- 05 May, 2010 1 commit
-
-
Georgi Kodinov authored
Bug#53417 my_getwd() makes assumptions on the buffer sizes which not always hold true The mysys library contains many functions for rewriting file paths. Most of these functions makes implicit assumptions on the buffer sizes they write to. If a path is put in my_realpath() it will propagate to my_getwd() which assumes that the buffer holding the path name is greater than 2. This is not true in cases. In the special case where a VARBIN_ITEM is passed as argument to the LOAD_FILE function this can lead to a crash. This patch fixes the issue by introduce more safe guards agaist buffer overruns.
-
- 04 May, 2010 5 commits
-
-
Alfranio Correia authored
-
Omer BarNir authored
-
Georgi Kodinov authored
This is the 5.1 merge and extension of the fix. The server was happily accepting paths in table name in all places a table name is accepted (e.g. a SELECT). This allowed all users that have some privilege over some database to read all tables in all databases in all mysql server instances that the server file system has access to. Fixed by : 1. making sure no path elements are allowed in quoted table name when constructing the path (note that the path symbols are still valid in table names when they're properly escaped by the server). 2. checking the #mysql50# prefixed names the same way they're checked for path elements in mysql-5.0.
-
Alfranio Correia authored
When issuing a 'SET GLOBAL SQL_SLAVE_SKIP_COUNTER' statement, the previous position along with the new position is dumped into the error log. Namely, the following information is printed out: skip_counter, group_relay_log_name and group_relay_log_pos.
-
Alfranio Correia authored
When issuing a 'CHANGE MASTER TO' statement, key elements of the previous state, namely the host, port, the master_log_file and the master_log_pos are dumped into the error log.
-
- 03 May, 2010 3 commits
-
-
Kristofer Pettersson authored
-
Kristofer Pettersson authored
Iterative patch improvement. Previously committed patch caused wrong result on Windows. The previous patch also broke secure_file_priv for symlinks since not all file paths which must be compared against this variable are normalized using the same norm. The server variable opt_secure_file_priv wasn't normalized properly and caused the operations LOAD DATA INFILE .. INTO TABLE .. and SELECT load_file(..) to do different interpretations of the --secure-file-priv option. The patch moves code to the server initialization routines so that the path always is normalized once and only once. It was also intended that setting the option to an empty string should be equal to lifting all previously set restrictions. This is also fixed by this patch. mysql-test/r/loaddata.result: * Removed test code which will currently break the much used --mem feature of mtr. mysql-test/t/loaddata.test: * Removed test code which will currently break the much used --mem feature of mtr. sql/item_strfunc.cc: * Replaced string comparing code on opt_secure_file_priv with an interface which guarantees that both file paths are normalized using the same norm on all platforms. sql/mysql_priv.h: * Added signature for is_secure_file_path() sql/mysqld.cc: * New function for checking if a path compatible with the secure path restriction. * Added initialization of the opt_secure_file_priv variable. sql/sql_class.cc: * Replaced string comparing code on opt_secure_file_priv with an interface which guarantees that both file paths are normalized using the same norm on all platforms. sql/sql_load.cc: * Replaced string comparing code on opt_secure_file_priv with an interface which guarantees that both file paths are normalized using the same norm on all platforms.
-
Georgi Kodinov authored
The server was not checking the supplied to COM_FIELD_LIST table name for validity and compliance to acceptable table names standards. Fixed by checking the table name for compliance similar to how it's normally checked by the parser and returning an error message if it's not compliant.
-
- 01 May, 2010 1 commit
-
-
Georgi Kodinov authored
-
- 30 Apr, 2010 3 commits
-
-
Alexey Kopytov authored
-
Alexey Kopytov authored
WHERE predicates containing references to empty tables in a subquery were handled incorrectly by the optimizer when executing EXPLAIN. As a result, the optimizer could try to evaluate such predicates rather than just stop with "Impossible WHERE noticed after reading const tables" as it would do in a non-subquery case. This led to valgrind errors and crashes. Fixed the code checking the above condition so that subqueries are not excluded and hence are handled in the same way as top level SELECTs. mysql-test/r/explain.result: Added a test case for bug #48419. mysql-test/r/ps.result: Updated test results to take the new (and more correct) "Extra" comments in execution plans. mysql-test/t/explain.test: Added a test case for bug #48419. sql/sql_select.cc: There is no point in excluding subqueries from checking for identically false WHERE conditions.
-
Vasil Dimov authored
mysql-tests because those emit (spurious?) valgrind warnings.
-
- 29 Apr, 2010 7 commits
-
-
Davi Arnaut authored
-
Marko Makela authored
This addresses Bug #53122 in the built-in InnoDB.
-
Marko Makela authored
recv_addr_t: Turn space,page_no into bitfields to save space on 64-bit. This addresses Bug #53122 in the InnoDB Plugin.
-
Marko Makela authored
READ COMMITTED in the built-in InnoDB. (Bug #48607)
-
Davi Arnaut authored
The server could be tricked to read packets indefinitely if it received a packet larger than the maximum size of one packet. This problem is aggravated by the fact that it can be triggered before authentication. The solution is to no skip big packets for non-authenticated sessions. If a big packet is sent before a session is authen- ticated, a error is returned and the connection is closed. include/mysql_com.h: Add skip flag. Only used in server builds. sql/net_serv.cc: Control whether big packets can be skipped.
-
Marko Makela authored
READ COMMITTED in the InnoDB Plugin. (Bug #48607)
-
Ramil Kalimullin authored
Problem: "COM_FIELD_LIST is an old command of the MySQL server, before there was real move to only SQL. Seems that the data sent to COM_FIELD_LIST( mysql_list_fields() function) is not checked for sanity. By sending long data for the table a buffer is overflown, which can be used deliberately to include code that harms". Fix: check incoming data length. sql/sql_parse.cc: Fix for bug #53237: mysql_list_fields/COM_FIELD_LIST stack smashing - check incoming mysql_list_fields() table name arg length.
-
- 28 Apr, 2010 5 commits
-
-
Vasil Dimov authored
on same table Followup to vasil.dimov@oracle.com-20100428102033-dt3caf531rs3lidr : Add more asserions, which I forgot.
-
Vasil Dimov authored
This is branches/zip@r6032 in SVN and _is part_ of revid:svn-v4:16c675df-0fcb-4bc9-8058-dcc011a37293:branches/zip:6113 in BZR. This is being reverted because now the code is serialized directly on index->stat_n_diff_key_vals[] as the fix for Bug#53046 dict_update_statistics_low can still be run concurrently on same table goes.
-
Vasil Dimov authored
Address Marko's suggestions wrt the fix of Bug#53046 dict_update_statistics_low can still be run concurrently on same table
-
Vasil Dimov authored
on same table Protect dict_index_t::stat_n_diff_key_vals[] with an array of mutexes. Testing: tested all code paths under UNIV_SYNC_DEBUG for the one in dict_print() one has to enable the InnoDB table monitor: CREATE TABLE innodb_table_monitor (a int) ENGINE=INNODB;
-
Marko Makela authored
------------------------------------------------------------------------ r6103 | marko | 2009-10-26 15:46:18 +0200 (Mon, 26 Oct 2009) | 4 lines Changed paths: M /branches/zip/row/row0ins.c branches/zip: row_ins_alloc_sys_fields(): Zero out the system columns DB_TRX_ID, DB_ROLL_PTR and DB_ROW_ID, in order to avoid harmless Valgrind warnings about uninitialized data. (The warnings were harmless, because the fields would be initialized at a later stage.) ------------------------------------------------------------------------
-
- 27 Apr, 2010 6 commits
-
-
Vasil Dimov authored
any files.
-
Vasil Dimov authored
this results in some valgrind errors. Bug#53202 valgrind: uninitialized bytes in dtuple_print() has been opened to track this.
-
Marko Mäkelä authored
-
Marko Mäkelä authored
-
Vasil Dimov authored
-
Vasil Dimov authored
Extract part of innodb.innodb into innodb.innodb_misc1 This is needed in order to be able to more easily debug this test, under valgrind, it is too huge.
-
- 26 Apr, 2010 8 commits
-
-
Alexey Kopytov authored
The problem was in an incorrect debug assertion. The expression used in the failing assertion states that when finding references matching ORDER BY expressions, there can be only one reference to a single table. But that does not make any sense, all test cases for this bug are valid examples with multiple identical WHERE expressions referencing the same table which are also present in the ORDER BY list. Fixed by removing the failing assertion. We also have to take care of the 'found' counter so that we count multiple references only once. We rely on this fact later in eq_ref_table(). mysql-test/r/join.result: Added a test case for bug #50335. mysql-test/t/join.test: Added a test case for bug #50335. sql/sql_select.cc: Removing the assertion in eq_ref_table() as it does not make any sense. We also have to take care of the 'found' counter so that we count multiple references only once. We rely on this fact later in eq_ref_table().
-
Marko Mäkelä authored
a transaction that holds a lock on a clustered index record also holds a lock on the secondary index record.
-
Marko Mäkelä authored
-
Marko Mäkelä authored
-
Marko Mäkelä authored
-
Marko Mäkelä authored
They are only useful in table scans. (Bug #52663)
-
Vasil Dimov authored
in MySQL 5.1.46.
-
Marko Mäkelä authored
about possibly uninitialized variable insert_left.
-
- 22 Apr, 2010 1 commit
-
-
Calvin Sun authored
kill of active connection yields different error code depending on platform.
-