1. 27 May, 2009 1 commit
    • Alexey Kopytov's avatar
      Bug #44767: invalid memory reads in password() and · 1b8322c3
      Alexey Kopytov authored
                  old_password() functions   
      The PASSWORD() and OLD_PASSWORD() functions could lead to   
      memory reads outside of an internal buffer when used with BLOB   
      arguments.   
        
      String::c_ptr() assumes there is at least one extra byte  
      in the internally allocated buffer when adding the trailing  
      '\0'.  This, however, may not be the case when a String object  
      was initialized with externally allocated buffer.  
        
      The bug was fixed by adding an additional "length" argument to  
      make_scrambled_password_323() and make_scrambled_password() in  
      order to avoid String::c_ptr() calls for  
      PASSWORD()/OLD_PASSWORD().  
        
      However, since the make_scrambled_password[_323] functions are  
      a part of the client library ABI, the functions with the new  
      interfaces were implemented with the 'my_' prefix in their  
      names, with the old functions changed to be wrappers around  
      the new ones to maintain interface compatibility.  
      
      mysql-test/r/func_crypt.result:
        Added a test case for bug #44767.
      mysql-test/t/func_crypt.test:
        Added a test case for bug #44767.
      sql/item_strfunc.cc:
        Use the new my_make_scrambled_password*() to avoid 
        String::c_ptr().
      sql/item_strfunc.h:
        Changed Item_func[_old]_password::alloc() interfaces so that
        we can use the new my_make_scrambled_password*() functions.
      sql/mysql_priv.h:
        Added declarations for the new my_make_scrambled_password*() 
        functions.
      sql/password.c:
        Added new my_make_scrambled_password*() functions with an
        additional "length" argument. Changed ones to be wrappers
        around the new ones to maintain interface compatibility.
      sql/sql_yacc.yy:
        Utilize the new password hashing functions with additional length
        argument.
      1b8322c3
  2. 15 May, 2009 10 commits
    • Matthias Leich's avatar
      Merge of fix into GCA tree, no conflicts · 1d03fb71
      Matthias Leich authored
      1d03fb71
    • Georgi Kodinov's avatar
      backported a change from 5.1 · df41cc20
      Georgi Kodinov authored
      df41cc20
    • Georgi Kodinov's avatar
      merged · ebdb0b91
      Georgi Kodinov authored
      ebdb0b91
    • Georgi Kodinov's avatar
      fixed a win32 compile error · 793bf595
      Georgi Kodinov authored
      793bf595
    • Philip Stoev's avatar
      Bug #32651 grant_cache.test fails · 8e72b449
      Philip Stoev authored
        It turns out that this test case no longer fails with the discrepancy
        in numbers that was the original cause for disabling this test (and showed
        potential genuine issues with the query cache). Therefore
        this test is being enabled after some minor adjustment of error codes and
        messages.
      8e72b449
    • Matthias Leich's avatar
      Fix for Bug#44826 main.information_schema_db could harm succeeding tests · f4eb0953
      Matthias Leich authored
      Details:
      1. Add missing "disconnect <session>"
      2. Take care that the disconnects are finished when the test terminates
      3. Replace error names by error numbers
      4. Minor beautifying of script code
      f4eb0953
    • Georgi Kodinov's avatar
      merged 5.0-main -> 5.0-bugteam · 812d2559
      Georgi Kodinov authored
      812d2559
    • Alexey Kopytov's avatar
      Automerge. · d68ea7d5
      Alexey Kopytov authored
      d68ea7d5
    • Alexey Kopytov's avatar
      Bug #44792: valgrind warning when casting from time to time · 22e840d7
      Alexey Kopytov authored
       
      Field_time::get_time() did not initialize some members of 
      MYSQL_TIME which led to valgrind warnings when those members 
      were accessed in Protocol_simple::store_time(). 
       
      It is unlikely that this bug could result in wrong data 
      being returned, since Field_time::get_time() initializes the 
      'day' member of MYSQL_TIME to 0, so the value of 'day' 
      in Protocol_simple::store_time() would be 0 regardless 
      of the values for 'year' and 'month'.
      
      mysql-test/r/type_time.result:
        Added a test case for bug #44792.
      mysql-test/t/type_time.test:
        Added a test case for bug #44792.
      sql/field.cc:
        Field_time::get_time() did not initialize some members of 
        MYSQL_TIME which led to valgrind warnings when those members 
        were accessed in Protocol_simple::store_time().
      22e840d7
    • Sergey Glukhov's avatar
      Bug#43612 crash with explain extended, union, order by · fc57b4cf
      Sergey Glukhov authored
      In UNION if we use last SELECT without braces and this
      SELECT have ORDER BY clause, such clause belongs to
      global UNION. It is parsed like last SELECT
      part and used further as 'unit->global_parameters->order_list' value.
      During DESCRIBE EXTENDED we call select_lex->print_order() for
      last SELECT where order fields refer to tmp table 
      which already freed. It leads to crash.
      The fix is clean up global_parameters->order_list
      instead of fake_select_lex->order_list.
      
      
      mysql-test/r/union.result:
        test result
      mysql-test/t/union.test:
        test case
      sql/sql_union.cc:
        In UNION if we use last SELECT without braces and this
        SELECT have ORDER BY clause, such clause belongs to
        global UNION. It is parsed like last SELECT
        part and used further as 'unit->global_parameters->order_list' value.
        During DESCRIBE EXTENDED we call select_lex->print_order() for
        last SELECT where order fields refer to tmp table 
        which already freed. It leads to crash.
        The fix is clean up global_parameters->order_list
        instead of fake_select_lex->order_list.
      fc57b4cf
  3. 14 May, 2009 2 commits
    • Philip Stoev's avatar
      Bugs #44871 and #43894: · ccc0ffb4
      Philip Stoev authored
        UNIX sockets need to be on a path shorter than 70 characters on some older platofrms.
        MTRv1 tries to fix this by moving the socket to the $TMPDIR, however this causes
        issues with certain tests on Windows.
      
        Fixed by not applying any hacks on Windows - Windows does not need them.
      ccc0ffb4
    • Philip Stoev's avatar
      Bugs #44871 and #43894: · e67233ff
      Philip Stoev authored
      UNIX sockets need to be on a path shorter than 70 characters on some older platofrms.
      MTRv1 tries to fix this by moving the socket to the $TMPDIR, however this causes
      issues with certain tests on Windows.
      
      Fixed by not applying any hacks on Windows - Windows does not need them.
      e67233ff
  4. 13 May, 2009 1 commit
  5. 12 May, 2009 3 commits
    • Jim Winstead's avatar
      Merge from 5.0-bugteam · c65ebb5d
      Jim Winstead authored
      c65ebb5d
    • Chad MILLER's avatar
      Remove community-server only feature and place in its own test · dbf8997b
      Chad MILLER authored
      with appropriate condition.
      dbf8997b
    • Ramil Kalimullin's avatar
      Fix for bug#44774: load_file function produces valgrind warnings · 8b9084ef
      Ramil Kalimullin authored
      Problem: using LOAD_FILE() in some cases we pass a file name string
      without a trailing '\0' to fn_format() which relies on that however.
      That may lead to valgrind warnings.
      
      Fix: add a trailing '\0' to the file name passed to fn_format().
      
      
      mysql-test/r/func_str.result:
        Fix for bug#44774: load_file function produces valgrind warnings
          - test result.
      mysql-test/t/func_str.test:
        Fix for bug#44774: load_file function produces valgrind warnings
          - test case.
      sql/item_strfunc.cc:
        Fix for bug#44774: load_file function produces valgrind warnings
          - passing a file name to fn_format(), file_name->c_ptr() replaced
            with file_name->c_ptr_safe() to ensure we have a trailing '\0'.
      8b9084ef
  6. 11 May, 2009 2 commits
  7. 10 May, 2009 1 commit
    • Ramil Kalimullin's avatar
      Fix for bug#42009: SELECT into variable gives different results to direct SELECT · d615a11b
      Ramil Kalimullin authored
      Problem: storing "SELECT ... INTO @var ..." results in variables we used val_xxx()
      methods which returned results of the current row. 
      So, in some cases (e.g. SELECT DISTINCT, GROUP BY or HAVING) we got data
      from the first row of a new group (where we evaluate a clause) instead of
      data from the last row of the previous group.
      
      Fix: use val_xxx_result() counterparts to get proper results.
      
      
      mysql-test/r/distinct.result:
        Fix for bug#42009: SELECT into variable gives different results to direct SELECT
          - results adjusted.
      mysql-test/r/user_var.result:
        Fix for bug#42009: SELECT into variable gives different results to direct SELECT
          - test result.
      mysql-test/t/user_var.test:
        Fix for bug#42009: SELECT into variable gives different results to direct SELECT
          - test case.
      sql/item_func.cc:
        Fix for bug#42009: SELECT into variable gives different results to direct SELECT
          - Item_func_set_user_var::save_item_result() added to evaluate and store 
            an item's result into a user variable.
      sql/item_func.h:
        Fix for bug#42009: SELECT into variable gives different results to direct SELECT
          - Item_func_set_user_var::save_item_result() added to evaluate and store 
            an item's result into a user variable.
      sql/sql_class.cc:
        Fix for bug#42009: SELECT into variable gives different results to direct SELECT
          - use Item_func_set_user_var::save_item_result() to store results into user 
            variables.
      d615a11b
  8. 08 May, 2009 4 commits
  9. 07 May, 2009 6 commits
  10. 06 May, 2009 3 commits
    • Chad MILLER's avatar
      767501a9
    • Anurag Shekhar's avatar
      merging with local fix. · 69fcfa67
      Anurag Shekhar authored
      69fcfa67
    • Anurag Shekhar's avatar
      Bug #39918 memory (heap) engine crashing with b-tree index and DELETE · 609a794b
      Anurag Shekhar authored
               with seg fault
      
      Multiple-table DELETE from a table joined to itself may cause
      server crash. This was originally discovered with MEMORY engine,
      but may affect other engines with different symptoms.
      
      The problem was that the server violated SE API by performing
      parallel table scan in one handler and removing records in
      another (delete on the fly optimization).
      
      
      mysql-test/r/heap_btree.result:
        Updated test result after adding new test for this bug.
      mysql-test/t/heap_btree.test:
        Updated test result after adding new test for the bug report.
      sql/sql_delete.cc:
        Updated to check if the files in delete list appears in join list and disable 
        delete while scanning, if it appears.
      609a794b
  11. 05 May, 2009 3 commits
  12. 01 May, 2009 3 commits
  13. 30 Apr, 2009 1 commit
    • Gleb Shchepa's avatar
      Bug #37362: Crash in do_field_eq · f0791b8b
      Gleb Shchepa authored
      EXPLAIN EXTENDED of nested query containing a error:
      
         1054 Unknown column '...' in 'field list'
      
      may cause a server crash.
      
      
      Parse error like described above forces a call to
      JOIN::destroy() on malformed subquery.
      That JOIN::destroy function closes and frees temporary
      tables. However, temporary fields of these tables
      may be listed in st_select_lex::group_list of outer
      query, and that st_select_lex may not cleanup them
      properly. So, after the JOIN::destroy call that
      st_select_lex::group_list may have Item_field
      objects with dangling pointers to freed temporary
      table Field objects. That caused a crash.
      
      
      mysql-test/r/subselect3.result:
        Added test case for bug #37362.
      mysql-test/t/subselect3.test:
        Added test case for bug #37362.
      sql/sql_select.cc:
        Bug #37362: Crash in do_field_eq
        
        The JOIN::destroy function has been modified to
        cleanup temporary table column items.
      f0791b8b