- 15 Jan, 2011 1 commit
-
-
Backport to 5.0. /*![:version:] Query Code */, where [:version:] is a sequence of 5 digits representing the mysql server version(e.g /*!50200 ... */), is a special comment that the query in it can be executed on those servers whose versions are larger than the version appearing in the comment. It leads to a security issue when slave's version is larger than master's. A malicious user can improve his privileges on slaves. Because slave SQL thread is running with SUPER privileges, so it can execute queries that he/she does not have privileges on master. This bug is fixed with the logic below: - To replace '!' with ' ' in the magic comments which are not applied on master. So they become common comments and will not be applied on slave. - Example: 'INSERT INTO t1 VALUES (1) /*!10000, (2)*/ /*!99999 ,(3)*/ will be binlogged as 'INSERT INTO t1 VALUES (1) /*!10000, (2)*/ /* 99999 ,(3)*/
-
- 13 Jan, 2011 1 commit
-
-
Georgi Kodinov authored
-
- 29 Dec, 2010 1 commit
-
-
Alexander Nozdrin authored
-
- 28 Dec, 2010 1 commit
-
-
Kent Boortz authored
- Removed files specific to compiling on OS/2 - Removed files specific to SCO Unix packaging - Removed "libmysqld/copyright", text is included in documentation - Removed LaTeX headers for NDB Doxygen documentation - Removed obsolete NDB files - Removed "mkisofs" binaries - Removed the "cvs2cl.pl" script - Changed a few GPL texts to use "program" instead of "library"
-
- 17 Dec, 2010 1 commit
-
-
Georgi Kodinov authored
-
- 14 Dec, 2010 1 commit
-
-
Gleb Shchepa authored
Original revid: alexey.kopytov@sun.com-20100723115254-jjwmhq97b9wl932l > Bug #54476: crash when group_concat and 'with rollup' in > prepared statements > > Using GROUP_CONCAT() together with the WITH ROLLUP modifier > could crash the server. > > The reason was a combination of several facts: > > 1. The Item_func_group_concat class stores pointers to ORDER > objects representing the columns in the ORDER BY clause of > GROUP_CONCAT(). > > 2. find_order_in_list() called from > Item_func_group_concat::setup() modifies the ORDER objects so > that their 'item' member points to the arguments list > allocated in the Item_func_group_concat constructor. > > 3. In some cases (e.g. in JOIN::rollup_make_fields) a copy of > the original Item_func_group_concat object could be created by > using the Item_func_group_concat::Item_func_group_concat(THD > *thd, Item_func_group_concat *item) copy constructor. The > latter essentially creates a shallow copy of the source > object. Memory for the arguments array is allocated on > thd->mem_root, but the pointers for arguments and ORDER are > copied verbatim. > > What happens in the test case is that when executing the query > for the first time, after a copy of the original > Item_func_group_concat object has been created by > JOIN::rollup_make_fields(), find_order_in_list() is called for > this new object. It then resolves ORDER BY by modifying the > ORDER objects so that they point to elements of the arguments > array which is local to the cloned object. When thd->mem_root > is freed upon completing the execution, pointers in the ORDER > objects become invalid. Those ORDER objects, however, are also > shared with the original Item_func_group_concat object which is > preserved between executions of a prepared statement. So the > first call to find_order_in_list() for the original object on > the second execution tries to dereference an invalid pointer. > > The solution is to create copies of the ORDER objects when > copying Item_func_group_concat to not leave any stale pointers > in other instances with different lifecycles.
-
- 30 Nov, 2010 2 commits
-
-
Christopher Powers authored
-
Christopher Powers authored
Improved error handling such that queries against Information_Schema.Tables won't fail if a Federated table is unable to connect to remote host.
-
- 29 Nov, 2010 2 commits
-
-
Georgi Kodinov authored
will not display "indicated result file not found" due to wrongly named var directory.
-
Georgi Kodinov authored
-
- 24 Nov, 2010 1 commit
-
-
Alexander Nozdrin authored
EXCEPTIONS-CLIENT from all the places.
-
- 22 Nov, 2010 2 commits
-
-
Alexander Nozdrin authored
-
Alexander Nozdrin authored
-
- 05 Oct, 2010 4 commits
-
-
Georgi Kodinov authored
-
Georgi Kodinov authored
-
Georgi Kodinov authored
-
Georgi Kodinov authored
-
- 20 Aug, 2010 2 commits
-
-
Georgi Kodinov authored
-
Georgi Kodinov authored
-
- 10 Aug, 2010 1 commit
-
-
Georgi Kodinov authored
Updated the README file.
-
- 02 Aug, 2010 2 commits
-
-
Georgi Kodinov authored
-
Georgi Kodinov authored
-
- 30 Jul, 2010 1 commit
-
-
Davi Arnaut authored
Fix a regression (due to a typo) which caused spurious incorrect argument errors for long data stream parameters if all forms of logging were disabled (binary, general and slow logs).
-
- 21 Jul, 2010 2 commits
-
-
Georgi Kodinov authored
-
Georgi Kodinov authored
-
- 15 Jul, 2010 1 commit
-
-
Alexey Kopytov authored
Calculating the estimated number of records for a range scan may take a significant time, and it was impossible for a user to interrupt that process by killing the connection or the query. Fixed by checking the thread's 'killed' status in check_quick_keys() and interrupting the calculation process if it is set to a non-zero value.
-
- 07 Jul, 2010 1 commit
-
-
Vasil Dimov authored
(without the unrelated whitespace changes): ------------------------------------------------------------------------ r7009 | jyang | 2010-04-29 20:44:56 +0300 (Thu, 29 Apr 2010) | 6 lines branches/5.0: Port fix for bug #49238 (Creating/Dropping a temporary table while at 1023 transactions will cause assert) from 5.1 to branches/5.1. Separate action for return value DB_TOO_MANY_CONCURRENT_TRXS from that of DB_MUST_GET_MORE_FILE_SPACE in row_drop_table_for_mysql(). ------------------------------------------------------------------------
-
- 02 Jul, 2010 3 commits
-
-
Georgi Kodinov authored
-
Georgi Kodinov authored
-
Georgi Kodinov authored
-
- 28 Jun, 2010 1 commit
-
-
Davi Arnaut authored
The problem was that a user could supply supply data in chunks via the COM_STMT_SEND_LONG_DATA command to prepared statement parameter other than of type TEXT or BLOB. This posed a problem since other parameter types aren't setup to handle long data, which would lead to a crash when attempting to use the supplied data. Given that long data can be supplied at any stage of a prepared statement, coupled with the fact that the type of a parameter marker might change between consecutive executions, the solution is to validate at execution time each parameter marker for which a data stream was provided. If the parameter type is not TEXT or BLOB (that is, if the type is not able to handle a data stream), a error is returned.
-
- 21 Jun, 2010 2 commits
-
-
Georgi Kodinov authored
-
Georgi Kodinov authored
-
- 17 Jun, 2010 1 commit
-
-
Joerg Bruehe authored
line exceeds the limit The number and/or names of our files for the main test suite (contents of "mysql-test/t/") now exceeds the command line length limit on AIX. Solve the problem by using separate "cp" commands for the various file name extensions.
-
- 15 Jun, 2010 1 commit
-
-
Bjorn Munch authored
Reorder code breaks when finding tests skipped due to --skip-rpl etc. Add simple test that master_opt is non-empty
-
- 14 Jun, 2010 1 commit
-
-
Bjorn Munch authored
Kill mysqltest and call mtr_kill_leftovers() before terminating
-
- 10 Jun, 2010 1 commit
-
-
Davi Arnaut authored
Addendum: Work around a compilation failure on Windows due to windows.h not being added to the global namespace.
-
- 08 Jun, 2010 3 commits
-
-
Davi Arnaut authored
-
Davi Arnaut authored
The problem was that the bundled yaSSL library was being built without thread safety support regardless of the thread safeness of the compoments linked with it. The solution is to enable yaSSL thread safety support if any component (server or client) is to be built with thread support. Also, generate new certificates for yaSSL's test suite.
-
Sergey Glukhov authored
The problem is in the Item_func_isnull::update_used_tables() function, bracket is at the wrong place. Because of that isnull item erroneously is treated as const item. The fix is to set brackets in the right place.
-