running queries
Bug#33976: buffer overflow of variable time_buff in function com_go()
An internal buffer was too short. Overextending could smash the
stack on some architectures and cause SEGVs. This is not a problem
that could be exploited to run arbitrary code.
To fix, I expanded one buffer to cover all the size that could be
written to (we know the abolute max).
When the client program had its stdout file descriptor closed by the calling
shell, after some amount of work (enough to fill a socket buffer) the server
would complain about a packet error and then disconnect the client.
This is a serious security problem. If stdout is closed before the mysql is
exec()d, then the first socket() call allocates file number 1 to communicate
with the server. Subsequent write()s to that file number (as when printing
results that come back from the database) go back to the server instead in
the command channel. So, one should be able to craft data which, upon being
selected back from the server to the client, and injected into the command
stream become valid MySQL protocol to do something nasty when sent /back/ to
the server.
The solution is to close explicitly the file descriptor that we *printf() to,
so that the libc layer and the OS layer both agree that the file is closed.
Old option ordering in the help was confusing to some users. Changed
ordering of deprecated options to be consistent, and added mention to
entry for options with a "--no-option" variant mentioning the
"--disable-option" variant.
do not look for client-specific commands while inside a multi-line comment.
we will allow multi-comments pretty much anywhere within SQL-statements,
but client-specific commands (help, use, print, ...) must be the first token
in the input.
Lines with column names consisting of national letters
were wrongly formatted in "mysql --table" results:
mysql> SELECT 'xxx xxx xxx' as 'xxx xxx xxx';
+-------------------+
| xxx xxx xxx |
+-------------------+
| xxx xxx xxx |
+-------------------+
1 row in set (0.00 sec)
It happened because in UTF-8 (and other multibyte charsets)
the number of display cells is not always equal to the number
of bytes of the string.
Data lines (unlike column name lines) were formatted correctly,
because data lines were displayed taking in account number of
display cells. This patch takes in account number of cells when
displaying column names, the same way like displaying data lines does.
Note: The patch is going to be applied to 4.1.
Test case will be added after merge to 5.0,
into "mysql.test", which appeared in 5.0.
mysql.cc:
Adding column name allignment using numcells(),
the same to data alignment, which was implemented earlier.
Only print the read line version if we are on a platform that supports readline
mysql.cc:
Add #ifdef to only print readline version if we are on a platform that supports readline
Change string->float conversion to delay division as long as possible.
This gives us more exact integer->float conversion for numbers of type '123.45E+02' (Bug #7740)
Fixed bug by adding code that displays the contents of mysql.host when \p is added as part of the prompt.
mysql.cc:
Added code to display mysql.host as prompt when using shared memory
