diff options
| author | unknown <knielsen@knielsen-hq.org> | 2012-11-20 13:40:13 +0100 |
|---|---|---|
| committer | unknown <knielsen@knielsen-hq.org> | 2012-11-20 13:40:13 +0100 |
| commit | cbae294396429682a22371f23a048dcd0d4c71da (patch) | |
| tree | 4a15f3a2089e2a812f62cb4d0ae371aa65112446 | |
| parent | 094f4cf77890c5a747a57cf2bed149b0b6933507 (diff) | |
| parent | 47c5018f592b61b5e000842bdf5862ff458de488 (diff) | |
| download | mariadb-git-cbae294396429682a22371f23a048dcd0d4c71da.tar.gz | |
Merge MariaDB 5.1->5.2.
| -rw-r--r-- | mysql-test/r/information_schema.result | 6 | ||||
| -rw-r--r-- | mysql-test/t/information_schema.test | 11 | ||||
| -rw-r--r-- | mysys/mf_pack.c | 14 | ||||
| -rw-r--r-- | plugin/feedback/url_http.cc | 9 | ||||
| -rw-r--r-- | sql/log.cc | 24 | ||||
| -rw-r--r-- | sql/log.h | 2 | ||||
| -rw-r--r-- | sql/sql_acl.cc | 20 |
7 files changed, 58 insertions, 28 deletions
diff --git a/mysql-test/r/information_schema.result b/mysql-test/r/information_schema.result index 2b32e27162c..d50ff0bca4b 100644 --- a/mysql-test/r/information_schema.result +++ b/mysql-test/r/information_schema.result @@ -1686,4 +1686,10 @@ SELECT length(CAST(b AS CHAR)) FROM ubig; length(CAST(b AS CHAR)) 20 DROP TABLE ubig; +select 1 from information_schema.tables where table_schema=repeat('a', 2000); +1 +grant usage on *.* to mysqltest_1@localhost; +select 1 from information_schema.tables where table_schema=repeat('a', 2000); +1 +drop user mysqltest_1@localhost; End of 5.1 tests. diff --git a/mysql-test/t/information_schema.test b/mysql-test/t/information_schema.test index e78b180caf7..ae733443479 100644 --- a/mysql-test/t/information_schema.test +++ b/mysql-test/t/information_schema.test @@ -1438,6 +1438,17 @@ SELECT length(CAST(b AS CHAR)) FROM ubig; DROP TABLE ubig; +# +# Bug #13889741: HANDLE_FATAL_SIGNAL IN _DB_ENTER_ | HANDLE_FATAL_SIGNAL IN STRNLEN +# +select 1 from information_schema.tables where table_schema=repeat('a', 2000); +grant usage on *.* to mysqltest_1@localhost; +connect (con1, localhost, mysqltest_1,,); +connection con1; +select 1 from information_schema.tables where table_schema=repeat('a', 2000); +connection default; +disconnect con1; +drop user mysqltest_1@localhost; --echo End of 5.1 tests. diff --git a/mysys/mf_pack.c b/mysys/mf_pack.c index 86fd61537e7..e6b576b6d96 100644 --- a/mysys/mf_pack.c +++ b/mysys/mf_pack.c @@ -35,7 +35,7 @@ void pack_dirname(char * to, const char *from) int cwd_err; size_t d_length,length,UNINIT_VAR(buff_length); char * start; - char buff[FN_REFLEN]; + char buff[FN_REFLEN + 1]; DBUG_ENTER("pack_dirname"); (void) intern_filename(to,from); /* Change to intern name */ @@ -132,7 +132,7 @@ size_t cleanup_dirname(register char *to, const char *from) reg3 char * from_ptr; reg4 char * start; char parent[5], /* for "FN_PARENTDIR" */ - buff[FN_REFLEN+1],*end_parentdir; + buff[FN_REFLEN + 1],*end_parentdir; #ifdef BACKSLASH_MBTAIL CHARSET_INFO *fs= fs_character_set(); #endif @@ -245,7 +245,7 @@ my_bool my_use_symdir=0; /* Set this if you want to use symdirs */ #ifdef USE_SYMDIR void symdirget(char *dir) { - char buff[FN_REFLEN+1]; + char buff[FN_REFLEN + 1]; char *pos=strend(dir); if (dir[0] && pos[-1] != FN_DEVCHAR && my_access(dir, F_OK)) { @@ -295,7 +295,7 @@ void symdirget(char *dir) size_t normalize_dirname(char *to, const char *from) { size_t length; - char buff[FN_REFLEN]; + char buff[FN_REFLEN + 1]; DBUG_ENTER("normalize_dirname"); /* @@ -423,7 +423,7 @@ static char * NEAR_F expand_tilde(char * *path) size_t unpack_filename(char * to, const char *from) { size_t length, n_length, buff_length; - char buff[FN_REFLEN]; + char buff[FN_REFLEN + 1]; DBUG_ENTER("unpack_filename"); length=dirname_part(buff, from, &buff_length);/* copy & convert dirname */ @@ -459,7 +459,7 @@ size_t system_filename(char * to, const char *from) int libchar_found; size_t length; char * to_pos,from_pos,pos; - char buff[FN_REFLEN]; + char buff[FN_REFLEN + 1]; DBUG_ENTER("system_filename"); libchar_found=0; @@ -516,7 +516,7 @@ size_t system_filename(char * to, const char *from) char *intern_filename(char *to, const char *from) { size_t length, to_length; - char buff[FN_REFLEN]; + char buff[FN_REFLEN + 1]; if (from == to) { /* Dirname may destroy from */ strmov(buff,from); diff --git a/plugin/feedback/url_http.cc b/plugin/feedback/url_http.cc index 71b67a52807..b0028292707 100644 --- a/plugin/feedback/url_http.cc +++ b/plugin/feedback/url_http.cc @@ -258,18 +258,21 @@ int Url_http::send(const char* data, size_t data_length) Extract the first string between <h1>...</h1> tags and put it as a server reply into the error log. */ + len= 0; for (;;) { - size_t i= vio_read(vio, (uchar*)buf + len, sizeof(buf) - len - 1); + size_t i= sizeof(buf) - len - 1; + if (i) + i= vio_read(vio, (uchar*)buf + len, i); if ((int)i <= 0) break; len+= i; } - if (len && len < sizeof(buf)) + if (len) { char *from; - buf[len+1]= 0; // safety + buf[len]= 0; // safety if ((from= strstr(buf, "<h1>"))) { diff --git a/sql/log.cc b/sql/log.cc index bc532e90d85..a2b27710cd5 100644 --- a/sql/log.cc +++ b/sql/log.cc @@ -5623,8 +5623,9 @@ int TC_LOG_MMAP::open(const char *opt_name) syncing= 0; active=pages; + DBUG_ASSERT(npages >= 2); pool=pages+1; - pool_last=pages+npages-1; + pool_last_ptr= &((pages+npages-1)->next); return 0; @@ -5655,8 +5656,8 @@ void TC_LOG_MMAP::get_active_from_pool() do { best_p= p= &pool; - if ((*p)->waiters == 0) // can the first page be used ? - break; // yes - take it. + if ((*p)->waiters == 0 && (*p)->free > 0) // can the first page be used ? + break; // yes - take it. best_free=0; // no - trying second strategy for (p=&(*p)->next; *p; p=&(*p)->next) @@ -5673,10 +5674,10 @@ void TC_LOG_MMAP::get_active_from_pool() safe_mutex_assert_owner(&LOCK_active); active=*best_p; - if ((*best_p)->next) // unlink the page from the pool - *best_p=(*best_p)->next; - else - pool_last=*best_p; + /* Unlink the page from the pool. */ + if (!(*best_p)->next) + pool_last_ptr= best_p; + *best_p=(*best_p)->next; pthread_mutex_unlock(&LOCK_pool); pthread_mutex_lock(&active->lock); @@ -5783,12 +5784,9 @@ int TC_LOG_MMAP::log_xid(THD *thd, my_xid xid) pthread_mutex_unlock(&LOCK_active); pthread_mutex_lock(&p->lock); p->waiters++; - for (;;) + while (p->state == DIRTY && syncing) { - int not_dirty = p->state != DIRTY; pthread_mutex_unlock(&p->lock); - if (not_dirty || !syncing) - break; pthread_cond_wait(&p->cond, &LOCK_sync); pthread_mutex_lock(&p->lock); } @@ -5840,8 +5838,8 @@ int TC_LOG_MMAP::sync() /* page is synced. let's move it to the pool */ pthread_mutex_lock(&LOCK_pool); - pool_last->next=syncing; - pool_last=syncing; + (*pool_last_ptr)=syncing; + pool_last_ptr=&(syncing->next); syncing->next=0; syncing->state= err ? ERROR : POOL; pthread_cond_signal(&COND_pool); // in case somebody's waiting diff --git a/sql/log.h b/sql/log.h index d20ef2ef491..79c2592e7d4 100644 --- a/sql/log.h +++ b/sql/log.h @@ -81,7 +81,7 @@ class TC_LOG_MMAP: public TC_LOG my_off_t file_length; uint npages, inited; uchar *data; - struct st_page *pages, *syncing, *active, *pool, *pool_last; + struct st_page *pages, *syncing, *active, *pool, **pool_last_ptr; /* note that, e.g. LOCK_active is only used to protect 'active' pointer, to protect the content of the active page diff --git a/sql/sql_acl.cc b/sql/sql_acl.cc index 3eb7daab610..a91385c42bd 100644 --- a/sql/sql_acl.cc +++ b/sql/sql_acl.cc @@ -1352,14 +1352,20 @@ ulong acl_get(const char *host, const char *ip, acl_entry *entry; DBUG_ENTER("acl_get"); - VOID(pthread_mutex_lock(&acl_cache->lock)); - end=strmov((tmp_db=strmov(strmov(key, ip ? ip : "")+1,user)+1),db); + tmp_db= strmov(strmov(key, ip ? ip : "") + 1, user) + 1; + end= strnmov(tmp_db, db, key + sizeof(key) - tmp_db); + + if (end >= key + sizeof(key)) // db name was truncated + DBUG_RETURN(0); // no privileges for an invalid db name + if (lower_case_table_names) { my_casedn_str(files_charset_info, tmp_db); db=tmp_db; } key_length= (size_t) (end-key); + + VOID(pthread_mutex_lock(&acl_cache->lock)); if (!db_is_pattern && (entry=(acl_entry*) acl_cache->search((uchar*) key, key_length))) { @@ -4364,11 +4370,17 @@ static bool check_grant_db_routine(THD *thd, const char *db, HASH *hash) bool check_grant_db(THD *thd,const char *db) { Security_context *sctx= thd->security_ctx; - char helping [SAFE_NAME_LEN + USERNAME_LENGTH+2]; + char helping [SAFE_NAME_LEN + USERNAME_LENGTH+2], *end; uint len; bool error= TRUE; - len= (uint) (strmov(strmov(helping, sctx->priv_user) + 1, db) - helping) + 1; + end= strmov(helping, sctx->priv_user) + 1; + end= strnmov(end, db, helping + sizeof(helping) - end); + + if (end >= helping + sizeof(helping)) // db name was truncated + return 1; // no privileges for an invalid db name + + len= (uint) (end - helping) + 1; rw_rdlock(&LOCK_grant); |