1. 18 Jan, 2011 5 commits
    • Anitha Gopi's avatar
    • Alexander Barkov's avatar
      Merging from 5.1. · 36e96e53
      Alexander Barkov authored
      36e96e53
    • Alexander Barkov's avatar
      Bug#44332 my_xml_scan reads behind the end of buffer · 19f4e4d6
      Alexander Barkov authored
      Problem: the scanner function tested for strings "<![CDATA[" and
      "-->" without checking input string boundaries, which led to valgrind's
      "Conditional jump or move depends on uninitialised value(s)" error.
      
      Fix: Adding boundary checking.
      
        @ mysql-test/r/xml.result
        @ mysql-test/t/xml.test
        Adding test
      
        @ strings/xml.c
        Adding a helper function my_xml_parser_prefix_cmp(),
        with input string boundary check.
      19f4e4d6
    • Vinay Fisrekar's avatar
      Merge from mysql-5.1 for · c70b239e
      Vinay Fisrekar authored
      sys_vars.innodb_max_dirty_pages_pct_func fails sporadically
            
      c70b239e
    • Vinay Fisrekar's avatar
      · 5302bb48
      Vinay Fisrekar authored
      BUG#58858 : sys_vars.innodb_max_dirty_pages_pct_func fails sporadically
      
      Committing After latest merge.      
      Modified check_pct procedure to check return value of wait condition instead 
      of calling "dirty_pct".
         
      Adding Review comments:
      1) Added comment for success variable value
      2) Procedure check_pct changed For Adding BOOLEAN input and SELECT QUERY Change
      5302bb48
  2. 17 Jan, 2011 3 commits
    • Luis Soares's avatar
      BUG#42879: CHANGE MASTER RELAY_LOG_FILE=path fails on windows · 720e1212
      Luis Soares authored
      Re-enabling the test case on windows since BUG#12190 has fixed
      the issue.
      720e1212
    • Alexander Barkov's avatar
      Bug#58371 Assertion failed: !s.uses_buffer_owned_by(this) with format string function · 271514a7
      Alexander Barkov authored
      Introduced by the fix for bug#44766.
      
      Problem: it's not correct to use args[0]->str_value as a buffer,
      because args[0] may need this buffer for its own purposes.
      
      Fix: adding a new class member tmp_value to use as return value.
      
        @ mysql-test/r/ctype_many.result
        @ mysql-test/t/ctype_many.test
        Adding tests
      
        @ sql/item_strfunc.cc
        Changing code into traditional style:
        use "str" as a buffer for the argument and tmp_value for the result value.
      
        @ sql/item_strfunc.h
        Adding tmp_value
      271514a7
    • Alexander Barkov's avatar
      Bug#59149 valgrind warnings with "like .. escape .." function · a084545f
      Alexander Barkov authored
            
      Problem: when processing a query like:
        SELECT '' LIKE '1' ESCAPE COUNT(1);
      escape_item->val_str() was never executed and the "escape" class member
      stayed initialized, which led to valgrind uninitialized memory error.
            
      Note, a query with some tables in "FROM" clause
      returns ER_WRONG_ARGUMENTS in the same situation:
      
         SELECT '' LIKE '1' ESCAPE COUNT(1) FROM t1;
         ERROR 1210 (HY000): Incorrect arguments to ESCAPE
      
      Fix: disallowing using aggregate functions in ESCAPE clause,
      even if there are no tables used. There is no much use of that anyway.
      a084545f
  3. 15 Jan, 2011 3 commits
    • Nirbhay Choubey's avatar
      Bug#58221 : mysqladmin --sleep=x --count=x keeps looping · c884d136
      Nirbhay Choubey authored
      When mysqldadmin is run with sleep and count options,
      it goes into an infinite loop and keeps executing the
      specified command.
      
      This happened because the statement, responsible for
      decrementing the count value, was missing.
      
      Fixed by adding a statement which will decrement the
      count value for each iteration.
      
      
      client/mysqladmin.cc:
        Bug#58221 : mysqladmin --sleep=x --count=x keeps looping
        
        Added a condition to check and decrement the count
        value stored in nr_iterations per iteration.
      mysql-test/r/mysqladmin.result:
        Added a testcase for Bug#58221.
      mysql-test/t/mysqladmin.test:
        Added a testcase for Bug#58221.
      c884d136
    • unknown's avatar
      Null merge from 5.0 · d69860ea
      unknown authored
      It is a backported patch.
      d69860ea
    • unknown's avatar
      BUG#49124 Security issue with /*!-versioned */ SQL statements on Slave · 263e63a4
      unknown authored
      Backport to 5.0.
      
      /*![:version:] Query Code */, where [:version:] is a sequence of 5 
      digits representing the mysql server version(e.g /*!50200 ... */),
      is a special comment that the query in it can be executed on those 
      servers whose versions are larger than the version appearing in the 
      comment. It leads to a security issue when slave's version is larger 
      than master's. A malicious user can improve his privileges on slaves. 
      Because slave SQL thread is running with SUPER privileges, so it can
      execute queries that he/she does not have privileges on master.
            
      This bug is fixed with the logic below: 
      - To replace '!' with ' ' in the magic comments which are not applied on
        master. So they become common comments and will not be applied on slave.
            
      - Example:
        'INSERT INTO t1 VALUES (1) /*!10000, (2)*/ /*!99999 ,(3)*/
         will be binlogged as
        'INSERT INTO t1 VALUES (1) /*!10000, (2)*/ /* 99999 ,(3)*/
      263e63a4
  4. 14 Jan, 2011 3 commits
    • Alexey Botchkov's avatar
      Bug#52208 gis fails on some platforms (Solaris, HP-UX, Linux) · 9e8935eb
      Alexey Botchkov authored
              IA64 and some other arcitectures use different float rounding mode and
              i find no decent way to make it consistent.
              So the test changed to be insensitive to this.
      
      per-file messages:
        mysql-test/t/gis.test
      Bug#52208      gis fails on some platforms (Solaris, HP-UX, Linux)
              --replace_result added
      9e8935eb
    • Nirbhay Choubey's avatar
      Bug#13618 : mysqldump --xml omits comment on table field · aeda5996
      Nirbhay Choubey authored
      When mysqldump tries to dump information in xml format,
      the result does not contain field level comments.
      
      In order to retrieve various informations for a field/column,
      mysqldump currently uses 'show fields from <tab>' statement.
      The attributes returned by the statement lacks the information
      regarding field comments.
      
      Fixed by changing the query to one that probes I_S to retrieve
      required field informations, including the field comment.
      
      
      client/mysqldump.c:
        Bug#13618 : mysqldump --xml omits comment on table field.
        
        Replaced the 'show fields' command by a statement that
        queries I_S, in order to retrieve information on all the
        attributes that 'show fields' returns along-with an additional
        column_comment information.
      mysql-test/r/client_xml.result:
        Result modifications for bug#13618.
      mysql-test/r/mysqldump.result:
        Result modifications for bug#13618.
      mysql-test/t/mysqldump.test:
        Added a testcase for bug#13618.
      aeda5996
    • Sven Sandberg's avatar
      BUG#59063: rpl_migration_crash_safe fails on Windows · 8309a50c
      Sven Sandberg authored
      Backported the fix to 5.1.
      Problem: the auxiliary test files rpl_start_server.inc and rpl_stop_server.inc
      write a file that is later read by mtr. The bug was that the file was written
      with platform-dependent newline terminators, i.e., \r\n on windows, whereas mtr
      only understands \n.
      Fix: write the file so that it uses \n on all platforms.
      
      
      mysql-test/include/rpl_start_server.inc:
        Force test to use \n instead of platform-dependent newline terminator.
      mysql-test/include/rpl_stop_server.inc:
        Force test to use \n instead of platform-dependent newline terminator.
      8309a50c
  5. 13 Jan, 2011 5 commits
    • Luis Soares's avatar
      6246d224
    • Nirbhay Choubey's avatar
      Bug#59109 : mysqlslap crashes on mysql_fetch_row after ignoring · a0f62be6
      Nirbhay Choubey authored
                  null from mysql_store_result.
      
      mysqlslap segfaults at a point when it tries to fetch rows from
      the result set.
      
      Under some circumstances, mysql_store_result can return 'NULL',
      even after query execution (mysql_query) succeeds, and eventually
      a segfault might occur if same unchecked return value is passed
      to mysql_fetch_row.
      
      Fixed by adding a check on mysql_store_result's return value.
      
      
      client/mysqlslap.c:
        Bug#59109 : mysqlslap crashes on mysql_fetch_row after ignoring
                    null from mysql_store_result.
        
        Added a check on mysql_store_result's return value. A 'NULL' return
        value here shows an erroneous situation as mysql_field_count has already
        reported a non-zero value.
      a0f62be6
    • Georgi Kodinov's avatar
      bumped up the version to 5.1.56 · eba42c14
      Georgi Kodinov authored
      eba42c14
    • Georgi Kodinov's avatar
      bumped up the version to 5.0.93 · 85943d75
      Georgi Kodinov authored
      85943d75
    • Martin Hansson's avatar
      Bug#58165: "my_empty_string" gets modified and causes LOAD DATA to fail and · 6ed5b556
      Martin Hansson authored
      other crashes
      
      Some string manipulating SQL functions use a shared string object intended to
      contain an immutable empty string. This object was used by the SQL function
      SUBSTRING_INDEX() to return an empty string when one argument was of the wrong
      datatype. If the string object was then modified by the sql function INSERT(),
      undefined behavior ensued.
      
      Fixed by instead modifying the string object representing the function's
      result value whenever string manipulating SQL functions return an empty
      string.
      
      Relevant code has also been documented.
      6ed5b556
  6. 12 Jan, 2011 6 commits
    • Bjorn Munch's avatar
      merge from 5.1-mtr · 7def3081
      Bjorn Munch authored
      7def3081
    • Luis Soares's avatar
      BUG#59177: mysqlbinlog_row_big fails on Windows with out of memory · 86f4bcd4
      Luis Soares authored
            
      The test case fails with out of memory while updating a table
      with several multi-megabytes sized rows. This can probably be too
      exhausting for PB2 env.
            
      The quick fix here is to reduce the size of the biggest
      row (256MB) so that it becomes a little smaller (64MB).
      86f4bcd4
    • Bjorn Munch's avatar
      merge from 5.1 · c144d37f
      Bjorn Munch authored
      c144d37f
    • Dmitry Lenev's avatar
      Fix for bug #58499 "DEFINER-security view selecting from · d4c75324
      Dmitry Lenev authored
      INVOKER-security view access check wrong".
      
      When privilege checks were done for tables used from an 
      INVOKER-security view which in its turn was used from 
      a DEFINER-security view connection's active security
      context was incorrectly used instead of security context
      with privileges of the second view's creator.
      
      This meant that users which had enough rights to access
      the DEFINER-security view and as result were supposed to 
      be able successfully access it were unable to do so in 
      cases when they didn't have privileges on underlying tables 
      of the INVOKER-security view.
      
      This problem was caused by the fact that for INVOKER-security
      views TABLE_LIST::security_ctx member for underlying tables
      were set to 0 even in cases when particular view was used from 
      another DEFINER-security view. This meant that when checks of
      privileges on these underlying tables was done in
      setup_tables_and_check_access() active connection security 
      context was used instead of context corresponding to the 
      creator of caller view.
      
      This fix addresses the problem by ensuring that underlying
      tables of an INVOKER-security view inherit security context
      from the view and thus correct security context is used for
      privilege checks on underlying tables in cases when such view 
      is used from another view with DEFINER-security.
      
      mysql-test/r/view_grant.result:
        Added coverage for various combinations of DEFINER and
        INVOKER-security views, including test for bug #58499
        "DEFINER-security view selecting from INVOKER-security
        view access check wrong".
      mysql-test/t/view_grant.test:
        Added coverage for various combinations of DEFINER and
        INVOKER-security views, including test for bug #58499
        "DEFINER-security view selecting from INVOKER-security
        view access check wrong".
      sql/sql_view.cc:
        When opening a non-suid view ensure that its underlying 
        tables will get the same security context as use for
        checking privileges on the view, i.e. security context
        of view invoker. This context can be different from the
        security context which is currently active for connection 
        in cases when this non-suid view is used from a view with
        suid security. Inheriting security context in such situation
        allows correctly apply privileges of creator of suid view
        in checks for tables of non-suid view (since in this 
        situation creator/definer of suid view serves as invoker
        for non-suid view).
      d4c75324
    • Alexey Botchkov's avatar
      Bug #57321 crashes and valgrind errors from spatial types · 8b5db960
      Alexey Botchkov authored
              Item_func_spatial_collection::fix_length_and_dec didn't call parent's method, so
              the maybe_null was set to '0' after it. But in this case the result was
              just NULL, that caused wrong behaviour.
      
      per-file comments:
        mysql-test/r/gis.result
      Bug #57321 crashes and valgrind errors from spatial types 
              test result updated.
      
        mysql-test/t/gis.test
      Bug #57321 crashes and valgrind errors from spatial types 
              test case added.
        sql/item_geofunc.h
      Bug #57321 crashes and valgrind errors from spatial types 
              Item_func_geometry::fix_length_and_dec() called in
              Item_func_spatial_collection::fix_length_and_dec().
      8b5db960
    • Martin Hansson's avatar
      Bug#58207: invalid memory reads when using default column value and · 73d88e80
      Martin Hansson authored
      tmptable needed
      
      The function DEFAULT() works by modifying the the data buffer pointers (often
      referred to as 'record' or 'table record') of its argument. This modification
      is done during name resolution (fix_fields().) Unfortunately, the same
      modification is done when creating a temporary table, because default values
      need to propagate to the new table.
      
      Fixed by skipping the pointer modification for fields that are arguments to
      the DEFAULT function.
      73d88e80
  7. 11 Jan, 2011 7 commits
  8. 10 Jan, 2011 3 commits
  9. 08 Jan, 2011 2 commits
  10. 07 Jan, 2011 3 commits
    • Davi Arnaut's avatar
      Bug#51023: Mysql server crashes on SIGHUP and destroys InnoDB files · 960d355b
      Davi Arnaut authored
      WIN32 compilation fixes: define ETIMEDOUT only if not available and
      fix typos and add a missing parameter.
      960d355b
    • Davi Arnaut's avatar
      Bug#51023: Mysql server crashes on SIGHUP and destroys InnoDB files · 82dade88
      Davi Arnaut authored
      From a user perspective, the problem is that a FLUSH LOGS or SIGHUP
      signal could end up associating the stdout and stderr to random
      files. In the case of this bug report, the streams would end up
      associated to InnoDB ibd files.
      
      The freopen(3) function is not thread-safe on FreeBSD. What this
      means is that if another thread calls open(2) during freopen()
      is executing that another thread's fd returned by open(2) may get
      re-associated with the file being passed to freopen(3). See FreeBSD
      PR number 79887 for reference:
      
        http://www.freebsd.org/cgi/query-pr.cgi?pr=79887
      
      This problem is worked around by substituting a internal hook within
      the FILE structure. This avoids the loss of atomicity by not having
      the original fd closed before its duplicated.
      
      Patch based on the original work by Vasil Dimov.
      
      include/my_sys.h:
        Export my_freopen.
      mysys/my_fopen.c:
        Add a my_freopen abstraction to workaround bugs in specific OSes.
        Add a prototype for getosreldate() as older FreeBSD versions did
        not define one.
      sql/log.cc:
        Move freopen abstraction code over to mysys.
        The streams are now only reopened for writing.
      82dade88
    • Vasil Dimov's avatar
      Followup to vasil.dimov@oracle.com-20110107091222-q23qpb5skev0j9gc · 8004a22a
      Vasil Dimov authored
      Do not use nested AC_CHECK_FUNC() because they result in:
      
      ./configure: line 52688: syntax error: unexpected end of file
      
      (which happens only on some platforms and does not happen on others,
      I have no idea what is the reason for this)
      8004a22a