1. 15 Dec, 2010 1 commit
    • Alexander Nozdrin's avatar
      Patch for Bug#57952 (privilege change is not taken into account by EXECUTE). · 646078a2
      Alexander Nozdrin authored
      The user-visible problem was that changes to column-level privileges,
      happened in between of PREPARE and EXECUTE of a prepared statement, were
      neglected. I.e. a prepared statement could be executed with the
      column-level privileges as of PREPARE-time. The problem existed for
      column-level privileges only.
      
      A similar problem existed for stored programs: the changes between
      executions didn't have an effect.
      
      Technically the thing is that table references are cached in
      Prepared_statement::prepare() call. In subsequent
      Prepared_statement::execute() calls those cached values are used.
      There are two functions to get a field by name: find_field_in_table() and
      find_field_in_table_ref(). On prepare-phase find_field_in_table_ref() is
      called, on execute-phase -- find_field_in_table() because the table is
      cached. find_field_in_table() does not check column-level privileges and
      expects the caller to do that. The problem was that this check was
      forgotten.
      
      The fix is to check them there as it happens in find_field_in_table_ref().
      646078a2
  2. 08 Dec, 2010 1 commit
  3. 03 Dec, 2010 1 commit
  4. 24 Nov, 2010 4 commits
    • Gleb Shchepa's avatar
      backport of bug #54461 from 5.1-security to 5.0-security · e86ae7d4
      Gleb Shchepa authored
       > revision-id: gshchepa@mysql.com-20100801181236-uyuq6ewaq43rw780
       > parent: alexey.kopytov@sun.com-20100723115254-jjwmhq97b9wl932l
       > committer: Gleb Shchepa <gshchepa@mysql.com>
       > branch nick: mysql-5.1-security
       > timestamp: Sun 2010-08-01 22:12:36 +0400
       > Bug #54461: crash with longblob and union or update with subquery
       >
       > Queries may crash, if
       >   1) the GREATEST or the LEAST function has a mixed list of
       >      numeric and LONGBLOB arguments and
       >   2) the result of such a function goes through an intermediate
       >      temporary table.
       >
       > An Item that references a LONGBLOB field has max_length of
       > UINT_MAX32 == (2^32 - 1).
       >
       > The current implementation of GREATEST/LEAST returns REAL
       > result for a mixed list of numeric and string arguments (that
       > contradicts with the current documentation, this contradiction
       > was discussed and it was decided to update the documentation).
       >
       > The max_length of such a function call was calculated as a
       > maximum of argument max_length values (i.e. UINT_MAX32).
       >
       > That max_length value of UINT_MAX32 was used as a length for
       > the intermediate temporary table Field_double to hold
       > GREATEST/LEAST function result.
       >
       > The Field_double::val_str() method call on that field
       > allocates a String value.
       >
       > Since an allocation of String reserves an additional byte
       > for a zero-termination, the size of String buffer was
       > set to (UINT_MAX32 + 1), that caused an integer overflow:
       > actually, an empty buffer of size 0 was allocated.
       >
       > An initialization of the "first" byte of that zero-size
       > buffer with '\0' caused a crash.
       >
       > The Item_func_min_max::fix_length_and_dec() has been
       > modified to calculate max_length for the REAL result like
       > we do it for arithmetical operators.
      
      
      mysql-test/r/func_misc.result:
        Test case for bug #54461.
      mysql-test/t/func_misc.test:
        Test case for bug #54461.
      sql/item_func.cc:
        Bug #54461: crash with longblob and union or update with subquery
        
        The Item_func_min_max::fix_length_and_dec() has been
        modified to calculate max_length for the REAL result like
        we do it for arithmetical operators.
      e86ae7d4
    • Alexander Nozdrin's avatar
      A follow-up for Bug#58339 (Replace Server GPL README file). · de0b1516
      Alexander Nozdrin authored
      Fix formatting issues in README file.
      de0b1516
    • Alexander Nozdrin's avatar
      Merge from mysql-5.0-bugteam. · 0bce784b
      Alexander Nozdrin authored
      0bce784b
    • Alexander Nozdrin's avatar
      A follow-up for Bug#58340 (Remove Server GPL EXCEPTIONS-CLIENT file) -- remove all · 7368bb13
      Alexander Nozdrin authored
      EXCEPTIONS-CLIENT from all the places.
      7368bb13
  5. 23 Nov, 2010 1 commit
  6. 22 Nov, 2010 3 commits
    • Gleb Shchepa's avatar
      backport: Bug #55568 from 5.1-security to 5.0-security · 21a33fa0
      Gleb Shchepa authored
      > revision-id: alexey.kopytov@sun.com-20100824103548-ikm79qlfrvggyj9h
      > parent: sunny.bains@oracle.com-20100816001222-xqc447tr6jwh8c53
      > committer: Alexey Kopytov <Alexey.Kopytov@Sun.com>
      > branch nick: 5.1-security
      > timestamp: Tue 2010-08-24 14:35:48 +0400
      > message:
      >   Bug #55568: user variable assignments crash server when used
      >               within query
      >   
      >   The server could crash after materializing a derived table
      >   which requires a temporary table for grouping.
      >   
      >   When destroying the temporary table used to execute a query for
      >   a derived table, JOIN::destroy() did not clean up Item_fields
      >   pointing to fields in the temporary table. This led to
      >   dereferencing a dangling pointer when printing out the items
      >   tree later in the outer SELECT.
      >   
      >   The solution is an addendum to the patch for bug37362: in
      >   addition to cleaning up items in tmp_all_fields3, do the same
      >   for items in tmp_all_fields1, since now we have an example
      >   where this is necessary.
      
      
      sql/field.cc:
        Make sure field->table_name is not set to NULL in
        Field::make_field() to avoid assertion failure in 
        Item_field::make_field() after cleaning up items
        (the assertion fired in udf.test when running
        the test suite with the patch applied).
      sql/sql_select.cc:
        In addition to cleaning up items in tmp_all_fields3, do the
        same for items in tmp_all_fields1.
        Introduce a new helper function to avoid code duplication.
      sql/sql_select.h:
        Introduce a new helper function to avoid code duplication in
        JOIN::destroy().
      21a33fa0
    • Alexander Nozdrin's avatar
    • Alexander Nozdrin's avatar
  7. 08 Nov, 2010 2 commits
    • Sergey Glukhov's avatar
      Bug#52711 Segfault when doing EXPLAIN SELECT with union...order by (select... where...) · 72a22256
      Sergey Glukhov authored
      backport from 5.1
      
      
      mysql-test/r/subselect.result:
        backport from 5.1
      mysql-test/t/subselect.test:
        backport from 5.1
      sql/sql_select.cc:
        backport from 5.1
      72a22256
    • Sergey Glukhov's avatar
      Fix for bug #54575: crash when joining tables with unique set column(backport from 5.1) · 9162a7b4
      Sergey Glukhov authored
      Problem: a flaw (derefencing a NULL pointer) in the LIKE optimization
      code may lead to a server crash in some rare cases.
      
      Fix: check the pointer before its dereferencing.
      
      
      mysql-test/r/func_like.result:
        Fix for bug #54575: crash when joining tables with unique set column
          - test result.
      mysql-test/t/func_like.test:
        Fix for bug #54575: crash when joining tables with unique set column
          - test case.
      sql/item_cmpfunc.cc:
        Fix for bug #54575: crash when joining tables with unique set column
        - check res2 buffer pointer before its dereferencing 
          as it may be NULL in some cases.
      9162a7b4
  8. 29 Oct, 2010 1 commit
  9. 05 Oct, 2010 4 commits
  10. 20 Aug, 2010 2 commits
  11. 10 Aug, 2010 1 commit
  12. 02 Aug, 2010 2 commits
  13. 30 Jul, 2010 1 commit
  14. 21 Jul, 2010 2 commits
  15. 15 Jul, 2010 1 commit
    • Alexey Kopytov's avatar
      Backport of the fix for bug#25421 to 5.0. · ce3d6c97
      Alexey Kopytov authored
      Calculating the estimated number of records for a range scan
      may take a significant time, and it was impossible for a user
      to interrupt that process by killing the connection or the
      query.
      
      Fixed by checking the thread's 'killed' status in
      check_quick_keys() and interrupting the calculation process if
      it is set to a non-zero value.
      ce3d6c97
  16. 07 Jul, 2010 1 commit
    • Vasil Dimov's avatar
      Merge the fix for Bug#49238 from SVN · 2dc8e3da
      Vasil Dimov authored
      (without the unrelated whitespace changes):
      
        ------------------------------------------------------------------------
        r7009 | jyang | 2010-04-29 20:44:56 +0300 (Thu, 29 Apr 2010) | 6 lines
        
        branches/5.0: Port fix for bug #49238 (Creating/Dropping a temporary
        table while at 1023 transactions will cause assert) from 5.1 to
        branches/5.1. Separate action for return value DB_TOO_MANY_CONCURRENT_TRXS
        from that of DB_MUST_GET_MORE_FILE_SPACE in row_drop_table_for_mysql().
        
        
        ------------------------------------------------------------------------
      2dc8e3da
  17. 02 Jul, 2010 3 commits
  18. 28 Jun, 2010 1 commit
    • Davi Arnaut's avatar
      Bug#54041: MySQL 5.0.92 fails when tests from Connector/C suite run · a065c7a5
      Davi Arnaut authored
      The problem was that a user could supply supply data in chunks
      via the COM_STMT_SEND_LONG_DATA command to prepared statement
      parameter other than of type TEXT or BLOB. This posed a problem
      since other parameter types aren't setup to handle long data,
      which would lead to a crash when attempting to use the supplied
      data.
      
      Given that long data can be supplied at any stage of a prepared
      statement, coupled with the fact that the type of a parameter
      marker might change between consecutive executions, the solution
      is to validate at execution time each parameter marker for which
      a data stream was provided. If the parameter type is not TEXT or
      BLOB (that is, if the type is not able to handle a data stream),
      a error is returned.
      
      sql/sql_prepare.cc:
        Before converting the parameter data stream, check the type
        compatibility.
      tests/mysql_client_test.c:
        Add test case.
      a065c7a5
  19. 21 Jun, 2010 2 commits
  20. 17 Jun, 2010 1 commit
    • Joerg Bruehe's avatar
      Bug#54590 "make_binary_distribution" fails because a command · f7c4571c
      Joerg Bruehe authored
                 line exceeds the limit
      
      The number and/or names of our files for the main test suite
      (contents of "mysql-test/t/") now exceeds the command line
      length limit on AIX.
      Solve the problem by using separate "cp" commands for the
      various file name extensions.
      f7c4571c
  21. 15 Jun, 2010 1 commit
  22. 14 Jun, 2010 1 commit
  23. 10 Jun, 2010 1 commit
    • Davi Arnaut's avatar
      Bug#34236: Various possibly related SSL crashes · de986ce1
      Davi Arnaut authored
      Addendum: Work around a compilation failure on Windows due to
                windows.h not being added to the global namespace.
      
      extra/yassl/include/lock.hpp:
        Move windows.h inclusion into the global namespace.
      de986ce1
  24. 08 Jun, 2010 2 commits
    • Davi Arnaut's avatar
      Bug#53906: Stray semicolon in my_sys.h corrupts macro function definition of MY_INIT · b93825f3
      Davi Arnaut authored
      include/my_sys.h:
        Remove stray semicolon.
      b93825f3
    • Davi Arnaut's avatar
      Bug#34236: Various possibly related SSL crashes · 82f09f49
      Davi Arnaut authored
      The problem was that the bundled yaSSL library was being built
      without thread safety support regardless of the thread safeness
      of the compoments linked with it.
      
      The solution is to enable yaSSL thread safety support if any
      component (server or client) is to be built with thread support.
      
      Also, generate new certificates for yaSSL's test suite.
      
      config/ac-macros/yassl.m4:
        Enable yaSSL thread safety if linking with the server or a
        thread safe client library. Avoids building a thread safe
        yaSSL when only building a non-thread safe client library.
      extra/yassl/CMakeLists.txt:
        Always enable for Windows builds.
      extra/yassl/certs/ca-cert.pem:
        New certificate, previous one expired.
      extra/yassl/certs/client-cert.der:
        New certificate, previous one expired.
      extra/yassl/certs/client-cert.pem:
        New certificate, previous one expired.
      extra/yassl/certs/dsa-cert.pem:
        New certificate, previous one expired.
      extra/yassl/certs/server-cert.pem:
        New certificate, previous one expired.
      extra/yassl/include/lock.hpp:
        Rename MULTI_THREAD to YASSL_THREAD_SAFE.
      extra/yassl/src/Makefile.am:
        Use CXXFLAGS to set thread related definitions as the lock header
        (lock.hpp) has no local dependencies.
      extra/yassl/src/lock.cpp:
        Rename MULTI_THREAD to YASSL_THREAD_SAFE.
      extra/yassl/taocrypt/CMakeLists.txt:
        Always enable for Windows builds.
      extra/yassl/taocrypt/benchmark/Makefile.am:
        Pass thread related CXXFLAGS.
      extra/yassl/taocrypt/src/Makefile.am:
        Pass thread related CXXFLAGS.
      extra/yassl/taocrypt/test/Makefile.am:
        Pass thread related CXXFLAGS.
      extra/yassl/taocrypt/test/memory.cpp:
        Rename MULTI_THREAD to YASSL_THREAD_SAFE.
      extra/yassl/testsuite/Makefile.am:
        Pass thread related CXXFLAGS.
      82f09f49