Item_in_subselect's only externally callable method is val_bool().
However the nullability in the wrapper class (Item_in_optimizer) is
established by calling the "forbidden" method val_int().
Fixed to use the correct method (val_bool() ) to establish nullability
of Item_in_subselect in Item_in_optimizer.
Fulltext boolean mode phrase search may crash server on platforms
where size of pointer is not equal to size of unsigned integer
(in other words some 64-bit platforms).
The problem was integer overflow.
Affects 4.1 only.
Item_func_inet_ntoa and Item_func_conv inherit 'maybe_null' flag from an
argument, which is wrong.
Both can be NULL with notnull arguments, so that's fixed.
There are two problems with ROUND(X, D) on an exact numeric
(DECIMAL, NUMERIC type) field of a table:
1) The implementation of the ROUND function would change the number of decimal
places regardless of the value decided upon in fix_length_and_dec. When the
number of decimal places is not constant, this would cause an inconsistent
state where the number of digits was less than the number of decimal places,
which crashes filesort.
Fixed by not allowing the ROUND operation to add any more decimal places than
was decided in fix_length_and_dec.
2) fix_length_and_dec would allow the number of decimals to be greater than
the maximium configured value for constant values of D. This led to the same
crash as in (1).
Fixed by not allowing the above in fix_length_and_dec.
The fix is a copy of Martin Friebe's suggestion.
added testing for no_appended which will be false if anything,
including the empty string is in result
SHOW FIELDS FROM a view with no valid definer was possible (since fix
for Bug#26817), but gave NULL as a field-type. This led to mysqldump-ing
of such views being successful, but loading such a dump with the client
failing. Patch allows SHOW FIELDS to give data-type of field in underlying
table.
doesn't recognize it
This is a 5.0 version of the patch, it will be null-merged to 5.1
Problem:
'log' and 'log_slow_queries' were "fixed" variables, i.e. they showed up
in SHOW VARIABLES, but could not be used in expressions like
"select @@log". Also, using them in the SET statement produced an
incorrect "unknown system variable" error.
Solution:
Make 'log' and 'log_slow_queries' read-only dynamic variables to make
them available for use in expressions, and produce a correct error
about the variable being read-only when used in the SET statement.
Fix problem with AttributeHeader::init() seen with gcc 4.2.1.
Using the same object as both Uint32 and class AttributeHeader violates
strict aliasing rule.
all space column names.
The parser has been modified to check VIEW column names
with the check_column_name function and to report an error
on empty and all space column names (same as for TABLE
column names).
ucs2 doesn't provide required by fulltext ctype array. Crash
happens because fulltext attempts to use unitialized ctype
array.
Fixed by converting ucs2 fields to compatible utf8 analogue.
file .\opt_sum.cc, line
The optimizer pre-calculates the MIN/MAX values for queries like
SELECT MIN(kp_k) WHERE kp_1 = const AND ... AND kp_k-1 = const
when there is a key over kp_1...kp_k
In doing so it was not checking correctly nullability and
there was a superfluous assert().
Fixed by making sure that the field can be null before checking and
taking out the wrong assert().
.
Introduced a correct check for nullability
The MIN(field) can return NULL when all the row values in the group
are NULL-able or if there were no rows.
Fixed the assertion to reflect the case when there are no rows.
Inserting Data.
The problem was that under some circumstances Field class was not
properly initialized before calling create_length_to_internal_length()
function, which led to assert failure.
The fix is to do the proper initialization.
The user-visible problem was that under some circumstances
CREATE TABLE ... SELECT statement crashed the server or led
to wrong error message (wrong results).
The problem is that when copying the supplied username and
database, no bounds checking is performed on the fixed-length
buffer. A sufficiently large (> 512) user string can easily
cause stack corruption. Since this API can be used from PHP
and other programs, this is a serious problem.
The solution is to increase the buffer size to the accepted
size in similar functions and perform bounds checking when
copying the username and database.
