other crashes
Some string manipulating SQL functions use a shared string object intended to
contain an immutable empty string. This object was used by the SQL function
SUBSTRING_INDEX() to return an empty string when one argument was of the wrong
datatype. If the string object was then modified by the sql function INSERT(),
undefined behavior ensued.
Fixed by instead modifying the string object representing the function's
result value whenever string manipulating SQL functions return an empty
string.
Relevant code has also been documented.
Bug#57913 large negative number to string conversion functions crash
String object which is used as result container of the item
has uninitialized 'str_charset' field. This object
might be used later to preform some internal operations
and str_charset field is involved in these operations.
It leads to crash.
The fix is to intialize str_charset in my_decimal2string() func.
mysql-test/r/func_str.result:
test case
mysql-test/t/func_str.test:
test case
sql/my_decimal.cc:
intialize str_charset field for result string
in my_decimal2string() func.
The crash happens because of incorrect max_length calculation
in QUOTE function(due to overflow). max_length is set
to 0 and it leads to assert failure.
The fix is to cast expression result to
ulonglong variable and adjust it if the
result exceeds MAX_BLOB_WIDTH.
mysql-test/r/func_str.result:
test case
mysql-test/t/func_str.test:
test case
sql/item_strfunc.h:
cast expression result to ulonglong variable and
adjust it if the result exceeds MAX_BLOB_WIDTH.
Item_field::print method does not take into
account fields whose values may be null.
The fix is to print 'NULL' if field value is null.
mysql-test/r/explain.result:
test case
mysql-test/r/func_str.result:
result fix
mysql-test/r/having.result:
result fix
mysql-test/r/select.result:
result fix
mysql-test/r/subselect.result:
result fix
mysql-test/r/union.result:
result fix
mysql-test/t/explain.test:
test case
sql/item.cc:
print 'NULL' if field value is null.
The problem was that the multiple evaluations of a ENCODE or
DECODE function within a single statement caused the random
generator to be reinitialized at each evaluation, even though
the parameters were constants.
The solution is to initialize the random generator only once
if the password (seed) parameter is constant.
This patch borrows code and ideas from Georgi Kodinov's patch.
mysql-test/r/func_str.result:
Add test case result.
mysql-test/r/ps.result:
Add test case result.
mysql-test/t/func_str.test:
Add test case for Bug#49141
mysql-test/t/ps.test:
Add test case for Bug#49141
sql/item_strfunc.cc:
Move seed generation code to a separate method.
Seed only once if the password (seed) argument
is constant.
Remove duplicated code and use a transform method
to apply encoding or decoding.
sql/item_strfunc.h:
Add parameter to signal whether the PRNG is already seeded.
Introduce transform method.
Combine val_str methods.
sql/sql_crypt.cc:
Remove method.
sql/sql_crypt.h:
Seed is supplied as two long integers.
The problem is that argument buffer can be used as result buffer
and it leads to argument value change.
The fix is to use 'old buffer' as result buffer only
if first argument is not constant item.
mysql-test/r/func_str.result:
test result
mysql-test/t/func_str.test:
test case
sql/item_strfunc.cc:
The problem is that argument buffer can be used as result buffer
and it leads to argument value change.
The fix is to use 'old buffer' as result buffer only
if first argument is not constant item.
Problem: using LOAD_FILE() in some cases we pass a file name string
without a trailing '\0' to fn_format() which relies on that however.
That may lead to valgrind warnings.
Fix: add a trailing '\0' to the file name passed to fn_format().
mysql-test/r/func_str.result:
Fix for bug#44774: load_file function produces valgrind warnings
- test result.
mysql-test/t/func_str.test:
Fix for bug#44774: load_file function produces valgrind warnings
- test case.
sql/item_strfunc.cc:
Fix for bug#44774: load_file function produces valgrind warnings
- passing a file name to fn_format(), file_name->c_ptr() replaced
with file_name->c_ptr_safe() to ensure we have a trailing '\0'.
The warning happens because string argument is not zero ended.
The fix is to add new parameter 'length' to SQL_CRYPT() and
use ptr() instead of c_ptr().
mysql-test/r/func_str.result:
test result
mysql-test/t/func_str.test:
test case
sql/item_strfunc.cc:
Added new parameter 'length' to SQL_CRYPT
sql/sql_crypt.cc:
Added new parameter 'length' to SQL_CRYPT
sql/sql_crypt.h:
Added new parameter 'length' to SQL_CRYPT
date_format functions
String::realloc() did not check whether the existing string data fits in
the newly allocated buffer for cases when reallocating a String object
with external buffer (i.e.alloced == FALSE). This could lead to memory
overruns in some cases.
client/sql_string.cc:
Fixed String::realloc() to check whether the existing string data fits
in the newly allocated buffer for cases when reallocating a String
object with external buffer.
mysql-test/r/func_str.result:
Added a test case for bug #41868.
mysql-test/t/func_str.test:
Added a test case for bug #41868.
sql/sql_class.cc:
After each call to Item::send() in select_send::send_data() reset
buffer to its original state to reduce unnecessary malloc() calls. See
comments for bug #41868 for detailed analysis.
sql/sql_string.cc:
Fixed String::realloc() to check whether the existing string data fits
in the newly allocated buffer for cases when reallocating a String
object with external buffer.
functions
String::realloc() did not check whether the existing string data fits in the newly
allocated buffer for cases when reallocating a String object with external buffer
(i.e.alloced == FALSE). This could lead to memory overruns in some cases.
mysql-test/r/func_str.result:
Added a test case for bug #41868.
mysql-test/t/func_str.test:
Added a test case for bug #41868.
sql/sql_class.cc:
After each call to Item::send() in select_send::send_data() reset buffer to its
original state to reduce unnecessary malloc() calls. See comments for bug #41868
for detailed analysis.
sql/sql_string.cc:
Fixed String::realloc() to check whether the existing string data fits in the newly allocated buffer for cases when reallocating a String object with external buffer.
Various parts of code used different 'precision' arguments for sprintf("%g") when converting
floating point numbers to a string. This led to differences in results in some cases
depending on whether the text-based or prepared statements protocol is used for a query.
Fixed by changing arguments to sprintf("%g") to always be 15 (DBL_DIG) so that results are
consistent regardless of the protocol.
This patch will be null-merged to 6.0 as the problem does not exists there (fixed by the
patch for WL#2934).
client/sql_string.cc:
Use 15 (DBL_DIG) as a precision argument for sprintf(), as Field_double::val_str() does.
libmysql/libmysql.c:
Use 15 (DBL_DIG) as a precision argument for sprintf(), as Field_double::val_str() does.
mysql-test/r/archive_gis.result:
Fixed test results to take additional precision into account.
mysql-test/r/func_group.result:
Fixed test results to take additional precision into account.
mysql-test/r/func_math.result:
Fixed test results to take additional precision into account.
mysql-test/r/func_str.result:
Fixed test results to take additional precision into account.
mysql-test/r/gis.result:
Fixed test results to take additional precision into account.
mysql-test/r/innodb_gis.result:
Fixed test results to take additional precision into account.
mysql-test/r/select.result:
Fixed test results to take additional precision into account.
mysql-test/r/sp.result:
Fixed test results to take additional precision into account.
mysql-test/r/type_float.result:
Fixed test results to take additional precision into account.
mysql-test/t/type_float.test:
Fixed test results to take additional precision into account.
sql/sql_string.cc:
Use 15 (DBL_DIG) as a precision argument for sprintf(), as Field_double::val_str() does.
mysql-test/r/myisam_data_pointer_size_func.result:
restore default value
mysql-test/r/partition_datatype.result:
test case fix
mysql-test/t/myisam_data_pointer_size_func.test:
restore default value
the problem: FORMAT func max_length value was calculated incorrectly
the fix: correct calculation of max_length
mysql-test/r/func_str.result:
test result
mysql-test/t/func_str.test:
test case
sql/item_strfunc.h:
the problem: FORMAT func max_length value was calculated incorrectly
the fix: correct calculation of max_length
into kaamos.(none):/data/src/opt/mysql-5.1-opt
client/mysql.cc:
Auto merged
client/mysqldump.c:
Auto merged
configure.in:
Auto merged
include/my_global.h:
Auto merged
libmysql/libmysql.c:
Auto merged
libmysqld/lib_sql.cc:
Auto merged
mysql-test/include/mix1.inc:
Auto merged
mysql-test/r/create.result:
Auto merged
mysql-test/r/func_str.result:
Auto merged
mysql-test/r/innodb.result:
Auto merged
mysql-test/r/innodb_mysql.result:
Auto merged
mysql-test/r/select.result:
Auto merged
mysql-test/r/subselect.result:
Auto merged
mysql-test/t/create.test:
Auto merged
mysql-test/t/disabled.def:
Auto merged
sql/filesort.cc:
Auto merged
sql/handler.cc:
Auto merged
sql/item.cc:
Auto merged
sql/item.h:
Auto merged
sql/item_cmpfunc.cc:
Auto merged
sql/item_func.cc:
Auto merged
sql/item_func.h:
Auto merged
sql/item_sum.cc:
Auto merged
sql/log.cc:
Auto merged
sql/mysql_priv.h:
Auto merged
sql/mysqld.cc:
Auto merged
sql/set_var.cc:
Auto merged
sql/sp.cc:
Auto merged
sql/sql_acl.cc:
Auto merged
sql/sql_base.cc:
Auto merged
sql/sql_insert.cc:
Auto merged
sql/sql_plugin.cc:
Auto merged
sql/sql_select.cc:
Auto merged
sql/sql_yacc.yy:
Auto merged
storage/ndb/src/kernel/blocks/backup/Backup.hpp:
Auto merged
tests/mysql_client_test.c:
Auto merged
mysql-test/r/func_time.result:
Manual merge.
mysql-test/r/view.result:
Manual merge.
mysql-test/t/view.test:
Manual merge.
scripts/mysql_config.sh:
Manual merge.
sql-common/client.c:
Manual merge.
sql/sql_parse.cc:
Manual merge.
In BENCHMARK(count, expr), count could overflow/wrap-around.
Patch changes to a sufficiently large data-type. Adds a warning
for negative count values.
mysql-test/r/func_str.result:
show that a negative 'count' for BENCHMARK(count, expr)
throws a warning and returns NULL.
mysql-test/t/func_str.test:
show that a negative 'count' for BENCHMARK(count, expr)
throws a warning and returns NULL.
sql/item_func.cc:
use ulonglong rather than ulong in BENCHMARK(count, expr)
throw warning on negative 'count'; return SQL-NULL.
but not collation.
The problem here was that text literals in a view were always
dumped with character set introducer. That lead to loosing
collation information.
The fix is to dump character set introducer only if it was
in the original query. That is now possible because there
is no problem any more of loss of character set of string
literals in views -- after WL#4052 the view is dumped
in the original character set.
mysql-test/r/case.result:
Update result file.
mysql-test/r/compress.result:
Update result file.
mysql-test/r/ctype_collate.result:
Update result file.
mysql-test/r/date_formats.result:
Update result file.
mysql-test/r/ddl_i18n_koi8r.result:
Update result file.
mysql-test/r/ddl_i18n_utf8.result:
Update result file.
mysql-test/r/fulltext.result:
Update result file.
mysql-test/r/func_crypt.result:
Update result file.
mysql-test/r/func_encrypt.result:
Update result file.
mysql-test/r/func_if.result:
Update result file.
mysql-test/r/func_in.result:
Update result file.
mysql-test/r/func_like.result:
Update result file.
mysql-test/r/func_regexp.result:
Update result file.
mysql-test/r/func_set.result:
Update result file.
mysql-test/r/func_str.result:
Update result file.
mysql-test/r/func_time.result:
Update result file.
mysql-test/r/gis.result:
Update result file.
mysql-test/r/group_min_max.result:
Update result file.
mysql-test/r/mysqldump.result:
Update result file.
mysql-test/r/negation_elimination.result:
Update result file.
mysql-test/r/null.result:
Update result file.
mysql-test/r/select.result:
Update result file.
mysql-test/r/show_check.result:
Update result file.
mysql-test/r/sp-code.result:
Update result file.
mysql-test/r/ssl.result:
Update result file.
mysql-test/r/ssl_compress.result:
Update result file.
mysql-test/r/subselect.result:
Update result file.
mysql-test/r/temp_table.result:
Update result file.
mysql-test/r/type_blob.result:
Update result file.
mysql-test/r/view.result:
Update result file.
mysql-test/suite/binlog/r/binlog_stm_blackhole.result:
Update result file.
mysql-test/suite/rpl/r/rpl_get_lock.result:
Update result file.
mysql-test/suite/rpl/r/rpl_master_pos_wait.result:
Update result file.
mysql-test/t/view.test:
Add a test case for Bug#32538.
sql/item.cc:
Do not dump character set introducer if it was not specified
explicitly in the original query.
sql/item.h:
Add 'cs_specified' property to Item_string.
sql/sql_yacc.yy:
Set Item_string::cs_specified property to TRUE
when character set introducer is explicitly specified.
into mysql.com:/home/hf/work/31758/my51-31758
mysql-test/t/func_str.test:
Auto merged
sql/item_strfunc.h:
Auto merged
mysql-test/r/func_str.result:
merging
into mysql.com:/home/hf/work/31758/my50-31758
mysql-test/t/func_str.test:
Auto merged
mysql-test/r/func_str.result:
merging
sql/item_strfunc.h:
merging
Item_func_inet_ntoa and Item_func_conv inherit 'maybe_null' flag from an
argument, which is wrong.
Both can be NULL with notnull arguments, so that's fixed.
mysql-test/r/func_str.result:
Bug #31758 inet_ntoa, oct crashes server with null+filesort
test case
mysql-test/t/func_str.test:
Bug #31758 inet_ntoa, oct crashes server with null+filesort
test result
sql/item_strfunc.h:
Bug #31758 inet_ntoa, oct crashes server with null+filesort
missing maybe_null flags set for Item_func_inet_ntoa and Item_func_conv
into polly.(none):/home/kaa/src/opt/bug28550/my51-bug28550
mysql-test/t/func_str.test:
Auto merged
sql/item.cc:
Auto merged
sql/item.h:
Auto merged
sql/item_strfunc.h:
Auto merged
mysql-test/r/func_str.result:
Manual merge.
Since, as of MySQL 5.0.15, CHAR() arguments larger than 255 are converted into multiple result bytes, a single CHAR() argument can now take up to 4 bytes. This patch fixes Item_func_char::fix_length_and_dec() to take this into account.
This patch also fixes a regression introduced by the patch for bug21513. As now we do not always have the 'name' member of Item set for Item_hex_string and Item_bin_string, an own print() method has been added to Item_hex_string so that it could correctly be printed by Item_func::print_args().
mysql-test/r/func_str.result:
Import patch bug288550.patch
mysql-test/t/func_str.test:
Import patch bug288550.patch
sql/item.cc:
Import patch bug288550.patch
sql/item.h:
Import patch bug288550.patch
sql/item_strfunc.h:
Import patch bug288550.patch
into gleb.loc:/home/uchum/work/bk/5.1-opt
mysql-test/r/func_str.result:
Auto merged
mysql-test/t/func_str.test:
Auto merged
sql/item_strfunc.cc:
Auto merged
represented by an expression of the type UNSIGNED INT and this
expression was evaluated to 0 then the function erroneously returned
the value of the first argument instead of an empty string.
This problem was introduced by the patch for bug 10963.
The problem has been resolved by a proper modification of the code of
Item_func_substr::val_str.
mysql-test/r/func_str.result:
Added a test case for bug #27130.
mysql-test/t/func_str.test:
Added a test case for bug #27130.
into gleb.loc:/home/uchum/work/bk/5.1-opt
mysql-test/r/func_str.result:
Auto merged
mysql-test/t/func_str.test:
Auto merged
mysql-test/r/bigint.result:
Merge with 5.0-opt.
mysql-test/t/bigint.test:
Merge with 5.0-opt.
sql/item_func.cc:
Merge with 5.0-opt.
of its arguments was evaluated to NULL, while the predicate
LOCATE(str,NULL) IS NULL erroneously was evaluated to FALSE.
This happened because the Item_func_locate::fix_length_and_dec
method by mistake set the value of the maybe_null flag for
the function item to 0. In consequence of this the function
was considered as the one that could not ever return NULL.
mysql-test/r/func_str.result:
Added a test case for bug #27932.
mysql-test/t/func_str.test:
Added a test case for bug #27932.
into moonbone.local:/mnt/gentoo64/work/bk-trees/mysql-5.1-opt
mysql-test/r/func_str.result:
Auto merged
mysql-test/r/key.result:
Auto merged
mysql-test/r/row.result:
Auto merged
mysql-test/r/subselect.result:
Auto merged
mysql-test/r/subselect3.result:
Auto merged
mysql-test/r/view.result:
Auto merged
mysql-test/t/func_str.test:
Auto merged
mysql-test/t/key.test:
Auto merged
sql/item_cmpfunc.cc:
Auto merged
sql/item_cmpfunc.h:
Auto merged
sql/item_strfunc.h:
Auto merged
sql/item_subselect.h:
Auto merged
sql/sql_select.cc:
Auto merged
sql/sql_show.cc:
Auto merged
sql/sql_view.cc:
Auto merged
mysql-test/t/view.test:
Manually merged
sql/sql_lex.h:
Manually merged
The function CRC32() returns unsigned integer.
But the metadata (the unsigned flag) for the
function was set incorrectly.
As a result type arithmetics based on the
function's metadata (like finding the concise
type of an temporary table column to hold the result)
returned incorrect results.
Fixed by returning correct type information.
This fix is based on code contributed by Martin Friebe
(martin@hybyte.com) on 2007-03-30.
mysql-test/r/func_str.result:
Bug #27530: test case
mysql-test/t/func_str.test:
Bug #27530: test case
sql/item_strfunc.h:
Bug #27530: Marked CRC32() as returning unsigned
into pilot.blaudden:/home/msvensson/mysql/mysql-5.1-maint
mysql-test/r/func_str.result:
Auto merged
mysql-test/t/func_str.test:
Auto merged
sql/item_strfunc.cc:
Auto merged
into pilot.blaudden:/home/msvensson/mysql/mysql-5.0-maint
mysql-test/r/func_str.result:
Auto merged
mysql-test/t/func_str.test:
Auto merged
sql/item_strfunc.cc:
Auto merged
into pilot.blaudden:/home/msvensson/mysql/bug25197/my51-bug25197
mysql-test/r/func_str.result:
Auto merged
mysql-test/t/func_str.test:
Auto merged
sql/item_strfunc.cc:
Auto merged
- Add extra test case from bug#27073
- Change "if" to be optimized for count > 0
mysql-test/r/func_str.result:
Add test case from bug#27073
mysql-test/t/func_str.test:
Add test case from bug#27073
sql/item_strfunc.cc:
Change the if statemnet to be optimized for the normal case where count > 0
into moonbone.local:/mnt/gentoo64/work/bk-trees/mysql-5.1-opt
mysql-test/r/explain.result:
Auto merged
mysql-test/r/func_default.result:
Auto merged
mysql-test/r/func_regexp.result:
Auto merged
mysql-test/r/func_test.result:
Auto merged
mysql-test/r/having.result:
Auto merged
mysql-test/r/olap.result:
Auto merged
mysql-test/r/subselect.result:
Auto merged
mysql-test/r/union.result:
Auto merged
mysql-test/r/varbinary.result:
Auto merged
sql/item.cc:
Auto merged
sql/item.h:
Auto merged
sql/item_strfunc.cc:
Auto merged
sql/opt_range.cc:
Auto merged
sql/sql_union.cc:
Auto merged
mysql-test/r/func_str.result:
Manually merged
mysql-test/t/func_str.test:
Manually merged
When the SUBSTRING() function was used over a LONGTEXT field the max_length of
the SUBSTRING() result was wrongly calculated and set to 0. As the max_length
parameter is used while tmp field creation it limits the length of the result
field and leads to printing an empty string instead of the correct result.
Now the Item_func_substr::fix_length_and_dec() function correctly calculates
the max_length parameter.
mysql-test/t/func_str.test:
Added a test case for the bug#15757: Wrong SUBSTRING() result when a tmp table was employed.
mysql-test/r/func_str.result:
Added a test case for the bug#15757: Wrong SUBSTRING() result when a tmp table was employed.
sql/item_strfunc.cc:
Bug#15757: Wrong SUBSTRING() result when a tmp table was employed.
Now the Item_func_substr::fix_length_and_dec() function correctly calculates
the max_length parameter.
into moonbone.local:/mnt/gentoo64/work/25373-bug-5.0-opt-mysql
mysql-test/r/func_str.result:
Auto merged
mysql-test/r/subselect.result:
Auto merged
mysql-test/r/union.result:
Auto merged
sql/item.cc:
Auto merged
away.
Additional fix for bug#22331. Now Item_field prints its value in the case of
the const field.
mysql-test/r/varbinary.result:
Corrected test case after fix for bug#22331.
mysql-test/r/union.result:
Corrected test case after fix for bug#22331.
mysql-test/r/subselect.result:
Corrected test case after fix for bug#22331.
mysql-test/r/func_test.result:
Corrected test case after fix for bug#22331.
mysql-test/r/having.result:
Corrected test case after fix for bug#22331.
mysql-test/r/func_regexp.result:
Corrected test case after fix for bug#22331.
mysql-test/r/func_str.result:
Corrected test case after fix for bug#22331.
mysql-test/r/func_default.result:
Corrected test case after fix for bug#22331.
mysql-test/r/explain.result:
Corrected test case after fix for bug#22331.
sql/sql_union.cc:
Bug#22331: Wrong WHERE in EXPLAIN EXTENDED when all expressions were optimized
away.
Cleanup of the SELECT_LEX::order_list list.
sql/item.h:
Bug#22331: Wrong WHERE in EXPLAIN EXTENDED when all expressions were optimized
away.
Added the print() member function to the Item_field class.
sql/item.cc:
Bug#22331: Wrong WHERE in EXPLAIN EXTENDED when all expressions were optimized
away.
Added the print() member function to the Item_field class.
into magare.gmz:/home/kgeorge/mysql/autopush/B26281-5.0-opt
sql/item_strfunc.cc:
Auto merged
mysql-test/r/func_str.result:
resolved test merge conflicts
mysql-test/t/func_str.test:
resolved test merge conflicts
