User name (host name) has limit on length. The server code relies on these
limits when storing the names. The problem was that sometimes these limits
were not checked properly, so that could lead to buffer overflow.
The fix is to check length of user/host name in parser and if string is too
long, throw an error.
mysql-test/r/grant.result:
Updated result file.
mysql-test/r/sp.result:
Updated result file.
mysql-test/r/trigger.result:
Updated result file.
mysql-test/r/view.result:
Updated result file.
mysql-test/t/grant.test:
Added test for BUG#16899.
mysql-test/t/sp.test:
Added test for BUG#16899.
mysql-test/t/trigger.test:
Added test for BUG#16899.
mysql-test/t/view.test:
Added test for BUG#16899.
sql/mysql_priv.h:
Added prototype for new function.
sql/share/errmsg.txt:
Added new resources.
sql/sql_acl.cc:
Remove outdated checks.
sql/sql_parse.cc:
Add a new function for checking string length.
sql/sql_yacc.yy:
Check length of user/host name.
into lamia.home:/home/timka/mysql/src/5.0-bug-21456
mysql-test/r/distinct.result:
Merge the fix for BUG#21456
mysql-test/t/distinct.test:
Merge the fix for BUG#21456
sql/sql_select.cc:
Merge the fix for BUG#21456
GROUP BY/DISTINCT pruning optimization must be done before ORDER BY
optimization because ORDER BY may be removed when GROUP BY/DISTINCT
sorts as a side effect, e.g. in
SELECT DISTINCT <non-key-col>,<pk> FROM t1
ORDER BY <non-key-col> DISTINCT
must be removed before ORDER BY as if done the other way around
it will remove both.
mysql-test/r/distinct.result:
Test for BUG#21456.
mysql-test/t/distinct.test:
Test for BUG#21456.
sql/sql_select.cc:
Bug #21456: SELECT DISTINCT(x) produces incorrect results when using order by
GROUP BY/DISTINCT pruning optimization must be done before ORDER BY
optimization because ORDER BY may be removed when GROUP BY/DISTINCT
sorts as a side effect.
Converting BIT to a string (an intermediate step in conversion) does
not yield an ASCII numeric string, so we skip that step for BIT and
get the integer value directly from the item.
This site in sql/item_strfunc.cc may be ripe for refactoring for
other types as well, where converting to a string is a waste of time.
mysql-test/r/type_bit.result:
Test that conversion functions on BIT types work properly, including
NULL.
mysql-test/t/type_bit.test:
Test that conversion functions on BIT types work properly.
sql/item_strfunc.cc:
BIT is unlike the other numeric types, in that when we convert it
to a String, it becomes a one-byte string with ordinal numeric value
of the BIT field, not a several-byte string with the ASCII decimal
representation. As a special case for conversion functions, we take
the integer directly from the bit type instead of representing it
as a string in an intermediate step.
used.
Sorting by RAND() uses a temporary table in order to get a correct results.
User defined variable was set during filling the temporary table and later
on it is substituted for its value from the temporary table. Due to this
it contains the last value stored in the temporary table.
Now if the result_field is set for the Item_func_set_user_var object it
updates variable from the result_field value when being sent to a client.
The Item_func_set_user_var::check() now accepts a use_result_field
parameter. Depending on its value the result_field or the args[0] is used
to get current value.
mysql-test/r/user_var.result:
Added a test case for bug#16861: User defined variable can have a wrong value if a tmp table was used.
mysql-test/t/user_var.test:
Added a test case for bug#16861: User defined variable can have a wrong value if a tmp table was used.
sql/item_func.cc:
Fixed bug#16861: User defined variable can have a wrong value if a tmp table was used.
Now if the result_field is set for the Item_func_set_user_var object it
updates variable from the result_field value when being sent to a client.
The Item_func_set_user_var::check() now accepts a use_result_field
parameter. Depending on its value the result_field or the args[0] is used
to get current value.
sql/item_func.h:
Fixed bug#16861: User defined variable can have a wrong value if a tmp table was used.
Added a new SUSERVAR_FUNC function type.
Updated the Item_func_set_user_var::check() function declaration.
Added the Item_func_set_user_var::send() member function.
sql/set_var.cc:
Fixed bug#16861: User defined variable can have a wrong value if a tmp table was used.
Modified to use updated Item_func_set_user_var::check() function.
sql/sql_class.cc:
Fixed bug#16861: User defined variable can have a wrong value if a tmp table was used.
Modified to use updated Item_func_set_user_var::check() function.
sql/sql_select.cc:
Fixed bug#16861: User defined variable can have a wrong value if a tmp table was used.
Now an Item_func_set_user_var object isn't substituted for an Item_field object after filling a temporary table.
when X.509 subject was required for a connect, we tested whether it was the right
one, but did not refuse the connexion if not. fixed.
(corrected CS now --replace_results socket-path)
mysql-test/r/openssl_1.result:
Bug#20411: "GRANT ... REQUIRE ISSUER nnn AND SUBJECT mmm" fails to require both
test not only whether we can connect with a correct X.509 subject when one is
required, but also assure that we can't without one.
mysql-test/t/openssl_1.test:
Bug#20411: "GRANT ... REQUIRE ISSUER nnn AND SUBJECT mmm" fails to require both
test not only whether we can connect with a correct X.509 subject when one is
required, but also assure that we can't without one.
sql/sql_acl.cc:
Bug#20411: "GRANT ... REQUIRE ISSUER nnn AND SUBJECT mmm" fails to require both
actually refuse connexion if X.509 is required, but does not match. kudos to Al Smith.
Bug #18744 Test 'join_outer' fails if "classic" configuration in 5.0
- moved an InnoDB dependent test to the appropriate file
mysql-test/r/innodb_mysql.result:
Bug #18744 Test 'join_outer' fails if "classic" configuration in 5.0
- moved an InnoDB dependent test to the appropriate file
mysql-test/r/join_outer.result:
Bug #18744 Test 'join_outer' fails if "classic" configuration in 5.0
- moved an InnoDB dependent test to the appropriate file
mysql-test/t/innodb_mysql.test:
Bug #18744 Test 'join_outer' fails if "classic" configuration in 5.0
- moved an InnoDB dependent test to the appropriate file
mysql-test/t/join_outer.test:
Bug #18744 Test 'join_outer' fails if "classic" configuration in 5.0
- moved an InnoDB dependent test to the appropriate file
server to crash".
Crash caused by assertion failure happened when one ran SHOW OPEN TABLES
while concurrently doing DROP TABLE (or RENAME TABLE, CREATE TABLE LIKE
or any other command that takes name-lock) in other connection.
For non-debug version of server problem exposed itself as wrong output
of SHOW OPEN TABLES statement (it was missing name-locked tables).
Finally in 5.1 both debug and non-debug versions simply crashed in
this situation due to NULL-pointer dereference.
This problem was caused by the fact that table placeholders which were
added to table cache in order to obtain name-lock had TABLE_SHARE::table_name
set to 0. Therefore they broke assumption that this member is non-0 for
all tables in table cache which was checked by assert in list_open_tables()
(in 5.1 this function simply relies on it).
The fix simply sets this member for such placeholders to appropriate value
making this assumption true again.
This patch also includes test for similar bug 12212 "Crash that happens
during removing of database name from cache" reappeared in 5.1 as bug 19403.
mysql-test/r/drop.result:
Added test for bug#21216 "Simultaneous DROP TABLE and SHOW OPEN TABLES
causes server to crash" and bug#12212/19403 "Crash that happens during
removing of database name from cache".
mysql-test/t/drop.test:
Added test for bug#21216 "Simultaneous DROP TABLE and SHOW OPEN TABLES
causes server to crash" and bug#12212/19403 "Crash that happens during
removing of database name from cache".
sql/lock.cc:
lock_table_name():
Our code assumes that TABLE_SHARE::table_name for objects in table cache
is non-NULL (for example look at assertion in list_open_tables()). This
was not true for table placeholders that were added to table cache for
name-locking. So let us set this member for such placeholders.
A date can be represented as an int (like 20060101) and as a string (like
"2006.01.01"). When a DATE/TIME field is compared in one SELECT against both
representations the constant propagation mechanism leads to comparison
of DATE as a string and DATE as an int. In this example it compares 2006 and
20060101 integers. Obviously it fails comparison although they represents the
same date.
Now the Item_bool_func2::fix_length_and_dec() function sets the comparison
context for items being compared. I.e. if items compared as strings the
comparison context is STRING.
The constant propagation mechanism now doesn't mix items used in different
comparison contexts. The context check is done in the
Item_field::equal_fields_propagator() and in the change_cond_ref_to_const()
functions.
Also the better fix for bug 21159 is introduced.
mysql-test/t/type_datetime.test:
Added a test case for bug#21475: Wrongly applied constant propagation leads to a false comparison.
mysql-test/r/type_datetime.result:
Added a test case for bug#21475: Wrongly applied constant propagation leads to a false comparison.
sql/sql_select.cc:
Fixed bug#21475: Wrongly applied constant propagation leads to a false comparison.
The constant propagation mechanism now doesn't mix items used in different
comparison contexts. The check is done in the change_cond_ref_to_const() function.
sql/item_cmpfunc.cc:
Fixed bug#21475: Wrongly applied constant propagation leads to a false comparison.
Now the Item_bool_func2::fix_length_and_dec() function sets the comparison
context for items being compared.
sql/item.h:
Fixed bug#21475: Wrongly applied constant propagation leads to a false comparison.
To the Item class a new field called cmp_context is added.
It represents the comparison context of an item.
sql/item.cc:
Fixed bug#21475: Wrongly applied constant propagation leads to a false comparison.
The constant propagation mechanism now doesn't mix items used in different
comparison contexts. The context check is done in the
Item_field::equal_fields_propagator() function.
The problem was that the error handling was using a too-small buffer to
print the error message generated. We fix this by not using a buffer at
all, but by using fprintf() directly. There were also some problems with
the error handling in table dumping that was exposed by this fix that were
also corrected.
client/mysqldump.c:
Use fprintf() instead of my_printf_error() to avoid buffer overflow issues.
Since ME_BELL wasn't specified, calling my_printf_error() offered no advantage
except for adding my_progname, which we just go ahead and do manually. Also,
fix the error handling in dumpTable() when queries to get data fail and --force
was specified.
mysql-test/r/mysqldump.result:
Add new results
mysql-test/t/mysqldump.test:
Add new regression test
into zippy.cornsilk.net:/home/cmiller/work/mysql/merge/mysql-5.0
BitKeeper/deleted/.del-mysql_client.result:
Auto merged
BitKeeper/deleted/.del-mysql_client.test:
Auto merged
client/mysql.cc:
Auto merged
mysql-test/r/func_time.result:
Auto merged
mysql-test/r/grant.result:
Auto merged
mysql-test/t/func_time.test:
Auto merged
mysql-test/t/grant.test:
Auto merged
sql/item_timefunc.cc:
Auto merged
sql/mysqld.cc:
Auto merged
sql/slave.cc:
Auto merged
sql/sql_acl.cc:
Auto merged
Corrected test case result after fix for bug#18165
view.result, view.test:
Corrected test case for bug#21261
mysql-test/t/view.test:
Corrected test case for bug#21261
mysql-test/r/view.result:
Corrected test case for bug#21261
mysql-test/r/ndb_condition_pushdown.result:
Corrected test case result after fix for bug#18165
into zippy.cornsilk.net:/home/cmiller/work/mysql/merge/mysql-5.0
mysql-test/r/grant.result:
Auto merged
mysql-test/t/grant.test:
Auto merged
tests/mysql_client_test.c:
Auto merged
into zippy.cornsilk.net:/home/cmiller/work/mysql/merge/mysql-5.0
mysql-test/r/grant.result:
Auto merged
mysql-test/t/grant.test:
Auto merged
sql/mysqld.cc:
Auto merged
sql/sql_acl.cc:
Auto merged
mysql-test/r/mysql_client.result:
Removed OS dependant output.
mysql-test/t/mysql_client.test:
Re-directed output to a temporary file because the actual output isn't important and was causing a Windows test failure.
Made [NOT]BETWEEN predicates SARGable in respect to the second and
the third arguments.
mysql-test/r/range.result:
Added a test case to bug #18165.
mysql-test/t/range.test:
Added a test case to bug #18165.
sql/opt_range.cc:
Fixed bug #18165.
Made [NOT]BETWEEN predicates SARGable in respect to the second and
the third arguments.
Put in a separate function called get_full_func_mm_tree the functionality
that builds a conjunction of all SEL_TREEs for a simple predicate of the
form (f op c), where f was a field and c was a constant, applying different
equalities f=f' with f' being another field.
Fix testcase to also work on windows
BitKeeper/deleted/.del-mysql_client.test:
Delete: mysql-test/t/mysql_client.test
BitKeeper/deleted/.del-mysql_client.result:
Delete: mysql-test/r/mysql_client.result
mysql-test/r/mysql.result:
Update test result
mysql-test/t/mysql.test:
Move tests from mysql_client to mysql
Fix test case for bug#20328 to work on windows by comparing the output from "help" and "help "
into sunlight.local:/local_work/21261-bug-5.0-mysql
sql/sql_select.cc:
Auto merged
sql/sql_update.cc:
Auto merged
mysql-test/r/view.result:
SCCS merged
mysql-test/t/view.test:
SCCS merged
into shellback.(none):/home/msvensson/mysql/mysql-5.0-maint
client/mysql.cc:
Auto merged
mysql-test/r/grant.result:
Auto merged
mysql-test/t/grant.test:
Auto merged
sql/mysqld.cc:
Auto merged
into mysql.com:/usr/home/bar/mysql-4.1.b9509
mysql-test/r/ctype_utf8.result:
Auto merged
mysql-test/t/ctype_utf8.test:
Auto merged
sql/sql_select.cc:
Auto merged
SELECT right instead of INSERT right was required for an insert into to a view.
This wrong behaviour appeared after the fix for bug #20989. Its intention was
to ask only SELECT right for all tables except the very first for a complex
INSERT query. But that patch has done it in a wrong way and lead to asking
a wrong access right for an insert into a view.
The setup_tables_and_check_access() function now accepts two want_access
parameters. One will be used for the first table and the second for other
tables.
mysql-test/t/view.test:
Added a test case for bug#21261: Wrong access rights was required for an insert into a view
mysql-test/r/view.result:
Added a test case for bug#21261: Wrong access rights was required for an insert into a view
sql/sql_update.cc:
Fixed bug#21261: Wrong access rights was required for an insert into a view
Modified to use updated setup_tables_and_check_access() function.
sql/sql_select.cc:
Fixed bug#21261: Wrong access rights was required for an insert into a view
Modified to use updated setup_tables_and_check_access() function.
sql/sql_load.cc:
Fixed bug#21261: Wrong access rights was required for an insert into a view
Modified to use updated setup_tables_and_check_access() function.
sql/sql_insert.cc:
Fixed bug#21261: Wrong access rights was required for an insert into a view
Modified to use updated setup_tables_and_check_access() function.
sql/sql_delete.cc:
Fixed bug#21261: Wrong access rights was required for an insert into a view
Modified to use updated setup_tables_and_check_access() function.
sql/sql_base.cc:
Fixed bug#21261: Wrong access rights was required for an insert into a view
The setup_tables_and_check_access() function now accepts two want_access
parameters. One will be used for the first table and the second for other
tables.
sql/mysql_priv.h:
Fixed bug#21261: Wrong access rights was required for an insert into a view
The setup_tables_and_check_access() function now accepts two want_access
parameters.
In fix for BUG#15872, a condition of type "t.key NOT IN (c1, .... cN)"
where N>1000, was incorrectly converted to
(-inf < X < c_min) OR (c_max < X)
Now this conversion is removed, we dont produce any range lists for such
conditions.
mysql-test/r/range.result:
BUG#21282: Testcase
mysql-test/t/range.test:
BUG#21282: Testcase
sql/opt_range.cc:
BUG#21282: Incorrect query results for "t.key NOT IN (<big const list>)
In fix for BUG#15872, a condition of type "t.key NOT IN (c1, .... cN)"
where N>1000, was incorrectly converted to
(-inf < X < c_min) OR (c_max < X)
Now this conversion is removed, we dont produce any range lists for such
conditions.
This bug is a side-effect of bug fix#16377. NOW() is optimized in
BETWEEN to integer constants to speed up query execution. When view is being
created it saves already modified query and thus becomes wrong.
The agg_cmp_type() function now substitutes constant result DATE/TIME functions
for their results only if the current query isn't CREATE VIEW or SHOW CREATE
VIEW.
mysql-test/t/view.test:
Added a test case for bug#15950: NOW() optimized away in VIEWs
mysql-test/r/view.result:
Added a test case for bug#15950: NOW() optimized away in VIEWs
sql/item_cmpfunc.cc:
Fixed bug#15950: NOW() optimized away in VIEWs
The agg_cmp_type() function now substitutes constant result DATE/TIME functions
for their results only if the current query isn't CREATE VIEW or SHOW CREATE
VIEW.
Zero-length variables caused failures when using the length to look
up the name in a hash. Instead, signal that no zero-length name can
ever be found and that to encounter one is a syntax error.
mysql-test/r/variables.result:
Results for test.
mysql-test/t/variables.test:
Insert tests to prove that zero-length variable names do not cause
faults.
sql/gen_lex_hash.cc:
If the length is zero, then there is nothing to look-up in the
hash.
sql/sql_lex.cc:
Names of variables must not be empty. Signal an error of that
happens.
The crash was caused by invalid sequence of handler::** calls:
ha_smth->index_init();
ha_smth->index_next_same(); (2)
(2) is an invalid call as it was not preceeded by any 'scan setup' call
like index_first() or index_read(). The cause was that QUICK_SELECT::reset()
didn't "fully reset" the quick select- current QUICK_RANGE wasn't forgotten,
and quick select might attempt to continue reading the range, which would
result in the above mentioned invalid sequence of handler calls.
5.x versions are not affected by the bug - they already have the missing
"range=NULL" clause.
mysql-test/r/innodb_mysql.result:
Testcase for BUG#21077
mysql-test/t/innodb_mysql.test:
Testcase for BUG#21077
sql/opt_range.h:
BUG#21077: Possible crash caused by invalid sequence of handler::* calls:
- Make QUICK_SELECT::reset() really reset the quick select
