warnings after uncompressed_length
UNCOMPRESSED_LENGTH() did not validate its argument. In
particular, if the argument length was less than 4 bytes,
an uninitialized memory value was returned as a result.
Since the result of COMPRESS() is either an empty string or
a 4-byte length prefix followed by compressed data, the bug was
fixed by ensuring that the argument of UNCOMPRESSED_LENGTH() is
either an empty string or contains at least 5 bytes (as done in
UNCOMPRESS()). This is the best we can do to validate input
without decompressing.
mysql-test/r/func_compress.result:
Added a test case for bug #44796.
mysql-test/t/func_compress.test:
Added a test case for bug #44796.
sql/item_strfunc.cc:
Make sure that the argument of UNCOMPRESSED_LENGTH() contains
at least 5 bytes (as done in UNCOMPRESS()).
Internal InnoDN FK parser does not recognize '\'' as quotation symbol.
Suggested fix is to add '\'' symbol check for quotation condition
(dict_strip_comments() function).
innobase/dict/dict0dict.c:
Internal InnoDN FK parser does not recognize '\'' as quotation symbol.
Suggested fix is to add '\'' symbol check for quotation condition
(dict_strip_comments() function).
mysql-test/r/innodb_mysql.result:
test result
mysql-test/t/innodb_mysql.test:
test case
with a "HAVING" clause though query works
SELECT from views defined like:
CREATE VIEW v1 (view_column)
AS SELECT c AS alias FROM t1 HAVING alias
fails with an error 1356:
View '...' references invalid table(s) or column(s)
or function(s) or definer/invoker of view lack rights
to use them
CREATE VIEW form with a (column list) substitutes
SELECT column names/aliases with names from a
view column list.
However, alias references in HAVING clause was
not substituted.
The Item_ref::print function has been modified
to write correct aliased names of underlying
items into VIEW definition generation/.frm file.
mysql-test/r/view.result:
Added test file for bug #40825.
mysql-test/t/view.test:
Added test file for bug #40825.
sql/item.cc:
Bug#40825: Error 1356 while selecting from a view
with a "HAVING" clause though query works
The Item_ref::print function has been modified
to write correct aliased names of underlying
items into VIEW definition generation/.frm file.
It turns out that this test case no longer fails with the discrepancy
in numbers that was the original cause for disabling this test (and showed
potential genuine issues with the query cache). Therefore
this test is being enabled after some minor adjustment of error codes and
messages.
Details:
1. Add missing "disconnect <session>"
2. Take care that the disconnects are finished when the test terminates
3. Replace error names by error numbers
4. Minor beautifying of script code
Field_time::get_time() did not initialize some members of
MYSQL_TIME which led to valgrind warnings when those members
were accessed in Protocol_simple::store_time().
It is unlikely that this bug could result in wrong data
being returned, since Field_time::get_time() initializes the
'day' member of MYSQL_TIME to 0, so the value of 'day'
in Protocol_simple::store_time() would be 0 regardless
of the values for 'year' and 'month'.
mysql-test/r/type_time.result:
Added a test case for bug #44792.
mysql-test/t/type_time.test:
Added a test case for bug #44792.
sql/field.cc:
Field_time::get_time() did not initialize some members of
MYSQL_TIME which led to valgrind warnings when those members
were accessed in Protocol_simple::store_time().
In UNION if we use last SELECT without braces and this
SELECT have ORDER BY clause, such clause belongs to
global UNION. It is parsed like last SELECT
part and used further as 'unit->global_parameters->order_list' value.
During DESCRIBE EXTENDED we call select_lex->print_order() for
last SELECT where order fields refer to tmp table
which already freed. It leads to crash.
The fix is clean up global_parameters->order_list
instead of fake_select_lex->order_list.
mysql-test/r/union.result:
test result
mysql-test/t/union.test:
test case
sql/sql_union.cc:
In UNION if we use last SELECT without braces and this
SELECT have ORDER BY clause, such clause belongs to
global UNION. It is parsed like last SELECT
part and used further as 'unit->global_parameters->order_list' value.
During DESCRIBE EXTENDED we call select_lex->print_order() for
last SELECT where order fields refer to tmp table
which already freed. It leads to crash.
The fix is clean up global_parameters->order_list
instead of fake_select_lex->order_list.
UNIX sockets need to be on a path shorter than 70 characters on some older platofrms.
MTRv1 tries to fix this by moving the socket to the $TMPDIR, however this causes
issues with certain tests on Windows.
Fixed by not applying any hacks on Windows - Windows does not need them.
UNIX sockets need to be on a path shorter than 70 characters on some older platofrms.
MTRv1 tries to fix this by moving the socket to the $TMPDIR, however this causes
issues with certain tests on Windows.
Fixed by not applying any hacks on Windows - Windows does not need them.
Problem: using LOAD_FILE() in some cases we pass a file name string
without a trailing '\0' to fn_format() which relies on that however.
That may lead to valgrind warnings.
Fix: add a trailing '\0' to the file name passed to fn_format().
mysql-test/r/func_str.result:
Fix for bug#44774: load_file function produces valgrind warnings
- test result.
mysql-test/t/func_str.test:
Fix for bug#44774: load_file function produces valgrind warnings
- test case.
sql/item_strfunc.cc:
Fix for bug#44774: load_file function produces valgrind warnings
- passing a file name to fn_format(), file_name->c_ptr() replaced
with file_name->c_ptr_safe() to ensure we have a trailing '\0'.
Problem: storing "SELECT ... INTO @var ..." results in variables we used val_xxx()
methods which returned results of the current row.
So, in some cases (e.g. SELECT DISTINCT, GROUP BY or HAVING) we got data
from the first row of a new group (where we evaluate a clause) instead of
data from the last row of the previous group.
Fix: use val_xxx_result() counterparts to get proper results.
mysql-test/r/distinct.result:
Fix for bug#42009: SELECT into variable gives different results to direct SELECT
- results adjusted.
mysql-test/r/user_var.result:
Fix for bug#42009: SELECT into variable gives different results to direct SELECT
- test result.
mysql-test/t/user_var.test:
Fix for bug#42009: SELECT into variable gives different results to direct SELECT
- test case.
sql/item_func.cc:
Fix for bug#42009: SELECT into variable gives different results to direct SELECT
- Item_func_set_user_var::save_item_result() added to evaluate and store
an item's result into a user variable.
sql/item_func.h:
Fix for bug#42009: SELECT into variable gives different results to direct SELECT
- Item_func_set_user_var::save_item_result() added to evaluate and store
an item's result into a user variable.
sql/sql_class.cc:
Fix for bug#42009: SELECT into variable gives different results to direct SELECT
- use Item_func_set_user_var::save_item_result() to store results into user
variables.
The --hexdump option crashed mysqlbinlog when used together
with the --read-from-remote-server option due to use of
uninitialized memory.
Since Log_event::print_header() relies on temp_buf to be
initialized when the --hexdump option is present,
dump_remote_log_entries() was fixed to setup temp_buf to point
to the start of a binlog event as done in
dump_local_log_entries().
The root cause of this bug is identical to the one for
bug #17654. The latter was fixed in 5.1 and up, so this
patch is backport of the patches for bug #17654 to 5.0.
Only 5.0 needs a changelog entry.
client/mysqlbinlog.cc:
Fixed dump_remote_log_entries() so that temp_buf is initialized
as it may be used later by Log_event::print_header() if the
--hexdump option is present.
mysql-test/r/mysqlbinlog.result:
Added a test case for bug #41943.
mysql-test/t/mysqlbinlog.test:
Added a test case for bug #41943.
with seg fault
Multiple-table DELETE from a table joined to itself may cause
server crash. This was originally discovered with MEMORY engine,
but may affect other engines with different symptoms.
The problem was that the server violated SE API by performing
parallel table scan in one handler and removing records in
another (delete on the fly optimization).
mysql-test/r/heap_btree.result:
Updated test result after adding new test for this bug.
mysql-test/t/heap_btree.test:
Updated test result after adding new test for the bug report.
sql/sql_delete.cc:
Updated to check if the files in delete list appears in join list and disable
delete while scanning, if it appears.
EXPLAIN EXTENDED of nested query containing a error:
1054 Unknown column '...' in 'field list'
may cause a server crash.
Parse error like described above forces a call to
JOIN::destroy() on malformed subquery.
That JOIN::destroy function closes and frees temporary
tables. However, temporary fields of these tables
may be listed in st_select_lex::group_list of outer
query, and that st_select_lex may not cleanup them
properly. So, after the JOIN::destroy call that
st_select_lex::group_list may have Item_field
objects with dangling pointers to freed temporary
table Field objects. That caused a crash.
mysql-test/r/subselect3.result:
Added test case for bug #37362.
mysql-test/t/subselect3.test:
Added test case for bug #37362.
sql/sql_select.cc:
Bug #37362: Crash in do_field_eq
The JOIN::destroy function has been modified to
cleanup temporary table column items.
