLOCATE PREPARE stmt;
DROP TABLE t1;
End of 5.1 tests.
#
# Bug#11829785 EXPLAIN EXTENDED CRASH WITH RIGHT OUTER JOIN, SUBQUERIES
#
CREATE TABLE t1(a INT);
INSERT INTO t1 VALUES (0), (0);
PREPARE s FROM
'EXPLAIN EXTENDED
SELECT SUBSTRING(1, (SELECT 1 FROM t1 a1 RIGHT OUTER JOIN t1 ON 0)) AS d
FROM t1 WHERE 0 > ANY (SELECT @a FROM t1)';
EXECUTE s;
ERROR 21000: Subquery returns more than 1 row
DEALLOCATE PREPARE s;
DROP TABLE t1;
#
......@@ -1056,7 +1056,6 @@ ERROR HY000: Only constant XPATH queries are supported
SHOW WARNINGS;
Level Code Message
Error 1105 Only constant XPATH queries are supported
Note 1003 select updatexml('1',`test`.`t1`.`a`,'1') AS `UPDATEXML('1', a, '1')` from `test`.`t1` order by (select group_concat(1 separator ',') from `test`.`t1`)
DROP TABLE t1;
End of 5.1 tests
DROP TABLE IF EXISTS t1, t2;
......
......@@ -1043,6 +1043,10 @@ create spatial index i on t1 (a);
ERROR 42000: A SPATIAL index may only contain a geometrical type column
drop table t1;
End of 5.1 tests
CREATE TABLE t0 (a BINARY(32) NOT NULL);
CREATE SPATIAL INDEX i on t0 (a);
ERROR 42000: A SPATIAL index may only contain a geometrical type column
INSERT INTO t0 VALUES (1);
CREATE TABLE t1(
col0 BINARY NOT NULL,
col2 TIMESTAMP,
......@@ -1071,5 +1075,5 @@ col2 LINESTRING,
SPATIAL INDEX i1 (col1, col2)
);
ERROR HY000: Incorrect arguments to SPATIAL INDEX
DROP TABLE t1;
DROP TABLE t2;
DROP TABLE t0, t1, t2;
End of 5.5 tests
......@@ -4626,7 +4626,7 @@ DELIMITER ;
/*!50003 SET collation_connection = @saved_col_connection */ ;
ALTER DATABASE `test-database` CHARACTER SET utf8 COLLATE utf8_unicode_ci ;
DROP DATABASE `test-database`;
USE `test`;
USE test;
#
# End of 5.1 tests
#
......
......@@ -7452,6 +7452,24 @@ c1
# Cleanup
drop table t1;
drop procedure p1;
#
# BUG#11766234: 59299: ASSERT (TABLE_REF->TABLE || TABLE_REF->VIEW)
# FAILS IN SET_FIELD_ITERATOR
#
CREATE TABLE t1 (a INT);
CREATE TABLE t2 (a INT);
CREATE VIEW v1 AS SELECT a FROM t2;
CREATE PROCEDURE proc() SELECT * FROM t1 NATURAL JOIN v1;
ALTER TABLE t2 CHANGE COLUMN a b CHAR;
CALL proc();
ERROR HY000: View 'test.v1' references invalid table(s) or column(s) or function(s) or definer/invoker of view lack rights to use them
CALL proc();
ERROR HY000: View 'test.v1' references invalid table(s) or column(s) or function(s) or definer/invoker of view lack rights to use them
DROP TABLE t1,t2;
DROP VIEW v1;
DROP PROCEDURE proc;
# --
# -- Bug 11765684 - 58674: SP-cache does not detect changes in
......
......@@ -865,9 +865,6 @@ Level Code Message
Note 1276 Field or reference 'test.t1.a' of SELECT #3 was resolved in SELECT #2
Note 1276 Field or reference 'test.t1.c' of SELECT #3 was resolved in SELECT #2
Error 1054 Unknown column 'c' in 'field list'
Note 1003 select `c` AS `c` from (select (select count(`test`.`t1`.`a`) from dual group by `c`) AS `(SELECT COUNT(a) FROM
(SELECT COUNT(b) FROM t1) AS x GROUP BY c
)` from `test`.`t1` group by `test`.`t1`.`b`) `y`
DROP TABLE t1;
End of 5.0 tests
create table t0 (a int);
......
......@@ -1730,3 +1730,18 @@ DROP TABLE t1;
CREATE TABLE `a/../`(a INT) ENGINE=ARCHIVE;
remove_file $MYSQLD_DATADIR/test/a@002f@002e@002e@002f.frm;
DROP TABLE `a/../`;
--echo #
--echo # BUG#57162 - valgrind errors, random data when returning
--echo # ordered data from archive tables
--echo #
SET sort_buffer_size=32804;
CREATE TABLE t1(a INT, b CHAR(255), c CHAR(255), d CHAR(255),
e CHAR(255), f INT) ENGINE=ARCHIVE DEFAULT CHARSET utf8;
INSERT INTO t1 VALUES(-1,'b','c','d','e',1);
INSERT INTO t1 SELECT * FROM t1;
INSERT INTO t1 SELECT * FROM t1;
INSERT INTO t1 SELECT t1.* FROM t1,t1 t2,t1 t3,t1 t4,t1 t5,t1 t6;
SELECT * FROM t1 ORDER BY f LIMIT 1;
DROP TABLE t1;
SET sort_buffer_size=DEFAULT;
......@@ -280,5 +280,19 @@ SELECT 1 FROM
) AS s LIMIT 1;
DROP TABLE t1;
--echo #
--echo # Bug #11765023: 57934: DOS POSSIBLE SINCE BINARY CASTING
--echo # DOESN'T ADHERE TO MAX_ALLOWED_PACKET
SET @@GLOBAL.max_allowed_packet=2048;
# reconnect to make the new max packet size take effect
--connect (newconn, localhost, root,,)
SELECT CONVERT('a', BINARY(2049));
SELECT CONVERT('a', CHAR(2049));
connection default;
disconnect newconn;
SET @@GLOBAL.max_allowed_packet=default;
--echo End of 5.1 tests
#
# Test of different EXPLAIN's
# Test of different EXPLAINs
--disable_warnings
drop table if exists t1;
......@@ -275,3 +275,24 @@ DEALLOCATE PREPARE stmt;
DROP TABLE t1;
--echo End of 5.1 tests.
--echo #
--echo # Bug#11829785 EXPLAIN EXTENDED CRASH WITH RIGHT OUTER JOIN, SUBQUERIES
--echo #
CREATE TABLE t1(a INT);
INSERT INTO t1 VALUES (0), (0);
PREPARE s FROM
'EXPLAIN EXTENDED
SELECT SUBSTRING(1, (SELECT 1 FROM t1 a1 RIGHT OUTER JOIN t1 ON 0)) AS d
FROM t1 WHERE 0 > ANY (SELECT @a FROM t1)';
--error ER_SUBQUERY_NO_1_ROW
EXECUTE s;
DEALLOCATE PREPARE s;
DROP TABLE t1;
--echo #
......@@ -773,7 +773,14 @@ drop table t1;
#
# Bug #50574 5.5.x allows spatial indexes on non-spatial
# columns, causing crashes!
# Bug#11767480 SPATIAL INDEXES ON NON-SPATIAL COLUMNS
# CAUSE CRASHES.
#
CREATE TABLE t0 (a BINARY(32) NOT NULL);
--error ER_SPATIAL_MUST_HAVE_GEOM_COL
CREATE SPATIAL INDEX i on t0 (a);
INSERT INTO t0 VALUES (1);
--error ER_SPATIAL_MUST_HAVE_GEOM_COL
CREATE TABLE t1(
col0 BINARY NOT NULL,
......@@ -811,6 +818,7 @@ CREATE TABLE t3 (
);
# cleanup
DROP TABLE t1;
DROP TABLE t2;
DROP TABLE t0, t1, t2;
--echo End of 5.5 tests
......@@ -2199,7 +2199,7 @@ ALTER DATABASE `test-database` CHARACTER SET utf8 COLLATE utf8_unicode_ci ;
DROP DATABASE `test-database`;
# Switching back to test database.
USE `test`;
USE test;
--echo #
--echo # End of 5.1 tests
......
......@@ -8713,6 +8713,30 @@ call p1(3, 2);
drop table t1;
drop procedure p1;
--echo #
--echo # BUG#11766234: 59299: ASSERT (TABLE_REF->TABLE || TABLE_REF->VIEW)
--echo # FAILS IN SET_FIELD_ITERATOR
--echo #
CREATE TABLE t1 (a INT);
CREATE TABLE t2 (a INT);
CREATE VIEW v1 AS SELECT a FROM t2;
CREATE PROCEDURE proc() SELECT * FROM t1 NATURAL JOIN v1;
ALTER TABLE t2 CHANGE COLUMN a b CHAR;
--echo
--error ER_VIEW_INVALID
CALL proc();
--error ER_VIEW_INVALID
CALL proc();
--echo
DROP TABLE t1,t2;
DROP VIEW v1;
DROP PROCEDURE proc;
--echo
--echo # --
--echo # -- Bug 11765684 - 58674: SP-cache does not detect changes in
......
......@@ -181,6 +181,7 @@ cp Docs/INSTALL-BINARY $DESTDIR/Docs/
cp Docs/manual.chm $DESTDIR/Docs/ || /bin/true
cp ChangeLog $DESTDIR/Docs/ || /bin/true
cp support-files/my-*.ini $DESTDIR/
cp README $DESTDIR/
if [ -f COPYING ] ; then
cp COPYING $DESTDIR/
......
......@@ -2524,6 +2524,19 @@ String *Item_char_typecast::val_str(String *str)
String *res;
uint32 length;
if (cast_length >= 0 &&
((unsigned) cast_length) > current_thd->variables.max_allowed_packet)
{
push_warning_printf(current_thd, MYSQL_ERROR::WARN_LEVEL_WARN,
ER_WARN_ALLOWED_PACKET_OVERFLOWED,
ER(ER_WARN_ALLOWED_PACKET_OVERFLOWED),
cast_cs == &my_charset_bin ?
"cast_as_binary" : func_name(),
current_thd->variables.max_allowed_packet);
null_value= 1;
return 0;
}
if (!charset_conversion)
{
if (!(res= args[0]->val_str(str)))
......
......@@ -8399,6 +8399,94 @@ static bool parse_com_change_user_packet(MPVIO_EXT *mpvio, uint packet_length)
DBUG_RETURN (0);
}
#ifndef EMBEDDED_LIBRARY
/**
Get a null character terminated string from a user-supplied buffer.
@param buffer[in, out] Pointer to the buffer to be scanned.
@param max_bytes_available[in, out] Limit the bytes to scan.
@param string_length[out] The number of characters scanned not including
the null character.
@remark The string_length does not include the terminating null character.
However, after the call, the buffer is increased by string_length+1
bytes, beyond the null character if there still available bytes to
scan.
@return pointer to beginning of the string scanned.
@retval NULL The buffer content is malformed
*/
static
char *get_null_terminated_string(char **buffer,
size_t *max_bytes_available,
size_t *string_length)
{
char *str= (char *)memchr(*buffer, '\0', *max_bytes_available);
if (str == NULL)
return NULL;
*string_length= (size_t)(str - *buffer);
*max_bytes_available-= *string_length + 1;
str= *buffer;
*buffer += *string_length + 1;
return str;
}
/**
Get a length encoded string from a user-supplied buffer.
@param buffer[in, out] The buffer to scan; updates position after scan.
@param max_bytes_available[in, out] Limit the number of bytes to scan
@param string_length[out] Number of characters scanned
@remark In case the length is zero, then the total size of the string is
considered to be 1 byte; the size byte.
@return pointer to first byte after the header in buffer.
@retval NULL The buffer content is malformed
*/
static
char *get_length_encoded_string(char **buffer,
size_t *max_bytes_available,
size_t *string_length)
{
if (*max_bytes_available == 0)
return NULL;
/* Do double cast to prevent overflow from signed / unsigned conversion */
size_t str_len= (size_t)(unsigned char)**buffer;
/*
If the length encoded string has the length 0
the total size of the string is only one byte long (the size byte)
*/
if (str_len == 0)
{
++*buffer;
*string_length= 0;
/*
Return a pointer to the 0 character so the return value will be
an empty string.
*/
return *buffer-1;
}
if (str_len >= *max_bytes_available)
return NULL;
char *str= *buffer+1;
*string_length= str_len;
*max_bytes_available-= *string_length + 1;
*buffer+= *string_length + 1;
return str;
}
#endif
/* the packet format is described in send_client_reply_packet() */
static ulong parse_client_handshake_packet(MPVIO_EXT *mpvio,
uchar **buff, ulong pkt_len)
......@@ -8463,50 +8551,76 @@ static ulong parse_client_handshake_packet(MPVIO_EXT *mpvio,
}
#endif
if (end >= (char*) net->read_pos + pkt_len + 2)
if (end > (char *)net->read_pos + pkt_len)
return packet_error;
if ((mpvio->client_capabilities & CLIENT_TRANSACTIONS) &&
opt_using_transactions)
net->return_status= mpvio->server_status;
char *user= end;
char *passwd= strend(user) + 1;
uint user_len= passwd - user - 1, db_len;
char *db= passwd;
char db_buff[NAME_LEN + 1]; // buffer to store db in utf8
char user_buff[USERNAME_LENGTH + 1]; // buffer to store user in utf8
uint dummy_errors;
/*
In order to safely scan a head for '\0' string terminators
we must keep track of how many bytes remain in the allocated
buffer or we might read past the end of the buffer.
*/
size_t bytes_remaining_in_packet= pkt_len - (end - (char *)net->read_pos);
size_t user_len;
char *user= get_null_terminated_string(&end, &bytes_remaining_in_packet,
&user_len);
if (user == NULL)
return packet_error;
/*
Old clients send null-terminated string as password; new clients send
Old clients send a null-terminated string as password; new clients send
the size (1 byte) + string (not null-terminated). Hence in case of empty
password both send '\0'.
This strlen() can't be easily deleted without changing protocol.
Cast *passwd to an unsigned char, so that it doesn't extend the sign for
*passwd > 127 and become 2**32-127+ after casting to uint.
*/
uint passwd_len= mpvio->client_capabilities & CLIENT_SECURE_CONNECTION ?
(uchar) (*passwd++) : strlen(passwd);
size_t passwd_len= 0;
char *passwd= NULL;
if (mpvio->client_capabilities & CLIENT_CONNECT_WITH_DB)
if (mpvio->client_capabilities & CLIENT_SECURE_CONNECTION)
{
db= db + passwd_len + 1;
/* strlen() can't be easily deleted without changing protocol */
db_len= strlen(db);
/*
4.1+ password. First byte is password length.
*/
passwd= get_length_encoded_string(&end, &bytes_remaining_in_packet,
&passwd_len);
}
else
{
db= 0;
db_len= 0;
/*
Old passwords are zero terminated strings.
*/
passwd= get_null_terminated_string(&end, &bytes_remaining_in_packet,
&passwd_len);
}
if (passwd + passwd_len + db_len > (char *) net->read_pos + pkt_len)
if (passwd == NULL)
return packet_error;
size_t db_len= 0;
char *db= NULL;
if (mpvio->client_capabilities & CLIENT_CONNECT_WITH_DB)
{
db= get_null_terminated_string(&end, &bytes_remaining_in_packet,
&db_len);
if (db == NULL)
return packet_error;
}
size_t client_plugin_len= 0;
char *client_plugin= get_null_terminated_string(&end,
&bytes_remaining_in_packet,
&client_plugin_len);
if (client_plugin == NULL)
client_plugin= &empty_c_string[0];
char db_buff[NAME_LEN + 1]; // buffer to store db in utf8
char user_buff[USERNAME_LENGTH + 1]; // buffer to store user in utf8
uint dummy_errors;
char *client_plugin= passwd + passwd_len + (db ? db_len + 1 : 0);
/* Since 4.1 all database names are stored in utf8 */
if (db)
......@@ -8552,18 +8666,18 @@ static ulong parse_client_handshake_packet(MPVIO_EXT *mpvio,
if (find_mpvio_user(mpvio))
return packet_error;
if (mpvio->client_capabilities & CLIENT_PLUGIN_AUTH)
{
if ((client_plugin + strlen(client_plugin)) >
(char *) net->read_pos + pkt_len)
return packet_error;
}
else
if (!(mpvio->client_capabilities & CLIENT_PLUGIN_AUTH))
{
/*
An old client is connecting
*/
if (mpvio->client_capabilities & CLIENT_SECURE_CONNECTION)
client_plugin= native_password_plugin_name.str;
else
{
/*
A really old client is connecting
*/
client_plugin= old_password_plugin_name.str;
/*
For a passwordless accounts we use native_password_plugin.
......
......@@ -7602,9 +7602,10 @@ static bool setup_natural_join_row_types(THD *thd,
List<TABLE_LIST> *from_clause,
Name_resolution_context *context)
{
DBUG_ENTER("setup_natural_join_row_types");
thd->where= "from clause";
if (from_clause->elements == 0)
return FALSE; /* We come here in the case of UNIONs. */
DBUG_RETURN(false); /* We come here in the case of UNIONs. */
List_iterator_fast<TABLE_LIST> table_ref_it(*from_clause);
TABLE_LIST *table_ref; /* Current table reference. */
......@@ -7612,10 +7613,6 @@ static bool setup_natural_join_row_types(THD *thd,
TABLE_LIST *left_neighbor;
/* Table reference to the right of the current. */
TABLE_LIST *right_neighbor= NULL;
bool save_first_natural_join_processing=
context->select_lex->first_natural_join_processing;
context->select_lex->first_natural_join_processing= FALSE;
/* Note that tables in the list are in reversed order */
for (left_neighbor= table_ref_it++; left_neighbor ; )
......@@ -7627,12 +7624,11 @@ static bool setup_natural_join_row_types(THD *thd,
1) for stored procedures,
2) for multitable update after lock failure and table reopening.
*/
if (save_first_natural_join_processing)
if (context->select_lex->first_natural_join_processing)
{
context->select_lex->first_natural_join_processing= FALSE;
if (store_top_level_join_columns(thd, table_ref,
left_neighbor, right_neighbor))
return TRUE;
DBUG_RETURN(true);
if (left_neighbor)
{
TABLE_LIST *first_leaf_on_the_right;
......@@ -7652,8 +7648,9 @@ static bool setup_natural_join_row_types(THD *thd,
DBUG_ASSERT(right_neighbor);
context->first_name_resolution_table=
right_neighbor->first_leaf_for_name_resolution();
context->select_lex->first_natural_join_processing= false;
return FALSE;
DBUG_RETURN (false);
}
......
......@@ -4434,7 +4434,11 @@ static bool execute_sqlcom_select(THD *thd, TABLE_LIST *all_tables)
return 1; /* purecov: inspected */
thd->send_explain_fields(result);
res= mysql_explain_union(thd, &thd->lex->unit, result);
if (lex->describe & DESCRIBE_EXTENDED)
/*
The code which prints the extended description is not robust
against malformed queries, so skip it if we have an error.
*/
if (!res && (lex->describe & DESCRIBE_EXTENDED))
{
char buff[1024];
String str(buff,(uint32) sizeof(buff), system_charset_info);
......
......@@ -1181,7 +1181,7 @@ int ha_archive::unpack_row(azio_stream *file_to_read, uchar *record)
ptr+= table->s->null_bytes;
for (Field **field=table->field ; *field ; field++)
{
if (!((*field)->is_null()))
if (!((*field)->is_null_in_record(record)))
{
ptr= (*field)->unpack(record + (*field)->offset(table->record[0]), ptr);
}
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment