Commit graph

25 commits

Author SHA1 Message Date
Gleb Shchepa
c896190892 backport to 5.1 from 6.0
Bug#35658 (An empty binary value leads to mysqld crash)
  
Before this fix, the following token
  b''
caused the parser to crash when reading the binary value from the empty string.
The crash was caused by:
  ptr+= max_length - 1;
because max_length is unsigned and was 0, causing an overflow.
  
With this fix, an empty binary literal b'' is parsed as a binary value 0,
in Item_bin_string.
2008-06-27 15:23:40 +05:00
malff/marcsql@weblab.(none)
a508260b85 Bug#25411 (trigger code truncated), PART II
Bug 28127 (Some valid identifiers names are not parsed correctly)
Bug 26302 (MySQL server cuts off trailing "*/" from comments in SP/func)

This patch is the second part of a major cleanup, required to fix
Bug 25411 (trigger code truncated).

The root cause of the issue stems from the function skip_rear_comments,
which was a work around to remove "extra" "*/" characters from the query
text, when parsing a query and reusing the text fragments to represent a
view, trigger, function or stored procedure.
The reason for this work around is that "special comments",
like /*!50002 XXX */, were not parsed properly, so that a query like:
  AAA /*!50002 BBB */ CCC
would be seen by the parser as "AAA BBB */ CCC" when the current version
is greater or equal to 5.0.2

The root cause of this stems from how special comments are parsed.
Special comments are really out-of-bound text that appear inside a query,
that affects how the parser behave.
In nature, /*!50002 XXX */ in MySQL is similar to the C concept
of preprocessing :
  #if VERSION >= 50002
  XXX
  #endif

Depending on the current VERSION of the server, either the special comment
should be expanded or it should be ignored, but in all cases the "text" of
the query should be re-written to strip the "/*!50002" and "*/" markers,
which does not belong to the SQL language itself.

Prior to this fix, these markers would leak into :
- the storage format for VIEW,
- the storage format for FUNCTION,
- the storage format for FUNCTION parameters, in mysql.proc (param_list),
- the storage format for PROCEDURE,
- the storage format for PROCEDURE parameters, in mysql.proc (param_list),
- the storage format for TRIGGER,
- the binary log used for replication.

In all cases, not only this cause format corruption, but also provide a vector
for dormant security issues, by allowing to tunnel code that will be activated
after an upgrade.

The proper solution is to deal with special comments strictly during parsing,
when accepting a query from the outside world.
Once a query is parsed and an object is created with a persistant
representation, this object should not arbitrarily mutate after an upgrade.
In short, special comments are a useful but limited feature for MYSQLdump,
when used at an *interface* level to facilitate import/export,
but bloating the server *internal* storage format is *not* the proper way
to deal with configuration management of the user logic.

With this fix:
- the Lex_input_stream class now acts as a comment pre-processor,
and either expands or ignore special comments on the fly.
- MYSQLlex and sql_yacc.yy have been cleaned up to strictly use the
public interface of Lex_input_stream. In particular, how the input stream
accepts or rejects a character is private to Lex_input_stream, and the
internal buffer pointers of that class are strictly private, and should not
be tempered with during parsing.

This caused many changes mostly in sql_lex.cc.

During the code cleanup in case MY_LEX_NUMBER_IDENT,
Bug 28127 (Some valid identifiers names are not parsed correctly)
was found and fixed.

By parsing special comments properly, and removing the function
'skip_rear_comments' [sic],
Bug 26302 (MySQL server cuts off trailing "*/" from comments in SP/func)
has been fixed as well.
2007-06-12 15:23:58 -06:00
evgen@moonbone.local
11d37efa5e Merge epotemkin@bk-internal.mysql.com:/home/bk/mysql-5.0-opt
into  moonbone.local:/mnt/gentoo64/work/bk-trees/mysql-5.1-opt
2007-03-11 00:26:45 +03:00
evgen@moonbone.local
04f5c46d5d Bug#22331: Wrong WHERE in EXPLAIN EXTENDED when all expressions were optimized
away.

Additional fix for bug#22331. Now Item_field prints its value in the case of
the const field.
2007-03-10 00:29:02 +03:00
msvensson@pilot.blaudden
6b4a71659e Make sure tests drops objects created and restore variables to default 2007-03-01 14:16:38 +01:00
msvensson@neptunus.(none)
741eb0179a Update result to 5.1 version format 2006-11-29 23:48:39 +01:00
msvensson@neptunus.(none)
a50f80636c Merge neptunus.(none):/home/msvensson/mysql/bug19731/my50-bug19731
into  neptunus.(none):/home/msvensson/mysql/bug19731/my51-bug19731
2006-11-29 23:05:33 +01:00
msvensson@neptunus.(none)
4c26bf9c1d Bug#19371 VARBINARY() have trailing zeros after upgrade from 4.1
- Detect if a table has field of type MYSQL_TYPE_VAR_STRING while running
   "CHECK TABLE t FOR UPGRADE" and indicate it need to be fixed
   with "REPAIR TABLE t".
 - When running a "REPAIR TABLE t" or "ALTER TABLE t FORCE" on the above
   table, install a special copy function to trim off the trailing spaces
   which we safely can say that the pre 5.0 mysqld didn't put there.
2006-11-09 12:00:27 +01:00
sergefp@mysql.com
699291a8e6 BUG#14940 "MySQL choose wrong index", v.2
- Make the range-et-al optimizer produce E(#table records after table 
                                           condition is applied),
- Make the join optimizer use this value,
- Add "filtered" column to EXPLAIN EXTENDED to show 
  fraction of records left after table condition is applied
- Adjust test results, add comments
2006-07-28 21:27:01 +04:00
igor@rurik.mysql.com
af2d79a771 Fixed bug #16504.
Multiple equalities were not adjusted after reading constant tables.
It resulted in neglecting good index based methods that could be
used to access of other tables.
2006-03-31 21:26:17 -08:00
bell@sanja.is.com.ua
1e3f10a4b1 mark subquery in the FROM clause like derived and quoate all identifiers (BUG#4609) 2004-07-20 08:48:28 +03:00
paul@ice.snake.net
fd1d01e098 Language/consistency edits to error messages
and affected test results.
2004-06-15 22:18:20 -05:00
bell@sanja.is.com.ua
4c774e0c18 fixed flags of printed query 2004-05-13 23:47:20 +03:00
bell@sanja.is.com.ua
33346e26af added code covarage for functions convert(), nullif(), crc32(), is_used_lock(), char_lengtrh(), bit_xor()
added string length for more speed
made code covarage for print() method of Item
fixed printability of some items (SCRUM) (WL#1274)
2003-10-30 12:57:26 +02:00
monty@narttu.mysql.fi
23145cfed7 Added SQLSTATE to client/server protocol
bmove_allign -> bmove_align
Added OLAP function ROLLUP
Split mysql_fix_privilege_tables to a script and a .sql data file
Added new (MEMROOT*) functions to avoid calling current_thd() when creating some common objects.
Added table_alias_charset, for easier --lower-case-table-name handling
Better SQL_MODE handling (Setting complex options also sets sub options)
New (faster) assembler string functions for x86
2003-06-04 18:28:51 +03:00
monty@mashka.mysql.fi
1f6ecc0cd3 Changed mysql-test to print warnings for not existing table to DROP TABLE
Cleaned up test; Removed wrong DROP TABLE commands and use standard table and database names.
changed store_warning() -> push_warning_print()
2003-01-06 01:48:59 +02:00
bell@sanja.is.com.ua
199f667c19 merging 2002-10-04 14:15:59 +03:00
bell@sanja.is.com.ua
2883c3a8cc fixing EXPLAIN select types 2002-10-03 18:47:04 +03:00
bell@sanja.is.com.ua
46a22a5be7 new EXPLAIN
fixed bug in mysql-test/create-test-result
fixed bug in union-subselect engine
2002-09-26 23:08:22 +03:00
monty@mashka.mysql.fi
a01a0840dc Some trivial optimzations
Check if AND/OR expression can be NULL; Fixed bug in GROUP BY and-or-expression where expression could be NULL
Bug fix for SHOW OPEN TABLES when user didn't have privilege to access all open tables.
Better fix for ALTER TABLE on BDB tables.
2002-09-03 15:44:25 +03:00
bell@sanja.is.com.ua
463c59e1e9 fixed tests to be independed from environment 2002-08-30 21:32:59 +03:00
monty@hundin.mysql.fi
be46289855 New error messages
Test of unsigned BIGINT values
Fixes for queries-per-hour
Cleanup of replication code (comments and portability fixes)
Make most of the binary log code 4G clean
Changed syntax for GRANT ... QUERIES PER HOUR
2002-01-29 18:32:16 +02:00
sasha@mysql.sashanet.com
bb66c80aeb client/mysqlmanagerc.c
added support for quiet
    increased line buffer size
client/mysqltest.c
    fixed memory leak
    added query logging to result file
    added error message logging to result file
    added enable_query_log/disable_query_log
mysql-test/mysql-test-run.sh
    converted tests to use mysqlmanager

Updated test results
2001-09-27 23:05:54 -06:00
monty@tik.mysql.fi
0559758630 Added support for ANSI SQL X'hex-string' format.
Fixed mysqldump to use -- instead of # as comment characters.
Removed support for the 3.20 protocol format
2001-07-04 09:39:58 +03:00
monty@donna.mysql.com
c0f40d14cc Added support for hex strings to mysqlimport
A lot of new tests to mysqltest
Fixed bug with BDB tables and autocommit
2000-12-28 03:56:38 +02:00