- 19 May, 2010 1 commit
-
-
unknown authored
-
- 05 May, 2010 3 commits
-
-
Sunanda Menon authored
revno: 2861 committer: Georgi Kodinov <joro@sun.com> branch nick: B53371-5.0-bugteam timestamp: Mon 2010-05-03 18:16:51 +0300 message: Bug #53371: COM_FIELD_LIST can be abused to bypass table level grants. The server was not checking the supplied to COM_FIELD_LIST table name for validity and compliance to acceptable table names standards. Fixed by checking the table name for compliance similar to how it's normally checked by the parser and returning an error message if it's not compliant.
-
Georgi Kodinov authored
-
Georgi Kodinov authored
-
- 03 May, 2010 2 commits
-
-
Georgi Kodinov authored
The server was not checking the supplied to COM_FIELD_LIST table name for validity and compliance to acceptable table names standards. Fixed by checking the table name for compliance similar to how it's normally checked by the parser and returning an error message if it's not compliant.
-
unknown authored
-
- 01 May, 2010 1 commit
-
-
Georgi Kodinov authored
-
- 29 Apr, 2010 2 commits
-
-
Davi Arnaut authored
The server could be tricked to read packets indefinitely if it received a packet larger than the maximum size of one packet. This problem is aggravated by the fact that it can be triggered before authentication. The solution is to no skip big packets for non-authenticated sessions. If a big packet is sent before a session is authen- ticated, a error is returned and the connection is closed. include/mysql_com.h: Add skip flag. Only used in server builds. sql/net_serv.cc: Control whether big packets can be skipped.
-
Ramil Kalimullin authored
Problem: "COM_FIELD_LIST is an old command of the MySQL server, before there was real move to only SQL. Seems that the data sent to COM_FIELD_LIST( mysql_list_fields() function) is not checked for sanity. By sending long data for the table a buffer is overflown, which can be used deliberately to include code that harms". Fix: check incoming data length. sql/sql_parse.cc: Fix for bug #53237: mysql_list_fields/COM_FIELD_LIST stack smashing - check incoming mysql_list_fields() table name arg length.
-
- 26 Apr, 2010 1 commit
-
-
Alexey Kopytov authored
The problem was in an incorrect debug assertion. The expression used in the failing assertion states that when finding references matching ORDER BY expressions, there can be only one reference to a single table. But that does not make any sense, all test cases for this bug are valid examples with multiple identical WHERE expressions referencing the same table which are also present in the ORDER BY list. Fixed by removing the failing assertion. We also have to take care of the 'found' counter so that we count multiple references only once. We rely on this fact later in eq_ref_table(). mysql-test/r/join.result: Added a test case for bug #50335. mysql-test/t/join.test: Added a test case for bug #50335. sql/sql_select.cc: Removing the assertion in eq_ref_table() as it does not make any sense. We also have to take care of the 'found' counter so that we count multiple references only once. We rely on this fact later in eq_ref_table().
-
- 06 Apr, 2010 2 commits
-
-
Georgi Kodinov authored
-
Georgi Kodinov authored
-
- 30 Mar, 2010 1 commit
-
-
Georgi Kodinov authored
function on windows When making sure that the directory path ends up with a slash/backslash we need to check for the correct length of the buffer and trim at the appropriate location so we don't write past the end of the buffer.
-
- 26 Mar, 2010 1 commit
-
-
Sergey Glukhov authored
The crash is the result of an attempt made by JOIN::optimize to evaluate the WHERE condition when no records have been actually read. The fix is to remove erroneous 'outer_join' variable check. mysql-test/r/join.result: test result mysql-test/t/join.test: test case sql/sql_select.cc: removed erroneous 'outer_join' variable check.
-
- 24 Mar, 2010 1 commit
-
-
Sergey Glukhov authored
The crash happens because greedy_serach can not determine best plan due to wrong inner table dependences. These dependences affects join table sorting which performs before greedy_search starting. In our case table which has real 'no dependences' should be put on top of the list but it does not happen as inner tables have no dependences as well. The fix is to exclude RAND_TABLE_BIT mask from condition which checks if table dependences should be updated. mysql-test/r/join.result: test result mysql-test/t/join.test: test case sql/sql_select.cc: RAND_TABLE_BIT mask should not be counted as it prevents update of inner table dependences. For example it might happen if RAND() function is used in JOIN ON clause.
-
- 10 Mar, 2010 4 commits
-
-
Sergey Vojtovich authored
BUG#51342 - more xid crashing Restore autocommit variable by supplying explicit value. mysql-test/r/xa.result: Restore autocommit variable by supplying explicit value. mysql-test/t/xa.test: Restore autocommit variable by supplying explicit value.
-
Sergey Vojtovich authored
-
Sergey Vojtovich authored
SET autocommit=1 while XA transaction is active may cause various side effects, including memory corruption and server crash. The problem is that SET autocommit=1 and further queries attempt to commit local transaction, whereas XA transaction is still active. As local and XA transactions are mutually exclusive, this patch forbids enabling autocommit mode while XA transaction is active. mysql-test/r/xa.result: A test case for BUG#51342. mysql-test/t/xa.test: A test case for BUG#51342. sql/set_var.cc: Forbid enabling autocommit mode while XA transaction is active.
-
Georgi Kodinov authored
-
- 08 Mar, 2010 1 commit
-
-
Georgi Kodinov authored
Spatial indexes were not checking for out-of-record condition in the handler next command when the previous command didn't found rows. Fixed by making the rtree index to check for end of rows condition before re-using the key from the previous search. Fixed another crash if the tree has changed since the last search. Added a test case for the other error.
-
- 04 Mar, 2010 2 commits
-
-
Tatiana A. Nurnberg authored
-
Tatiana A. Nurnberg authored
-
- 02 Mar, 2010 2 commits
-
-
Tatiana A. Nurnberg authored
If an outer query is broken, a subquery might not even get set up. EXPLAIN EXTENDED did not expect this and merrily tried to de-ref all of the half-setup info. We now catch this case and print as much as we have, as it doesn't cost us anything (doesn't make regular execution slower). backport from 5.1 mysql-test/r/explain.result: Show that EXPLAIN EXTENDED with subquery and illegal out query doesn't crash. Show also that SHOW WARNINGS will render an additional Note in the hope of being, well, helpful. mysql-test/t/explain.test: If we have only half a query for EXPLAIN EXTENDED to print (i.e., incomplete subquery info as outer query is illegal), we should provide the user with as much info as we easily can if they ask for it. What we should not do is crash when they come asking for help, that violates etiquette in some countries. sql/item_subselect.cc: If the sub-query's actually set up, print it. Otherwise, elide.
-
Tatiana A. Nurnberg authored
-
- 01 Mar, 2010 1 commit
-
-
Georgi Kodinov authored
-
- 26 Feb, 2010 1 commit
-
-
Georgi Kodinov authored
-
- 25 Feb, 2010 2 commits
-
-
Christopher Powers authored
Fixed crash caused by x64 int/long incompatibility introduced in Bug #29125. sql/item_timefunc.cc: Fixed crash caused by int/long incompatibility on x64 systems. Changed two "uint" casts and a "long" declartion to "int" in order to ensure that the integer sign is preserved. See Bug #48739 for details.
-
Georgi Kodinov authored
-
- 20 Feb, 2010 1 commit
-
-
unknown authored
-
- 19 Feb, 2010 1 commit
-
-
Tatiana A. Nurnberg authored
When EXPLAIN EXTENDED tries to print column names, it checks whether the referenced table is CONST (in which case, the column's value rather than its name will be printed). If no proper table is reference (i.e. because a derived table was used that has since gone out of scope), this will fail spectacularly. This ports an equivalent of the fix for Bug 43354. mysql-test/r/func_gconcat.result: Show that EXPLAIN EXTENDED on a GROUP_CONCAT() on a derived table no longer crashes the server. mysql-test/t/func_gconcat.test: Show that EXPLAIN EXTENDED on a GROUP_CONCAT() on a derived table no longer crashes the server. sql/item_sum.cc: Do not de-ref what cannot be, that is, temp-tables that have gone away. This is of questionable utility anyway, since our deref has the sole purpose of checking whether the table is const (in which case, we'll substitute the column with its value in EXPLAIN EXTENDED - that is all).
-
- 12 Feb, 2010 1 commit
-
-
Joerg Bruehe authored
-
- 08 Feb, 2010 1 commit
-
-
Joerg Bruehe authored
in message printed at end of configure New text for the success message of "configure". configure.in: The message must be changed to drop the "www.mysql.com" URL.
-
- 04 Feb, 2010 1 commit
-
-
Georgi Kodinov authored
-
- 03 Feb, 2010 7 commits
-
-
MySQL Build Team authored
> ------------------------------------------------------------ > revno: 2840 [merge] > revision-id: ramil@mysql.com-20100113101142-pda4phrsyh1rjp85 > parent: joerg@mysql.com-20100112114118-zfpofgcu0j49j839 > parent: ramil@mysql.com-20100113052045-een35iazzk8023w2 > committer: Ramil Kalimullin <ramil@mysql.com> > branch nick: mysql-5.0-bugteam > timestamp: Wed 2010-01-13 14:11:42 +0400 > message: > Auto-merge. > ------------------------------------------------------------ > Use --include-merges or -n0 to see merged revisions.
-
MySQL Build Team authored
> ------------------------------------------------------------ > revno: 2818.1.48 > revision-id: joro@sun.com-20091210092838-zbz9ugqay1tn7rxm > parent: joro@sun.com-20091207143856-ojmmqr0bm1haxvca > committer: Georgi Kodinov <joro@sun.com> > branch nick: B49250-5.0-bugteaam > timestamp: Thu 2009-12-10 11:28:38 +0200 > message: > Bug #49250 : spatial btree index corruption and crash > > SPATIAL and FULLTEXT indexes don't support algorithm > selection. > Disabled by creating a special grammar rule for these > in the parser. > Added some encasulation of duplicate parser code.
-
MySQL Build Team authored
> ------------------------------------------------------------ > revno: 2818.1.41 [merge] > revision-id: epotemkin@mysql.com-20091203132153-k8xwk3nh02n8npg4 > parent: epotemkin@mysql.com-20091202134712-4muwnr152xqkcwm7 > parent: epotemkin@mysql.com-20091203131520-93uiop1a81o9z8mb > committer: Evgeny Potemkin <epotemkin@mysql.com> > branch nick: mysql-5.0-bugteam > timestamp: Thu 2009-12-03 16:21:53 +0300 > message: > Auto-merged. > ------------------------------------------------------------ > Use --include-merges or -n0 to see merged revisions.
-
MySQL Build Team authored
> ------------------------------------------------------------ > revno: 2818.1.40 [merge] > revision-id: epotemkin@mysql.com-20091202134712-4muwnr152xqkcwm7 > parent: gshchepa@mysql.com-20091201102444-yw166t3audrojo9s > parent: epotemkin@mysql.com-20091201182845-aw0uawt6c6gwi98c > committer: Evgeny Potemkin <epotemkin@mysql.com> > branch nick: mysql-5.0-bugteam > timestamp: Wed 2009-12-02 16:47:12 +0300 > message: > Auto-merged fix for the bug#48508. > ------------------------------------------------------------ > Use --include-merges or -n0 to see merged revisions.
-
MySQL Build Team authored
> ------------------------------------------------------------ > revno: 2818.1.39 > revision-id: gshchepa@mysql.com-20091201102444-yw166t3audrojo9s > parent: joro@sun.com-20091127160731-6h2fahbh4409i841 > committer: Gleb Shchepa <gshchepa@mysql.com> > branch nick: mysql-5.0-bugteam > timestamp: Tue 2009-12-01 14:24:44 +0400 > message: > Bug #38883 (reopened): thd_security_context is not thread safe, crashes? > > The bug 38816 changed the lock that protects THD::query from > LOCK_thread_count to LOCK_thd_data, but didn't update the associated > InnoDB functions. > > 1. The innobase_mysql_prepare_print_arbitrary_thd and the > innobase_mysql_end_print_arbitrary_thd InnoDB functions have been > removed, since now we have a per-thread mutex: now we don't need to wrap > several inter-thread access tries to THD::query with a single global > LOCK_thread_count lock, so we can simplify the code. > > 2. The innobase_mysql_print_thd function has been modified to lock > LOCK_thd_data in direct way.
-
MySQL Build Team authored
> ------------------------------------------------------------ > revno: 2818.1.38 > revision-id: joro@sun.com-20091127160731-6h2fahbh4409i841 > parent: joro@sun.com-20091127143622-bqfsmhhr2pqodsm2 > committer: Georgi Kodinov <joro@sun.com> > branch nick: fix-5.0-bugteam > timestamp: Fri 2009-11-27 18:07:31 +0200 > message: > Addendum to bug #48872: disable output in the test case because errors are > dependent on the case mode
-
MySQL Build Team authored
> ------------------------------------------------------------ > revno: 2818.1.35 > revision-id: joro@sun.com-20091127095944-autr58itccge4z9l > parent: satya.bn@sun.com-20091125095925-871384fcnwwa2yqt > committer: Georgi Kodinov <joro@sun.com> > branch nick: B48872-5.0-bugteam > timestamp: Fri 2009-11-27 11:59:44 +0200 > message: > Bug #48872 : Privileges for stored functions ignored if function name > is mixed case > > Transcode the procedure name to lowercase when searching for it in the > hash. This is the missing part of the fix for bug #41049.
-