max_length parameter for BLOB-returning functions must be big enough
for any possible content. Otherwise the field created for a table
will be too small.
mysql-test/r/gis.result:
Bug #31158 Spatial, Union, LONGBLOB vs BLOB bug (crops data)
test result
mysql-test/t/gis.test:
Bug #31158 Spatial, Union, LONGBLOB vs BLOB bug (crops data)
test case
sql/field.cc:
Bug #31158 Spatial, Union, LONGBLOB vs BLOB bug (crops data)
max_field_size used instead of numeric value
sql/field.h:
Bug #31158 Spatial, Union, LONGBLOB vs BLOB bug (crops data)
max_field_size constant defined
sql/item_geofunc.cc:
Bug #31158 Spatial, Union, LONGBLOB vs BLOB bug (crops data)
max_length parameter fixed
in mysql_creata_like_table() we 'downcase' the complete path to the
.frm file. It works fine in standalone case as there usually
we only have './' as a path to the datahome, but doesn't work in
the embedded server where we add the real path there, so if a
directory has uppercase letters in it's name, it won't be found.
Fixed by 'downcasing' only database/table pair.
sql/sql_table.cc:
Bug #32063 "create table like" works case-significant only in "embedded" server (libmysqld)
do not lowercase the database directory
variable in where clause.
Problem: the new_item() method of Item_uint used an incorrect
constructor. "new Item_uint(name, max_length)" calls
Item_uint::Item_uint(const char *str_arg, uint length) which assumes the
first argument to be the string representation of the value, not the
item's name. This could result in either a server crash or incorrect
results depending on usage scenarios.
Fixed by using the correct constructor in new_item():
Item_uint::Item_uint(const char *str_arg, longlong i, uint length).
mysql-test/r/select.result:
Added a test case for bug #32103.
mysql-test/t/select.test:
Added a test case for bug #32103.
sql/item.h:
Use the correct constructor for Item_uint in Item_uint::new_item().
Item_func_inet_ntoa and Item_func_conv inherit 'maybe_null' flag from an
argument, which is wrong.
Both can be NULL with notnull arguments, so that's fixed.
mysql-test/r/func_str.result:
Bug #31758 inet_ntoa, oct crashes server with null+filesort
test case
mysql-test/t/func_str.test:
Bug #31758 inet_ntoa, oct crashes server with null+filesort
test result
sql/item_strfunc.h:
Bug #31758 inet_ntoa, oct crashes server with null+filesort
missing maybe_null flags set for Item_func_inet_ntoa and Item_func_conv
ucs2 doesn't provide required by fulltext ctype array. Crash
happens because fulltext attempts to use unitialized ctype
array.
Fixed by converting ucs2 fields to compatible utf8 analogue.
include/my_sys.h:
Added a function to find compatible character set with ctype array
available. Currently used by fulltext search to find compatible
substitute for ucs2 collations.
mysql-test/r/ctype_ucs.result:
A test case for BUG#31159.
mysql-test/t/ctype_ucs.test:
A test case for BUG#31159.
mysys/charset.c:
Added a function to find compatible character set with ctype array
available. Currently used by fulltext search to find compatible
substitute for ucs2 collations.
sql/item_func.cc:
Convert ucs2 fields to utf8. Fulltext requires ctype array, but
ucs2 doesn't provide it.
Buffer used when setting variables was not dimensioned to accomodate
trailing '\0'. An overflow by one character was therefore possible.
CS corrects limits to prevent such overflows.
mysql-test/r/variables.result:
Try to overflow buffer used for setting system variables.
Unpatched server should throw a valgrind warning here.
Actual value and error message irrelevant, only length counts.
mysql-test/t/variables.test:
Try to overflow buffer used for setting system variables.
sql/set_var.cc:
Adjust maximum number of characters we can store in 'buff' by one
as strmake() will write a terminating '\0'.
Bug#28878: InnoDB tables with UTF8 character set and indexes cause wrong result for DML
When making key reference buffers over CHAR fields whitespace (0x20) must be used to fill in the remaining space in the field's buffer. This is what Field_string::store() does. Fixed Field_string::get_key_image() to do the same.
mysql-test/r/innodb_mysql.result:
Bug#28878: test case
mysql-test/t/innodb_mysql.test:
Bug#28878: test case
sql/field.cc:
Bug#28878: Fill with space instead of binary zeros.
end-of-line check missed in Gis_read_stream::get_next_word,
what can lead to crashes (expecially with NULL strings).
End-of-line check added
sql/gstream.cc:
Bug #30955 geomfromtext() crasher
mysql-test/r/gis.result:
Bug #30955 geomfromtext() crasher.
test result
mysql-test/t/gis.test:
Bug #30955 geomfromtext() crasher.
test case
in get_index_for_order(), don't walk over the end of the index key parts
when matching index description and needed ordering.
mysql-test/r/delete.result:
BUG#30385: Testcase
mysql-test/t/delete.test:
BUG#30385: Testcase
SELECT statement itself returns empty.
As a result of this bug 'SELECT AGGREGATE_FUNCTION(fld) ... GROUP BY'
can return one row instead of an empty result set.
When GROUP BY only has fields of constant tables
(with a single row), the optimizer deletes the group_list.
After that we lose the information about whether we had an
GROUP BY statement. Though it's important
as SELECT min(x) from empty_table; and
SELECT min(x) from empty_table GROUP BY y; have to return
different results - the first query should return one row,
second - an empty result set.
So here we add the 'group_optimized_away' flag to remember this case
when GROUP BY exists in the query and is removed
by the optimizer, and check this flag in end_send_group()
mysql-test/r/group_by.result:
Bug #29717 INSERT INTO SELECT inserts values even if
SELECT statement itself returns empty.
test result
mysql-test/r/insert_select.result:
Bug #29717 INSERT INTO SELECT inserts values even if
SELECT statement itself returns empty.
test result
mysql-test/t/group_by.test:
Bug #29717 INSERT INTO SELECT inserts values even if
SELECT statement itself returns empty.
This is additional testcase that is more basic than the
original bug's testcase and has the same reason.
mysql-test/t/insert_select.test:
Bug #29717 INSERT INTO SELECT inserts values even if
SELECT statement itself returns empty.
test case
sql/sql_select.cc:
Bug #29717 INSERT INTO SELECT inserts values even if
SELECT statement itself returns empty.
Remember the 'GROUP BY was optimized away' case in the JOIN::group_optimized
and check this in the end_send_group()
sql/sql_select.h:
Bug #29717 INSERT INTO SELECT inserts values even if
SELECT statement itself returns empty.
JOIN::group_optimized member added to remember the 'GROUP BY optimied away'
case
to 150 or 107 characters for those messages which are generated
by the embedded server during release builds.
This fixes bug#16635:
Error messages wrong: absolute path names, "%s" format code
See the bug report or the changelog for "sql/share/english/errmsg.txt"
for instructions how to do that with other languages,
even at the customer site, and for the restrictions to keep.
sql/share/english/errmsg.txt:
The embedded server uses absolute path names in its error messages,
in the release build environment these exceed the 64 character limit
which the format strings for the error messages impose (bug#16635).
But when the messages are output, the server does the "printf()"
internally in a 256 character buffer; the constant text and the
expanded variables (strings, error number) must fit into this.
(If the buffer would overflow, a format specification will not be
expanded but just copied with its code, and the message output
will just contain '%s' or '%d' where a value is expected.)
So the string lengths are increased to 150 characters in those messages
which are issued by the embedded server during release tests
and contain 1 (one) path name,
but only to 107 in the "rename" message which contains 2 (two).
This solves bug#16635 for the release builds.
For other languages used by OEM customers, similar fixes may be needed,
but we cannot test them.
These fixes can be done even in a binary installation at the customer site
by following these steps:
cd <<install-root>>/share
$EDITOR <<lang>>/errmsg.txt
../../bin/comp_err -C./charsets/ <<lang>>/errmsg.txt <<lang>>/errmsg.sys
and then restarting the server.
This bug manifested itself for join queries with GROUP BY and HAVING clauses
whose SELECT lists contained DISTINCT. It occurred when the optimizer could
deduce that the result set would have not more than one row.
The bug could lead to wrong result sets for queries of this type because
HAVING conditions were erroneously ignored in some cases in the function
remove_duplicates.
mysql-test/r/having.result:
Added a test case for bug #29911.
mysql-test/t/having.test:
Added a test case for bug #29911.
into sin.intern.azundris.com:/home/tnurnberg/27198/41-27198
sql/mysql_priv.h:
Bug #27198: Error returns from time() are ignored
manual merge
sql/sql_class.h:
Bug #27198: Error returns from time() are ignored
manual merge
gettimeofday() can fail and presumably, so can time().
Keep an eye on it.
Since we have no data on this at all so far, we just
retry on failure (and log the event), assuming that
this is just an intermittant failure. This might of
course hang the threat until we succeed. Once we know
more about these failures, an appropriate more clever
scheme may be picked (only try so many times per thread,
etc., if that fails, return last "good" time() we got or
some such). Using sql_print_information() to log as this
probably only occurs in high load scenarios where the debug-
trace likely is disabled (or might interfere with testing
the effect). No test-case as this is a non-deterministic
issue.
sql/mysql_priv.h:
Bug#27198: Error returns from time() are ignored
move declarations for log.cc to before inclusion of
sql_class.h as we now use sql_print_information() in
there.
sql/sql_class.h:
Bug#27198: Error returns from time() are ignored
gettimeofday() can fail and presumably, so can time().
Keep an eye on it.
The `SELECT 'r' INTO OUTFILE ... FIELDS ENCLOSED BY 'r' ' statement
encoded the 'r' string to a 4 byte string of value x'725c7272'
(sequence of 4 characters: r\rr).
The LOAD DATA statement decoded this string to a 1 byte string of
value x'0d' (ASCII Carriage Return character) instead of the original
'r' character.
The same error also happened with the FIELDS ENCLOSED BY clause
followed by special characters: 'n', 't', 'r', 'b', '0', 'Z' and 'N'.
NOTE 1: This is a result of the undocumented feature: the LOAD DATA INFILE
recognises 2-byte input sequences like \n, \t, \r and \Z in addition
to documented 2-byte sequences: \0 and \N. This feature should be
documented (here backspace character is a default ESCAPED BY character,
in the real-life example it may be any ESCAPED BY character).
NOTE 2, changed behaviour:
Now the `SELECT INTO OUTFILE' statement with the `FIELDS ENCLOSED BY'
clause followed by one of: 'n', 't', 'r', 'b', '0', 'Z' or 'N' characters
encodes this special character itself by doubling it ('r' --> 'rr'),
not by prepending it with an escape character.
sql/sql_class.h:
Fixed bug #29294.
The ESCAPE_CHARS macro constant is defined to enumerate
symbolic names of espace-sequences like '\n', '\t' etc.
The select_export::is_ambiguous_field_sep field has been added
to distinguish special values of the field_sep field from
another values (see ESCAPE_CHARS).
sql/sql_class.cc:
Fixed bug #29294.
The select_export::send_data method has been modified to
encode special values of the field_sep field by
doubling of those values instead of prepending them with a
value of the escape_char field.
Example: The SELECT 'r' INTO OUTFILE FIELDS ENCLOSED BY 'r'
now produces the 'rr' output string instead of x'5c72'
(i.e. instead of sequence of 2 bytes: \ and r).
sql/sql_load.cc:
Fixed bug #29294.
Added commentary for the READ_INFO::unescape method.
mysql-test/t/loaddata.test:
Updated test case for bug #29294.
mysql-test/r/loaddata.result:
Updated test case for bug #29294.
Sometimes special 0 ENUM values was ALTERed to normal
empty string ENUM values.
Special 0 ENUM value has the same string representation
as normal ENUM value defined as '' (empty string).
The do_field_string function was used to convert
ENUM data at an ALTER TABLE request, but this
function doesn't care about numerical "indices" of
ENUM values, i.e. do_field_string doesn't distinguish
a special 0 value from an empty string value.
A new copy function called do_field_enum has been added to
copy special 0 ENUM values without conversion to an empty
string.
sql/field_conv.cc:
Fixed bug #29251.
The Copy_field::get_copy_func method has been modified to
return a pointer to the do_field_enum function if a conversion
between two columns of incompatible enum types is required.
The do_field_enum function has been added for the correct
conversion of special 0 enum values.
mysql-test/t/type_enum.test:
Updated test case for bug #29251.
mysql-test/r/type_enum.result:
Updated test case for bug #29251.
we use net->vio in my_net_local_init, but in the my_net_init
implementation we set it after the call, so work with unspecified
net->vio value
sql/net_serv.cc:
Bug #29117 (init_file test crashes with embedded server)
as we started using net->vio in my_net_local_init, we should set
it before the call
Improved check for thread identity in the "embedded" case,
provided by Monty.
This finishes the fixes for bug#27078.
sql/item_func.cc:
Improved check for thread identity in the "embedded" case,
provided by Monty.
This finishes the fixes for bug#27078.
protocol
Fixed duplicated code, same as last commit.
One could send a malformed packet that caused the server to SEGV. In
recent versions of the password protocol, the client tells the server
what length the ciphertext is (almost always 20). If that length was
large enough to overflow a signed char, then the number would jump to
very large after being casted to unsigned int.
Instead, cast the *passwd char to uchar.
sql/sql_parse.cc:
Additional location of signed-char casted to uint.
protocol
One could send a malformed packet that caused the server to SEGV. In
recent versions of the password protocol, the client tells the server
what length the ciphertext is (almost always 20). If that length was
large enough to overflow a signed char, then the number would jump to
very large after being casted to unsigned int.
Instead, cast the *passwd char to uchar.
sql/sql_parse.cc:
Cast *passwd to get rid of the sign, so that sign extension doesn't
cause the sequence 125, 126, 127, 4294967169, 4294967170.
forbid the use of subselect in PURGE LOGS BEFORE command
mysql-test/r/subselect.result:
test result
mysql-test/t/subselect.test:
test case
sql/sql_yacc.yy:
forbid the use of subselect in PURGE LOGS BEFORE command
corruption errors: 126,134,145
When one thread attempts to lock two (or more) tables and another
thread executes statement that aborts these locks (e.g. REPAIR
TABLE) we may get a table object with wrong lock type in a table
cache.
For example if SELECT FROM t1,t2 was aborted, subsequent INSERT
INTO t1 may be executed under read lock.
As a result we may get various table corruptions and even a server
crash.
This is fixed by resetting lock type in case lock was aborted by
another thread.
I failed to create reasonable test case for this bug.
sql/lock.cc:
If thr_multi_lock was aborted by another thread, it unlocks tables
that were locked before one that was aborted. Lock type for tables
that were after a table that was aborted preserved. Thus we need
to reset lock data in case thr_multi_lock was aborted.
