max_length parameter for BLOB-returning functions must be big enough
for any possible content. Otherwise the field created for a table
will be too small.
mysql-test/r/gis.result:
Bug #31158 Spatial, Union, LONGBLOB vs BLOB bug (crops data)
test result
mysql-test/t/gis.test:
Bug #31158 Spatial, Union, LONGBLOB vs BLOB bug (crops data)
test case
sql/field.cc:
Bug #31158 Spatial, Union, LONGBLOB vs BLOB bug (crops data)
max_field_size used instead of numeric value
sql/field.h:
Bug #31158 Spatial, Union, LONGBLOB vs BLOB bug (crops data)
max_field_size constant defined
sql/item_geofunc.cc:
Bug #31158 Spatial, Union, LONGBLOB vs BLOB bug (crops data)
max_length parameter fixed
When we insert a record into MYISAM table which is almost 'full',
we first write record data in the free space inside a file, and then
check if we have enough space after the end of the file.
So if we don't have the space, table will left corrupted.
Similar error also happens when we updata MYISAM tables.
Fixed by modifying write_dynamic_record and update_dynamic_record functions
to check for free space before writing parts of a record
BitKeeper/etc/ignore:
Added libmysql_r/client_settings.h libmysqld/ha_blackhole.cc to the ignore list
myisam/mi_dynrec.c:
Bug #31305 myisam tables crash when they are near capacity.
now we check space left in table in write_dynamic_record
and update_dynamic_record functions.
If we don't have enough room for the new (updated) record, return with the
error.
mysql-test/r/almost_full.result:
New BitKeeper file ``mysql-test/r/almost_full.result''
mysql-test/t/almost_full.test:
New BitKeeper file ``mysql-test/t/almost_full.test''
variable in where clause.
Problem: the new_item() method of Item_uint used an incorrect
constructor. "new Item_uint(name, max_length)" calls
Item_uint::Item_uint(const char *str_arg, uint length) which assumes the
first argument to be the string representation of the value, not the
item's name. This could result in either a server crash or incorrect
results depending on usage scenarios.
Fixed by using the correct constructor in new_item():
Item_uint::Item_uint(const char *str_arg, longlong i, uint length).
mysql-test/r/select.result:
Added a test case for bug #32103.
mysql-test/t/select.test:
Added a test case for bug #32103.
sql/item.h:
Use the correct constructor for Item_uint in Item_uint::new_item().
RENAME TABLE against a table with DATA/INDEX DIRECTORY overwrites
the file to which the symlink points.
This is security issue, because it is possible to create a table with
some name in some non-system database and set DATA/INDEX DIRECTORY
to mysql system database. Renaming this table to one of mysql system
tables (e.g. user, host) would overwrite the system table.
Return an error when the file to which the symlink points exist.
mysql-test/r/symlink.result:
A test case for BUG#32111.
mysql-test/t/symlink.test:
A test case for BUG#32111.
mysys/my_symlink2.c:
Return an error when the file to which the symlink points exist.
Fulltext boolean mode phrase search may crash server on platforms
where size of pointer is not equal to size of unsigned integer
(in other words some 64-bit platforms).
The problem was integer overflow.
Affects 4.1 only.
myisam/ft_boolean_search.c:
my_match_t::beg is unsigned int, that means type of expression
(m[0].beg - 1) has unsigned type too. It may happen that instr()
finds substring in the beggining of passed string, returning
m[0].beg equal to 0. In this case value of expression (m[0].beg - 1)
is equal to MAX_UINT.
This is not a problem on platforms where sizeof(pointer) equals to
sizeof(uint). That means ptr[(uint)-1] = ptr[(uint)MAX_UINT] = ptr - 1.
On some 64-bit platforms where sizeof(pointer) is 8 and sizeof(uint)
is 4, wrong address gets accessed. In other words ptr[(uint)-1] is
equal to ptr + MAX_UINT.
mysql-test/r/fulltext.result:
A test case for BUG#11392.
mysql-test/t/fulltext.test:
A test case for BUG#11392.
Item_func_inet_ntoa and Item_func_conv inherit 'maybe_null' flag from an
argument, which is wrong.
Both can be NULL with notnull arguments, so that's fixed.
mysql-test/r/func_str.result:
Bug #31758 inet_ntoa, oct crashes server with null+filesort
test case
mysql-test/t/func_str.test:
Bug #31758 inet_ntoa, oct crashes server with null+filesort
test result
sql/item_strfunc.h:
Bug #31758 inet_ntoa, oct crashes server with null+filesort
missing maybe_null flags set for Item_func_inet_ntoa and Item_func_conv
ucs2 doesn't provide required by fulltext ctype array. Crash
happens because fulltext attempts to use unitialized ctype
array.
Fixed by converting ucs2 fields to compatible utf8 analogue.
include/my_sys.h:
Added a function to find compatible character set with ctype array
available. Currently used by fulltext search to find compatible
substitute for ucs2 collations.
mysql-test/r/ctype_ucs.result:
A test case for BUG#31159.
mysql-test/t/ctype_ucs.test:
A test case for BUG#31159.
mysys/charset.c:
Added a function to find compatible character set with ctype array
available. Currently used by fulltext search to find compatible
substitute for ucs2 collations.
sql/item_func.cc:
Convert ucs2 fields to utf8. Fulltext requires ctype array, but
ucs2 doesn't provide it.
Buffer used when setting variables was not dimensioned to accomodate
trailing '\0'. An overflow by one character was therefore possible.
CS corrects limits to prevent such overflows.
mysql-test/r/variables.result:
Try to overflow buffer used for setting system variables.
Unpatched server should throw a valgrind warning here.
Actual value and error message irrelevant, only length counts.
mysql-test/t/variables.test:
Try to overflow buffer used for setting system variables.
sql/set_var.cc:
Adjust maximum number of characters we can store in 'buff' by one
as strmake() will write a terminating '\0'.
myisam_sort_buffer_size.
An incorrect length of the sort buffer was used when calculating the
maximum number of keys. When myisam_sort_buffer_size is small enough,
this could result in the number of keys < number of
BUFFPEK structures which in turn led to use of uninitialized BUFFPEKs.
Fixed by correcting the buffer length calculation.
myisam/sort.c:
Use a correct buffer length when calculating the maximum number of keys.
Assert that for each BUFFPEK structure there is at least one
corresponding key. Otherwise we would fail earlier and not reach
merge_buffers().
mysql-test/r/repair.result:
Added a test case for bug #31174.
mysql-test/t/repair.test:
Added a test case for bug #31174.
As the result of DOUBLE claculations can be bigger
than DBL_MAX constant we use in code, we shouldn't use this constatn
as a biggest possible value.
Particularly the rtree_pick_key function set 'min_area= DBL_MAX' relying
that any rtree_area_increase result will be less so we return valid
key. Though in rtree_area_increase function we calculate the area
of the rectangle, so the result can be 'inf' if the rectangle is
huge enough, which is bigger than DBL_MAX.
Code of the rtree_pick_key modified so we always return a valid key.
myisam/rt_index.c:
Bug #30286 spatial index cause corruption and server crash!
always set the best_key with the first key we get, so we always return
somthing valid.
myisam/rt_mbr.c:
Bug #30286 spatial index cause corruption and server crash!
function comment extended
mysql-test/r/gis-rtree.result:
Bug #30286 spatial index cause corruption and server crash!
test result
mysql-test/t/gis-rtree.test:
Bug #30286 spatial index cause corruption and server crash!
test case
Bug#28878: InnoDB tables with UTF8 character set and indexes cause wrong result for DML
When making key reference buffers over CHAR fields whitespace (0x20) must be used to fill in the remaining space in the field's buffer. This is what Field_string::store() does. Fixed Field_string::get_key_image() to do the same.
mysql-test/r/innodb_mysql.result:
Bug#28878: test case
mysql-test/t/innodb_mysql.test:
Bug#28878: test case
sql/field.cc:
Bug#28878: Fill with space instead of binary zeros.
and for bug #31070: crash during conversion of charsets
Problem: passing a 0 byte length string to some my_mb_wc_XXX()
functions leads to server crash due to improper argument check.
Fix: properly check arguments passed to my_mb_wc_XXX() functions.
mysql-test/include/ctype_common.inc:
Fix for bug #31069: crash in 'sounds like'
and bug #31070: crash during conversion of charsets
- test case.
mysql-test/r/ctype_big5.result:
Fix for bug #31069: crash in 'sounds like'
and bug #31070: crash during conversion of charsets
- test result.
mysql-test/r/ctype_euckr.result:
Fix for bug #31069: crash in 'sounds like'
and bug #31070: crash during conversion of charsets
- test result.
mysql-test/r/ctype_gb2312.result:
Fix for bug #31069: crash in 'sounds like'
and bug #31070: crash during conversion of charsets
- test result.
mysql-test/r/ctype_gbk.result:
Fix for bug #31069: crash in 'sounds like'
and bug #31070: crash during conversion of charsets
- test result.
mysql-test/r/ctype_uca.result:
Fix for bug #31069: crash in 'sounds like'
and bug #31070: crash during conversion of charsets
- test result.
strings/ctype-big5.c:
Fix for bug #31069: crash in 'sounds like'
and bug #31070: crash during conversion of charsets
- check the string length before testing its first byte.
strings/ctype-cp932.c:
Fix for bug #31069: crash in 'sounds like'
and bug #31070: crash during conversion of charsets
- check the string length before testing its first byte.
strings/ctype-euc_kr.c:
Fix for bug #31069: crash in 'sounds like'
and bug #31070: crash during conversion of charsets
- check the string length before testing its first byte.
strings/ctype-gb2312.c:
Fix for bug #31069: crash in 'sounds like'
and bug #31070: crash during conversion of charsets
- check the string length before testing its first byte.
strings/ctype-sjis.c:
Fix for bug #31069: crash in 'sounds like'
and bug #31070: crash during conversion of charsets
- check the string length before testing its first byte.
end-of-line check missed in Gis_read_stream::get_next_word,
what can lead to crashes (expecially with NULL strings).
End-of-line check added
sql/gstream.cc:
Bug #30955 geomfromtext() crasher
mysql-test/r/gis.result:
Bug #30955 geomfromtext() crasher.
test result
mysql-test/t/gis.test:
Bug #30955 geomfromtext() crasher.
test case
DELETE query against memory table with btree index may remove
not all matching rows. This happens only when DELETE uses
index read method to find matching rows. E.g. for queries
like DELETE FROM t1 WHERE a=1.
Fixed by reverting fix for BUG9719 and applying proper solution.
heap/hp_delete.c:
Reverted fix for BUG9719 as it makes queries like
DELETE FROM t1 WHERE a=1 to remove not all matching
rows (assuming this is memory table and there is btree
key over `a`).
This happens because we calculate info->lastkey_len in
heap_rkey(). When we enter heap_rnext(), info->lastkey_len
is 0 (set by hp_rb_delete_key()). We need to preserve
info->lastkey_len in this situation, otherwise
tree_search_key() will always return smallest value in
a tree.
heap/hp_rfirst.c:
If we're performing index_first on a table that was taken from
table cache, info->lastkey_len is initialized to previous query.
Thus we set info->lastkey_len to proper value for subsequent
heap_rnext() calls.
This is needed for DELETE queries only, otherwise this variable is
not used.
Note that the same workaround may be needed for heap_rlast(), but
for now heap_rlast() is never used for DELETE queries.
heap/hp_rnext.c:
An optimization for DELETE queries that use index_first()/index_next().
Use faster tree_search_edge() instead of tree_search_key().
mysql-test/r/heap_btree.result:
A test case for BUG#30590.
mysql-test/t/heap_btree.test:
A test case for BUG#30590.
in get_index_for_order(), don't walk over the end of the index key parts
when matching index description and needed ordering.
mysql-test/r/delete.result:
BUG#30385: Testcase
mysql-test/t/delete.test:
BUG#30385: Testcase
mysql-test/lib/mtr_misc.pl:
Add function 'mtr_rmtree' it will try 'rmtree' and if that fails (most likely
due to permission problems we will fun File::find to chmod all files and dirs
to 0777 and then delete.
mysql-test/mysql-test-run.pl:
Use 'mtr_rmtree' in favour of 'rmtree'
SELECT statement itself returns empty.
As a result of this bug 'SELECT AGGREGATE_FUNCTION(fld) ... GROUP BY'
can return one row instead of an empty result set.
When GROUP BY only has fields of constant tables
(with a single row), the optimizer deletes the group_list.
After that we lose the information about whether we had an
GROUP BY statement. Though it's important
as SELECT min(x) from empty_table; and
SELECT min(x) from empty_table GROUP BY y; have to return
different results - the first query should return one row,
second - an empty result set.
So here we add the 'group_optimized_away' flag to remember this case
when GROUP BY exists in the query and is removed
by the optimizer, and check this flag in end_send_group()
mysql-test/r/group_by.result:
Bug #29717 INSERT INTO SELECT inserts values even if
SELECT statement itself returns empty.
test result
mysql-test/r/insert_select.result:
Bug #29717 INSERT INTO SELECT inserts values even if
SELECT statement itself returns empty.
test result
mysql-test/t/group_by.test:
Bug #29717 INSERT INTO SELECT inserts values even if
SELECT statement itself returns empty.
This is additional testcase that is more basic than the
original bug's testcase and has the same reason.
mysql-test/t/insert_select.test:
Bug #29717 INSERT INTO SELECT inserts values even if
SELECT statement itself returns empty.
test case
sql/sql_select.cc:
Bug #29717 INSERT INTO SELECT inserts values even if
SELECT statement itself returns empty.
Remember the 'GROUP BY was optimized away' case in the JOIN::group_optimized
and check this in the end_send_group()
sql/sql_select.h:
Bug #29717 INSERT INTO SELECT inserts values even if
SELECT statement itself returns empty.
JOIN::group_optimized member added to remember the 'GROUP BY optimied away'
case
This bug manifested itself for join queries with GROUP BY and HAVING clauses
whose SELECT lists contained DISTINCT. It occurred when the optimizer could
deduce that the result set would have not more than one row.
The bug could lead to wrong result sets for queries of this type because
HAVING conditions were erroneously ignored in some cases in the function
remove_duplicates.
mysql-test/r/having.result:
Added a test case for bug #29911.
mysql-test/t/having.test:
Added a test case for bug #29911.
Test case update for bug #29294.
mysql-test/t/loaddata.test:
Test case update for bug #29294.
mysql-test/r/loaddata.result:
Test case update for bug #29294.
The `SELECT 'r' INTO OUTFILE ... FIELDS ENCLOSED BY 'r' ' statement
encoded the 'r' string to a 4 byte string of value x'725c7272'
(sequence of 4 characters: r\rr).
The LOAD DATA statement decoded this string to a 1 byte string of
value x'0d' (ASCII Carriage Return character) instead of the original
'r' character.
The same error also happened with the FIELDS ENCLOSED BY clause
followed by special characters: 'n', 't', 'r', 'b', '0', 'Z' and 'N'.
NOTE 1: This is a result of the undocumented feature: the LOAD DATA INFILE
recognises 2-byte input sequences like \n, \t, \r and \Z in addition
to documented 2-byte sequences: \0 and \N. This feature should be
documented (here backspace character is a default ESCAPED BY character,
in the real-life example it may be any ESCAPED BY character).
NOTE 2, changed behaviour:
Now the `SELECT INTO OUTFILE' statement with the `FIELDS ENCLOSED BY'
clause followed by one of: 'n', 't', 'r', 'b', '0', 'Z' or 'N' characters
encodes this special character itself by doubling it ('r' --> 'rr'),
not by prepending it with an escape character.
sql/sql_class.h:
Fixed bug #29294.
The ESCAPE_CHARS macro constant is defined to enumerate
symbolic names of espace-sequences like '\n', '\t' etc.
The select_export::is_ambiguous_field_sep field has been added
to distinguish special values of the field_sep field from
another values (see ESCAPE_CHARS).
sql/sql_class.cc:
Fixed bug #29294.
The select_export::send_data method has been modified to
encode special values of the field_sep field by
doubling of those values instead of prepending them with a
value of the escape_char field.
Example: The SELECT 'r' INTO OUTFILE FIELDS ENCLOSED BY 'r'
now produces the 'rr' output string instead of x'5c72'
(i.e. instead of sequence of 2 bytes: \ and r).
sql/sql_load.cc:
Fixed bug #29294.
Added commentary for the READ_INFO::unescape method.
mysql-test/t/loaddata.test:
Updated test case for bug #29294.
mysql-test/r/loaddata.result:
Updated test case for bug #29294.
Sometimes special 0 ENUM values was ALTERed to normal
empty string ENUM values.
Special 0 ENUM value has the same string representation
as normal ENUM value defined as '' (empty string).
The do_field_string function was used to convert
ENUM data at an ALTER TABLE request, but this
function doesn't care about numerical "indices" of
ENUM values, i.e. do_field_string doesn't distinguish
a special 0 value from an empty string value.
A new copy function called do_field_enum has been added to
copy special 0 ENUM values without conversion to an empty
string.
sql/field_conv.cc:
Fixed bug #29251.
The Copy_field::get_copy_func method has been modified to
return a pointer to the do_field_enum function if a conversion
between two columns of incompatible enum types is required.
The do_field_enum function has been added for the correct
conversion of special 0 enum values.
mysql-test/t/type_enum.test:
Updated test case for bug #29251.
mysql-test/r/type_enum.result:
Updated test case for bug #29251.
counters from relay
Updated the test to return columns vertically.
mysql-test/r/rpl_change_master.result:
Bug #29116: test updated
mysql-test/t/rpl_change_master.test:
Bug #29116: test updated
- Add test case for this already existing feature
mysql-test/r/mysqltest.result:
Update result file
mysql-test/t/mysqltest.test:
Add test case for this feature
