Commit 7005a330 authored by Marko Mäkelä's avatar Marko Mäkelä

Merge mysql-5.1-security to mysql-5.5-security.

parents 38bac6af 01587f5f
/***************************************************************************** /*****************************************************************************
Copyright (c) 1996, 2010, Innobase Oy. All Rights Reserved. Copyright (c) 1996, 2011, Oracle and/or its affiliates. All Rights Reserved.
This program is free software; you can redistribute it and/or modify it under This program is free software; you can redistribute it and/or modify it under
the terms of the GNU General Public License as published by the Free Software the terms of the GNU General Public License as published by the Free Software
...@@ -356,33 +356,6 @@ btr_pcur_restore_position_func( ...@@ -356,33 +356,6 @@ btr_pcur_restore_position_func(
return(FALSE); return(FALSE);
} }
/**************************************************************//**
If the latch mode of the cursor is BTR_LEAF_SEARCH or BTR_LEAF_MODIFY,
releases the page latch and bufferfix reserved by the cursor.
NOTE! In the case of BTR_LEAF_MODIFY, there should not exist changes
made by the current mini-transaction to the data protected by the
cursor latch, as then the latch must not be released until mtr_commit. */
UNIV_INTERN
void
btr_pcur_release_leaf(
/*==================*/
btr_pcur_t* cursor, /*!< in: persistent cursor */
mtr_t* mtr) /*!< in: mtr */
{
buf_block_t* block;
ut_a(cursor->pos_state == BTR_PCUR_IS_POSITIONED);
ut_ad(cursor->latch_mode != BTR_NO_LATCHES);
block = btr_pcur_get_block(cursor);
btr_leaf_page_release(block, cursor->latch_mode, mtr);
cursor->latch_mode = BTR_NO_LATCHES;
cursor->pos_state = BTR_PCUR_WAS_POSITIONED;
}
/*********************************************************//** /*********************************************************//**
Moves the persistent cursor to the first record on the next page. Releases the Moves the persistent cursor to the first record on the next page. Releases the
latch on the current page, and bufferunfixes it. Note that there must not be latch on the current page, and bufferunfixes it. Note that there must not be
......
/***************************************************************************** /*****************************************************************************
Copyright (c) 2000, 2011, MySQL AB & Innobase Oy. All Rights Reserved. Copyright (c) 2000, 2011, Oracle and/or its affiliates. All Rights Reserved.
Copyright (c) 2008, 2009 Google Inc. Copyright (c) 2008, 2009 Google Inc.
Copyright (c) 2009, Percona Inc. Copyright (c) 2009, Percona Inc.
...@@ -4037,25 +4037,6 @@ field_in_record_is_null( ...@@ -4037,25 +4037,6 @@ field_in_record_is_null(
return(0); return(0);
} }
/**************************************************************//**
Sets a field in a record to SQL NULL. Uses the record format
information in table to track the null bit in record. */
static inline
void
set_field_in_record_to_null(
/*========================*/
TABLE* table, /*!< in: MySQL table object */
Field* field, /*!< in: MySQL field object */
char* record) /*!< in: a row in MySQL format */
{
int null_offset;
null_offset = (uint) ((char*) field->null_ptr
- (char*) table->record[0]);
record[null_offset] = record[null_offset] | field->null_bit;
}
/*************************************************************//** /*************************************************************//**
InnoDB uses this function to compare two data fields for which the data type InnoDB uses this function to compare two data fields for which the data type
is such that we must use MySQL code to compare them. NOTE that the prototype is such that we must use MySQL code to compare them. NOTE that the prototype
......
/***************************************************************************** /*****************************************************************************
Copyright (c) 1996, 2010, Innobase Oy. All Rights Reserved. Copyright (c) 1996, 2011, Oracle and/or its affiliates. All Rights Reserved.
This program is free software; you can redistribute it and/or modify it under This program is free software; you can redistribute it and/or modify it under
the terms of the GNU General Public License as published by the Free Software the terms of the GNU General Public License as published by the Free Software
...@@ -244,18 +244,6 @@ btr_pcur_restore_position_func( ...@@ -244,18 +244,6 @@ btr_pcur_restore_position_func(
mtr_t* mtr); /*!< in: mtr */ mtr_t* mtr); /*!< in: mtr */
#define btr_pcur_restore_position(l,cur,mtr) \ #define btr_pcur_restore_position(l,cur,mtr) \
btr_pcur_restore_position_func(l,cur,__FILE__,__LINE__,mtr) btr_pcur_restore_position_func(l,cur,__FILE__,__LINE__,mtr)
/**************************************************************//**
If the latch mode of the cursor is BTR_LEAF_SEARCH or BTR_LEAF_MODIFY,
releases the page latch and bufferfix reserved by the cursor.
NOTE! In the case of BTR_LEAF_MODIFY, there should not exist changes
made by the current mini-transaction to the data protected by the
cursor latch, as then the latch must not be released until mtr_commit. */
UNIV_INTERN
void
btr_pcur_release_leaf(
/*==================*/
btr_pcur_t* cursor, /*!< in: persistent cursor */
mtr_t* mtr); /*!< in: mtr */
/*********************************************************//** /*********************************************************//**
Gets the rel_pos field for a cursor whose position has been stored. Gets the rel_pos field for a cursor whose position has been stored.
@return BTR_PCUR_ON, ... */ @return BTR_PCUR_ON, ... */
...@@ -266,10 +254,9 @@ btr_pcur_get_rel_pos( ...@@ -266,10 +254,9 @@ btr_pcur_get_rel_pos(
const btr_pcur_t* cursor);/*!< in: persistent cursor */ const btr_pcur_t* cursor);/*!< in: persistent cursor */
/**************************************************************//** /**************************************************************//**
Commits the mtr and sets the pcur latch mode to BTR_NO_LATCHES, Commits the mtr and sets the pcur latch mode to BTR_NO_LATCHES,
that is, the cursor becomes detached. If there have been modifications that is, the cursor becomes detached.
to the page where pcur is positioned, this can be used instead of Function btr_pcur_store_position should be used before calling this,
btr_pcur_release_leaf. Function btr_pcur_store_position should be used if restoration of cursor is wanted later. */
before calling this, if restoration of cursor is wanted later. */
UNIV_INLINE UNIV_INLINE
void void
btr_pcur_commit_specify_mtr( btr_pcur_commit_specify_mtr(
......
/***************************************************************************** /*****************************************************************************
Copyright (c) 1996, 2010, Innobase Oy. All Rights Reserved. Copyright (c) 1996, 2011, Oracle and/or its affiliates. All Rights Reserved.
This program is free software; you can redistribute it and/or modify it under This program is free software; you can redistribute it and/or modify it under
the terms of the GNU General Public License as published by the Free Software the terms of the GNU General Public License as published by the Free Software
...@@ -369,10 +369,9 @@ btr_pcur_move_to_next( ...@@ -369,10 +369,9 @@ btr_pcur_move_to_next(
/**************************************************************//** /**************************************************************//**
Commits the mtr and sets the pcur latch mode to BTR_NO_LATCHES, Commits the mtr and sets the pcur latch mode to BTR_NO_LATCHES,
that is, the cursor becomes detached. If there have been modifications that is, the cursor becomes detached.
to the page where pcur is positioned, this can be used instead of Function btr_pcur_store_position should be used before calling this,
btr_pcur_release_leaf. Function btr_pcur_store_position should be used if restoration of cursor is wanted later. */
before calling this, if restoration of cursor is wanted later. */
UNIV_INLINE UNIV_INLINE
void void
btr_pcur_commit_specify_mtr( btr_pcur_commit_specify_mtr(
......
/***************************************************************************** /*****************************************************************************
Copyright (c) 1995, 2009, Innobase Oy. All Rights Reserved. Copyright (c) 1995, 2011, Oracle and/or its affiliates. All Rights Reserved.
This program is free software; you can redistribute it and/or modify it under This program is free software; you can redistribute it and/or modify it under
the terms of the GNU General Public License as published by the Free Software the terms of the GNU General Public License as published by the Free Software
...@@ -213,16 +213,6 @@ ulint ...@@ -213,16 +213,6 @@ ulint
mtr_set_savepoint( mtr_set_savepoint(
/*==============*/ /*==============*/
mtr_t* mtr); /*!< in: mtr */ mtr_t* mtr); /*!< in: mtr */
/**********************************************************//**
Releases the latches stored in an mtr memo down to a savepoint.
NOTE! The mtr must not have made changes to buffer pages after the
savepoint, as these can be handled only by mtr_commit. */
UNIV_INTERN
void
mtr_rollback_to_savepoint(
/*======================*/
mtr_t* mtr, /*!< in: mtr */
ulint savepoint); /*!< in: savepoint */
#ifndef UNIV_HOTBACKUP #ifndef UNIV_HOTBACKUP
/**********************************************************//** /**********************************************************//**
Releases the (index tree) s-latch stored in an mtr memo after a Releases the (index tree) s-latch stored in an mtr memo after a
......
/***************************************************************************** /*****************************************************************************
Copyright (c) 1994, 2009, Innobase Oy. All Rights Reserved. Copyright (c) 1994, 2011, Oracle and/or its affiliates. All Rights Reserved.
This program is free software; you can redistribute it and/or modify it under This program is free software; you can redistribute it and/or modify it under
the terms of the GNU General Public License as published by the Free Software the terms of the GNU General Public License as published by the Free Software
...@@ -209,43 +209,6 @@ ut_strlcpy_rev( ...@@ -209,43 +209,6 @@ ut_strlcpy_rev(
const char* src, /*!< in: source buffer */ const char* src, /*!< in: source buffer */
ulint size); /*!< in: size of destination buffer */ ulint size); /*!< in: size of destination buffer */
/**********************************************************************//**
Compute strlen(ut_strcpyq(str, q)).
@return length of the string when quoted */
UNIV_INLINE
ulint
ut_strlenq(
/*=======*/
const char* str, /*!< in: null-terminated string */
char q); /*!< in: the quote character */
/**********************************************************************//**
Make a quoted copy of a NUL-terminated string. Leading and trailing
quotes will not be included; only embedded quotes will be escaped.
See also ut_strlenq() and ut_memcpyq().
@return pointer to end of dest */
UNIV_INTERN
char*
ut_strcpyq(
/*=======*/
char* dest, /*!< in: output buffer */
char q, /*!< in: the quote character */
const char* src); /*!< in: null-terminated string */
/**********************************************************************//**
Make a quoted copy of a fixed-length string. Leading and trailing
quotes will not be included; only embedded quotes will be escaped.
See also ut_strlenq() and ut_strcpyq().
@return pointer to end of dest */
UNIV_INTERN
char*
ut_memcpyq(
/*=======*/
char* dest, /*!< in: output buffer */
char q, /*!< in: the quote character */
const char* src, /*!< in: string to be quoted */
ulint len); /*!< in: length of src */
/**********************************************************************//** /**********************************************************************//**
Return the number of times s2 occurs in s1. Overlapping instances of s2 Return the number of times s2 occurs in s1. Overlapping instances of s2
are only counted once. are only counted once.
......
/***************************************************************************** /*****************************************************************************
Copyright (c) 1994, 2009, Innobase Oy. All Rights Reserved. Copyright (c) 1994, 2011, Oracle and/or its affiliates. All Rights Reserved.
This program is free software; you can redistribute it and/or modify it under This program is free software; you can redistribute it and/or modify it under
the terms of the GNU General Public License as published by the Free Software the terms of the GNU General Public License as published by the Free Software
...@@ -98,27 +98,6 @@ ut_strcmp(const char* str1, const char* str2) ...@@ -98,27 +98,6 @@ ut_strcmp(const char* str1, const char* str2)
return(strcmp(str1, str2)); return(strcmp(str1, str2));
} }
/**********************************************************************//**
Compute strlen(ut_strcpyq(str, q)).
@return length of the string when quoted */
UNIV_INLINE
ulint
ut_strlenq(
/*=======*/
const char* str, /*!< in: null-terminated string */
char q) /*!< in: the quote character */
{
ulint len;
for (len = 0; *str; len++, str++) {
if (*str == q) {
len++;
}
}
return(len);
}
/**********************************************************************//** /**********************************************************************//**
Converts a raw binary data to a NUL-terminated hex string. The output is Converts a raw binary data to a NUL-terminated hex string. The output is
truncated if there is not enough space in "hex", make sure "hex_size" is at truncated if there is not enough space in "hex", make sure "hex_size" is at
......
/***************************************************************************** /*****************************************************************************
Copyright (c) 1995, 2009, Innobase Oy. All Rights Reserved. Copyright (c) 1995, 2011, Oracle and/or its affiliates. All Rights Reserved.
This program is free software; you can redistribute it and/or modify it under This program is free software; you can redistribute it and/or modify it under
the terms of the GNU General Public License as published by the Free Software the terms of the GNU General Public License as published by the Free Software
...@@ -282,44 +282,6 @@ mtr_commit( ...@@ -282,44 +282,6 @@ mtr_commit(
} }
#ifndef UNIV_HOTBACKUP #ifndef UNIV_HOTBACKUP
/**********************************************************//**
Releases the latches stored in an mtr memo down to a savepoint.
NOTE! The mtr must not have made changes to buffer pages after the
savepoint, as these can be handled only by mtr_commit. */
UNIV_INTERN
void
mtr_rollback_to_savepoint(
/*======================*/
mtr_t* mtr, /*!< in: mtr */
ulint savepoint) /*!< in: savepoint */
{
mtr_memo_slot_t* slot;
dyn_array_t* memo;
ulint offset;
ut_ad(mtr);
ut_ad(mtr->magic_n == MTR_MAGIC_N);
ut_ad(mtr->state == MTR_ACTIVE);
memo = &(mtr->memo);
offset = dyn_array_get_data_size(memo);
ut_ad(offset >= savepoint);
while (offset > savepoint) {
offset -= sizeof(mtr_memo_slot_t);
slot = dyn_array_get_element(memo, offset);
ut_ad(slot->type != MTR_MEMO_MODIFY);
/* We do not call mtr_memo_slot_note_modification()
because there MUST be no changes made to the buffer
pages after the savepoint */
mtr_memo_slot_release(mtr, slot);
}
}
/***************************************************//** /***************************************************//**
Releases an object in the memo stack. */ Releases an object in the memo stack. */
UNIV_INTERN UNIV_INTERN
......
...@@ -2541,6 +2541,8 @@ row_sel_field_store_in_mysql_format( ...@@ -2541,6 +2541,8 @@ row_sel_field_store_in_mysql_format(
ut_ad(len != UNIV_SQL_NULL); ut_ad(len != UNIV_SQL_NULL);
UNIV_MEM_ASSERT_RW(data, len); UNIV_MEM_ASSERT_RW(data, len);
UNIV_MEM_ASSERT_W(dest, templ->mysql_col_len);
UNIV_MEM_INVALID(dest, templ->mysql_col_len);
switch (templ->type) { switch (templ->type) {
const byte* field_end; const byte* field_end;
...@@ -2579,14 +2581,16 @@ row_sel_field_store_in_mysql_format( ...@@ -2579,14 +2581,16 @@ row_sel_field_store_in_mysql_format(
dest = row_mysql_store_true_var_len( dest = row_mysql_store_true_var_len(
dest, len, templ->mysql_length_bytes); dest, len, templ->mysql_length_bytes);
/* Copy the actual data. Leave the rest of the
buffer uninitialized. */
memcpy(dest, data, len);
break;
} }
/* Copy the actual data */ /* Copy the actual data */
ut_memcpy(dest, data, len); ut_memcpy(dest, data, len);
/* Pad with trailing spaces. We pad with spaces also the /* Pad with trailing spaces. */
unused end of a >= 5.0.3 true VARCHAR column, just in case
MySQL expects its contents to be deterministic. */
pad = dest + len; pad = dest + len;
...@@ -3112,6 +3116,39 @@ sel_restore_position_for_mysql( ...@@ -3112,6 +3116,39 @@ sel_restore_position_for_mysql(
return(TRUE); return(TRUE);
} }
/********************************************************************//**
Copies a cached field for MySQL from the fetch cache. */
static
void
row_sel_copy_cached_field_for_mysql(
/*================================*/
byte* buf, /*!< in/out: row buffer */
const byte* cache, /*!< in: cached row */
const mysql_row_templ_t*templ) /*!< in: column template */
{
ulint len;
buf += templ->mysql_col_offset;
cache += templ->mysql_col_offset;
UNIV_MEM_ASSERT_W(buf, templ->mysql_col_len);
if (templ->mysql_type == DATA_MYSQL_TRUE_VARCHAR
&& templ->type != DATA_INT) {
/* Check for != DATA_INT to make sure we do
not treat MySQL ENUM or SET as a true VARCHAR!
Find the actual length of the true VARCHAR field. */
row_mysql_read_true_varchar(
&len, cache, templ->mysql_length_bytes);
len += templ->mysql_length_bytes;
UNIV_MEM_INVALID(buf, templ->mysql_col_len);
} else {
len = templ->mysql_col_len;
}
ut_memcpy(buf, cache, len);
}
/********************************************************************//** /********************************************************************//**
Pops a cached row for MySQL from the fetch cache. */ Pops a cached row for MySQL from the fetch cache. */
UNIV_INLINE UNIV_INLINE
...@@ -3124,26 +3161,22 @@ row_sel_pop_cached_row_for_mysql( ...@@ -3124,26 +3161,22 @@ row_sel_pop_cached_row_for_mysql(
{ {
ulint i; ulint i;
const mysql_row_templ_t*templ; const mysql_row_templ_t*templ;
byte* cached_rec; const byte* cached_rec;
ut_ad(prebuilt->n_fetch_cached > 0); ut_ad(prebuilt->n_fetch_cached > 0);
ut_ad(prebuilt->mysql_prefix_len <= prebuilt->mysql_row_len); ut_ad(prebuilt->mysql_prefix_len <= prebuilt->mysql_row_len);
UNIV_MEM_ASSERT_W(buf, prebuilt->mysql_row_len);
cached_rec = prebuilt->fetch_cache[prebuilt->fetch_cache_first];
if (UNIV_UNLIKELY(prebuilt->keep_other_fields_on_keyread)) { if (UNIV_UNLIKELY(prebuilt->keep_other_fields_on_keyread)) {
/* Copy cache record field by field, don't touch fields that /* Copy cache record field by field, don't touch fields that
are not covered by current key */ are not covered by current key */
cached_rec = prebuilt->fetch_cache[
prebuilt->fetch_cache_first];
for (i = 0; i < prebuilt->n_template; i++) { for (i = 0; i < prebuilt->n_template; i++) {
templ = prebuilt->mysql_template + i; templ = prebuilt->mysql_template + i;
#if 0 /* Some of the cached_rec may legitimately be uninitialized. */ row_sel_copy_cached_field_for_mysql(
UNIV_MEM_ASSERT_RW(cached_rec buf, cached_rec, templ);
+ templ->mysql_col_offset,
templ->mysql_col_len);
#endif
ut_memcpy(buf + templ->mysql_col_offset,
cached_rec + templ->mysql_col_offset,
templ->mysql_col_len);
/* Copy NULL bit of the current field from cached_rec /* Copy NULL bit of the current field from cached_rec
to buf */ to buf */
if (templ->mysql_null_bit_mask) { if (templ->mysql_null_bit_mask) {
...@@ -3153,17 +3186,24 @@ row_sel_pop_cached_row_for_mysql( ...@@ -3153,17 +3186,24 @@ row_sel_pop_cached_row_for_mysql(
& (byte)templ->mysql_null_bit_mask; & (byte)templ->mysql_null_bit_mask;
} }
} }
} else if (prebuilt->mysql_prefix_len > 63) {
/* The record is long. Copy it field by field, in case
there are some long VARCHAR column of which only a
small length is being used. */
UNIV_MEM_INVALID(buf, prebuilt->mysql_prefix_len);
/* First copy the NULL bits. */
ut_memcpy(buf, cached_rec, prebuilt->null_bitmap_len);
/* Then copy the requested fields. */
for (i = 0; i < prebuilt->n_template; i++) {
row_sel_copy_cached_field_for_mysql(
buf, cached_rec, prebuilt->mysql_template + i);
} }
else { } else {
#if 0 /* Some of the cached_rec may legitimately be uninitialized. */ ut_memcpy(buf, cached_rec, prebuilt->mysql_prefix_len);
UNIV_MEM_ASSERT_RW(prebuilt->fetch_cache
[prebuilt->fetch_cache_first],
prebuilt->mysql_prefix_len);
#endif
ut_memcpy(buf,
prebuilt->fetch_cache[prebuilt->fetch_cache_first],
prebuilt->mysql_prefix_len);
} }
prebuilt->n_fetch_cached--; prebuilt->n_fetch_cached--;
prebuilt->fetch_cache_first++; prebuilt->fetch_cache_first++;
......
/***************************************************************************** /*****************************************************************************
Copyright (c) 1994, 2009, Innobase Oy. All Rights Reserved. Copyright (c) 1994, 2011, Oracle and/or its affiliates. All Rights Reserved.
This program is free software; you can redistribute it and/or modify it under This program is free software; you can redistribute it and/or modify it under
the terms of the GNU General Public License as published by the Free Software the terms of the GNU General Public License as published by the Free Software
...@@ -483,53 +483,6 @@ ut_strlcpy_rev( ...@@ -483,53 +483,6 @@ ut_strlcpy_rev(
return(src_size); return(src_size);
} }
/**********************************************************************//**
Make a quoted copy of a NUL-terminated string. Leading and trailing
quotes will not be included; only embedded quotes will be escaped.
See also ut_strlenq() and ut_memcpyq().
@return pointer to end of dest */
UNIV_INTERN
char*
ut_strcpyq(
/*=======*/
char* dest, /*!< in: output buffer */
char q, /*!< in: the quote character */
const char* src) /*!< in: null-terminated string */
{
while (*src) {
if ((*dest++ = *src++) == q) {
*dest++ = q;
}
}
return(dest);
}
/**********************************************************************//**
Make a quoted copy of a fixed-length string. Leading and trailing
quotes will not be included; only embedded quotes will be escaped.
See also ut_strlenq() and ut_strcpyq().
@return pointer to end of dest */
UNIV_INTERN
char*
ut_memcpyq(
/*=======*/
char* dest, /*!< in: output buffer */
char q, /*!< in: the quote character */
const char* src, /*!< in: string to be quoted */
ulint len) /*!< in: length of src */
{
const char* srcend = src + len;
while (src < srcend) {
if ((*dest++ = *src++) == q) {
*dest++ = q;
}
}
return(dest);
}
#ifndef UNIV_HOTBACKUP #ifndef UNIV_HOTBACKUP
/**********************************************************************//** /**********************************************************************//**
Return the number of times s2 occurs in s1. Overlapping instances of s2 Return the number of times s2 occurs in s1. Overlapping instances of s2
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment