There was possible stack overrun in an edge case which handles invalid body of
a SP in mysql.proc . That should be case when mysql.proc has been changed
manually. Though, due to bug 21513, it can be exploited without having access
to mysql.proc only being able to create a stored routine.
Re-execution of a parametrized prepared statement or a stored routine
with a SELECT that use LEFT JOIN with second table having only one row
could yield incorrect result.
The problem appeared only for left joins with second table having only
one row (aka const table) and equation conditions in ON or WHERE clauses
that depend on the argument passed. Once the condition was false for
second const table, a NULL row was created for it, and any field involved
got NULL-value flag, which then was never reset.
The cause of the problem was that Item_field::null_value could be set
without being reset for re-execution. The solution is to reset
Item_field::null_value in Item_field::cleanup().
The STACK_MIN_SIZE is currently set to 8192, when we actually need
(emperically discovered) 9236 bytes to raise an fatal error, on Ubuntu
Dapper Drake, libc6 2.3.6-0ubuntu2, Linux kernel 2.6.15-27-686, on x86.
I'm taking that as a new lower bound, plus 100B of wiggle-room for sundry
word sizes and stack behaviors.
The added test verifies in a cross-platform way that there are no gaps
between the space that we think we need and what we actually need to report
an error.
DOCUMENTERS: This also adds "let" to the mysqltest commands that evaluate
an argument to expand variables therein. (Only right of the "=", of course.)
result
The IN function aggregates result types of all expressions. It uses that
type in comparison of left expression and expressions in right part.
This approach works in most cases. But let's consider the case when the
right part contains both strings and integers. In that case this approach may
cause wrong results because all strings which do not start with a digit are
evaluated as 0.
CASE uses the same approach when a CASE expression is given thus it's also
affected.
The idea behind this fix is to make IN function to compare expressions with
different result types differently. For example a string in the left
part will be compared as string with strings specified in right part and
will be converted to real for comparison to int or real items in the right
part.
A new function called collect_cmp_types() is added. It collects different
result types for comparison of first item in the provided list with each
other item in the list.
The Item_func_in class now can refer up to 5 cmp_item objects: 1 for each
result type for comparison purposes. cmp_item objects are allocated according
to found result types. The comparison of the left expression with any
right part expression is now based only on result types of these expressions.
The Item_func_case class is modified in the similar way when a CASE
expression is specified. Now it can allocate up to 5 cmp_item objects
to compare CASE expression with WHEN expressions of different types.
The comparison of the CASE expression with any WHEN expression now based only
on result types of these expressions.
A better fix for bug#10025.
Fixed test case plus added new tests.
After fixing Bug#20208 "Blobs greater than 8K are being truncated to 8K"
the fix to bug#10025 "Misleading error with COLLATE mediumtext and UNION"
became more accurate. Earlier mediumtext got converted to longtext,
although mediumtext was enough to contain the results. Now it converts
correctly to mediumtext, if the length does not exceed that and if none
of the original fields were type longtext.
Type longtext still converts correctly to type longtext, as the extra
tests prove.
ALTER EVENT in stored procedure body led to a crash during the
procedure call. Affected was only ALTER EVENT which changed the
interval of the event. No problems with AT, STARTS, ENDS and so on.
Presence of a subquery in the ON expression of a join
should not block merging the view that contains this join.
Before this patch the such views were converted into
into temporary table views.
an ALL/ANY quantified subquery in HAVING.
The Item::split_sum_func2 method should not create Item_ref
for objects of any class derived from Item_subselect.
Item_substr's results are improperly stored in a temporary table due to
wrongly calculated max_length value for multi-byte charsets if two
arguments specified.
