1. 28 Jul, 2009 1 commit
    • Alexey Kopytov's avatar
      Bug #45031: invalid memory reads in my_real_read using protocol · baefaa1e
      Alexey Kopytov authored
                  compression 
       
      Since uint3korr() may read 4 bytes depending on build flags and 
      platform, allocate 1 extra "safety" byte in the network buffer 
      for cases when uint3korr() in my_real_read() is called to read
      last 3 bytes in the buffer. 
       
      It is practically hard to construct a reliable and reasonably 
      small test case for this bug as that would require constructing 
      input stream such that a certain sequence of bytes in a 
      compressed packet happens to be the last 3 bytes of the network 
      buffer. 
      
      
      sql/net_serv.cc:
        Allocate 1 extra "safety" byte in the network buffer for cases 
        when uint3korr() is used to read last 3 bytes in the buffer.
      baefaa1e
  2. 16 Jul, 2009 2 commits
  3. 08 Jul, 2009 1 commit
  4. 16 Jul, 2009 1 commit
  5. 15 Jul, 2009 3 commits
    • Georgi Kodinov's avatar
      automerge · b7445ff6
      Georgi Kodinov authored
      b7445ff6
    • Georgi Kodinov's avatar
      Bug #45287: phase 1 : 32 bit compilation warnings · 45b687c0
      Georgi Kodinov authored
      Fixed the following problems:
      1. cmake 2.6 warning because of a changed default on
      how the dependencies to libraries with a specified 
      path are resolved.
      Fixed by requiring cmake 2.6.
      2. Removed an obsolete pre-NT4 hack including defining
      Windows system defines to alter the behavior of windows.h.
      3. Disabled warning C4065 on compiling sql_yacc.cc because
      of a know incompatibility in some of the newer bison binaries.
      45b687c0
    • Anurag Shekhar's avatar
      Bug#37740 Server crashes on execute statement with full text search and · c77b836a
      Anurag Shekhar authored
                match against.
      
      
      Server crashes when executing prepared statement with duplicating
      MATCH() function calls in SELECT and ORDER BY expressions, e.g.:
      SELECT MATCH(a) AGAINST('test') FROM t1 ORDER BY MATCH(a) AGAINST('test')
      
      This query gets optimized by the server, so the value returned
      by MATCH() from the SELECT list is reused for ORDER BY purposes.
      To make this optimization server is comparing items from
      SELECT and ORDER BY lists. We were getting server crash because
      comparision function for MATCH() item is not intended to be called
      at this point of execution.
      
      In 5.0 and 5.1 this problem is workarounded by resetting MATCH()
      item to the state as it was during PREPARE.
      
      In 6.0 correct comparision function will be implemented and
      duplicating MATCH() items from the ORDER BY list will be
      optimized.
      
      mysql-test/r/fulltext.result:
        Updated with the test case for Bug#37740
      mysql-test/t/fulltext.test:
        A test case for Bug#37740.
      sql/item_func.h:
        True initialization of 'table' happens in ::fix_fields(). As
        Item_func_match::eq() may be called before ::fix_fields(), it is
        expected that 'table' is initialized to 0 when it is reused.
        
        This is mostly affecting prepared statements, when the same item
        doesn't get destroyed, but rather cleaned up and reused.
      c77b836a
  6. 14 Jul, 2009 1 commit
  7. 13 Jul, 2009 2 commits
    • Georgi Kodinov's avatar
      Bug #40113: Embedded SELECT inside UPDATE or DELETE can timeout · 410e1a72
      Georgi Kodinov authored
      without error
      
      When using quick access methods for searching rows in UPDATE or 
      DELETE there was no check if a fatal error was not already sent 
      to the client while evaluating the quick condition.
      As a result a false OK (following the error) was sent to the 
      client and the error was thus transformed into a warning.
      
      Fixed by checking for errors sent to the client during 
      SQL_SELECT::check_quick() and treating them as real errors.
      
      Fixed a wrong test case in group_min_max.test
      Fixed a wrong return code in mysql_update() and mysql_delete()
      
      mysql-test/r/bug40113.result:
        Bug #40013: test case
      mysql-test/r/group_min_max.result:
        Bug #40013: fixed a wrong test case
      mysql-test/t/bug40113-master.opt:
        Bug #40013: test case
      mysql-test/t/bug40113.test:
        Bug #40013: test case
      mysql-test/t/group_min_max.test:
        Bug #40013: fixed a wrong test case
      sql/sql_delete.cc:
        Bug #40113: check for errors evaluating the quick select
      sql/sql_update.cc:
        Bug #40113: check for errors evaluating the quick select
      410e1a72
    • Georgi Kodinov's avatar
  8. 10 Jul, 2009 4 commits
  9. 07 Jul, 2009 2 commits
  10. 06 Jul, 2009 7 commits
  11. 03 Jul, 2009 3 commits
  12. 02 Jul, 2009 1 commit
  13. 01 Jul, 2009 1 commit
    • Staale Smedseng's avatar
      Bug #45790 Potential DoS vector: Writing of user input to log · 3cd431d5
      Staale Smedseng authored
      without proper formatting
            
      The problem is that a suitably crafted database identifier
      supplied to COM_CREATE_DB or COM_DROP_DB can cause a SIGSEGV,
      and thereby a denial of service. The database name is printed
      to the log without using a format string, so potential
      attackers can control the behavior of my_b_vprintf() by
      supplying their own format string. A CREATE or DROP privilege
      would be required.
            
      This patch supplies a format string to the printing of the
      database name. A test case is added to mysql_client_test.
      
      
      sql/sql_parse.cc:
        Added format strings.
      tests/mysql_client_test.c:
        Added new test case.
      3cd431d5
  14. 29 Jun, 2009 2 commits
  15. 26 Jun, 2009 1 commit
  16. 25 Jun, 2009 2 commits
    • Satya B's avatar
      Applying InnoDB snashot 5.0-ss5406, part 2. Fixes BUG#40565 · faaa9e08
      Satya B authored
      BUG#40565 - Update Query Results in "1 Row Affected" But Should Be "Zero Rows"
      
      Detailed revision comments:
      
      r5232 | marko | 2009-06-03 14:31:04 +0300 (Wed, 03 Jun 2009) | 21 lines
      branches/5.0: Merge r3590 from branches/5.1 in order to fix Bug #40565
      (Update Query Results in "1 Row Affected" But Should Be "Zero Rows").
      
      Also, add a test case for Bug #40565.
      
      rb://128 approved by Heikki Tuuri
        ------------------------------------------------------------------------
        r3590 | marko | 2008-12-18 15:33:36 +0200 (Thu, 18 Dec 2008) | 11 lines
      
        branches/5.1: When converting a record to MySQL format, copy the default
        column values for columns that are SQL NULL.  This addresses failures in
        row-based replication (Bug #39648).
      
        row_prebuilt_t: Add default_rec, for the default values of the columns in
        MySQL format.
      
        row_sel_store_mysql_rec(): Use prebuilt->default_rec instead of
        padding columns.
      
        rb://64 approved by Heikki Tuuri
        ------------------------------------------------------------------------
      faaa9e08
    • Satya B's avatar
      Applying InnoDB snashot 5.0-ss5406, part 1. Fixes BUG#38479 · 0158cafa
      Satya B authored
      BUG#38479 - valgrind warnings in show table status for innodb tables
      
      Detailed revision comments:
      
      r5080 | vasil | 2009-05-22 14:45:34 +0300 (Fri, 22 May 2009) | 6 lines
      branches/5.0:
      
      Fix Bug#38479 valgrind warnings in show table status for innodb tables
      
      by initializing prebuilt->hint_need_to_fetch_extra_cols.
      
      0158cafa
  17. 22 Jun, 2009 1 commit
  18. 19 Jun, 2009 5 commits
    • Matthias Leich's avatar
      99392b75
    • Matthias Leich's avatar
    • Matthias Leich's avatar
      Fix for Bug#40545, Bug#40209, Bug#40618, Bug#38346 · 59730d8f
      Matthias Leich authored
        Details:
        - Limit the queries to character sets and collations
          which are most probably available in all build types.
          But try to preserve the intention of the tests.
        - Remove the variants adjusted to some build types.
      
        Note:
        1. The results of the review by Bar are included.
        2. I am not able to check the correctness of this patch
           on any existing build type and any MySQL version.
           So it could happen that the new test fails somewhere.
      59730d8f
    • Georgi Kodinov's avatar
      Bug #36654: mysqld_multi cannot start instances with different versions · 014e2891
      Georgi Kodinov authored
      occasionally.
      
      mysql_multi can call mysqld_safe. In doing this it's not changing the 
      current working directory. This may cause confusion in the case where 
      mysqld_multi is handling instances of servers of different versions 
      and the current working directory is the installation directory of one 
      of these servers.
      
      Fixed by enhancing the meaning of basedir in [mysqldN] sections of 
      mysqld_multi. If specified, mysqld_multi will change the current 
      working directory to the basedir directory before starting the server 
      in mysqld_multi ... start ... and then change it back to what it was.
      
      scripts/mysqld_multi.sh:
        Bug #36654: optionally preserve, change and restore the cwd when 
        starting server instances
      014e2891
    • V Narayanan's avatar
      Bug#43572 Handle failures from hash_init · 336c8106
      V Narayanan authored
            
      Failure to allocate memory for the hash->array element,
      caused hash_init to return without initializing the other
      members of the hash. Thus although the dynamic array
      buffer may be allocated at a later point in the code, the
      incompletely initialized hash caused fatal failures.
      
      This patch moves the initialization of the other members
      of the hash above the array allocation, so that the usage
      of this hash will not result in fatal failures.
      
      include/hash.h:
        Bug#43572 Handle failures from hash_init
        
        hash_inited is used to verify that the hash is
        valid. After the change induced by the current
        patch hash->array.buffer !=0 is not a valid check
        for this condition, since, the dynamic array can
        be allocated even at a later time. Bootstrap SQL
        script is setting some variables, which are
        actually not set due to this hash_inited issue.
        Thus we get empty grant tables.
        
        A better way to check if the hash is valid is
        to verify that hash->blength is greater than 0.
      mysys/hash.c:
        Bug#43572 Handle failures from hash_init
        
        Move the initialization of the other members
        of the hash above the array allocation, so that
        the usage of this hash will not result in fatal
        failures.
      336c8106