1. 18 Jul, 2011 2 commits
  2. 15 Jul, 2011 2 commits
    • Tor Didriksen's avatar
      merge 5.0-security => 5.1-security · f53acf17
      Tor Didriksen authored
      f53acf17
    • Tor Didriksen's avatar
      Bug#12406055 BUFFER OVERFLOW OF VARIABLE 'BUFF' IN STRING::SET_REAL · 276b5de0
      Tor Didriksen authored
      The buffer was simply too small.
      In 5.5 and trunk, the size is 311 + 31,
      in 5.1 and below, the size is 331
      
      
      client/sql_string.cc:
        Increase buffer size in String::set(double, ...)
      include/m_string.h:
        Increase FLOATING_POINT_BUFFER
      mysql-test/r/type_float.result:
        New test cases.
      mysql-test/t/type_float.test:
        New test cases.
      sql/sql_string.cc:
        Increase buffer size in String::set(double, ...)
      sql/unireg.h:
        Move definition of FLOATING_POINT_BUFFER
      276b5de0
  3. 11 Jul, 2011 1 commit
    • Tor Didriksen's avatar
      Bug#11765255 - 58201: VALGRIND/CRASH WHEN ORDERING BY MULTIPLE AGGREGATE FUNCTIONS · 454ef927
      Tor Didriksen authored
      We must allocate a larger ref_pointer_array. We failed to account for extra
      items allocated here:
      #0  find_order_in_list 
        uint el= all_fields.elements;
        all_fields.push_front(order_item); /* Add new field to field list. */
        ref_pointer_array[el]= order_item;
        order->item= ref_pointer_array + el;
      #1  setup_order
      #2  setup_without_group
      #3  JOIN::prepare
      
      
      mysql-test/r/order_by.result:
        New test case.
      mysql-test/r/union.result:
        New test case.
      mysql-test/t/order_by.test:
        New test case.
      mysql-test/t/union.test:
        New test case.
      sql/sql_lex.cc:
        find_order_in_list() may need some extra space, so multiply og_num by two.
      sql/sql_union.cc:
        For UNION, the 'n_sum_items' are accumulated in the "global_parameters" select_lex.
        This number must be propagated to setup_ref_array()
        
        When preparing a 'fake_select_lex' we need to use global_parameters->order_list
        rather than fake_select_lex->order_list (see comments inside st_select_lex_unit::cleanup)
      454ef927
  4. 07 Jul, 2011 4 commits
  5. 06 Jul, 2011 1 commit
  6. 05 Jul, 2011 1 commit
  7. 04 Jul, 2011 1 commit
  8. 03 Jul, 2011 2 commits
  9. 01 Jul, 2011 2 commits
  10. 30 Jun, 2011 3 commits
  11. 29 Jun, 2011 1 commit
  12. 16 Jun, 2011 3 commits
  13. 15 Jun, 2011 1 commit
    • Marko Mäkelä's avatar
      Introduce UNIV_BLOB_NULL_DEBUG for temporarily hiding Bug#12650861. · 0a7a7bd6
      Marko Mäkelä authored
      Some ut_a(!rec_offs_any_null_extern()) assertion failures are indicating
      genuine BLOB bugs, others are bogus failures when rolling back incomplete
      transactions at crash recovery. This needs more work, and until I get a
      chance to work on it, other testing must not be disrupted by this.
      0a7a7bd6
  14. 14 Jun, 2011 1 commit
    • Marko Mäkelä's avatar
      Merge a fix from mysql-5.5 to mysql-5.1: · 0f59fc35
      Marko Mäkelä authored
      revno 2995.37.209
      revision id marko.makela@oracle.com-20110518120508-qhn7vz814vn77v5k
      parent marko.makela@oracle.com-20110517121555-lmple24qzxqkzep4
      timestamp: Wed 2011-05-18 15:05:08 +0300
      message:
        Fix a bogus UNIV_SYNC_DEBUG failure in the fix of Bug #59641
        or Oracle Bug #11766513.
      
        trx_undo_free_prepared(): Do not acquire or release trx->rseg->mutex.
        This code is invoked in the single-threaded part of shutdown, therefore
        a mutex is not needed.
      0f59fc35
  15. 13 Jun, 2011 1 commit
  16. 10 Jun, 2011 5 commits
    • Karen Langford's avatar
      Merged from mysql-5.0 · 01af2113
      Karen Langford authored
      01af2113
    • Karen Langford's avatar
      increase version number to 5.0.95 · 895b361f
      Karen Langford authored
      895b361f
    • Karen Langford's avatar
      Raise version number after cloning 5.1.58 · 1e561dad
      Karen Langford authored
      1e561dad
    • Sunanda Menon's avatar
      Raise version number after cloning 5.0.94 · d7d88b52
      Sunanda Menon authored
      d7d88b52
    • Dmitry Shulga's avatar
      Fixed bug#11753738 (formely known as bug#45235) - 5.1 DOES NOT SUPPORT 5.0-ONLY · 7daadb92
      Dmitry Shulga authored
      SYNTAX TRIGGERS IN ANY WAY
      
      Table with triggers which were using deprecated (5.0-only) syntax became
      unavailable for any DML and DDL after upgrade to 5.1 version of server.
      Attempt to execute any statement on such a table resulted in parsing
      error reported. Since this included DROP TRIGGER and DROP TABLE
      statements (actually, the latter was allowed but was not functioning
      properly for such tables) it was impossible to fix the problem without
      manual operations on .TRG and .TRN files in data directory.
      
      The problem was that failure to parse trigger body (due to 5.0-only
      syntax) when opening trigger file for a table prevented the table
      from being open. This made all operations on the table impossible
      (except DROP TABLE which due to peculiarity in its implementation
      dropped the table but left trigger files around).
      
      This patch solves this problem by silencing error which occurs when
      we parse trigger body during table open. Error message is preserved
      for the future use and table is marked as having a broken trigger.
      We also try to analyze parse tree to recover trigger name, which
      will be needed in order to drop the broken trigger. DML statements
      which invoke triggers on the table marked as having broken trigger
      are prohibited and emit saved error message. The same happens for
      DDL which change triggers except DROP TRIGGER and DROP TABLE which
      try their best to do what was requested. Table becomes no longer
      marked as having broken trigger when last such trigger is dropped.
      
      mysql-test/r/trigger-compat.result:
        Add results for test case for bug#45235
      mysql-test/t/trigger-compat.test:
        Add test case for bug#45235.
      sql/sp_head.cc:
        Added protection against MEM_ROOT double restoring to
        sp_head::restore_thd_mem_root() method. Since this
        method can be sometimes called twice during parsing
        of stored routine (the first time during normal flow
        of parsing, and the second time when a syntax error
        is detected) we need to shortcut execution of the
        method to avoid damaging MEM_ROOT by the second
        consecutive call to this method.
      sql/sql_trigger.cc:
        Added error handler Deprecated_trigger_syntax_handler to 
        catch non-OOM errors during parsing of trigger body.
        
        Added handling of parse errors into method 
        Table_triggers_list::check_n_load().
      sql/sql_trigger.h:
        Added new members to handle broken triggers and error messages.
      7daadb92
  17. 09 Jun, 2011 6 commits
    • Marko Mäkelä's avatar
      Disable a debug assertion that was added to track down Bug#12612184. · 5c580cc9
      Marko Mäkelä authored
      row_build(): The record may contain null BLOB pointers when the server
      is rolling back an insert that was interrupted by a server crash.
      5c580cc9
    • Dmitry Shulga's avatar
      Follow-up for patch of bug#11764334. · febca690
      Dmitry Shulga authored
      febca690
    • Dmitry Shulga's avatar
      Fixed bug#11764334 (formerly bug#57156): ALTER EVENT CHANGES · 37773c3f
      Dmitry Shulga authored
      THE EVENT STATUS.
      
      Any ALTER EVENT statement on a disabled event enabled it back
      (unless this ALTER EVENT statement explicitly disabled the event).
      
      The problem was that during processing of an ALTER EVENT statement
      value of status field was overwritten unconditionally even if new
      value was not specified explicitly. As a consequence this field
      was set to default value for status which corresponds to ENABLE.
      
      The solution is to check if status field was explicitly specified in
      ALTER EVENT statement before assigning new value to status field.
      
      mysql-test/r/events_bugs.result:
        test's result for Bug#11764334 was added.
      mysql-test/t/events_bugs.test:
        new test for Bug#11764334 was added.
      sql/event_db_repository.cc:
        mysql_event_fill_row() was modified: set value for status field
        in events tables only in case if statement CREATE EVENT
        is being processed or if this value was set in ALTER EVENT
        statement.
        Event_db_repository::create_event was modified: removed redundant
        setting of status field after return from call to mysql_event_fill_row().
      sql/event_parse_data.h:
        Event_parse_data structure was modified: added flag
        status_changed that is set to true if status's value
        was changed in ALTER EVENT statement.
      sql/sql_yacc.yy:
        Set flag status_changed if status was set in ALTER EVENT
        statement.
      37773c3f
    • Dmitry Shulga's avatar
      Fixed bug#11840395 (formerly known as bug#60347: THE STRING "VERSIONDATA" · 5829ac20
      Dmitry Shulga authored
      SEEMS TO BE 'LEAKING' INTO THE SCHEMA NAME SPACE)
      and bug#12428824 (Parser stack overflow and crash in sp_add_used_routine
      with obscure query).
      
      The first problem was that attempts to call a stored function by
      its fully qualified name ended up with unwarranted error "ERROR 1305
      (42000): FUNCTION someMixedCaseDb.my_function_name does not exist"
      if this function belonged to a schema that had uppercase letters in
      its name AND --lower_case_table_names was equal to either 1 or 2.
      
      The second problem was that 5.5 version of MySQL server might have
      crashed when a user tried to call stored function with too long name
      or too long database name (i.e if a function and database name combined
      occupied more than 2*3*64 bytes in utf8). This issue didn't affect
      versions of server < 5.5.
       
      The first problem was caused by the fact that in cases when a stored
      function was called by its fully qualified name we didn't lowercase
      name of its schema before performing look up of the function in
      mysql.proc table even although lower_case_table_names mode was on.
      As result we were unable to find this function since during its
      creation we store lowercased version of schema name in the system
      table in this mode and field for schema name uses binary collation.
      
      Calls to stored functions were unaffected by this problem since for
      them schema name is converted to lowercase as necessary.
      
      The reason for the second bug was that MySQL Server didn't check length
      of function name and database name before proceeding with execution of
      stored function. As a consequence too long database name or function
      name caused buffer overruns in places where the code assumes that their
      length is within fixed limits, like mdl_key_init() in 5.5.
      
      Again this issue didn't affect calls to stored procedures as for them
      length of schema name and procedure name are properly checked.
      
      This patch fixes both these bugs by adding calls to check_db_name()
      and check_routine_name() to grammar rule which corresponds to a call
      to a stored function. These functions ensure that length of database
      name and function name for routine called is within standard limit.
      Moreover call to check_db_name() handles conversion of database name
      to lowercase if --lower_case_table_names mode is on.
      
      Note that even although the second issue seems to be only reproducible
      in 5.5 we still add code fixing it to 5.1 to be on the safe side (and
      make code a bit more robust against possible future changes).
      
      mysql-test/r/sp-error.result:
        Added testcase results for bug#12428824.
      mysql-test/r/sp.result:
        Added testcase result for bug#11840395.
      mysql-test/t/sp-error.test:
        Added testcase for bug#12428824.
      mysql-test/t/sp.test:
        Added testcase for bug#11840395.
      sql/sql_yacc.yy:
        Modified 'function_call_generic' rule to call check_db_name() and
        check_routine_name() in order to ensure that lengths of database name
        and function name are within limits. check_db_name() is also responsible
        for normalizing function's database name for lookup in cases when
        lowercase_table_names mode is on.
      5829ac20
    • Karen Langford's avatar
      Raise version number after cloning 5.1.58 · 9325f792
      Karen Langford authored
      9325f792
    • Marko Mäkelä's avatar
      BLOB instrumentation for Bug#12612184 Race condition in row_upd_clust_rec() · d05a43f6
      Marko Mäkelä authored
      If UNIV_DEBUG or UNIV_BLOB_LIGHT_DEBUG is enabled, add
      !rec_offs_any_null_extern() assertions, ensuring that records do not
      contain null pointers to externally stored columns in inappropriate
      places.
      
      btr_cur_optimistic_update(): Assert !rec_offs_any_null_extern().
      Incomplete records must never be updated or deleted. This assertion
      will cover also the pessimistic route.
      
      row_build(): Assert !rec_offs_any_null_extern(). Search tuples must
      never be built from incomplete index entries.
      
      row_rec_to_index_entry(): Assert !rec_offs_any_null_extern() unless
      ROW_COPY_DATA is requested. ROW_COPY_DATA is used for
      multi-versioning, and therefore it might be valid to copy the most
      recent (uncommitted) version while it contains a null pointer to
      off-page columns.
      
      row_vers_build_for_consistent_read(),
      row_vers_build_for_semi_consistent_read(): Assert !rec_offs_any_null_extern()
      on all versions except the most recent one.
      
      trx_undo_prev_version_build(): Assert !rec_offs_any_null_extern() on
      the previous version.
      
      rb:682 approved by Sunny Bains
      d05a43f6
  18. 07 Jun, 2011 2 commits
    • Ramil Kalimullin's avatar
      Bug#11764487: myisam corruption with insert ignore and invalid spatial data · 4c506680
      Ramil Kalimullin authored
      Problem: in case of wrong data insert into indexed GEOMETRY fields 
      (e.g. NULL value for a not NULL field) MyISAM reported 
      "ERROR 126 (HY000): Incorrect key file for table; try to repair it"
      due to misuse of the key deletion function.
      
      Fix: always use R-tree key functions for R-tree based indexes
      and B-tree key functions for B-tree based indexes.
      
      
      mysql-test/r/gis-rtree.result:
        Bug#11764487: myisam corruption with insert ignore and invalid spatial data
          - test result.
      mysql-test/t/gis-rtree.test:
        Bug#11764487: myisam corruption with insert ignore and invalid spatial data
          - test case.
      storage/myisam/mi_update.c:
        Bug#11764487: myisam corruption with insert ignore and invalid spatial data
          - handling update errors check for HA_ERR_NULL_IN_SPATIAL as well to be 
        consistent with mi_write();
          - always use keyinfo->ck_delete()/ck_insert() instead of _mi_ck_delete()/_mi_ck_write()
        to handle index properly, as it may be of B-tree or R-tree type.
      storage/myisam/mi_write.c:
        Bug#11764487: myisam corruption with insert ignore and invalid spatial data
          - always use keyinfo->ck_delete() instead of _mi_ck_delete() to handle
        index properly, as it may be of B-tree or R-tree type.
      4c506680
    • Georgi Kodinov's avatar
      Bug #12589928: MEMORY LEAK WHEN RUNNING SYS_VARS.SECURE_FILE_PRIV · 254aeb9e
      Georgi Kodinov authored
      This is the 5.1 version of the fix.
            
      Need to free the memory allocated by the option parsing code for empty 
      strings when resetting the pointer to NULL.
      No test case needed, as the existing ones already cover this path.
      254aeb9e
  19. 30 Jun, 2011 1 commit