- 14 Dec, 2012 4 commits
-
-
Ramil Kalimullin authored
-
Ramil Kalimullin authored
Problem: tag's buffer overflow leads to a problem. Fix: bound check added. sql/item_xmlfunc.cc: Fix for BUG#15948580 UPDATE_XML() CRASHES THE SERVER. - XML tag/attribute level shouldn't exceed MAX_LEVEL as we use a static buffer to store them in the MY_XML_USER_DATA.
-
Inaam Rana authored
-
Inaam Rana authored
BUF_PAGE_GET_GEN REDUNDANT? rb://1711 approved by: Marko Makela When decompressing a compressed page that had already been accessed in the buffer pool, do not attempt to merge buffered changes.
-
- 13 Dec, 2012 7 commits
-
-
Ravinder Thakur authored
-
Marko Mäkelä authored
implementation of innobase_mysql_tmpfile() from MySQL 5.5 onwards.
-
Ravinder Thakur authored
File names with colon are being disallowed because of the Alternate Data Stream (ADS) feature of NTFS that could be misused. ADS allows data to be written to alternate streams of a normal file. The data in alternate streams cannot be seen by normal tools on Windows (explorer, cmd.exe). As a result someone can use this feature to hide large amount of data in alternate streams and admins will have no easy way of figuring out the files that are using that disk space. The fix also disallows ADS in the scenarios where file name is passed as some dynamic variable. An important thing about the fix is that it DOES NOT disallow ADS file names if they are not dynamic (i.e. if the file is created by using some option that needs local access to the MySQL server, for example error log file). The reasoning is that if some MySQL option related to files requires access to the local machine (it is not dynamic), then user can very well create data in ADS by some other means. This fixes only those scenarios which can allow users to create data in ADS over the wire. File names with colon are being disallowed only on Windows. UNIX (Linux in particular) supports NTFS, but it will not be a common scenario for someone to configure a NTFS file system to store MySQL data on Linux. Changes in file bug11761752-master.opt are needed due to bug number 15937938.
-
Satya Bodapati authored
-
Satya Bodapati authored
The error code returned from Merge file/Temp file creation functions are ignored. Use the return codes of the row_merge_file_create() and innobase_mysql_tmpfile() to return the error to caller if file creation fails. Approved by Marko. rb#1618
-
Harin Vadodaria authored
DOPROCESSREPLY() Description: Merge from 5.1 to 5.5
-
Harin Vadodaria authored
DOPROCESSREPLY() Description: Function DoProcessReply() calls function decrypt_message() in a while loop without performing a check on available buffer space. This can cause buffer overflow and crash the server. This patch is fix provided by Sawtooth to resolve the issue.
-
- 12 Dec, 2012 3 commits
-
-
Nirbhay Choubey authored
IN A SQL STATEMENT While processing each lines entered at the prompt, mysql client appends a '\n' to all the lines except for delimiter commands. However the same logic must not apply if 'delimiter' is part of a string or a comment, for which a '\n' should be added. Fixed by adding appropriate checks. Added a test case.
-
unknown authored
-
unknown authored
-
- 11 Dec, 2012 7 commits
-
-
Dmitry Lenev authored
ROBUST AGAINST BUGS IN CALLERS". Both MDL subsystems and Table Definition Cache code assume that callers ensure that names of objects passed to them are not longer than NAME_LEN bytes. Unfortunately due to bugs in callers this assumption might be broken in some cases. As result we get nasty bugs causing buffer overruns when we construct MDL key or TDC key from object names. This patch makes MDL and TDC code more robust against such bugs by ensuring that we always checking size of result buffer when constructing MDL and TDC keys. This doesn't free its callers from ensuring that both db and table names are shorter than NAME_LEN bytes. But at least these steps prevents buffer overruns in case of bug in caller, replacing them with less harmful behavior. This is 5.5-only version of patch. Changed code of MDL_key::mdl_key_init() to take into account size of buffer for the key. Introduced new version of create_table_def_key() helper function which constructs TDC key without risk of result buffer overrun. Places in code that construct TDC keys were changed to use this function. Also changed rm_temporary_table() and open_new_frm() functions to avoid use of "unsafe" strmov() and strxmov() functions and use safer strnxmov() instead.
-
Dmitry Lenev authored
ROBUST AGAINST BUGS IN CALLERS". Both MDL subsystems and Table Definition Cache code assume that callers ensure that names of objects passed to them are not longer than NAME_LEN bytes. Unfortunately due to bugs in callers this assumption might be broken in some cases. As result we get nasty bugs causing buffer overruns when we construct MDL key or TDC key from object names. This patch makes TDC code more robust against such bugs by ensuring that we always checking size of result buffer when constructing TDC keys. This doesn't free its callers from ensuring that both db and table names are shorter than NAME_LEN bytes. But at least this steps prevents buffer overruns in case of bug in caller, replacing them with less harmful behavior. This is 5.1-only version of patch. This patch introduces new version of create_table_def_key() helper function which constructs TDC key without risk of result buffer overrun. Places in code that construct TDC keys were changed to use this function. Also changed rm_temporary_table() and open_new_frm() functions to avoid use of "unsafe" strmov() and strxmov() functions and use safer strnxmov() instead.
-
unknown authored
-
unknown authored
-
Joerg Bruehe authored
-
Annamalai Gurusami authored
-
Annamalai Gurusami authored
Problem: Before the ALTER TABLE statement, the array dict_index_t::stat_n_diff_key_vals had proper values calculated and updated. But after the ALTER TABLE statement, all the values of this array is 0. Because of this statistics returned by innodb_rec_per_key() is different before and after the ALTER TABLE statement. Running the ANALYZE TABLE command populates the statistics correctly. Solution: After ALTER TABLE statement, set the flag dict_table_t::stat_initialized correctly so that the table statistics will be recalculated properly when the table is next loaded. But note that we still don't choose the loose index scans. This fix only ensures that an ALTER TABLE does not change the optimizer plan. rb://1639 approved by Marko and Jimmy.
-
- 10 Dec, 2012 1 commit
-
-
Joerg Bruehe authored
Bug #15972480 This is the change for 5.5: a cleanup in the way "libmysqld.so" is created. (Patches were adapted for 5.5 previously.) Originally, the ".so" was created by taking all modules in "libmysqld.a", after removing some few which caused unresolved references. This is no good idea, rather "ld" should be used to follow all references from some few start modules. At the same time, the ".so" version needed to be corrected: The original "0.0.1" is both wrong and risky. Rather, the server version is used to identify the ".so" file, but for linkage the first two levels are sufficient (so upgrades are possible without re-building the embedded application).
-
- 09 Dec, 2012 3 commits
-
-
Shivji Kumar Jha authored
patch to fix post push falures in pb2 bzr merge 5.1->5.5 BUG#15872504 - REMOVE MYSQL-TEST/INCLUDE/GET_BINLOG_DUMP_THREAD_ID.INC bzr merge 5.1->5.6
-
Shivji Kumar Jha authored
patch to fix post push falures in pb2 BUG#15872504 - REMOVE MYSQL-TEST/INCLUDE/GET_BINLOG_DUMP_THREAD_ID.INC === Problem === The file named "mysql-test/include/get_binlog_dump_thread_id.inc" is not used anywhere. In any case, this file does wrong things in the wrong way: 1) The file seems to assume there is only one dump thread, but there may be many. 2) you can get this information in a much easier way using the command: "select thread_id from threads where processlist_command="Binlog Dump";" === Fix === removed file 'mysql-test/include/get_binlog_dump_thread_id.inc'
-
Shivji Kumar Jha authored
RPL_ROW_UNTIL TIMES OUT patch to fix post push falures in pb2 mysql-test/suite/rpl/r/rpl_row_until.result: changes to account for the changes made in corresponding test file. mysql-test/suite/rpl/t/disabled.def: disabled test in macosx mysql-test/suite/rpl/t/rpl_row_until.test: replaced static relayy log file by an mtr variable which saves the name of relay log file.
-
- 07 Dec, 2012 2 commits
-
-
Akhila Maddukuri authored
STDERR Fix: Added a destination file to mysqldump.
-
unknown authored
No commit message
-
- 06 Dec, 2012 2 commits
-
-
Harin Vadodaria authored
Description: A very large database name causes buffer overflow in functions acl_get() and check_grant_db() in sql_acl.cc. It happens due to an unguarded string copy operation. This puts required sanity checks before copying db string to destination buffer.
-
Dmitry Shulga authored
XID_STATE->XID.KEY(), XID_STATE->XID.KEY_LENGTH())==0 This bug is a regression of bug#11759534 - 51855: RACE CONDITION IN XA START. The reason for regression is that the changes that fixes the original bug wasn't merged from mysql-5.1 into mysql-5.5 and mysql-trunk. Only null-merge was done for the patch changeset. To incorporate lost changes the manual merge have been done. Additionally the call of trans_rolback() was added into trans_xa_start() in case if xid_cache_insert is failed() after transaction has been started. If we don't call trans_rollback() we would never reset the flag SERVER_STATUS_IN_TRANS in THD::server_status and therefore all subsequent attempts to execute XA START in the connection where the error was occurred will be failed since thd->in_active_multi_stmt_transaction() will return the true every time when trans_xa_start is called. The latest changes were absent in patch for mysql-5.1
-
- 05 Dec, 2012 8 commits
-
-
Gleb Shchepa authored
Post-push cleanup: removal of unneeded assertions.
-
Dmitry Lenev authored
into 5.5 tree.
-
Dmitry Lenev authored
Using too long table aliases in stored routines might have caused server crashes. Code in sp_head::merge_table_list() which is responsible for collecting information about tables used in stored routine was not aware of the fact that table alias might have arbitrary length. I.e. it assumed that table alias can't be longer than NAME_LEN bytes and allocated buffer for a key identifying table accordingly. This patch fixes the issue by ensuring that we use dynamically allocated buffer for table key when table alias is too long. By default stack based buffer is used in which NAME_LEN bytes are reserved for table alias.
-
unknown authored
No commit message
-
Bjorn Munch authored
-
Gleb Shchepa authored
Code in MDL subsystem assumes that identifiers of objects can't be longer than NAME_LEN characters. This assumption was broken when one tried to construct MDL_key based on table alias, which can have arbitrary length. Since MDL_key's (and MDL locks) are not really used for table aliases this patch changes code to not initialize MDL_key object for table list element representing aliases.
-
Shivji Kumar Jha authored
bzr merge 5.1->5.5
-
Shivji Kumar Jha authored
=== Problem === The test is dependent on binlog positions and checks to see if the command 'START SLAVE' functions correctly with the 'UNTIL' clause added to it. The 'UNTIL' clause is added to specify that the slave should start and run until the SQL thread reaches a given point in the master binary log or in the slave relay log. The test uses hard coded values for MASTER_LOG_POS and RELAY_LOG_POS, instead of extracting it using query_get_value() function. There is a test 'rpl.rpl_row_until' which does the similar thing but uses query_get_value() function to set the values of MASTER_LOG_POS/ RELAY_LOG_POS. To be precise, rpl.rpl_row_until is a modified version of engines/func.rpl_row_until.test. The use of hard coded values may lead the slave to stop at a position which may differ from the expected position in the binlog file, an example being the failure of engines/funcs.rpl_row_until in mysql-5.1 given as: "query 'select * from t2' failed. Table 'test.t2' doesn't exist". In this case, the slave actually ran a couple of extra commands as a result of which the slave first deleted the table and then ran a select query on table, leading to the above mentioned failure. === Fix === 1) Fixed the code for failure seen in rpl.rpl_row_until. This test was also failing although the symptoms of failure were different. 2) Copied the contents from rpl.rpl_row_until into into engines/funcs.rpl.rpl_row_until. 3) Updated engines/funcs.rpl_row_until.result accordingly. mysql-test/suite/engines/funcs/r/rpl_row_until.result: modified to accomodate the changes in corresponding test file. mysql-test/suite/engines/funcs/t/disabled.def: removed from the list of disabled tests. mysql-test/suite/engines/funcs/t/rpl_row_until.test: fixed rpl.rpl_row_until and copied its content to engines/funcs.rpl_row_until. The reason being both are same tests but rpl.rpl_row_until is an updated version. mysql-test/suite/rpl/t/disabled.def: removed from the list of disabled tests. sql/sql_repl.cc: Added a check to catch an improper combination of arguements passed to 'START SLAVE UNTIL'. Earlier, START SLAVE UNTIL MASTER_LOG_FILE='master-bin.000001', MASTER_LOG_POS=561, RELAY_LOG_POS=12; passed. It is now detected and an error is reported.
-
- 04 Dec, 2012 3 commits
-
-
Pedro Gomes authored
RPL_ROTATE_LOGS has been failing sporadically in what seems a problem related to routines that update the coordinates. However, the test lacks proper assert statments and because of this the debug information upon failure simply points to the content mismatch between the test and the result file. Not as a solution, but as a improvement to the test to better debug this failure, new assert statments were added to the test. @rpl_rotate_logs.test Added new assert statments reducing the dependency on the result file. @rpl_rotate_logs.result Added new content to the result file to match the test changes
-
Manish Kumar authored
Problem: The problem with the test is that the slave returns from start_slave.inc call too early before the list is actually actualised. This caused the slave stale data to be reported. Fix: Added a wait in the test till the slave's IO status is changed to "Waiting for master to send event" which which ensures the list is correctly updated.
-
Yasufumi Kinoshita authored
#include "read0read.h" for srv0srv.c and trx0rec.c. This is only for mysql-5.5
-