summaryrefslogtreecommitdiff
path: root/sql
diff options
context:
space:
mode:
authorMichael Widenius <monty@askmonty.org>2011-11-23 19:32:14 +0200
committerMichael Widenius <monty@askmonty.org>2011-11-23 19:32:14 +0200
commit7b368e3810feda53fc0dbdf5bfe8863f82f0bbcc (patch)
treebab573449ec11585c1b5149c7cbf477178caa469 /sql
parentc8768a091ac2d876216582813aaab7d9663008f7 (diff)
parentf28e7bd0645d478d33d7ae3b974931c7991cd0bd (diff)
downloadmariadb-git-7b368e3810feda53fc0dbdf5bfe8863f82f0bbcc.tar.gz
Merge with MySQL 5.1.60
Diffstat (limited to 'sql')
-rw-r--r--sql/field.h17
-rw-r--r--sql/field_conv.cc2
-rw-r--r--sql/ha_partition.cc20
-rw-r--r--sql/handler.cc18
-rw-r--r--sql/item_subselect.cc13
-rw-r--r--sql/item_subselect.h1
-rw-r--r--sql/my_decimal.h36
-rw-r--r--sql/share/errmsg.txt4
-rw-r--r--sql/sp_head.cc12
-rw-r--r--sql/sql_cache.cc34
-rw-r--r--sql/sql_insert.cc5
-rw-r--r--sql/sql_lex.cc3
-rw-r--r--sql/sql_parse.cc67
-rw-r--r--sql/sql_select.cc13
-rw-r--r--sql/sql_string.cc7
-rw-r--r--sql/sql_table.cc2
-rw-r--r--sql/sql_union.cc39
-rw-r--r--sql/sql_view.cc35
-rw-r--r--sql/sql_yacc.yy15
-rw-r--r--sql/unireg.h1
20 files changed, 303 insertions, 41 deletions
diff --git a/sql/field.h b/sql/field.h
index 7f17f8dad77..9db4f47a0f3 100644
--- a/sql/field.h
+++ b/sql/field.h
@@ -2129,6 +2129,23 @@ public:
uchar *from_null_ptr,*to_null_ptr;
my_bool *null_row;
uint from_bit,to_bit;
+ /**
+ Number of bytes in the fields pointed to by 'from_ptr' and
+ 'to_ptr'. Usually this is the number of bytes that are copied from
+ 'from_ptr' to 'to_ptr'.
+
+ For variable-length fields (VARCHAR), the first byte(s) describe
+ the actual length of the text. For VARCHARs with length
+ < 256 there is 1 length byte
+ >= 256 there is 2 length bytes
+ Thus, if from_field is VARCHAR(10), from_length (and in most cases
+ to_length) is 11. For VARCHAR(1024), the length is 1026. @see
+ Field_varstring::length_bytes
+
+ Note that for VARCHARs, do_copy() will be do_varstring*() which
+ only copies the length-bytes (1 or 2) + the actual length of the
+ text instead of from/to_length bytes. @see get_copy_func()
+ */
uint from_length,to_length;
Field *from_field,*to_field;
String tmp; // For items
diff --git a/sql/field_conv.cc b/sql/field_conv.cc
index 5a1b3dc80fd..5408736f976 100644
--- a/sql/field_conv.cc
+++ b/sql/field_conv.cc
@@ -706,7 +706,7 @@ Copy_field::get_copy_func(Field *to,Field *from)
if (((Field_varstring*) to)->length_bytes !=
((Field_varstring*) from)->length_bytes)
return do_field_string;
- if (to_length != from_length)
+ else
return (((Field_varstring*) to)->length_bytes == 1 ?
(from->charset()->mbmaxlen == 1 ? do_varstring1 :
do_varstring1_mb) :
diff --git a/sql/ha_partition.cc b/sql/ha_partition.cc
index 10892ca6e0c..e70eacfab5d 100644
--- a/sql/ha_partition.cc
+++ b/sql/ha_partition.cc
@@ -6562,7 +6562,25 @@ int ha_partition::add_index(TABLE *table_arg, KEY *key_info, uint num_of_keys)
*/
for (file= m_file; *file; file++)
if ((ret= (*file)->add_index(table_arg, key_info, num_of_keys)))
- break;
+ goto err;
+ return ret;
+err:
+ if (file > m_file)
+ {
+ uint *key_numbers= (uint*) ha_thd()->alloc(sizeof(uint) * num_of_keys);
+ KEY *old_key_info= table_arg->key_info;
+ uint i;
+ /* Use the newly added key_info as table->key_info to remove them. */
+ for (i= 0; i < num_of_keys; i++)
+ key_numbers[i]= i;
+ table_arg->key_info= key_info;
+ while (--file >= m_file)
+ {
+ (void) (*file)->prepare_drop_index(table_arg, key_numbers, num_of_keys);
+ (void) (*file)->final_drop_index(table_arg);
+ }
+ table_arg->key_info= old_key_info;
+ }
return ret;
}
diff --git a/sql/handler.cc b/sql/handler.cc
index ab8da981c80..3993fad1f9a 100644
--- a/sql/handler.cc
+++ b/sql/handler.cc
@@ -2725,7 +2725,23 @@ void handler::print_error(int error, myf errflag)
char key[MAX_KEY_LENGTH];
String str(key,sizeof(key),system_charset_info);
/* Table is opened and defined at this point */
- key_unpack(&str,table,(uint) key_nr);
+
+ /*
+ Use primary_key instead of key_nr because key_nr is a key
+ number in the child FK table, not in our 'table'. See
+ Bug#12661768 UPDATE IGNORE CRASHES SERVER IF TABLE IS INNODB
+ AND IT IS PARENT FOR OTHER ONE This bug gets a better fix in
+ MySQL 5.6, but it is too risky to get that in 5.1 and 5.5
+ (extending the handler interface and adding new error message
+ codes)
+ */
+ if (table->s->primary_key < MAX_KEY)
+ key_unpack(&str,table,table->s->primary_key);
+ else
+ {
+ LEX_CUSTRING tmp= {USTRING_WITH_LEN("Unknown key value")};
+ str.set((const char*) tmp.str, tmp.length, system_charset_info);
+ }
max_length= (MYSQL_ERRMSG_SIZE-
(uint) strlen(ER(ER_FOREIGN_DUPLICATE_KEY)));
if (str.length() >= max_length)
diff --git a/sql/item_subselect.cc b/sql/item_subselect.cc
index 985313226eb..b74ea0e804d 100644
--- a/sql/item_subselect.cc
+++ b/sql/item_subselect.cc
@@ -1704,7 +1704,7 @@ subselect_single_select_engine(st_select_lex *select,
select_subselect *result_arg,
Item_subselect *item_arg)
:subselect_engine(item_arg, result_arg),
- prepared(0), optimized(0), executed(0),
+ prepared(0), optimized(0), executed(0), optimize_error(0),
select_lex(select), join(0)
{
select_lex->master_unit()->item= item_arg;
@@ -1714,7 +1714,7 @@ subselect_single_select_engine(st_select_lex *select,
void subselect_single_select_engine::cleanup()
{
DBUG_ENTER("subselect_single_select_engine::cleanup");
- prepared= optimized= executed= 0;
+ prepared= optimized= executed= optimize_error= 0;
join= 0;
result->cleanup();
DBUG_VOID_RETURN;
@@ -1914,6 +1914,10 @@ int join_read_next_same_or_null(READ_RECORD *info);
int subselect_single_select_engine::exec()
{
DBUG_ENTER("subselect_single_select_engine::exec");
+
+ if (optimize_error)
+ DBUG_RETURN(1);
+
char const *save_where= thd->where;
SELECT_LEX *save_select= thd->lex->current_select;
thd->lex->current_select= select_lex;
@@ -1921,12 +1925,15 @@ int subselect_single_select_engine::exec()
{
SELECT_LEX_UNIT *unit= select_lex->master_unit();
+ DBUG_EXECUTE_IF("bug11747970_simulate_error",
+ DBUG_SET("+d,bug11747970_raise_error"););
+
optimized= 1;
unit->set_limit(unit->global_parameters);
if (join->optimize())
{
thd->where= save_where;
- executed= 1;
+ optimize_error= 1;
thd->lex->current_select= save_select;
DBUG_RETURN(join->error ? join->error : 1);
}
diff --git a/sql/item_subselect.h b/sql/item_subselect.h
index 6822dace6bb..775e4b4b317 100644
--- a/sql/item_subselect.h
+++ b/sql/item_subselect.h
@@ -432,6 +432,7 @@ class subselect_single_select_engine: public subselect_engine
my_bool prepared; /* simple subselect is prepared */
my_bool optimized; /* simple subselect is optimized */
my_bool executed; /* simple subselect is executed */
+ my_bool optimize_error; ///< simple subselect optimization failed
st_select_lex *select_lex; /* corresponding select_lex */
JOIN * join; /* corresponding JOIN structure */
public:
diff --git a/sql/my_decimal.h b/sql/my_decimal.h
index a8f2a460abf..72692e54d35 100644
--- a/sql/my_decimal.h
+++ b/sql/my_decimal.h
@@ -93,25 +93,51 @@ inline int my_decimal_int_part(uint precision, uint decimals)
class my_decimal :public decimal_t
{
+ /*
+ Several of the routines in strings/decimal.c have had buffer
+ overrun/underrun problems. These are *not* caught by valgrind.
+ To catch them, we allocate dummy fields around the buffer,
+ and test that their values do not change.
+ */
+#if !defined(DBUG_OFF) && defined(HAVE_valgrind)
+ int foo1;
+#endif
+
decimal_digit_t buffer[DECIMAL_BUFF_LENGTH];
+#if !defined(DBUG_OFF)
+ int foo2;
+ static const int test_value= 123;
+#endif
+
public:
void init()
{
+#if !defined(DBUG_OFF)
+ foo1= test_value;
+ foo2= test_value;
+#endif
len= DECIMAL_BUFF_LENGTH;
buf= buffer;
-#if !defined (HAVE_valgrind) && !defined(DBUG_OFF)
- /* Set buffer to 'random' value to find wrong buffer usage */
- for (uint i= 0; i < DECIMAL_BUFF_LENGTH; i++)
- buffer[i]= i;
-#endif
+ TRASH(buffer, sizeof(buffer));
}
my_decimal()
{
init();
}
+ ~my_decimal()
+ {
+ sanity_check();
+ }
+
+ void sanity_check()
+ {
+ DBUG_ASSERT(foo1 == test_value);
+ DBUG_ASSERT(foo2 == test_value);
+ }
+
void fix_buffer_pointer() { buf= buffer; }
bool sign() const { return decimal_t::sign; }
diff --git a/sql/share/errmsg.txt b/sql/share/errmsg.txt
index 0f9e2a24a93..001bea9de88 100644
--- a/sql/share/errmsg.txt
+++ b/sql/share/errmsg.txt
@@ -2494,10 +2494,10 @@ ER_TOO_BIG_SELECT 42000
cze "Zadan-Bý SELECT by procházel pøíli¹ mnoho záznamù a trval velmi dlouho. Zkontrolujte tvar WHERE a je-li SELECT v poøádku, pou¾ijte SET SQL_BIG_SELECTS=1"
dan "SELECT ville undersøge for mange poster og ville sandsynligvis tage meget lang tid. Undersøg WHERE delen og brug SET SQL_BIG_SELECTS=1 hvis udtrykket er korrekt"
nla "Het SELECT-statement zou te veel records analyseren en dus veel tijd in beslagnemen. Kijk het WHERE-gedeelte van de query na en kies SET SQL_BIG_SELECTS=1 als het stament in orde is."
- eng "The SELECT would examine more than MAX_JOIN_SIZE rows; check your WHERE and use SET SQL_BIG_SELECTS=1 or SET SQL_MAX_JOIN_SIZE=# if the SELECT is okay"
+ eng "The SELECT would examine more than MAX_JOIN_SIZE rows; check your WHERE and use SET SQL_BIG_SELECTS=1 or SET MAX_JOIN_SIZE=# if the SELECT is okay"
est "SELECT lause peab läbi vaatama suure hulga kirjeid ja võtaks tõenäoliselt liiga kaua aega. Tasub kontrollida WHERE klauslit ja vajadusel kasutada käsku SET SQL_BIG_SELECTS=1"
fre "SELECT va devoir examiner beaucoup d'enregistrements ce qui va prendre du temps. Vérifiez la clause WHERE et utilisez SET SQL_BIG_SELECTS=1 si SELECT se passe bien"
- ger "Die Ausführung des SELECT würde zu viele Datensätze untersuchen und wahrscheinlich sehr lange dauern. Bitte WHERE-Klausel überprüfen und gegebenenfalls SET SQL_BIG_SELECTS=1 oder SET SQL_MAX_JOIN_SIZE=# verwenden"
+ ger "Die Ausführung des SELECT würde zu viele Datensätze untersuchen und wahrscheinlich sehr lange dauern. Bitte WHERE-Klausel überprüfen und gegebenenfalls SET SQL_BIG_SELECTS=1 oder SET MAX_JOIN_SIZE=# verwenden"
greek "Ôï SELECT èá åîåôÜóåé ìåãÜëï áñéèìü åããñáöþí êáé ðéèáíþò èá êáèõóôåñÞóåé. Ðáñáêáëþ åîåôÜóôå ôéò ðáñáìÝôñïõò ôïõ WHERE êáé ÷ñçóéìïðïéåßóôå SET SQL_BIG_SELECTS=1 áí ôï SELECT åßíáé óùóôü"
hun "A SELECT tul sok rekordot fog megvizsgalni es nagyon sokaig fog tartani. Ellenorizze a WHERE-t es hasznalja a SET SQL_BIG_SELECTS=1 beallitast, ha a SELECT okay"
ita "La SELECT dovrebbe esaminare troppi record e usare troppo tempo. Controllare la WHERE e usa SET SQL_BIG_SELECTS=1 se e` tutto a posto."
diff --git a/sql/sp_head.cc b/sql/sp_head.cc
index 7d3bd52ffe2..67ec830d902 100644
--- a/sql/sp_head.cc
+++ b/sql/sp_head.cc
@@ -1029,12 +1029,22 @@ subst_spvars(THD *thd, sp_instr *instr, LEX_STRING *query_str)
/*
Allocate additional space at the end of the new query string for the
query_cache_send_result_to_client function.
+
+ The query buffer layout is:
+ buffer :==
+ <statement> The input statement(s)
+ '\0' Terminating null char
+ <length> Length of following current database name (size_t)
+ <db_name> Name of current database
+ <flags> Flags struct
*/
- buf_len= qbuf.length() + thd->db_length + 1 + QUERY_CACHE_FLAGS_SIZE + 1;
+ buf_len= qbuf.length() + 1 + sizeof(size_t) + thd->db_length +
+ QUERY_CACHE_FLAGS_SIZE + 1;
if ((pbuf= (char *) alloc_root(thd->mem_root, buf_len)))
{
memcpy(pbuf, qbuf.ptr(), qbuf.length());
pbuf[qbuf.length()]= 0;
+ memcpy(pbuf+qbuf.length()+1, (char *) &thd->db_length, sizeof(size_t));
}
else
DBUG_RETURN(TRUE);
diff --git a/sql/sql_cache.cc b/sql/sql_cache.cc
index 1fa21d271c7..4a073aa0485 100644
--- a/sql/sql_cache.cc
+++ b/sql/sql_cache.cc
@@ -1260,8 +1260,8 @@ def_week_frmt: %lu, in_trans: %d, autocommit: %d",
/* Key is query + database + flag */
if (thd->db_length)
{
- memcpy(thd->query() + thd->query_length() + 1, thd->db,
- thd->db_length);
+ memcpy(thd->query() + thd->query_length() + 1 + sizeof(size_t),
+ thd->db, thd->db_length);
DBUG_PRINT("qcache", ("database: %s length: %u",
thd->db, (unsigned) thd->db_length));
}
@@ -1270,7 +1270,7 @@ def_week_frmt: %lu, in_trans: %d, autocommit: %d",
DBUG_PRINT("qcache", ("No active database"));
}
tot_length= thd->query_length() + thd->db_length + 1 +
- QUERY_CACHE_FLAGS_SIZE;
+ sizeof(size_t) + QUERY_CACHE_FLAGS_SIZE;
/*
We should only copy structure (don't use it location directly)
because of alignment issue
@@ -1484,7 +1484,29 @@ Query_cache::send_result_to_client(THD *thd, char *sql, uint query_length)
goto err;
}
}
+ {
+ /*
+ We have allocated buffer space (in alloc_query) to hold the
+ SQL statement(s) + the current database name + a flags struct.
+ If the database name has changed during execution, which might
+ happen if there are multiple statements, we need to make
+ sure the new current database has a name with the same length
+ as the previous one.
+ */
+ size_t db_len;
+ memcpy((char *) &db_len, (sql + query_length + 1), sizeof(size_t));
+ if (thd->db_length != db_len)
+ {
+ /*
+ We should probably reallocate the buffer in this case,
+ but for now we just leave it uncached
+ */
+ DBUG_PRINT("qcache",
+ ("Current database has changed since start of query"));
+ goto err;
+ }
+ }
/*
Try to obtain an exclusive lock on the query cache. If the cache is
disabled or if a full cache flush is in progress, the attempt to
@@ -1506,10 +1528,12 @@ Query_cache::send_result_to_client(THD *thd, char *sql, uint query_length)
Query_cache_block *query_block;
- tot_length= query_length + thd->db_length + 1 + QUERY_CACHE_FLAGS_SIZE;
+ tot_length= query_length + 1 + sizeof(size_t) +
+ thd->db_length + QUERY_CACHE_FLAGS_SIZE;
+
if (thd->db_length)
{
- memcpy(sql+query_length+1, thd->db, thd->db_length);
+ memcpy(sql + query_length + 1 + sizeof(size_t), thd->db, thd->db_length);
DBUG_PRINT("qcache", ("database: '%s' length: %u",
thd->db, (unsigned)thd->db_length));
}
diff --git a/sql/sql_insert.cc b/sql/sql_insert.cc
index 07cf499f134..171e49aa7d6 100644
--- a/sql/sql_insert.cc
+++ b/sql/sql_insert.cc
@@ -63,6 +63,8 @@
#include "slave.h"
#include "rpl_mi.h"
+#include "debug_sync.h"
+
#ifndef EMBEDDED_LIBRARY
static bool delayed_get_table(THD *thd, TABLE_LIST *table_list);
static int write_delayed(THD *thd, TABLE *table, enum_duplicates duplic,
@@ -1437,6 +1439,8 @@ int write_record(THD *thd, TABLE *table,COPY_INFO *info)
error= HA_ERR_FOUND_DUPP_KEY; /* Database can't find key */
goto err;
}
+ DEBUG_SYNC(thd, "write_row_replace");
+
/* Read all columns for the row we are going to replace */
table->use_all_columns();
/*
@@ -1630,6 +1634,7 @@ int write_record(THD *thd, TABLE *table,COPY_INFO *info)
}
else if ((error=table->file->ha_write_row(table->record[0])))
{
+ DEBUG_SYNC(thd, "write_row_noreplace");
if (!info->ignore ||
table->file->is_fatal_error(error, HA_CHECK_DUP))
goto err;
diff --git a/sql/sql_lex.cc b/sql/sql_lex.cc
index 82c375fe045..cbb3782114a 100644
--- a/sql/sql_lex.cc
+++ b/sql/sql_lex.cc
@@ -2007,6 +2007,9 @@ bool st_select_lex::setup_ref_array(THD *thd, uint order_group_num)
if (ref_pointer_array)
return 0;
+ // find_order_in_list() may need some extra space, so multiply by two.
+ order_group_num*= 2;
+
/*
We have to create array in prepared statement memory if it is
prepared statement
diff --git a/sql/sql_parse.cc b/sql/sql_parse.cc
index 28723713fe7..41f308a2ce4 100644
--- a/sql/sql_parse.cc
+++ b/sql/sql_parse.cc
@@ -503,6 +503,8 @@ static void handle_bootstrap_impl(THD *thd)
query= (char *) thd->memdup_w_gap(buff, length + 1,
thd->db_length + 1 +
QUERY_CACHE_FLAGS_SIZE);
+ size_t db_len= 0;
+ memcpy(query + length + 1, (char *) &db_len, sizeof(size_t));
thd->set_query(query, length);
DBUG_PRINT("query",("%-.4096s", thd->query()));
#if defined(ENABLED_PROFILING) && defined(COMMUNITY_SERVER)
@@ -1513,6 +1515,14 @@ bool dispatch_command(enum enum_server_command command, THD *thd,
case COM_REFRESH:
{
int not_used;
+
+ /*
+ Initialize thd->lex since it's used in many base functions, such as
+ open_tables(). Otherwise, it remains unitialized and may cause crash
+ during execution of COM_REFRESH.
+ */
+ lex_start(thd);
+
status_var_increment(thd->status_var.com_stat[SQLCOM_FLUSH]);
ulong options= (ulong) (uchar) packet[0];
if (check_global_access(thd,RELOAD_ACL))
@@ -1960,13 +1970,30 @@ bool alloc_query(THD *thd, const char *packet, uint packet_length)
pos--;
packet_length--;
}
- /* We must allocate some extra memory for query cache */
+ /* We must allocate some extra memory for query cache
+
+ The query buffer layout is:
+ buffer :==
+ <statement> The input statement(s)
+ '\0' Terminating null char (1 byte)
+ <length> Length of following current database name (size_t)
+ <db_name> Name of current database
+ <flags> Flags struct
+ */
if (! (query= (char*) thd->memdup_w_gap(packet,
packet_length,
- 1 + thd->db_length +
+ 1 + sizeof(size_t) + thd->db_length +
QUERY_CACHE_FLAGS_SIZE)))
return TRUE;
query[packet_length]= '\0';
+ /*
+ Space to hold the name of the current database is allocated. We
+ also store this length, in case current database is changed during
+ execution. We might need to reallocate the 'query' buffer
+ */
+ char *len_pos = (query + packet_length + 1);
+ memcpy(len_pos, (char *) &thd->db_length, sizeof(size_t));
+
thd->set_query(query, packet_length);
/* Reclaim some memory */
@@ -7105,7 +7132,14 @@ bool reload_acl_and_cache(THD *thd, ulong options, TABLE_LIST *tables,
if (ha_flush_logs(NULL))
result=1;
if (flush_error_log())
- result=1;
+ {
+ /*
+ When flush_error_log() failed, my_error() has not been called.
+ So, we have to do it here to keep the protocol.
+ */
+ my_error(ER_UNKNOWN_ERROR, MYF(0));
+ result= 1;
+ }
}
#ifdef HAVE_QUERY_CACHE
if (options & REFRESH_QUERY_CACHE_FREE)
@@ -7154,7 +7188,13 @@ bool reload_acl_and_cache(THD *thd, ulong options, TABLE_LIST *tables,
return 1; // Killed
if (close_cached_tables(thd, tables, FALSE, (options & REFRESH_FAST) ?
FALSE : TRUE, TRUE))
- result= 1;
+ {
+ /*
+ NOTE: my_error() has been already called by reopen_tables() within
+ close_cached_tables().
+ */
+ result= 1;
+ }
if (make_global_read_lock_block_commit(thd)) // Killed
{
@@ -7167,7 +7207,13 @@ bool reload_acl_and_cache(THD *thd, ulong options, TABLE_LIST *tables,
{
if (close_cached_tables(thd, tables, FALSE, (options & REFRESH_FAST) ?
FALSE : TRUE, FALSE))
+ {
+ /*
+ NOTE: my_error() has been already called by reopen_tables() within
+ close_cached_tables().
+ */
result= 1;
+ }
}
my_dbopt_cleanup();
}
@@ -7184,7 +7230,8 @@ bool reload_acl_and_cache(THD *thd, ulong options, TABLE_LIST *tables,
tmp_write_to_binlog= 0;
if (reset_master(thd))
{
- result=1;
+ /* NOTE: my_error() has been already called by reset_master(). */
+ result= 1;
}
}
#endif
@@ -7192,7 +7239,10 @@ bool reload_acl_and_cache(THD *thd, ulong options, TABLE_LIST *tables,
if (options & REFRESH_DES_KEY_FILE)
{
if (des_key_file && load_des_key_file(des_key_file))
- result= 1;
+ {
+ /* NOTE: my_error() has been already called by load_des_key_file(). */
+ result= 1;
+ }
}
#endif
#ifdef HAVE_REPLICATION
@@ -7201,7 +7251,10 @@ bool reload_acl_and_cache(THD *thd, ulong options, TABLE_LIST *tables,
tmp_write_to_binlog= 0;
pthread_mutex_lock(&LOCK_active_mi);
if (reset_slave(thd, active_mi))
- result=1;
+ {
+ /* NOTE: my_error() has been already called by reset_slave(). */
+ result= 1;
+ }
pthread_mutex_unlock(&LOCK_active_mi);
}
#endif
diff --git a/sql/sql_select.cc b/sql/sql_select.cc
index b79bb8ef604..8b7261a8712 100644
--- a/sql/sql_select.cc
+++ b/sql/sql_select.cc
@@ -2691,6 +2691,16 @@ make_join_statistics(JOIN *join, TABLE_LIST *tables_arg, COND *conds,
table_vector[i]=s->table=table=tables->table;
table->pos_in_table_list= tables;
error= table->file->info(HA_STATUS_VARIABLE | HA_STATUS_NO_LOCK);
+
+ DBUG_EXECUTE_IF("bug11747970_raise_error",
+ {
+ if (!error)
+ {
+ my_error(ER_UNKNOWN_ERROR, MYF(0));
+ goto error;
+ }
+ });
+
if (error)
{
table->file->print_error(error, MYF(0));
@@ -10769,6 +10779,9 @@ create_tmp_table(THD *thd,TMP_TABLE_PARAM *param,List<Item> &fields,
if (open_tmp_table(table))
goto err;
+ // Make empty record so random data is not written to disk
+ empty_record(table);
+
thd->mem_root= mem_root_save;
DBUG_RETURN(table);
diff --git a/sql/sql_string.cc b/sql/sql_string.cc
index a997a0eb258..d56766f8994 100644
--- a/sql/sql_string.cc
+++ b/sql/sql_string.cc
@@ -122,7 +122,7 @@ bool String::set_int(longlong num, bool unsigned_flag, CHARSET_INFO *cs)
bool String::set_real(double num,uint decimals, CHARSET_INFO *cs)
{
- char buff[331];
+ char buff[FLOATING_POINT_BUFFER];
uint dummy_errors;
str_charset=cs;
@@ -191,7 +191,10 @@ end:
#else
#ifdef HAVE_SNPRINTF
buff[sizeof(buff)-1]=0; // Safety
- snprintf(buff,sizeof(buff)-1, "%.*f",(int) decimals,num);
+ IF_DBUG(int num_chars= )
+ snprintf(buff, sizeof(buff)-1, "%.*f",(int) decimals, num);
+ DBUG_ASSERT(num_chars > 0);
+ DBUG_ASSERT(num_chars < (int) sizeof(buff));
#else
sprintf(buff,"%.*f",(int) decimals,num);
#endif
diff --git a/sql/sql_table.cc b/sql/sql_table.cc
index b69c538322d..7328157182d 100644
--- a/sql/sql_table.cc
+++ b/sql/sql_table.cc
@@ -7088,7 +7088,7 @@ view_err:
need_copy_table= ALTER_TABLE_DATA_CHANGED;
else
{
- enum_alter_table_change_level need_copy_table_res;
+ enum_alter_table_change_level need_copy_table_res=ALTER_TABLE_METADATA_ONLY;
/* Check how much the tables differ. */
if (compare_tables(table, alter_info,
create_info, order_num,
diff --git a/sql/sql_union.cc b/sql/sql_union.cc
index 6a6c91f90df..bcdbf81836a 100644
--- a/sql/sql_union.cc
+++ b/sql/sql_union.cc
@@ -1,5 +1,4 @@
-/*
- Copyright (c) 2001, 2010, Oracle and/or its affiliates.
+/* Copyright (c) 2000, 2011, Oracle and/or its affiliates.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@@ -411,15 +410,27 @@ bool st_select_lex_unit::prepare(THD *thd_arg, select_result *sel_result,
fake_select_lex->table_list.empty();
DBUG_RETURN(TRUE);
}
+
+ /*
+ Fake st_select_lex should have item list for correct ref_array
+ allocation.
+ */
fake_select_lex->item_list= item_list;
thd_arg->lex->current_select= fake_select_lex;
+
+ /*
+ We need to add up n_sum_items in order to make the correct
+ allocation in setup_ref_array().
+ */
+ fake_select_lex->n_child_sum_items+= global_parameters->n_sum_items;
+
saved_error= fake_select_lex->join->
prepare(&fake_select_lex->ref_pointer_array,
fake_select_lex->table_list.first,
0, 0,
- fake_select_lex->order_list.elements,
- fake_select_lex->order_list.first,
+ global_parameters->order_list.elements, // og_num
+ global_parameters->order_list.first, // order
NULL, NULL, NULL,
fake_select_lex, this);
fake_select_lex->table_list.empty();
@@ -587,11 +598,21 @@ bool st_select_lex_unit::exec()
}
fake_select_lex->join->no_const_tables= TRUE;
- /*
- Fake st_select_lex should have item list for correctref_array
- allocation.
- */
- fake_select_lex->item_list= item_list;
+ /*
+ Fake st_select_lex should have item list for correct ref_array
+ allocation.
+ */
+ fake_select_lex->item_list= item_list;
+
+ /*
+ We need to add up n_sum_items in order to make the correct
+ allocation in setup_ref_array().
+ Don't add more sum_items if we have already done JOIN::prepare
+ for this (with a different join object)
+ */
+ if (!fake_select_lex->ref_pointer_array)
+ fake_select_lex->n_child_sum_items+= global_parameters->n_sum_items;
+
saved_error= mysql_select(thd, &fake_select_lex->ref_pointer_array,
&result_table_list,
0, item_list, NULL,
diff --git a/sql/sql_view.cc b/sql/sql_view.cc
index e4695b09234..df9df89f972 100644
--- a/sql/sql_view.cc
+++ b/sql/sql_view.cc
@@ -1267,8 +1267,39 @@ bool mysql_make_view(THD *thd, File_parser *parser, TABLE_LIST *table,
if (!table->prelocking_placeholder &&
(old_lex->sql_command == SQLCOM_SELECT && old_lex->describe))
{
- if (check_table_access(thd, SELECT_ACL, view_tables, UINT_MAX, TRUE) &&
- check_table_access(thd, SHOW_VIEW_ACL, table, UINT_MAX, TRUE))
+ /*
+ The user we run EXPLAIN as (either the connected user who issued
+ the EXPLAIN statement, or the definer of a SUID stored routine
+ which contains the EXPLAIN) should have both SHOW_VIEW_ACL and
+ SELECT_ACL on the view being opened as well as on all underlying
+ views since EXPLAIN will disclose their structure. This user also
+ should have SELECT_ACL on all underlying tables of the view since
+ this EXPLAIN will disclose information about the number of rows in it.
+
+ To perform this privilege check we create auxiliary TABLE_LIST object
+ for the view in order a) to avoid trashing "table->grant" member for
+ original table list element, which contents can be important at later
+ stage for column-level privilege checking b) get TABLE_LIST object
+ with "security_ctx" member set to 0, i.e. forcing check_table_access()
+ to use active user's security context.
+
+ There is no need for creating similar copies of TABLE_LIST elements
+ for underlying tables since they just have been constructed and thus
+ have TABLE_LIST::security_ctx == 0 and fresh TABLE_LIST::grant member.
+
+ Finally at this point making sure we have SHOW_VIEW_ACL on the views
+ will suffice as we implicitly require SELECT_ACL anyway.
+ */
+
+ TABLE_LIST view_no_suid;
+ bzero(static_cast<void *>(&view_no_suid), sizeof(TABLE_LIST));
+ view_no_suid.db= table->db;
+ view_no_suid.table_name= table->table_name;
+
+ DBUG_ASSERT(view_tables == NULL || view_tables->security_ctx == NULL);
+
+ if (check_table_access(thd, SELECT_ACL, view_tables, UINT_MAX, TRUE) ||
+ check_table_access(thd, SHOW_VIEW_ACL, &view_no_suid, UINT_MAX, TRUE))
{
my_message(ER_VIEW_NO_EXPLAIN, ER(ER_VIEW_NO_EXPLAIN), MYF(0));
goto err;
diff --git a/sql/sql_yacc.yy b/sql/sql_yacc.yy
index 1741a1197fe..29fc39f9cc6 100644
--- a/sql/sql_yacc.yy
+++ b/sql/sql_yacc.yy
@@ -8051,6 +8051,11 @@ function_call_generic:
Create_func *builder;
Item *item= NULL;
+ if (check_routine_name(&$1))
+ {
+ MYSQL_YYABORT;
+ }
+
/*
Implementation note:
names are resolved with the following order:
@@ -8114,6 +8119,16 @@ function_call_generic:
version() (a vendor can specify any schema).
*/
+ if (!$1.str || check_db_name(&$1))
+ {
+ my_error(ER_WRONG_DB_NAME, MYF(0), $1.str);
+ MYSQL_YYABORT;
+ }
+ if (check_routine_name(&$3))
+ {
+ MYSQL_YYABORT;
+ }
+
builder= find_qualified_function_builder(thd);
DBUG_ASSERT(builder);
item= builder->create_with_db(thd, $1, $3, true, $5);
diff --git a/sql/unireg.h b/sql/unireg.h
index b0530931ac6..fd9d4e846bc 100644
--- a/sql/unireg.h
+++ b/sql/unireg.h
@@ -210,7 +210,6 @@
*/
#define BIN_LOG_HEADER_SIZE 4
-#define FLOATING_POINT_BUFFER 331
#define DEFAULT_KEY_CACHE_NAME "default"
View Lorry Controller Status