An error occurred fetching the project authors.
  1. 16 Dec, 2008 1 commit
  2. 15 Oct, 2008 1 commit
    • Davi Arnaut's avatar
      Bug#37075: offset of limit clause might be truncated on 32-bits server w/o big tables · 4ab10baa
      Davi Arnaut authored
      The problem is that the offset argument of the limit clause
      might be truncated on a 32-bits server built without big
      tables support. The truncation was happening because the
      original 64-bits long argument was being cast to a 32-bits
      (ha_rows) offset counter.
      
      The solution is to check if the conversing resulted in value
      truncation and if so, the offset is set to the maximum possible
      value that can fit on the type.
      4ab10baa
  3. 07 Oct, 2008 1 commit
    • Gleb Shchepa's avatar
      Bug #38691: segfault/abort in ``UPDATE ...JOIN'' while · e219979e
      Gleb Shchepa authored
                ``FLUSH TABLES WITH READ LOCK''
      
      Concurrent execution of 1) multitable update with a
      NATURAL/USING join and 2) a such query as "FLUSH TABLES
      WITH READ LOCK" or "ALTER TABLE" of updating table led
      to a server crash.
      
      
      The mysql_multi_update_prepare() function call is optimized
      to lock updating tables only, so it postpones locking to
      the last, and if locking fails, it does cleanup of modified
      syntax structures and repeats a query analysis.  However,
      that cleanup procedure was incomplete for NATURAL/USING join
      syntax data: 1) some Field_item items pointed into freed
      table structures, and 2) the TABLE_LIST::join_columns fields
      was not reset.
      
      Major change:
        short-living Field *Natural_join_column::table_field has
        been replaced with long-living Item*.
      e219979e
  4. 18 Sep, 2008 1 commit
    • Gleb Shchepa's avatar
      Bug#26020: User-Defined Variables are not consistent with · db1d38c9
      Gleb Shchepa authored
                 columns data types
      
      The "SELECT @lastId, @lastId := Id FROM t" query returns
      different result sets depending on the type of the Id column
      (INT or BIGINT).
      
      Note: this fix doesn't cover the case when a select query
      references an user variable and stored function that
      updates a value of that variable, in this case a result
      is indeterminate.
      
      
      The server uses incorrect assumption about a constantness of
      an user variable value as a select list item: 
      
      The server caches a last query number where that variable
      was changed and compares this number with a current query
      number. If these numbers are different, the server guesses,
      that the variable is not updating in the current query, so
      a respective select list item is a constant. However, in some
      common cases the server updates cached query number too late.
      
      
      The server has been modified to memorize user variable
      assignments during the parse phase to take them into account
      on the next (query preparation) phase independently of the
      order of user variable references/assignments in a select
      item list.
      db1d38c9
  5. 14 Jul, 2008 1 commit
    • Marc Alff's avatar
      Bug#35577 (CREATE PROCEDURE causes either crash or syntax error depending on · 0816ee6d
      Marc Alff authored
      build)
      
      The crash was caused by freeing the internal parser stack during the parser
      execution.
      This occured only for complex stored procedures, after reallocating the parser
      stack using my_yyoverflow(), with the following C call stack:
      - MYSQLparse()
      - any rule calling sp_head::restore_lex()
      - lex_end()
      - x_free(lex->yacc_yyss), xfree(lex->yacc_yyvs)
      
      The root cause is the implementation of stored procedures, which breaks the
      assumption from 4.1 that there is only one LEX structure per parser call.
      
      The solution is to separate the LEX structure into:
      - attributes that represent a statement (the current LEX structure),
      - attributes that relate to the syntax parser itself (Yacc_state),
      so that parsing multiple statements in stored programs can create multiple
      LEX structures while not changing the unique Yacc_state.
      
      Now, Yacc_state and the existing Lex_input_stream are aggregated into
      Parser_state, a structure that represent the complete state of the (Lexical +
      Syntax) parser.
      0816ee6d
  6. 07 Jul, 2008 1 commit
    • Marc Alff's avatar
      Bug#26030 (Parsing fails for stored routine w/multi-statement execution · f3ff1aeb
      Marc Alff authored
      enabled)
      
      Before this fix, the lexer and parser would treat the ';' character as a
      different token (either ';' or END_OF_INPUT), based on convoluted logic,
      which failed in simple cases where a stored procedure is implemented as a
      single statement, and used in a multi query.
      
      With this fix:
      - the character ';' is always parsed as a ';' token in the lexer,
      - parsing multi queries is implemented in the parser, in the 'query:' rules,
      - the value of thd->client_capabilities, which is the capabilities
        negotiated between the client and the server during bootstrap,
        is immutable and not arbitrarily modified during parsing (which was the
        root cause of the bug)
      f3ff1aeb
  7. 27 Mar, 2008 1 commit
    • evgen@moonbone.local's avatar
      Bug#27219: Aggregate functions in ORDER BY. · 21c6145a
      evgen@moonbone.local authored
      Mixing aggregate functions and non-grouping columns is not allowed in the
      ONLY_FULL_GROUP_BY mode. However in some cases the error wasn't thrown because
      of insufficient check.
      
      In order to check more thoroughly the new algorithm employs a list of outer
      fields used in a sum function and a SELECT_LEX::full_group_by_flag.
      Each non-outer field checked to find out whether it's aggregated or not and
      the current select is marked accordingly.
      All outer fields that are used under an aggregate function are added to the
      Item_sum::outer_fields list and later checked by the Item_sum::check_sum_func
      function.
      21c6145a
  8. 22 Feb, 2008 1 commit
    • anozdrin/alik@quad.'s avatar
      Fix for Bug#30217: Views: changes in metadata behaviour · 340906f4
      anozdrin/alik@quad. authored
      between 5.0 and 5.1.
        
      The problem was that in the patch for Bug#11986 it was decided
      to store original query in UTF8 encoding for the INFORMATION_SCHEMA.
      This approach however turned out to be quite difficult to implement
      properly. The main problem is to preserve the same IS-output after
      dump/restore.
        
      So, the fix is to rollback to the previous functionality, but also
      to fix it to support multi-character-set-queries properly. The idea
      is to generate INFORMATION_SCHEMA-query from the item-tree after
      parsing view declaration. The IS-query should:
        - be completely in UTF8;
        - not contain character set introducers.
        
      For more information, see WL4052.
      340906f4
  9. 05 Nov, 2007 1 commit
    • istruewing@stella.local's avatar
      Bug#31210 - INSERT DELAYED crashes server when used on · 3eaf82a1
      istruewing@stella.local authored
                  partitioned table
      
      Trying INSERT DELAYED on a partitioned table, that has not been
      used right before, crashes the server. When a table is used for
      select or update, it is kept open for some time. This period I
      mean with "right before".
      
      Information about partitioning of a table is stored in form of
      a string in the .frm file. Parsing of this string requires a
      correctly set up lexical analyzer (lex). The partitioning code
      uses a new temporary instance of a lex. But it does still refer
      to the previously active lex. The delayd insert thread does not
      initialize its lex though...
      
      Added initialization for thd->lex before open table in the delayed
      thread and at all other places where it is necessary to call
      lex_start() if all tables would be partitioned and need to parse
      the .frm file.
      3eaf82a1
  10. 09 Oct, 2007 1 commit
  11. 19 Sep, 2007 1 commit
    • gkodinov/kgeorge@magare.gmz's avatar
      Bug #30639: limit offset,rowcount wraps when rowcount >= 2^32 in windows · c2abf960
      gkodinov/kgeorge@magare.gmz authored
       The parser uses ulonglong to store the LIMIT number. This number
       then is stored into a variable of type ha_rows. ha_rows is either
       4 or 8 byte depending on the BIG_TABLES define from config.h
       So an overflow may occur (and LIMIT becomes zero) while storing an
       ulonglong value in ha_rows.
       Fixed by :
        1. Using the maximum possible value for ha_rows on overflow
        2. Defining BIG_TABLES for the windows builds (to match the others) 
      c2abf960
  12. 30 Aug, 2007 1 commit
    • malff/marcsql@weblab.(none)'s avatar
      Bug#28779 (mysql_query() allows execution of statements with unbalanced · 4792ed42
      malff/marcsql@weblab.(none) authored
      comments)
      
      This change set is for 5.1 (manually merged)
      
      Before this fix, the server would accept queries that contained comments,
      even when the comments were not properly closed with a '*' '/' marker.
      
      For example,
        select 1 /* + 2 <EOF>
      would be accepted as
        select 1 /* + 2 */ <EOF>
      and executed as
        select 1
      
      With this fix, the server now rejects queries with unclosed comments
      as syntax errors.
      Both regular comments ('/' '*') and special comments ('/' '*' '!') must be
      closed with '*' '/' to be parsed correctly.
      4792ed42
  13. 29 Aug, 2007 1 commit
    • malff/marcsql@weblab.(none)'s avatar
      Bug#28779 (mysql_query() allows execution of statements with unbalanced · 6f72d990
      malff/marcsql@weblab.(none) authored
      comments)
      
      Before this fix, the server would accept queries that contained comments,
      even when the comments were not properly closed with a '*' '/' marker.
      
      For example,
        select 1 /* + 2 <EOF>
      would be accepted as
        select 1 /* + 2 */ <EOF>
      and executed as
        select 1
      
      With this fix, the server now rejects queries with unclosed comments
      as syntax errors.
      Both regular comments ('/' '*') and special comments ('/' '*' '!') must be
      closed with '*' '/' to be parsed correctly.
      6f72d990
  14. 23 Aug, 2007 1 commit
    • gshchepa/uchum@gleb.loc's avatar
      Fixed bug #30396. · 4a7fdf86
      gshchepa/uchum@gleb.loc authored
      Recommit to 5.1.22.
      The bug caused memory corruption for some queries with top OR level
      in the WHERE condition if they contained equality predicates and 
      other sargable predicates in disjunctive parts of the condition.
      
      The corruption happened because the upper bound of the memory
      allocated for KEY_FIELD and SARGABLE_PARAM internal structures
      containing info about potential lookup keys was calculated incorrectly
      in some cases. In particular it was calculated incorrectly when the
      WHERE condition was an OR formula with disjuncts being AND formulas
      including equalities and other sargable predicates.
      4a7fdf86
  15. 22 Aug, 2007 1 commit
    • malff/marcsql@weblab.(none)'s avatar
      Bug#30333 (Performance, expressions lists in the parser) · 81114a72
      malff/marcsql@weblab.(none) authored
      Before this patch, the parser would execute:
      - Select->expr_list.push_front()
      - Select->expr_list.pop()
      when parsing expressions lists, in the following rules:
      - udf_expr_list
      - expr_list
      - ident_list
      
      This is unnecessary, and introduces overhead due to the memory allocations
      performed with Select->expr_list
      
      With this patch, this code has been removed.
      The list being parsed is maintained in the parser stack instead.
      
      Also, 'udf_expr_list' has been renamed 'opt_udf_expr_list', since this
      production can be empty.
      81114a72
  16. 16 Aug, 2007 1 commit
  17. 15 Aug, 2007 2 commits
    • igor@olga.mysql.com's avatar
      Fixed bug #30396. · d790ec42
      igor@olga.mysql.com authored
      The bug caused memory corruption for some queries with top OR level
      in the WHERE condition if they contained equality predicates and 
      other sargable predicates in disjunctive parts of the condition.
      
      The corruption happened because the upper bound of the memory
      allocated for KEY_FIELD and SARGABLE_PARAM internal structures
      containing info about potential lookup keys was calculated incorrectly
      in some cases. In particular it was calculated incorrectly when the
      WHERE condition was an OR formula with disjuncts being AND formulas
      including equalities and other sargable predicates.
      d790ec42
    • kostja@bodhi.(none)'s avatar
      Fix doxygen warnings. · 91fe15bb
      kostja@bodhi.(none) authored
      91fe15bb
  18. 13 Aug, 2007 1 commit
    • monty@mysql.com/nosik.monty.fi's avatar
      Fixed a lot of compiler warnings and errors detected by Forte C++ on Solaris · e53a73e2
      monty@mysql.com/nosik.monty.fi authored
      Faster thr_alarm()
      Added 'Opened_files' status variable to track calls to my_open()
      Don't give warnings when running mysql_install_db
      Added option --source-install to mysql_install_db
      
      I had to do the following renames() as used polymorphism didn't work with Forte compiler on 64 bit systems
      index_read()      -> index_read_map()
      index_read_idx()  -> index_read_idx_map()
      index_read_last() -> index_read_last_map()
      e53a73e2
  19. 03 Aug, 2007 1 commit
    • bar@mysql.com/bar.myoffice.izhnet.ru's avatar
      Bug#28875 Conversion between ASCII and LATIN1 charsets does not function · 4eebfd09
      bar@mysql.com/bar.myoffice.izhnet.ru authored
      (Regression, caused by a patch for the bug 22646).
      Problem: when result type of date_format() was changed from
      binary string to character string, mixing date_format()
      with a ascii column in CONCAT() stopped to work.
      Fix:
      - adding "repertoire" flag into DTCollation class,
      to mark items which can return only pure ASCII strings.
      - allow character set conversion from pure ASCII to other character sets.
      4eebfd09
  20. 29 Jul, 2007 2 commits
  21. 27 Jul, 2007 1 commit
    • thek@adventure.(none)'s avatar
      Bug #29929 LOCK TABLES does not pre-lock tables used in triggers of the locked tables · 889b4ebc
      thek@adventure.(none) authored
      When a table was explicitly locked with LOCK TABLES no associated
      tables from any related trigger on the subject table were locked.
      As a result of this the user could experience unexpected locking
      behavior and statement failures similar to "failed: 1100: Table'xx'
      was not locked with LOCK TABLES".
      
      This patch fixes this problem by making sure triggers are
      pre-loaded on any statement if the subject table was explicitly
      locked with LOCK TABLES.
      889b4ebc
  22. 23 Jul, 2007 1 commit
  23. 20 Jul, 2007 1 commit
  24. 16 Jul, 2007 1 commit
  25. 12 Jul, 2007 1 commit
    • kostja@bodhi.(none)'s avatar
      A fix and a test case for Bug#26141 mixing table types in trigger · 5ab4b6f1
      kostja@bodhi.(none) authored
      causes full table lock on innodb table.
      Also fixes Bug#28502 Triggers that update another innodb table 
      will block on X lock unnecessarily (duplciate).
      Code review fixes.
      
      Both bugs' synopses are misleading: InnoDB table is
      not X locked. The statements, however, cannot proceed concurrently, 
      but this happens due to lock conflicts for tables used in triggers,
      not for the InnoDB table. 
      
      If a user had an InnoDB table, and two triggers, AFTER UPDATE and 
      AFTER INSERT, competing for different resources (e.g. two distinct
      MyISAM tables), then these two triggers would not be able to execute
      concurrently. Moreover, INSERTS/UPDATES of the InnoDB table would
      not be able to run concurrently. 
      The problem had other side-effects (see respective bug reports).
      
      This behavior was a consequence of a shortcoming of the pre-locking
      algorithm, which would not distinguish between different DML operations
      (e.g. INSERT and DELETE) and pre-lock all the tables
      that are used by any trigger defined on the subject table.
      
      The idea of the fix is to extend the pre-locking algorithm to keep track,
      for each table, what DML operation it is used for and not
      load triggers that are known to never be fired.
      5ab4b6f1
  26. 06 Jul, 2007 1 commit
    • kostja@bodhi.(none)'s avatar
      Remove typedef st_table_list TABLE_LIST and always use name 'TABLE_LIST'. · a33bc2c2
      kostja@bodhi.(none) authored
      The need arose when working on Bug 26141, where it became
      necessary to replace TABLE_LIST with its forward declaration in a few
      headers, and this involved a lot of s/TABLE_LIST/st_table_list/.
      Although other workarounds exist, this patch is in line
      with our general strategy of moving away from typedef-ed names.
      Sometime in future we might also rename TABLE_LIST to follow the
      coding style, but this is a huge change.
      a33bc2c2
  27. 05 Jul, 2007 1 commit
    • kostja@bodhi.(none)'s avatar
      A fix and a test case for Bug#29050 Creation of a legal stored procedure · a7b05cb7
      kostja@bodhi.(none) authored
      fails if a database is not selected prior.
      
      The problem manifested itself when a user tried to
      create a routine that had non-fully-qualified identifiers in its bodies
      and there was no current database selected.
      
      This is a regression introduced by the fix for Bug 19022:
      
      The patch for Bug 19022 changes the code to always produce a warning
      if we can't resolve the current database in the parser. 
      In this case this was not necessary, since even though the produced
      parsed tree was incorrect, we never re-use sphead
      that was obtained at first parsing of CREATE PROCEDURE.
      The sphead that is anyhow used is always obtained through db_load_routine,
      and there we change the current database to sphead->m_db before
      calling yyparse.
      
      The idea of the fix is to resolve the current database directly using 
      lex->sphead->m_db member when parsing a stored routine body, when
      such is present.
      
      This patch removes the need to reset the current database
      when loading a trigger or routine definition into SP cache.
      The redundant code will be removed in 5.1.
      a7b05cb7
  28. 29 Jun, 2007 2 commits
    • anozdrin/alik@ibm.'s avatar
      Fix typo. · e79410da
      anozdrin/alik@ibm. authored
      e79410da
    • anozdrin/alik@ibm.'s avatar
      Folow up on the CS patch: · bceff6f1
      anozdrin/alik@ibm. authored
      1. Fix ddl_i18n_koi8r, ddl_i18n_utf8: explicitly specify character-sets
      directory for mysqldump;
      2. Fix crash in mysqldump if collation is not found;
      3. Use proper way to compare character set names.
      bceff6f1
  29. 28 Jun, 2007 1 commit
    • anozdrin/alik@ibm.'s avatar
      Patch for the following bugs: · 9fae9ef6
      anozdrin/alik@ibm. authored
        - BUG#11986: Stored routines and triggers can fail if the code
          has a non-ascii symbol
        - BUG#16291: mysqldump corrupts string-constants with non-ascii-chars
        - BUG#19443: INFORMATION_SCHEMA does not support charsets properly
        - BUG#21249: Character set of SP-var can be ignored
        - BUG#25212: Character set of string constant is ignored (stored routines)
        - BUG#25221: Character set of string constant is ignored (triggers)
      
      There were a few general problems that caused these bugs:
      1. Character set information of the original (definition) query for views,
         triggers, stored routines and events was lost.
      2. mysqldump output query in client character set, which can be
         inappropriate to encode definition-query.
      3. INFORMATION_SCHEMA used strings with mixed encodings to display object
         definition;
      
      1. No query-definition-character set.
      
      In order to compile query into execution code, some extra data (such as
      environment variables or the database character set) is used. The problem
      here was that this context was not preserved. So, on the next load it can
      differ from the original one, thus the result will be different.
      
      The context contains the following data:
        - client character set;
        - connection collation (character set and collation);
        - collation of the owner database;
      
      The fix is to store this context and use it each time we parse (compile)
      and execute the object (stored routine, trigger, ...).
      
      2. Wrong mysqldump-output.
      
      The original query can contain several encodings (by means of character set
      introducers). The problem here was that we tried to convert original query
      to the mysqldump-client character set.
      
      Moreover, we stored queries in different character sets for different
      objects (views, for one, used UTF8, triggers used original character set).
      
      The solution is
        - to store definition queries in the original character set;
        - to change SHOW CREATE statement to output definition query in the
          binary character set (i.e. without any conversion);
        - introduce SHOW CREATE TRIGGER statement;
        - to dump special statements to switch the context to the original one
          before dumping and restore it afterwards.
      
      Note, in order to preserve the database collation at the creation time,
      additional ALTER DATABASE might be used (to temporary switch the database
      collation back to the original value). In this case, ALTER DATABASE
      privilege will be required. This is a backward-incompatible change.
      
      3. INFORMATION_SCHEMA showed non-UTF8 strings
      
      The fix is to generate UTF8-query during the parsing, store it in the object
      and show it in the INFORMATION_SCHEMA.
      
      Basically, the idea is to create a copy of the original query convert it to
      UTF8. Character set introducers are removed and all text literals are
      converted to UTF8.
      
      This UTF8 query is intended to provide user-readable output. It must not be
      used to recreate the object.  Specialized SHOW CREATE statements should be
      used for this.
      
      The reason for this limitation is the following: the original query can
      contain symbols from several character sets (by means of character set
      introducers).
      
      Example:
      
        - original query:
          CREATE VIEW v1 AS SELECT _cp1251 'Hello' AS c1;
      
        - UTF8 query (for INFORMATION_SCHEMA):
          CREATE VIEW v1 AS SELECT 'Hello' AS c1;
      9fae9ef6
  30. 12 Jun, 2007 1 commit
    • malff/marcsql@weblab.(none)'s avatar
      Bug#25411 (trigger code truncated), PART II · a508260b
      malff/marcsql@weblab.(none) authored
      Bug 28127 (Some valid identifiers names are not parsed correctly)
      Bug 26302 (MySQL server cuts off trailing "*/" from comments in SP/func)
      
      This patch is the second part of a major cleanup, required to fix
      Bug 25411 (trigger code truncated).
      
      The root cause of the issue stems from the function skip_rear_comments,
      which was a work around to remove "extra" "*/" characters from the query
      text, when parsing a query and reusing the text fragments to represent a
      view, trigger, function or stored procedure.
      The reason for this work around is that "special comments",
      like /*!50002 XXX */, were not parsed properly, so that a query like:
        AAA /*!50002 BBB */ CCC
      would be seen by the parser as "AAA BBB */ CCC" when the current version
      is greater or equal to 5.0.2
      
      The root cause of this stems from how special comments are parsed.
      Special comments are really out-of-bound text that appear inside a query,
      that affects how the parser behave.
      In nature, /*!50002 XXX */ in MySQL is similar to the C concept
      of preprocessing :
        #if VERSION >= 50002
        XXX
        #endif
      
      Depending on the current VERSION of the server, either the special comment
      should be expanded or it should be ignored, but in all cases the "text" of
      the query should be re-written to strip the "/*!50002" and "*/" markers,
      which does not belong to the SQL language itself.
      
      Prior to this fix, these markers would leak into :
      - the storage format for VIEW,
      - the storage format for FUNCTION,
      - the storage format for FUNCTION parameters, in mysql.proc (param_list),
      - the storage format for PROCEDURE,
      - the storage format for PROCEDURE parameters, in mysql.proc (param_list),
      - the storage format for TRIGGER,
      - the binary log used for replication.
      
      In all cases, not only this cause format corruption, but also provide a vector
      for dormant security issues, by allowing to tunnel code that will be activated
      after an upgrade.
      
      The proper solution is to deal with special comments strictly during parsing,
      when accepting a query from the outside world.
      Once a query is parsed and an object is created with a persistant
      representation, this object should not arbitrarily mutate after an upgrade.
      In short, special comments are a useful but limited feature for MYSQLdump,
      when used at an *interface* level to facilitate import/export,
      but bloating the server *internal* storage format is *not* the proper way
      to deal with configuration management of the user logic.
      
      With this fix:
      - the Lex_input_stream class now acts as a comment pre-processor,
      and either expands or ignore special comments on the fly.
      - MYSQLlex and sql_yacc.yy have been cleaned up to strictly use the
      public interface of Lex_input_stream. In particular, how the input stream
      accepts or rejects a character is private to Lex_input_stream, and the
      internal buffer pointers of that class are strictly private, and should not
      be tempered with during parsing.
      
      This caused many changes mostly in sql_lex.cc.
      
      During the code cleanup in case MY_LEX_NUMBER_IDENT,
      Bug 28127 (Some valid identifiers names are not parsed correctly)
      was found and fixed.
      
      By parsing special comments properly, and removing the function
      'skip_rear_comments' [sic],
      Bug 26302 (MySQL server cuts off trailing "*/" from comments in SP/func)
      has been fixed as well.
      a508260b
  31. 10 Jun, 2007 1 commit
    • kostja@bodhi.(none)'s avatar
      Follow up after work on Bug 4968 · 6c352d16
      kostja@bodhi.(none) authored
      Coding style: classes start with a capital letter.
      Rename some classes related to parsing:
      create_field -> Create_field
      foreign_key -> Foreign_key
      key_part_spec -> Key_part_spec
      6c352d16
  32. 04 Jun, 2007 1 commit
  33. 29 May, 2007 1 commit
  34. 28 May, 2007 1 commit
    • kostja@vajra.(none)'s avatar
      5.1 version of a fix and test cases for bugs: · c7594877
      kostja@vajra.(none) authored
      Bug#4968 ""Stored procedure crash if cursor opened on altered table"
      Bug#6895 "Prepared Statements: ALTER TABLE DROP COLUMN does nothing"
      Bug#19182 "CREATE TABLE bar (m INT) SELECT n FROM foo; doesn't work from 
      stored procedure."
      Bug#19733 "Repeated alter, or repeated create/drop, fails"
      Bug#22060 "ALTER TABLE x AUTO_INCREMENT=y in SP crashes server"
      Bug#24879 "Prepared Statements: CREATE TABLE (UTF8 KEY) produces a 
      growing key length" (this bug is not fixed in 5.0)
      
      Re-execution of CREATE DATABASE, CREATE TABLE and ALTER TABLE 
      statements in stored routines or as prepared statements caused
      incorrect results (and crashes in versions prior to 5.0.25).
      
      In 5.1 the problem occured only for CREATE DATABASE, CREATE TABLE
      SELECT and CREATE TABLE with INDEX/DATA DIRECTOY options).
        
      The problem of bugs 4968, 19733, 19282 and 6895 was that functions
      mysql_prepare_table, mysql_create_table and mysql_alter_table are not
      re-execution friendly: during their operation they modify contents
      of LEX (members create_info, alter_info, key_list, create_list),
      thus making the LEX unusable for the next execution.
      In particular, these functions removed processed columns and keys from
      create_list, key_list and drop_list. Search the code in sql_table.cc 
      for drop_it.remove() and similar patterns to find evidence.
        
      The fix is to supply to these functions a usable copy of each of the
      above structures at every re-execution of an SQL statement. 
        
      To simplify memory management, LEX::key_list and LEX::create_list
      were added to LEX::alter_info, a fresh copy of which is created for
      every execution.
        
      The problem of crashing bug 22060 stemmed from the fact that the above 
      metnioned functions were not only modifying HA_CREATE_INFO structure 
      in LEX, but also were changing it to point to areas in volatile memory
      of the execution memory root.
         
      The patch solves this problem by creating and using an on-stack
      copy of HA_CREATE_INFO in mysql_execute_command.
      
      Additionally, this patch splits the part of mysql_alter_table
      that analizes and rewrites information from the parser into
      a separate function - mysql_prepare_alter_table, in analogy with
      mysql_prepare_table, which is renamed to mysql_prepare_create_table.
      c7594877
  35. 25 May, 2007 2 commits
    • malff/marcsql@weblab.(none)'s avatar
      Code review comments · 0bb9b8f9
      malff/marcsql@weblab.(none) authored
      0bb9b8f9
    • malff/marcsql@weblab.(none)'s avatar
      Bug#27876 (SF with cyrillic variable name fails during execution (regression)) · 88e3abf5
      malff/marcsql@weblab.(none) authored
      The root cause of this bug is related to the function skip_rear_comments,
      in sql_lex.cc
      
      Recent code changes in skip_rear_comments changed the prototype from
      "const uchar*" to "const char*", which had an unforseen impact on this test:
        (endp[-1] < ' ')
      With unsigned characters, this code filters bytes of value [0x00 - 0x20]
      With *signed* characters, this also filters bytes of value [0x80 - 0xFF].
      
      This caused the regression reported, considering cyrillic characters in the
      parameter name to be whitespace, and truncated.
      Note that the regression is present both in 5.0 and 5.1.
      
      With this fix:
      - [0x80 - 0xFF] bytes are no longer considered whitespace.
      This alone fixes the regression.
      
      In addition, filtering [0x00 - 0x20] was found bogus and abusive,
      so that the code now filters uses my_isspace when looking for whitespace.
      
      Note that this fix is only addressing the regression affecting UTF-8
      in general, but does not address a more fundamental problem with
      skip_rear_comments: parsing a string *backwards*, starting at end[-1],
      is not safe with multi-bytes characters, so that end[-1] can confuse the
      last byte of a multi-byte characters with a characters to filter out.
      
      The only known impact of this remaining issue affects objects that have to
      meet all the conditions below:
      
      - the object is a FUNCTION / PROCEDURE / TRIGGER / EVENT / VIEW
      - the body consist of only *1* instruction, and does *not* contain a
        BEGIN-END block
      - the instruction ends, lexically, with <ident> <whitespace>* ';'?
        For example, "select <ident>;" or "return <ident>;"
      - The last character of <ident> is a multi-byte character
      - the last byte of this character is ';' '*', '/' or whitespace
      
      In this case, the body of the object will be truncated after parsing,
      and stored in an invalid format.
      
      This last issue has not been fixed in this patch, since the real fix
      will be implemented by Bug 25411 (trigger code truncated), which is caused
      by the very same code.
      The real problem is that the function skip_rear_comments is only a
      work-around, and should be removed entirely: see the proposed patch for
      bug 25411 for details.
      88e3abf5
  36. 24 May, 2007 1 commit