1. 27 Nov, 2007 1 commit
    • unknown's avatar
      Bug#32707: misdimensioned buffer in protocol layer · cace6c96
      unknown authored
      Miscalculation in protocol-layer: size buffer correctly so
      even really long error messages cannot overflow our buffer.
      
      
      sql/protocol.cc:
        size buffer correctly so really long error messages cannot overflow it.
      cace6c96
  2. 24 Nov, 2007 1 commit
  3. 20 Nov, 2007 1 commit
  4. 19 Nov, 2007 1 commit
    • unknown's avatar
      Bug #30284 spatial key corruption. · a8020b36
      unknown authored
      SPATIAL key is fine actually, but the chk_key() function
      mistakenly returns error. It tries to compare checksums
      of btree and SPATIAL keys while the checksum for the SPATIAL isn't
      calculated (always 0). Same thing with FULLTEXT keys is handled
      using full_text_keys counter, so fixed by counting both
      SPATIAL and FULLTEXT keys in that counter.
      
      
      myisam/mi_check.c:
        Bug #30284 spatial key corruption
        
        full_text_keys counts both FULL_TEXT and SPATIAL keys
      mysql-test/r/gis.result:
        Bug #30284 spatial key corruption
        
        test result
      mysql-test/t/gis.test:
        Bug #30284 spatial key corruption.
        
        test case
      a8020b36
  5. 17 Nov, 2007 1 commit
  6. 14 Nov, 2007 1 commit
  7. 13 Nov, 2007 2 commits
    • unknown's avatar
      Merge bk@192.168.21.1:mysql-4.1-opt · 38d1b2f5
      unknown authored
      into  mysql.com:/home/hf/work/31305/my41-31305
      
      38d1b2f5
    • unknown's avatar
      Bug #31158 Spatial, Union, LONGBLOB vs BLOB bug (crops data) · fcfd51f6
      unknown authored
      max_length parameter for BLOB-returning functions must be big enough
      for any possible content. Otherwise the field created for a table
      will be too small.
      
      
      mysql-test/r/gis.result:
        Bug #31158  Spatial, Union, LONGBLOB vs BLOB bug (crops data)
        
        test result
      mysql-test/t/gis.test:
        Bug #31158  Spatial, Union, LONGBLOB vs BLOB bug (crops data)
        
        test case
      sql/field.cc:
        Bug #31158  Spatial, Union, LONGBLOB vs BLOB bug (crops data)
        
        max_field_size used instead of numeric value
      sql/field.h:
        Bug #31158  Spatial, Union, LONGBLOB vs BLOB bug (crops data)
        
        max_field_size constant defined
      sql/item_geofunc.cc:
        Bug #31158  Spatial, Union, LONGBLOB vs BLOB bug (crops data)
        
        max_length parameter fixed
      fcfd51f6
  8. 12 Nov, 2007 4 commits
    • unknown's avatar
      symlink.test, symlink.result: · eb3c917d
      unknown authored
        Use proper variable for test.
      
      
      mysql-test/t/symlink.test:
        Use proper variable for test.
      mysql-test/r/symlink.result:
        Use proper variable for test.
      eb3c917d
    • unknown's avatar
      After merge fix. · e8e897bc
      unknown authored
      e8e897bc
    • unknown's avatar
      Merge mysql.com:/home/svoj/devel/mysql/BUG32111/mysql-4.0 · 0f7e921a
      unknown authored
      into  mysql.com:/home/svoj/devel/mysql/BUG32111/mysql-4.1-engines
      
      
      mysys/my_symlink2.c:
        Auto merged
      mysql-test/r/symlink.result:
        SCCS merged
      mysql-test/t/symlink.test:
        SCCS merged
      0f7e921a
    • unknown's avatar
      Bug #31305 myisam tables crash when they are near capacity. · 23efd897
      unknown authored
      When we insert a record into MYISAM table which is almost 'full',
      we first write record data in the free space inside a file, and then
      check if we have enough space after the end of the file.
      So if we don't have the space, table will left corrupted.
      Similar error also happens when we updata MYISAM tables.
      
      Fixed by modifying write_dynamic_record and update_dynamic_record functions
      to check for free space before writing parts of a record
      
      
      BitKeeper/etc/ignore:
        Added libmysql_r/client_settings.h libmysqld/ha_blackhole.cc to the ignore list
      myisam/mi_dynrec.c:
        Bug #31305 myisam tables crash when they are near capacity.
        
        now we check space left in table in write_dynamic_record
        and update_dynamic_record functions.
        If we don't have enough room for the new (updated) record, return with the
        error.
      mysql-test/r/almost_full.result:
        New BitKeeper file ``mysql-test/r/almost_full.result''
      mysql-test/t/almost_full.test:
        New BitKeeper file ``mysql-test/t/almost_full.test''
      23efd897
  9. 10 Nov, 2007 1 commit
    • unknown's avatar
      Bug #32063 "create table like" works case-significant only in "embedded" server (libmysqld) · bc05b8c1
      unknown authored
      in mysql_creata_like_table() we 'downcase' the complete path to the
      .frm file. It works fine in standalone case as there usually
      we only have './' as a path to the datahome, but doesn't work in
      the embedded server where we add the real path there, so if a
      directory has uppercase letters in it's name, it won't be found.
      
      Fixed by 'downcasing' only database/table pair.
      
      
      sql/sql_table.cc:
        Bug #32063 "create table like" works case-significant only in "embedded" server (libmysqld)
        
        do not lowercase the database directory
      bc05b8c1
  10. 08 Nov, 2007 1 commit
  11. 07 Nov, 2007 1 commit
    • unknown's avatar
      Fix for bug #32103: optimizer crash when join on int and mediumint with · 70cbef8e
      unknown authored
      variable in where clause.
      
      Problem: the new_item() method of Item_uint used an incorrect
      constructor. "new Item_uint(name, max_length)" calls
      Item_uint::Item_uint(const char *str_arg, uint length) which assumes the
      first argument to be the string representation of the value, not the
      item's name. This could result in either a server crash or incorrect
      results depending on usage scenarios.
      
      Fixed by using the correct constructor in new_item():
      Item_uint::Item_uint(const char *str_arg, longlong i, uint length).
      
      
      mysql-test/r/select.result:
        Added a test case for bug #32103.
      mysql-test/t/select.test:
        Added a test case for bug #32103.
      sql/item.h:
        Use the correct constructor for Item_uint in Item_uint::new_item().
      70cbef8e
  12. 06 Nov, 2007 1 commit
    • unknown's avatar
      BUG#32111 - Security Breach via DATA/INDEX DIRECORY and RENAME TABLE · a837ff41
      unknown authored
      RENAME TABLE against a table with DATA/INDEX DIRECTORY overwrites
      the file to which the symlink points.
      
      This is security issue, because it is possible to create a table with
      some name in some non-system database and set DATA/INDEX DIRECTORY
      to mysql system database. Renaming this table to one of mysql system
      tables (e.g. user, host) would overwrite the system table.
      
      Return an error when the file to which the symlink points exist.
      
      
      mysql-test/r/symlink.result:
        A test case for BUG#32111.
      mysql-test/t/symlink.test:
        A test case for BUG#32111.
      mysys/my_symlink2.c:
        Return an error when the file to which the symlink points exist.
      a837ff41
  13. 02 Nov, 2007 3 commits
  14. 30 Oct, 2007 3 commits
    • unknown's avatar
      Merge stella.local:/home2/mydev/mysql-4.1-amain · c0c20d48
      unknown authored
      into  stella.local:/home2/mydev/mysql-4.1-axmrg
      
      c0c20d48
    • unknown's avatar
      BUG#11392 - fulltext search bug · 1b1d467b
      unknown authored
      Fulltext boolean mode phrase search may crash server on platforms
      where size of pointer is not equal to size of unsigned integer
      (in other words some 64-bit platforms).
      
      The problem was integer overflow.
      
      Affects 4.1 only.
      
      
      myisam/ft_boolean_search.c:
        my_match_t::beg is unsigned int, that means type of expression
        (m[0].beg - 1) has unsigned type too. It may happen that instr()
        finds substring in the beggining of passed string, returning
        m[0].beg equal to 0. In this case value of expression (m[0].beg - 1)
        is equal to MAX_UINT.
        
        This is not a problem on platforms where sizeof(pointer) equals to
        sizeof(uint). That means ptr[(uint)-1] = ptr[(uint)MAX_UINT] = ptr - 1.
        
        On some 64-bit platforms where sizeof(pointer) is 8 and sizeof(uint)
        is 4, wrong address gets accessed. In other words ptr[(uint)-1] is
        equal to ptr + MAX_UINT.
      mysql-test/r/fulltext.result:
        A test case for BUG#11392.
      mysql-test/t/fulltext.test:
        A test case for BUG#11392.
      1b1d467b
    • unknown's avatar
      Bug #31758 inet_ntoa, oct crashes server with null+filesort · 899d0cff
      unknown authored
      Item_func_inet_ntoa and Item_func_conv inherit 'maybe_null' flag from an
      argument, which is wrong.
      Both can be NULL with notnull arguments, so that's fixed.
      
      
      mysql-test/r/func_str.result:
        Bug #31758 inet_ntoa, oct crashes server with null+filesort
        
        test case
      mysql-test/t/func_str.test:
        Bug #31758 inet_ntoa, oct crashes server with null+filesort
        
        test result
      sql/item_strfunc.h:
        Bug #31758 inet_ntoa, oct crashes server with null+filesort
        
        missing maybe_null flags set for Item_func_inet_ntoa and Item_func_conv
      899d0cff
  15. 29 Oct, 2007 1 commit
  16. 25 Oct, 2007 1 commit
    • unknown's avatar
      add new trigger to prevent certain naming clashes · 542afc17
      unknown authored
      
      BitKeeper/triggers/pre-commit.check-case.pl:
        catch duplicate file names, ignoring capitalisation, mostly to avoid changesets where a deleted file foobar and a deleted file FooBar break a tree on case insensitive file systems
      542afc17
  17. 24 Oct, 2007 2 commits
    • unknown's avatar
      Merge svojtovich@bk-internal.mysql.com:/home/bk/mysql-4.1-engines · de14c6ac
      unknown authored
      into  mysql.com:/home/svoj/devel/mysql/BUG31159/mysql-4.1-engines
      
      de14c6ac
    • unknown's avatar
      BUG#31159 - fulltext search on ucs2 column crashes server · 353ecd9a
      unknown authored
      ucs2 doesn't provide required by fulltext ctype array. Crash
      happens because fulltext attempts to use unitialized ctype
      array.
      
      Fixed by converting ucs2 fields to compatible utf8 analogue.
      
      
      include/my_sys.h:
        Added a function to find compatible character set with ctype array
        available. Currently used by fulltext search to find compatible
        substitute for ucs2 collations.
      mysql-test/r/ctype_ucs.result:
        A test case for BUG#31159.
      mysql-test/t/ctype_ucs.test:
        A test case for BUG#31159.
      mysys/charset.c:
        Added a function to find compatible character set with ctype array
        available. Currently used by fulltext search to find compatible
        substitute for ucs2 collations.
      sql/item_func.cc:
        Convert ucs2 fields to utf8. Fulltext requires ctype array, but
        ucs2 doesn't provide it.
      353ecd9a
  18. 23 Oct, 2007 1 commit
  19. 19 Oct, 2007 1 commit
  20. 18 Oct, 2007 2 commits
    • unknown's avatar
      Merge tnurnberg@bk-internal.mysql.com:/home/bk/mysql-4.1-opt · d6c17d01
      unknown authored
      into  sin.intern.azundris.com:/misc/mysql/31588/41-31588
      
      d6c17d01
    • unknown's avatar
      Bug#31588: buffer overrun when setting variables · 52162bd3
      unknown authored
      Buffer used when setting variables was not dimensioned to accomodate
      trailing '\0'. An overflow by one character was therefore possible.
      CS corrects limits to prevent such overflows.
      
      
      mysql-test/r/variables.result:
        Try to overflow buffer used for setting system variables.
        Unpatched server should throw a valgrind warning here.
        Actual value and error message irrelevant, only length counts.
      mysql-test/t/variables.test:
        Try to overflow buffer used for setting system variables.
      sql/set_var.cc:
        Adjust maximum number of characters we can store in 'buff' by one
        as strmake() will write a terminating '\0'.
      52162bd3
  21. 17 Oct, 2007 1 commit
  22. 16 Oct, 2007 1 commit
  23. 11 Oct, 2007 1 commit
    • unknown's avatar
      Fix for bug #31174: "Repair" command on MyISAM crashes with small · 0aba4cc9
      unknown authored
      myisam_sort_buffer_size.
      
      An incorrect length of the sort buffer was used when calculating the
      maximum number of keys. When myisam_sort_buffer_size is small enough,
      this could result in the number of keys < number of
      BUFFPEK structures which in turn led to use of uninitialized BUFFPEKs.
      
      Fixed by correcting the buffer length calculation.
      
      
      myisam/sort.c:
        Use a correct buffer length when calculating the maximum number of keys.
        Assert that for each BUFFPEK structure there is at least one
        corresponding key. Otherwise we would fail earlier and not reach
        merge_buffers().
      mysql-test/r/repair.result:
        Added a test case for bug #31174.
      mysql-test/t/repair.test:
        Added a test case for bug #31174.
      0aba4cc9
  24. 10 Oct, 2007 2 commits
  25. 05 Oct, 2007 3 commits
    • unknown's avatar
      Merge mysql.com:/home/hf/work/30955/my41-30955 · b340abe7
      unknown authored
      into  mysql.com:/home/hf/work/30286/my41-30286
      
      b340abe7
    • unknown's avatar
      Merge bk@192.168.21.1:mysql-4.1-opt · ec48fce4
      unknown authored
      into  mysql.com:/home/hf/work/30286/my41-30286
      
      ec48fce4
    • unknown's avatar
      Bug #30286 spatial index cause corruption and server crash! · ffdd1f61
      unknown authored
      As the result of DOUBLE claculations can be bigger
      than DBL_MAX constant we use in code, we shouldn't use this constatn
      as a biggest possible value.
      Particularly the rtree_pick_key function set 'min_area= DBL_MAX' relying
      that any rtree_area_increase result will be less so we return valid
      key. Though in rtree_area_increase function we calculate the area
      of the rectangle, so the result can be 'inf' if the rectangle is
      huge enough, which is bigger than DBL_MAX.
      
      Code of the rtree_pick_key modified so we always return a valid key.
      
      
      myisam/rt_index.c:
        Bug #30286 spatial index cause corruption and server crash!
        
        always set the best_key with the first key we get, so we always return
        somthing valid.
      myisam/rt_mbr.c:
        Bug #30286 spatial index cause corruption and server crash!
        
        function comment extended
      mysql-test/r/gis-rtree.result:
        Bug #30286 spatial index cause corruption and server crash!
        test result
      mysql-test/t/gis-rtree.test:
        Bug #30286 spatial index cause corruption and server crash!
        test case
      ffdd1f61
  26. 04 Oct, 2007 2 commits
    • unknown's avatar
      Merge tnurnberg@bk-internal.mysql.com:/home/bk/mysql-4.1-maint · 186c5bee
      unknown authored
      into  sin.intern.azundris.com:/home/tnurnberg/30444/41-30444
      
      186c5bee
    • unknown's avatar
      Backport of the 5.0 patch to 4.1 · ed345e5d
      unknown authored
      Bug#28878: InnoDB tables with UTF8 character set and indexes cause  wrong result for DML
      When making key reference buffers over CHAR fields whitespace (0x20) must be used to fill in the remaining space in the field's buffer. This is what Field_string::store() does. Fixed Field_string::get_key_image() to do the same.
      
      
      mysql-test/r/innodb_mysql.result:
        Bug#28878: test case
      mysql-test/t/innodb_mysql.test:
        Bug#28878: test case
      sql/field.cc:
        Bug#28878: Fill with space instead of binary zeros.
      ed345e5d