1. 08 Jun, 2010 2 commits
    • Davi Arnaut's avatar
      Bug#34236: Various possibly related SSL crashes · e3d9ac52
      Davi Arnaut authored
      The problem was that the bundled yaSSL library was being built
      without thread safety support regardless of the thread safeness
      of the compoments linked with it.
      
      The solution is to enable yaSSL thread safety support if any
      component (server or client) is to be built with thread support.
      
      Also, generate new certificates for yaSSL's test suite.
      
      config/ac-macros/yassl.m4:
        Enable yaSSL thread safety if linking with the server or a
        thread safe client library. Avoids building a thread safe
        yaSSL when only building a non-thread safe client library.
      extra/yassl/CMakeLists.txt:
        Always enable for Windows builds.
      extra/yassl/certs/ca-cert.pem:
        New certificate, previous one expired.
      extra/yassl/certs/client-cert.der:
        New certificate, previous one expired.
      extra/yassl/certs/client-cert.pem:
        New certificate, previous one expired.
      extra/yassl/certs/dsa-cert.pem:
        New certificate, previous one expired.
      extra/yassl/certs/server-cert.pem:
        New certificate, previous one expired.
      extra/yassl/include/lock.hpp:
        Rename MULTI_THREAD to YASSL_THREAD_SAFE.
      extra/yassl/src/Makefile.am:
        Use CXXFLAGS to set thread related definitions as the lock header
        (lock.hpp) has no local dependencies.
      extra/yassl/src/lock.cpp:
        Rename MULTI_THREAD to YASSL_THREAD_SAFE.
      extra/yassl/taocrypt/CMakeLists.txt:
        Always enable for Windows builds.
      extra/yassl/taocrypt/benchmark/Makefile.am:
        Pass thread related CXXFLAGS.
      extra/yassl/taocrypt/src/Makefile.am:
        Pass thread related CXXFLAGS.
      extra/yassl/taocrypt/test/Makefile.am:
        Pass thread related CXXFLAGS.
      extra/yassl/taocrypt/test/memory.cpp:
        Rename MULTI_THREAD to YASSL_THREAD_SAFE.
      extra/yassl/testsuite/Makefile.am:
        Pass thread related CXXFLAGS.
      e3d9ac52
    • Sergey Glukhov's avatar
      Bug#53933 crash when using uncacheable subquery in the having clause of outer query · 66c621ba
      Sergey Glukhov authored
      The problem is in the Item_func_isnull::update_used_tables() function,
      bracket is at the wrong place. Because of that isnull item erroneously
      is treated as const item. The fix is to set brackets in the right place.
      
      
      mysql-test/r/func_isnull.result:
        test case
      mysql-test/t/func_isnull.test:
        test case
      sql/item_cmpfunc.h:
        set brackets in the right place.
      66c621ba
  2. 07 Jun, 2010 1 commit
  3. 04 Jun, 2010 1 commit
    • Georgi Kodinov's avatar
      Bug #52315: utc_date() crashes when system time > year 2037 · 121e0473
      Georgi Kodinov authored
                  
      Some of the server implementations don't support dates later
      than 2038 due to the internal time type being 32 bit.
      Added checks so that the server will refuse dates that cannot
      be handled by either throwing an error when setting date at 
      runtime or by refusing to start or shutting down the server if 
      the system date cannot be stored in my_time_t.
      121e0473
  4. 01 Jun, 2010 1 commit
  5. 25 May, 2010 3 commits
    • Ramil Kalimullin's avatar
      Automerge. · 32d6a7fc
      Ramil Kalimullin authored
      32d6a7fc
    • Ramil Kalimullin's avatar
      Fix for bug #53907: Table dump command can be abused to dump arbitrary tables. · eef9ce8c
      Ramil Kalimullin authored
      Problem: one with SELECT privilege on some table may dump other table
      performing COM_TABLE_DUMP command due to missed check of the table name.
      
      Fix: check the table name.
      
      
      sql/sql_parse.cc:
        Fix for bug #53907: Table dump command can be abused to dump arbitrary tables.
          - check given table name performing COM_TABLE_DUMP command.
      tests/mysql_client_test.c:
        Fix for bug #53907: Table dump command can be abused to dump arbitrary tables.
          - test case.
      eef9ce8c
    • Davi Arnaut's avatar
      Bug#53908: compile failure with embedded enabled · 342819f1
      Davi Arnaut authored
      This fixes a recently introduced regression, where a variable is
      not defined for the embedded server. Although the embedded server
      is not supported in 5.0, make it at least compile.
      342819f1
  6. 19 May, 2010 1 commit
  7. 11 May, 2010 1 commit
    • Martin Hansson's avatar
      Bug#48157: crash in Item_field::used_tables · 79e60f0a
      Martin Hansson authored
            
      MySQL handles the join syntax "JOIN ... USING( field1,
      ... )" and natural joins by building the same parse tree as
      a corresponding join with an "ON t1.field1 = t2.field1 ..."
      expression would produce. This parse tree was not cleaned up
      properly in the following scenario. If a thread tries to
      lock some tables and finds that the tables were dropped and
      re-created while waiting for the lock, it cleans up column
      references in the statement by means a per-statement free
      list. But if the statement was part of a stored procedure,
      column references on the stored procedure's free list
      weren't cleaned up and thus contained pointers to freed
      objects.
            
      Fixed by adding a call to clean up the current prepared
      statement's free list.
      
      This is a backport from MySQL 5.1
      79e60f0a
  8. 06 May, 2010 1 commit
    • Martin Hansson's avatar
      Bug#52357: Assertion failed: join->best_read in · 1eada910
      Martin Hansson authored
      greedy_search optimizer_search_depth=0
      
      The algorithm inside restore_prev_nj_state failed to
      properly update the counters within the NESTED_JOIN
      tree. The counter was decremented each time a table in the
      node was removed from the QEP, the correct thing to do being
      only to decrement it when the last table in the child node
      was removed from the plan. This lead to node counters
      getting negative values and the plan thus appeared
      impossible. An assertion caught this.
      
      Fixed by not recursing up the tree unless the last table in
      the join nest node is removed from the plan
      1eada910
  9. 05 May, 2010 3 commits
    • Sunanda Menon's avatar
      ------------------------------------------------------------ · c5bf05cd
      Sunanda Menon authored
      revno: 2861
      committer: Georgi Kodinov <joro@sun.com>
      branch nick: B53371-5.0-bugteam
      timestamp: Mon 2010-05-03 18:16:51 +0300
      message:
        Bug #53371: COM_FIELD_LIST can be abused to bypass table level grants.
        
        The server was not checking the supplied to COM_FIELD_LIST table name
        for validity and compliance to acceptable table names standards.
        Fixed by checking the table name for compliance similar to how it's 
        normally checked by the parser and returning an error message if 
        it's not compliant.
      c5bf05cd
    • Georgi Kodinov's avatar
      merge · aba66c67
      Georgi Kodinov authored
      aba66c67
    • Georgi Kodinov's avatar
      tree name change · c5b14cda
      Georgi Kodinov authored
      c5b14cda
  10. 03 May, 2010 2 commits
  11. 01 May, 2010 1 commit
  12. 29 Apr, 2010 2 commits
    • Davi Arnaut's avatar
      Bug#50974: Server keeps receiving big (> max_allowed_packet) packets indefinitely. · 54705ab1
      Davi Arnaut authored
      The server could be tricked to read packets indefinitely if it
      received a packet larger than the maximum size of one packet.
      This problem is aggravated by the fact that it can be triggered
      before authentication.
      
      The solution is to no skip big packets for non-authenticated
      sessions. If a big packet is sent before a session is authen-
      ticated, a error is returned and the connection is closed.
      
      include/mysql_com.h:
        Add skip flag. Only used in server builds.
      sql/net_serv.cc:
        Control whether big packets can be skipped.
      54705ab1
    • Ramil Kalimullin's avatar
      Fix for bug #53237: mysql_list_fields/COM_FIELD_LIST stack smashing · 0d5dbb16
      Ramil Kalimullin authored
      Problem: "COM_FIELD_LIST is an old command of the MySQL server, before there was real move to only
      SQL. Seems that the data sent to COM_FIELD_LIST( mysql_list_fields() function) is not
      checked for sanity. By sending long data for the table a buffer is overflown, which can
      be used deliberately to include code that harms".
      
      Fix: check incoming data length.
      
      
      sql/sql_parse.cc:
        Fix for bug #53237: mysql_list_fields/COM_FIELD_LIST stack smashing
          - check incoming mysql_list_fields() table name arg length.
      0d5dbb16
  13. 26 Apr, 2010 1 commit
    • Alexey Kopytov's avatar
      Backport of the fix for bug #50335 to 5.0. · 6d43510a
      Alexey Kopytov authored
      The problem was in an incorrect debug assertion. The expression
      used in the failing assertion states that when finding
      references matching ORDER BY expressions, there can be only one
      reference to a single table. But that does not make any sense,
      all test cases for this bug are valid examples with multiple
      identical WHERE expressions referencing the same table which
      are also present in the ORDER BY list.
      
      Fixed by removing the failing assertion. We also have to take
      care of the 'found' counter so that we count multiple
      references only once. We rely on this fact later in
      eq_ref_table().
      
      mysql-test/r/join.result:
        Added a test case for bug #50335.
      mysql-test/t/join.test:
        Added a test case for bug #50335.
      sql/sql_select.cc:
        Removing the assertion in eq_ref_table() as it does not make
        any sense. We also have to take care of the 'found' counter so
        that we count multiple references only once. We rely on this
        fact later in eq_ref_table().
      6d43510a
  14. 06 Apr, 2010 2 commits
  15. 30 Mar, 2010 1 commit
  16. 26 Mar, 2010 1 commit
    • Sergey Glukhov's avatar
      Bug#52177 crash with explain, row comparison, join, text field · f57839cd
      Sergey Glukhov authored
      The crash is the result of an attempt made by JOIN::optimize to evaluate
      the WHERE condition when no records have been actually read.
      The fix is to remove erroneous 'outer_join' variable check.
      
      
      mysql-test/r/join.result:
        test result
      mysql-test/t/join.test:
        test case
      sql/sql_select.cc:
        removed erroneous 'outer_join' variable check.
      f57839cd
  17. 24 Mar, 2010 1 commit
    • Sergey Glukhov's avatar
      Bug#48483 crash in get_best_combination() · bccf219b
      Sergey Glukhov authored
      The crash happens because greedy_serach
      can not determine best plan due to
      wrong inner table dependences. These
      dependences affects join table sorting
      which performs before greedy_search starting.
      In our case table which has real 'no dependences'
      should be put on top of the list but it does not
      happen as inner tables have no dependences as well.
      The fix is to exclude RAND_TABLE_BIT mask from
      condition which checks if table dependences
      should be updated.
      
      
      mysql-test/r/join.result:
        test result
      mysql-test/t/join.test:
        test case
      sql/sql_select.cc:
        RAND_TABLE_BIT mask should not be counted as it
        prevents update of inner table dependences.
        For example it might happen if RAND() function
        is used in JOIN ON clause.
      bccf219b
  18. 10 Mar, 2010 4 commits
    • Sergey Vojtovich's avatar
      An addition to fix for · 2a667b7b
      Sergey Vojtovich authored
      BUG#51342 - more xid crashing
      
      Restore autocommit variable by supplying explicit value.
      
      mysql-test/r/xa.result:
        Restore autocommit variable by supplying explicit value.
      mysql-test/t/xa.test:
        Restore autocommit variable by supplying explicit value.
      2a667b7b
    • Sergey Vojtovich's avatar
      Merge fix for BUG51342 to 5.0-bugteam. · 992f6754
      Sergey Vojtovich authored
      992f6754
    • Sergey Vojtovich's avatar
      BUG#51342 - more xid crashing · 405fd822
      Sergey Vojtovich authored
      SET autocommit=1 while XA transaction is active may
      cause various side effects, including memory corruption
      and server crash.
      
      The problem is that SET autocommit=1 and further queries
      attempt to commit local transaction, whereas XA transaction
      is still active.
      
      As local and XA transactions are mutually exclusive, this
      patch forbids enabling autocommit mode while XA transaction
      is active.
      
      mysql-test/r/xa.result:
        A test case for BUG#51342.
      mysql-test/t/xa.test:
        A test case for BUG#51342.
      sql/set_var.cc:
        Forbid enabling autocommit mode while XA transaction is
        active.
      405fd822
    • Georgi Kodinov's avatar
  19. 08 Mar, 2010 1 commit
    • Georgi Kodinov's avatar
      Backport of the fix for bug #51357 to 5.0-bugteam.: · 2ba46ad4
      Georgi Kodinov authored
      Spatial indexes were not checking for out-of-record condition in
      the handler next command when the previous command didn't found
      rows.
      
      Fixed by making the rtree index to check for end of rows condition
      before re-using the key from the previous search.
      
      Fixed another crash if the tree has changed since the last search.
      Added a test case for the other error.
      2ba46ad4
  20. 04 Mar, 2010 2 commits
  21. 02 Mar, 2010 2 commits
    • Tatiana A. Nurnberg's avatar
      Bug#48295: explain extended crash with subquery and ONLY_FULL_GROUP_BY sql · c610e978
      Tatiana A. Nurnberg authored
      If an outer query is broken, a subquery might not even get set up.
      EXPLAIN EXTENDED did not expect this and merrily tried to de-ref all
      of the half-setup info.
      
      We now catch this case and print as much as we have, as it doesn't cost us
      anything (doesn't make regular execution slower).
      
      backport from 5.1
      
      mysql-test/r/explain.result:
        Show that EXPLAIN EXTENDED with subquery and illegal out query doesn't crash.
        Show also that SHOW WARNINGS will render an additional Note in the hope of
        being, well, helpful.
      mysql-test/t/explain.test:
        If we have only half a query for EXPLAIN EXTENDED to print (i.e.,
        incomplete subquery info as outer query is illegal), we should
        provide the user with as much info as we easily can if they ask
        for it. What we should not do is crash when they come asking for
        help, that violates etiquette in some countries.
      sql/item_subselect.cc:
        If the sub-query's actually set up, print it. Otherwise, elide.
      c610e978
    • Tatiana A. Nurnberg's avatar
      auto-merge · 42585b09
      Tatiana A. Nurnberg authored
      42585b09
  22. 01 Mar, 2010 1 commit
  23. 26 Feb, 2010 1 commit
  24. 25 Feb, 2010 2 commits
  25. 20 Feb, 2010 1 commit
  26. 19 Feb, 2010 1 commit
    • Tatiana A. Nurnberg's avatar
      Bug#49487: crash with explain extended and group_concat in a derived table · 1fc1f462
      Tatiana A. Nurnberg authored
      When EXPLAIN EXTENDED tries to print column names, it checks whether the
      referenced table is CONST (in which case, the column's value rather than
      its name will be printed). If no proper table is reference (i.e. because
      a derived table was used that has since gone out of scope), this will fail
      spectacularly.
      
      This ports an equivalent of the fix for Bug 43354.
      
      mysql-test/r/func_gconcat.result:
        Show that EXPLAIN EXTENDED on a GROUP_CONCAT() on a derived table
        no longer crashes the server.
      mysql-test/t/func_gconcat.test:
        Show that EXPLAIN EXTENDED on a GROUP_CONCAT() on a derived table
        no longer crashes the server.
      sql/item_sum.cc:
        Do not de-ref what cannot be, that is, temp-tables that have gone away.
        This is of questionable utility anyway, since our deref has the sole
        purpose of checking whether the table is const (in which case, we'll
        substitute the column with its value in EXPLAIN EXTENDED - that is all).
      1fc1f462