Problem: Temporary buffer which is used for quoting and escaping
was initialized to character set utf8, and thus didn't allow
to store data in other character sets.
Fix: changing character set of the buffer to be able to
store any arbitrary sequence of bytes.
In many cases, binaries can no longer dump core after calling setuid().
Where the PR_SET_DUMPABLE macro is set, use the prctl() system call
to tell the kernel that it's allowed to dump the core of the server.
was erroneously converted to double, while the result of
ROUND(<decimal expr>, <int literal>) was preserved as decimal.
As a result of such a conversion the value of ROUND(D,A) could
differ from the value of ROUND(D,val(A)) if D was a decimal expression.
Now the result of the ROUND function is never converted to
double if the first argument is decimal.
protocol
Fixed duplicated code, same as last commit.
One could send a malformed packet that caused the server to SEGV. In
recent versions of the password protocol, the client tells the server
what length the ciphertext is (almost always 20). If that length was
large enough to overflow a signed char, then the number would jump to
very large after being casted to unsigned int.
Instead, cast the *passwd char to uchar.
- fixed wrong test case for bug 20903
- closed the dangling connections in trigger.test
- GET_LOCK() and RELEASE_LOCK() now produce more detailed log
- fixed an omission in GET_LOCK() : assign the thread_id when
acquiring the lock.
Sometimes a parameter slot may not get a value because of the protocol
data being plain wrong.
Such cases should be detected and handled by returning an error.
Fixed by checking data stream constraints where possible (like maximum
length) and reacting to the case where a value cannot be constructed.
When the INSERT .. ON DUPLICATE KEY UPDATE has to update a matched row but
the new data is the same as in the record then it returns as if
no rows were inserted or updated. Nevertheless the row is silently
updated. This leads to a situation when zero updated rows are reported
in the case when data has actually been changed.
Now the write_record function updates a row only if new data differs from
that in the record.
protocol
One could send a malformed packet that caused the server to SEGV. In
recent versions of the password protocol, the client tells the server
what length the ciphertext is (almost always 20). If that length was
large enough to overflow a signed char, then the number would jump to
very large after being casted to unsigned int.
Instead, cast the *passwd char to uchar.
When constructing the path to the original .frm file ALTER .. RENAME
was unnecessary (and incorrectly) lowercasing the whole path when not
on a case-insensitive filesystem.
This path should not be modified because of lower_case_table_names
as it is already in the correct case according to that setting.
Fixed by removing the lowercasing.
Unfortunately testing this would require running the tests on a case
sensitive filesystem in a directory that has uppercase letters.
This cannot be guaranteed in all setups so no test case added.
In case of database level grant the database name may be a pattern,
in case of table|column level grant the database name can not be a pattern.
We use 'dont_check_global_grants' as a flag to determine
if it's database level grant command
(see SQLCOM_GRANT case, mysql_execute_command() function) and
set db_is_pattern according to 'dont_check_global_grants' value.
ORDER BY and LIMIT 1.
The bug was introduced by the patch for bug 21727. The patch
erroneously skipped initialization of the array of headers
for sorted records for non-first evaluations of the subquery.
To fix the problem a new parameter has been added to the
function make_char_array that performs the initialization.
Now this function is called for any invocation of the
filesort procedure. Yet it allocates the buffer for sorted
records only if this parameter is NULL.
This bug was introduced by the fix for the bug#27300. In this fix a section
of code was added to the Item::tmp_table_field_from_field_type method.
This section intended to create Field_geom fields for the Item_geometry_func
class and its descendants. In order to get the geometry type of the current
item it casted "this" to the Item_geometry_func* type. But the
Item::tmp_table_field_from_field_type method is also used for creation of
fields for UNION and in this case this method is called for an object of the
Item_type_holder class and the cast to the Item_geometry_func* type causes
a server crash.
Now the Item::tmp_table_field_from_field_type method correctly works when it's
called for both the Item_type_holder and the Item_geometry_func classes.
The new geometry_type variable is added to the Item_type_holder class.
The new method called get_geometry_type is added to the Item_field
and the Field classes. It returns geometry type from the field for the
Item_field and the Field_geom classes and fails an assert for other Field
descendants.
Problem: "SELECT INTO OUTFILE" created incorrect dumps for BLOBs,
so "LOAD DATA" later incorrectly interpreted 0x5C as the second
byte of a multi-byte sequence, instead of escape character.
Fix: adding escaping of multi-byte heads.
a temporary table has grown out of heap memory reserved for it and
the remaining disk space is not big enough to store the table as
a MyISAM table.
The crash happens because the function create_myisam_from_heap
does not handle safely the mem_root structure associated
with the converted table in the case when an error has occurred.
wrong result for DML
When making key reference buffers over CHAR fields whitespace (0x20)
must be used to fill in the remaining space in the field's buffer.
This is what Field_string::store() does.
Fixed Field_string::get_key_image() to do the same.
