1. 29 Apr, 2010 3 commits
    • Davi Arnaut's avatar
      Manual merge. · 4e378bc5
      Davi Arnaut authored
      4e378bc5
    • Davi Arnaut's avatar
      Bug#50974: Server keeps receiving big (> max_allowed_packet) packets indefinitely. · 54705ab1
      Davi Arnaut authored
      The server could be tricked to read packets indefinitely if it
      received a packet larger than the maximum size of one packet.
      This problem is aggravated by the fact that it can be triggered
      before authentication.
      
      The solution is to no skip big packets for non-authenticated
      sessions. If a big packet is sent before a session is authen-
      ticated, a error is returned and the connection is closed.
      
      include/mysql_com.h:
        Add skip flag. Only used in server builds.
      sql/net_serv.cc:
        Control whether big packets can be skipped.
      54705ab1
    • Ramil Kalimullin's avatar
      Fix for bug #53237: mysql_list_fields/COM_FIELD_LIST stack smashing · 0d5dbb16
      Ramil Kalimullin authored
      Problem: "COM_FIELD_LIST is an old command of the MySQL server, before there was real move to only
      SQL. Seems that the data sent to COM_FIELD_LIST( mysql_list_fields() function) is not
      checked for sanity. By sending long data for the table a buffer is overflown, which can
      be used deliberately to include code that harms".
      
      Fix: check incoming data length.
      
      
      sql/sql_parse.cc:
        Fix for bug #53237: mysql_list_fields/COM_FIELD_LIST stack smashing
          - check incoming mysql_list_fields() table name arg length.
      0d5dbb16
  2. 26 Apr, 2010 1 commit
    • Alexey Kopytov's avatar
      Backport of the fix for bug #50335 to 5.0. · 6d43510a
      Alexey Kopytov authored
      The problem was in an incorrect debug assertion. The expression
      used in the failing assertion states that when finding
      references matching ORDER BY expressions, there can be only one
      reference to a single table. But that does not make any sense,
      all test cases for this bug are valid examples with multiple
      identical WHERE expressions referencing the same table which
      are also present in the ORDER BY list.
      
      Fixed by removing the failing assertion. We also have to take
      care of the 'found' counter so that we count multiple
      references only once. We rely on this fact later in
      eq_ref_table().
      
      mysql-test/r/join.result:
        Added a test case for bug #50335.
      mysql-test/t/join.test:
        Added a test case for bug #50335.
      sql/sql_select.cc:
        Removing the assertion in eq_ref_table() as it does not make
        any sense. We also have to take care of the 'found' counter so
        that we count multiple references only once. We rely on this
        fact later in eq_ref_table().
      6d43510a
  3. 06 Apr, 2010 2 commits
  4. 01 Apr, 2010 1 commit
    • Davi Arnaut's avatar
      Bug#50755: Crash if stored routine def contains version comments · 7ecad98c
      Davi Arnaut authored
      The problem was that a syntactically invalid trigger could cause
      the server to crash when trying to list triggers. The crash would
      happen due to a mishap in the backup/restore procedure that should
      protect parser items which are not associated with the trigger. The
      backup/restore is used to isolate the parse tree (and context) of
      a statement from the load (and parsing) of a trigger. In this case,
      a error during the parsing of a trigger could cause the improper
      backup/restore sequence.
      
      The solution is to properly restore the original statement context
      before the parser is exited due to syntax errors in the trigger body.
      
      mysql-test/r/trigger.result:
        Add test case result for Bug#50755
      mysql-test/t/trigger.test:
        Add test case for Bug#50755
      sql/sp_head.cc:
        Merge sp_head::destroy() and sp_head destructor. Retrieve THD
        from the LEX so that m_thd is not necessary.
      sql/sql_lex.cc:
        Explicitly restore the original environment.
      7ecad98c
  5. 29 Apr, 2010 1 commit
  6. 28 Apr, 2010 1 commit
    • Georgi Kodinov's avatar
      Bug #47453: InnoDB incorrectly changes TIMESTAMP columns when JOINed · 4d0e9957
      Georgi Kodinov authored
      during an UPDATE
      
      Extended the fix for bug 29310 to multi-table update:
      
      When a table is being updated it has two set of fields - fields required for
      checks of conditions and fields to be updated. A storage engine is allowed
      not to retrieve columns marked for update. Due to this fact records can't
      be compared to see whether the data has been changed or not. This makes the
      server always update records independently of data change.
        
      Now when an auto-updatable timestamp field is present and server sees that
      a table handle isn't going to retrieve write-only fields then all of such
      fields are marked as to be read to force the handler to retrieve them.
      4d0e9957
  7. 27 Apr, 2010 1 commit
  8. 26 Apr, 2010 2 commits
  9. 25 Apr, 2010 1 commit
    • Ramil Kalimullin's avatar
      Fix for bug#50946: fast index creation still seems to copy the table · 6595861f
      Ramil Kalimullin authored
      Problem: ALTER TABLE ADD INDEX may lead to table copying if there's
      numeric field(s) with non-default display width modificator specified.
      
      Fix: compare numeric field's storage lenghts when we decide whether 
      they can be considered 'equal' for table alteration purposes.
      
      
      mysql-test/r/error_simulation.result:
        Fix for bug#50946: fast index creation still seems to copy the table
          - test result.
      mysql-test/t/error_simulation.test:
        Fix for bug#50946: fast index creation still seems to copy the table
          - test case.
      sql/field.cc:
        Fix for bug#50946: fast index creation still seems to copy the table
          - check numeric field's pack lengths instead of it's display lenghts
        comparing fields equality for table alteration purposes.
      sql/sql_table.cc:
        Fix for bug#50946: fast index creation still seems to copy the table
          - check compare_tables() result for testing purposes.
      6595861f
  10. 22 Apr, 2010 1 commit
    • Staale Smedseng's avatar
      Bug#46261 Plugins can be installed with --skip-grant-tables · 20c91775
      Staale Smedseng authored
      Previously installed dynamic plugins are explicitly not loaded
      on startup with --skip-grant-tables enabled. However, INSTALL
      PLUGIN/UNINSTALL PLUGIN commands are allowed, and result in
      inconsistent error messages (reporting duplicate plugin or
      plugin does not exist).
      
      This patch adds a check for --skip-grant-tables mode, and
      returns error ER_OPTION_PREVENTS_STATEMENT to the user when
      the above commands are attempted.
      20c91775
  11. 20 Apr, 2010 2 commits
    • Kristofer Pettersson's avatar
      automerge · 4859951a
      Kristofer Pettersson authored
      4859951a
    • Kristofer Pettersson's avatar
      Bug#50373 --secure-file-priv="" · 3a626d10
      Kristofer Pettersson authored
      Correcting a patch misstake. The converted file path is placed in 'buff' not in opt_secure_file_priv.
      
      mysql-test/r/loaddata.result:
        * Updated test case; Since secure_file_priv now is normalized the previous values are changed.
      sql/mysqld.cc:
        * Fixed patch misstake
      3a626d10
  12. 19 Apr, 2010 1 commit
  13. 16 Apr, 2010 6 commits
    • Kristofer Pettersson's avatar
      Automerge · 95da93d7
      Kristofer Pettersson authored
      95da93d7
    • Kristofer Pettersson's avatar
      Bug#50373 --secure-file-priv="" · 794a4413
      Kristofer Pettersson authored
      The server variable opt_secure_file_priv wasn't
      normalized properly and caused the operations
      LOAD DATA INFILE .. INTO TABLE ..
      and
      SELECT load_file(..)
      to do different interpretations of the 
      --secure-file-priv option.
      
      The patch moves code to the server initialization
      routines so that the path always is normalized
      once and only once.
      
      It was also intended that setting the option
      to an empty string should be equal to 
      lifting all previously set restrictions. This
      is also fixed by this patch.
      
      
      sql/mysqld.cc:
        * If --secure_file_option is an empty string then the option variable
          should be unset.
        * opt_secure_file_option should be normalized once when the server starts.
      sql/sql_load.cc:
        * moved variable normalization code to fix_paths()
      794a4413
    • Staale Smedseng's avatar
      Bug#51591 deadlock in the plugins+status+variables · 9743819d
      Staale Smedseng authored
            
      Potential deadlock situation involving LOCK_plugin,
      LOCK_global_system_variables and LOCK_status.
            
      This patch backports the fix from next-mr, unlocking
      LOCK_plugin before calling plugin->init() and
      add_status_vars().
      9743819d
    • Sergey Glukhov's avatar
      Bug#52124 memory leaks like a sieve in datetime, timestamp, time, date fields + warnings · 649deaa8
      Sergey Glukhov authored
      Arg_comparator initializes 'comparators' array in case of
      ROW comparison and does not free this array on destruction.
      It leads to memory leaks.
      The fix:
      -added Arg_comparator::cleanup() method which frees
       'comparators' array.
      -added Item_bool_func2::cleanup() method which calls 
       Arg_comparator::cleanup() method
      
      
      mysql-test/r/ps.result:
        test case
      mysql-test/r/row.result:
        test case
      mysql-test/t/ps.test:
        test case
      mysql-test/t/row.test:
        test case
      sql/item_cmpfunc.h:
        -added Arg_comparator::cleanup() method which frees
         'comparators' array.
        -added Item_bool_func2::cleanup() method which calls 
         Arg_comparator::cleanup() method
      649deaa8
    • Georgi Kodinov's avatar
      Bug #52629: memory leak from sys_var_thd_dbug in binlog.binlog_write_error · 16fadb10
      Georgi Kodinov authored
      When re-setting (SET GLOBAL debug='') the GLOBAL debug settings the 
      server was not freeing the data elements from the top (initial) frame 
      before setting them to 0 without freeing the underlying memory. As these 
      are global settings there's a chance that something is there already.
      Fixed by :
      1. making sure the allocated data are cleaned up before re-setting them
      while parsing a debug string
      2. making sure the stuff allocated in the global settings is freed on 
      shutdown.
      16fadb10
    • Luis Soares's avatar
      8fa9a586
  14. 15 Apr, 2010 1 commit
  15. 14 Apr, 2010 2 commits
    • Sergey Vojtovich's avatar
      Merge fix for BUG39053 to 5.1-bugteam. · c37bfe0a
      Sergey Vojtovich authored
      c37bfe0a
    • Sergey Vojtovich's avatar
      BUG#39053 - UNISTALL PLUGIN does not allow the storage engine · 4aa36ee7
      Sergey Vojtovich authored
                  to cleanup open connections
      
      It was possible to UNINSTALL storage engine plugin when binding
      between THD object and storage engine is still active (e.g. in
      the middle of transaction).
      
      To avoid unclean deactivation (uninstall) of storage engine plugin
      in the middle of transaction, additional storage engine plugin
      lock is acquired by thd_set_ha_data().
      
      If ha_data is not null and storage engine plugin was not locked
      by thd_set_ha_data() in this connection before, storage engine
      plugin gets locked.
      
      If ha_data is null and storage engine plugin was locked by
      thd_set_ha_data() in this connection before, storage engine
      plugin lock gets released.
      
      If handlerton::close_connection() didn't reset ha_data, server does
      it immediately after calling handlerton::close_connection().
      
      Note that this is just a framework fix, storage engines must switch
      to thd_set_ha_data() from thd_ha_data() if they want to see fit.
      
      include/mysql/plugin.h:
        As thd_{get|set}_ha_data() have some extra logic now, they
        must be implemented on server side.
      include/mysql/plugin.h.pp:
        As thd_{get|set}_ha_data() have some extra logic now, they
        must be implemented on server side.
      sql/handler.cc:
        Make sure ha_data is reset and ha_data lock is released.
      sql/handler.h:
        hton is not supposed to be updated by ha_lock_engine(),
        make it const.
      sql/sql_class.cc:
        As thd_{get|set}_ha_data() have some extra logic now, they
        must be implemented on server side.
      sql/sql_class.h:
        Added ha_data lock.
      4aa36ee7
  16. 12 Apr, 2010 2 commits
  17. 09 Apr, 2010 2 commits
    • Davi Arnaut's avatar
      Backport revision alik@sun.com-20100223131824-comthndat57kx8s5: · 97afbf5a
      Davi Arnaut authored
      Add ignore pattern for valgrind messages.
      97afbf5a
    • Georgi Kodinov's avatar
      Bug #47095: Can't open_files_limit really be larger than 65535? · 83dfeb24
      Georgi Kodinov authored
      Several problems addressed:
      
      1. The maximum value for --open_files_limit on non-windows boxes
      is now raised to UINT_MAX (the maximum possible without significant
      changes in the code). The maximum value on windows is kept to be
      2048 due to a known limitation (bug 24509).
      
      2. mysqld_safe now supports --open_files_limit=xx in addition to 
      --open-files-limit=xx
      
      3. mysqld_safe always passes through --open[_-]files[_-]limit
      to the underlying mysqld. It used to pass it through only if it 
      the user running the script has access to the root directory or
      there was an --user argument specified.
      
      4. Fixed a prototype in my_file.c to match its counterpart in 
      the other #ifdef branch.
      83dfeb24
  18. 07 Apr, 2010 1 commit
  19. 06 Apr, 2010 5 commits
  20. 05 Apr, 2010 1 commit
    • Sergey Glukhov's avatar
      Bug#52336 Segfault / crash in 5.1 copy_fields (param=0x9872980) at sql_select.cc:15355 · c1ad5072
      Sergey Glukhov authored
      The problem is that we can not use make_cond_for_table().
      This function relies on used_tables() condition
      which is not set properly for subqueries.
      As result subquery is not filtered out.
      The fix is to use remove_eq_conds() function instead
      of make_cond_for_table() func. 'remove_eq_conds()'
      algorithm relies on const_item() value and it allows
      to handle subqueries in right way.
      
      
      mysql-test/r/having.result:
        test case
      mysql-test/t/having.test:
        test case
      sql/sql_select.cc:
        The fix is to use remove_eq_conds() function instead
        of make_cond_for_table() function.
      c1ad5072
  21. 02 Apr, 2010 1 commit
    • Gleb Shchepa's avatar
      Bug #40625: Concat fails on DOUBLE values in a Stored · e2a546ae
      Gleb Shchepa authored
                  Procedure, while DECIMAL works
      
      Selecting of the CONCAT(...<SP variable>...) result into
      a user variable may return wrong data.
      
      
      Item_func_concat::val_str contains a number of memory
      allocation-saving tricks. One of them concatenates
      strings inplace inserting the value of one string
      at the beginning of the other string. However,
      this trick didn't care about strings those points
      to the same data buffer: this is possible when
      a CONCAT() parameter is a stored procedure variable -
      Item_sp_variable::val_str() uses the intermediate
      Item_sp_variable::str_value field, where it may
      store a reference to an external buffer.
      
      
      The Item_func_concat::val_str function has been
      modified to take into account val_str functions
      (such as Item_sp_variable::val_str) that return
      a pointer to an internal Item member variable
      that may reference to a buffer provided.
      
      
      mysql-test/r/func_concat.result:
        Test case for the bug #40625.
      mysql-test/t/func_concat.test:
        Test case for the bug #40625.
      sql/item_strfunc.cc:
        Bug #40625: Concat fails on DOUBLE values in a Stored
                    Procedure, while DECIMAL works
        
        The Item_func_concat::val_str function has been
        modified to take into account val_str functions
        (such as Item_sp_variable::val_str) that return
        a pointer to an internal Item member variable
        that may reference to a buffer provided.
      e2a546ae
  22. 01 Apr, 2010 2 commits
    • Anurag Shekhar's avatar
      Bug #47904 Incorrect results w/ table subquery, derived SQs, and LEFT JOIN · ab8ff15c
      Anurag Shekhar authored
             on index
      
      'my_decimal' class has two members which can be used to access the 
      value. The member variable buf (inherited from parent class decimal_t) 
      is set to member variable buffer so that both are pointing to same value.
      
      Item_copy_decimal::copy() uses memcpy to clone 'my_decimal'. The member
      buffer is declared as an array and memcpy results in copying the values
      of the array, but the inherited member buf, which should be pointing at
      the begining of the array 'buffer' starts pointing to the begining of 
      buffer in original object (which is being cloned). Further updates on 
      'my_decimal' updates only the inherited member 'buf' but leaves 
      buffer unchanged.
      
      Later when the new object (which now holds a inconsistent value) is cloned
      again using proper cloning function 'my_decimal2decimal' the buf pointer
      is fixed resulting in loss of the current value.
      
      Using my_decimal2decimal instead of memcpy in Item_copy_decimal::copy()
      fixed this problem.
      
      
      mysql-test/r/subselect.result:
        Updated result file after addding test case for bug#47904.
      mysql-test/t/subselect.test:
        Added test case for bug#47904.
      sql/item.cc:
        Memcopy shouldn't be used to clone my_decimal. Use my_decimal2decimal
        instead.
      ab8ff15c
    • Sergey Vojtovich's avatar
      40de15ba