1. 07 Oct, 2011 1 commit
    • Magne Mahre's avatar
      BUG#12589870 CRASHES WITH MULTIQUERY PACKET + USE<DB> + QUERY CACHE · 584a6780
      Magne Mahre authored
       
      A buffer large enough to hold the query _plus_ some additional
      data is allocated before parsing is started.   The additional data 
      is used by the query cache, and consists of the name of the current 
      database and a set of flags.
       
      When a packet containing multiple SQL statements is sent to the
      server and one of the statements changes the current database
      (a "USE <db>" statement), and the name of the new current database 
      is longer than of the previous,  there is not enough space in the 
      buffer for the new name, and we write out over the buffer boundary.
      
      The fix adds an extra field to store the number of bytes
      allocated to the database name in the buffer.  If the current
      database name changes, and the new name is longer than the
      previous one, we refuse to cache the query.
      584a6780
  2. 22 Sep, 2011 1 commit
    • Alexander Nozdrin's avatar
      Fix for Bug#13001491: MYSQL_REFRESH CRASHES WHEN STORED ROUTINES ARE RUN CONCURRENTLY. · 883f362d
      Alexander Nozdrin authored
      The main problem was that lex_start() was forgotten to be called before processing
      COM_REFRESH.
      
      Another problem discovered was that if failures to flush the error log were not properly
      handled, which resulted in the server crash.
      
      The user-visible effect of these problems were:
        - if COM_REFRESH command was sent after SQL-queries of some sort,
          the server would crash.
        - if COM_REFRESH was requested with REFRESH_LOG only, and the error log
          failed to flush, the server would crash. The error log fails to flush
          when it points to unavailable file (for example, due to restricted
          permissions).
      
      The fixes are:
        - call lex_start() in the beginning of COM_REFRESH;
        - handle failures to flush the error log properly, i.e. raise ER_UNKNOWN_ERROR.
      
      sql/sql_parse.cc:
        Fix for Bug#13001491: MYSQL_REFRESH CRASHES WHEN STORED ROUTINES ARE RUN CONCURRENTLY.
      tests/mysql_client_test.c:
        A test case for Bug#13001491: MYSQL_REFRESH CRASHES WHEN STORED ROUTINES
        ARE RUN CONCURRENTLY.
      883f362d
  3. 15 Sep, 2011 1 commit
  4. 23 Aug, 2011 1 commit
  5. 17 Aug, 2011 2 commits
  6. 11 Aug, 2011 1 commit
  7. 10 Aug, 2011 3 commits
  8. 09 Aug, 2011 1 commit
  9. 08 Aug, 2011 1 commit
  10. 02 Aug, 2011 1 commit
    • Sergey Glukhov's avatar
      Bug#11766594 59736: SELECT DISTINCT.. INCORRECT RESULT WITH DETERMINISTIC FUNCTION IN WHERE C · 09c2a14a
      Sergey Glukhov authored
      There is an optimization of DISTINCT in JOIN::optimize()
      which depends on THD::used_tables value. Each SELECT statement
      inside SP resets used_tables value(see mysql_select()) and it
      leads to wrong result. The fix is to replace THD::used_tables
      with LEX::used_tables.
      
      
      mysql-test/r/sp.result:
        test case
      mysql-test/t/sp.test:
        test case
      sql/sql_base.cc:
        THD::used_tables is replaced with LEX::used_tables
      sql/sql_class.cc:
        THD::used_tables is replaced with LEX::used_tables
      sql/sql_class.h:
        THD::used_tables is replaced with LEX::used_tables
      sql/sql_insert.cc:
        THD::used_tables is replaced with LEX::used_tables
      sql/sql_lex.cc:
        THD::used_tables is replaced with LEX::used_tables
      sql/sql_lex.h:
        THD::used_tables is replaced with LEX::used_tables
      sql/sql_prepare.cc:
        THD::used_tables is replaced with LEX::used_tables
      sql/sql_select.cc:
        THD::used_tables is replaced with LEX::used_tables
      09c2a14a
  11. 27 Jul, 2011 2 commits
  12. 22 Jul, 2011 2 commits
    • Alexander Nozdrin's avatar
      Manual merge from mysql-5.0. · 9bb51735
      Alexander Nozdrin authored
      9bb51735
    • Alexander Nozdrin's avatar
      For for Bug#12696072: FIX OUTDATED COPYRIGHT NOTICES IN RUNTIME RELATED CLIENT · 9c1aebb3
      Alexander Nozdrin authored
      TOOLS
      
      Backport a fix for Bug 57094 from 5.5.
      The following revision was backported:
      
      # revision-id: alexander.nozdrin@oracle.com-20101006150613-ls60rb2tq5dpyb5c
      # parent: bar@mysql.com-20101006121559-am1e05ykeicwnx48
      # committer: Alexander Nozdrin <alexander.nozdrin@oracle.com>
      # branch nick: mysql-5.5-bugteam-bug57094
      # timestamp: Wed 2010-10-06 19:06:13 +0400
      # message:
      #   Fix for Bug 57094 (Copyright notice incorrect?).
      #   
      #   The fix is to:
      #     - introduce ORACLE_WELCOME_COPYRIGHT_NOTICE define to have a single place
      #       to specify copyright notice;
      #     - replace custom copyright notices with ORACLE_WELCOME_COPYRIGHT_NOTICE
      #       in programs.
      9c1aebb3
  13. 19 Jul, 2011 1 commit
  14. 18 Jul, 2011 3 commits
  15. 15 Jul, 2011 5 commits
    • Bjorn Munch's avatar
      merge from 5.1 main · da4fc5cb
      Bjorn Munch authored
      da4fc5cb
    • Alexander Nozdrin's avatar
      Backport a fix for Bug#59060 (Valgrind warning in Protocol_text::store()). · da51493a
      Alexander Nozdrin authored
      Original changeset:
      revision-id: alexander.nozdrin@oracle.com-20101221122349-6h8ammcro70a4pac
      parent: sven.sandberg@oracle.com-20101221121948-hnivuulyohzch1v4
      committer: Alexander Nozdrin <alexander.nozdrin@oracle.com>
      branch nick: mysql-trunk-bugfixing
      timestamp: Tue 2010-12-21 15:23:49 +0300
      message:
        A patch for Bug#59060 (Valgrind warning in Protocol_text::store()).
        
        We should not assume to have zero-terminated strings.
      da51493a
    • Tor Didriksen's avatar
      merge 5.0-security => 5.1-security · f53acf17
      Tor Didriksen authored
      f53acf17
    • Tor Didriksen's avatar
      Bug#12406055 BUFFER OVERFLOW OF VARIABLE 'BUFF' IN STRING::SET_REAL · 276b5de0
      Tor Didriksen authored
      The buffer was simply too small.
      In 5.5 and trunk, the size is 311 + 31,
      in 5.1 and below, the size is 331
      
      
      client/sql_string.cc:
        Increase buffer size in String::set(double, ...)
      include/m_string.h:
        Increase FLOATING_POINT_BUFFER
      mysql-test/r/type_float.result:
        New test cases.
      mysql-test/t/type_float.test:
        New test cases.
      sql/sql_string.cc:
        Increase buffer size in String::set(double, ...)
      sql/unireg.h:
        Move definition of FLOATING_POINT_BUFFER
      276b5de0
    • Luis Soares's avatar
      DBUG_PRINT in solaris does not work well with NULL parameters. · 770b03f9
      Luis Soares authored
      HA_ERR was returning 0 (null string) when no error happened 
      (error=0). Since HA_ERR is used in DBUG_PRINT, regardless there 
      was an error or not, the server could crash in solaris debug
      builds.
      
      We fix this by:
      
        - deploying an assertion that ensures that the function 
          is not called when no error has happened;
        - making sure that HA_ERR is only called when an error 
          happened;
        - making HA_ERR return "No Error", instead of 0, for 
          non-debug builds if it is called when no error happened.
      
      This will make HA_ERR return values to work with DBUG_PRINT on
      solaris debug builds.
      770b03f9
  16. 14 Jul, 2011 1 commit
    • Luis Soares's avatar
      BUG#11753004: 44360: REPLICATION FAILED · 1b1e1e05
      Luis Soares authored
                        
      The server crashes if it processes table map events that are
      corrupted, especially if they map different tables to the same
      identifier. This could happen, for instance, due to BUG 56226.
                        
      We fix this by checking whether the table map has already been
      mapped before actually applying the event. If it has been mapped
      with different settings an error is raised and the slave SQL
      thread stops. If it has been mapped with same settings the event
      is skipped. If the table is set to be ignored by the filtering
      rules, there is no change in behavior: the event is skipped and
      ids are not checked.
      
      
      mysql-test/suite/rpl/t/rpl_row_corruption.test:
        Added a simple test case that checks both cases:
        - multiple table maps with the same identifier
        - multiple table maps with the same identifier, but only one
          is processed (the others are filtered out)
      1b1e1e05
  17. 12 Jul, 2011 2 commits
    • Luis Soares's avatar
      BUG#12695969 · 9c4287f4
      Luis Soares authored
      Manually merged from mysql-5.0 into mysql-5.1.
      
      conflicts
      =========
      
      include/Makefile.am
      9c4287f4
    • Luis Soares's avatar
      BUG#12695969 · 34d33506
      Luis Soares authored
      Follow-up patch that adds the newly added header file to
      Makefile.am noinst_HEADERS.
      34d33506
  18. 11 Jul, 2011 3 commits
    • Luis Soares's avatar
      BUG#12695969 · 39f76b60
      Luis Soares authored
      Manually merged mysql-5.0 into mysql-5.1.
      
      conflicts
      =========
      client/mysqlibinlog.cc
      39f76b60
    • Luis Soares's avatar
      BUG#12695969: FIX OUTDATED COPYRIGHT NOTICES IN REPLACTION · fac2ec36
      Luis Soares authored
      CLIENT TOOLS
            
      The fix is to backport part of revision:
              
        - alexander.nozdrin@oracle.com-20101006150613-ls60rb2tq5dpyb5c
            
      from mysql-5.5. In detail, we add the oracle welcome notice
      header file proposed in the original patch and include/use it
      in client/mysqlbinlog.cc, replacing the existing and obsolete
      notice.
      fac2ec36
    • Tor Didriksen's avatar
      Bug#11765255 - 58201: VALGRIND/CRASH WHEN ORDERING BY MULTIPLE AGGREGATE FUNCTIONS · 454ef927
      Tor Didriksen authored
      We must allocate a larger ref_pointer_array. We failed to account for extra
      items allocated here:
      #0  find_order_in_list 
        uint el= all_fields.elements;
        all_fields.push_front(order_item); /* Add new field to field list. */
        ref_pointer_array[el]= order_item;
        order->item= ref_pointer_array + el;
      #1  setup_order
      #2  setup_without_group
      #3  JOIN::prepare
      
      
      mysql-test/r/order_by.result:
        New test case.
      mysql-test/r/union.result:
        New test case.
      mysql-test/t/order_by.test:
        New test case.
      mysql-test/t/union.test:
        New test case.
      sql/sql_lex.cc:
        find_order_in_list() may need some extra space, so multiply og_num by two.
      sql/sql_union.cc:
        For UNION, the 'n_sum_items' are accumulated in the "global_parameters" select_lex.
        This number must be propagated to setup_ref_array()
        
        When preparing a 'fake_select_lex' we need to use global_parameters->order_list
        rather than fake_select_lex->order_list (see comments inside st_select_lex_unit::cleanup)
      454ef927
  19. 07 Jul, 2011 6 commits
  20. 06 Jul, 2011 1 commit
  21. 05 Jul, 2011 1 commit