diff options
49 files changed, 837 insertions, 51 deletions
diff --git a/.bzr-mysql/default.conf b/.bzr-mysql/default.conf index e613cefc614..77df77c6021 100644 --- a/.bzr-mysql/default.conf +++ b/.bzr-mysql/default.conf @@ -1,4 +1,4 @@ [MYSQL] -post_commit_to = "commits@lists.mysql.com" -post_push_to = "commits@lists.mysql.com" -tree_name = "mysql-5.1-bugteam" +post_commit_to = "dbg_mysql_security@sun.com" +post_push_to = "dbg_mysql_security@sun.com" +tree_name = "mysql-5.1-security" diff --git a/client/mysqltest.cc b/client/mysqltest.cc index 35ceaaaa5de..b473169b58b 100644 --- a/client/mysqltest.cc +++ b/client/mysqltest.cc @@ -441,7 +441,7 @@ struct st_command char *query, *query_buf,*first_argument,*last_argument,*end; DYNAMIC_STRING content; int first_word_len, query_len; - my_bool abort_on_error; + my_bool abort_on_error, used_replace; struct st_expected_errors expected_errors; char require_file[FN_REFLEN]; enum enum_commands type; @@ -3284,7 +3284,7 @@ static int get_list_files(DYNAMIC_STRING *ds, const DYNAMIC_STRING *ds_dirname, if (ds_wild && ds_wild->length && wild_compare(file->name, ds_wild->str, 0)) continue; - dynstr_append(ds, file->name); + replace_dynstr_append(ds, file->name); dynstr_append(ds, "\n"); } set_wild_chars(0); @@ -3314,6 +3314,7 @@ static void do_list_files(struct st_command *command) {"file", ARG_STRING, FALSE, &ds_wild, "Filename (incl. wildcard)"} }; DBUG_ENTER("do_list_files"); + command->used_replace= 1; check_command_args(command, command->first_argument, list_files_args, @@ -3355,6 +3356,7 @@ static void do_list_files_write_file_command(struct st_command *command, {"file", ARG_STRING, FALSE, &ds_wild, "Filename (incl. wildcard)"} }; DBUG_ENTER("do_list_files_write_file"); + command->used_replace= 1; check_command_args(command, command->first_argument, list_files_args, @@ -8386,7 +8388,7 @@ int main(int argc, char **argv) memset(&saved_expected_errors, 0, sizeof(saved_expected_errors)); } - if (command_executed != last_command_executed) + if (command_executed != last_command_executed || command->used_replace) { /* As soon as any command has been executed, diff --git a/mysql-test/r/ctype_latin1.result b/mysql-test/r/ctype_latin1.result index 763acd0fea0..66b2cbd8fc4 100644 --- a/mysql-test/r/ctype_latin1.result +++ b/mysql-test/r/ctype_latin1.result @@ -409,3 +409,11 @@ select hex(cast(_ascii 0x7f as char(1) character set latin1)); hex(cast(_ascii 0x7f as char(1) character set latin1)) 7F End of 5.0 tests +# +# Bug#58022 ... like ... escape export_set ( ... ) crashes when export_set returns warnings +# +SELECT '' LIKE '' ESCAPE EXPORT_SET(1, 1, 1, 1, ''); +'' LIKE '' ESCAPE EXPORT_SET(1, 1, 1, 1, '') +1 +Warnings: +Warning 1292 Truncated incorrect INTEGER value: '' diff --git a/mysql-test/r/ctype_ujis.result b/mysql-test/r/ctype_ujis.result index 540ba178756..765ad5a96ca 100644 --- a/mysql-test/r/ctype_ujis.result +++ b/mysql-test/r/ctype_ujis.result @@ -2374,6 +2374,16 @@ hex(convert(_latin1 0xA4A2 using ujis)) hex(c2) DROP PROCEDURE sp1; DROP TABLE t1; DROP TABLE t2; +# +# Bug#57257 Replace(ExtractValue(...)) causes MySQL crash +# +SET NAMES utf8; +SELECT CONVERT(REPLACE(EXPORT_SET('a','a','a','','a'),'00','') USING ujis); +CONVERT(REPLACE(EXPORT_SET('a','a','a','','a'),'00','') USING ujis) + +Warnings: +Warning 1292 Truncated incorrect INTEGER value: 'a' +Warning 1292 Truncated incorrect INTEGER value: 'a' set names default; set character_set_database=default; set character_set_server=default; diff --git a/mysql-test/r/ctype_utf8.result b/mysql-test/r/ctype_utf8.result index 4c21e66a39c..b491ce504bf 100644 --- a/mysql-test/r/ctype_utf8.result +++ b/mysql-test/r/ctype_utf8.result @@ -1898,3 +1898,34 @@ CONVERT(a, CHAR) CONVERT(b, CHAR) 70000 1092 DROP TABLE t1; End of 5.0 tests +SELECT LENGTH(RPAD(0.0115E88, 61297, _utf8'яэюя')); +LENGTH(RPAD(0.0115E88, 61297, _utf8'яэюя')) +61297 +SELECT LENGTH(RPAD(0.0115E88, 61297, _utf8'йцуя')); +LENGTH(RPAD(0.0115E88, 61297, _utf8'йцуя')) +61297 +SELECT HEX(RPAD(0x20, 2, _utf8 0xD18F)); +HEX(RPAD(0x20, 2, _utf8 0xD18F)) +20D1 +SELECT HEX(RPAD(0x20, 4, _utf8 0xD18F)); +HEX(RPAD(0x20, 4, _utf8 0xD18F)) +20D18FD1 +SELECT HEX(LPAD(0x20, 2, _utf8 0xD18F)); +HEX(LPAD(0x20, 2, _utf8 0xD18F)) +D120 +SELECT HEX(LPAD(0x20, 4, _utf8 0xD18F)); +HEX(LPAD(0x20, 4, _utf8 0xD18F)) +D18FD120 +SELECT HEX(RPAD(_utf8 0xD18F, 3, 0x20)); +HEX(RPAD(_utf8 0xD18F, 3, 0x20)) +D18F20 +SELECT HEX(LPAD(_utf8 0xD18F, 3, 0x20)); +HEX(LPAD(_utf8 0xD18F, 3, 0x20)) +20D18F +SELECT HEX(INSERT(_utf8 0xD18F, 2, 1, 0x20)); +HEX(INSERT(_utf8 0xD18F, 2, 1, 0x20)) +D120 +SELECT HEX(INSERT(_utf8 0xD18FD18E, 2, 1, 0x20)); +HEX(INSERT(_utf8 0xD18FD18E, 2, 1, 0x20)) +D120D18E +End of 5.1 tests diff --git a/mysql-test/r/date_formats.result b/mysql-test/r/date_formats.result index 7e185daa668..a919a6f8c5e 100644 --- a/mysql-test/r/date_formats.result +++ b/mysql-test/r/date_formats.result @@ -609,3 +609,17 @@ SELECT DATE_FORMAT("2009-01-01",'%W %d %M %Y') as valid_date; valid_date Thursday 01 January 2009 "End of 5.0 tests" +# +# Start of 5.1 tests +# +# +# Bug#58005 utf8 + get_format causes failed assertion: !str || str != Ptr' +# +SET NAMES utf8; +SELECT LEAST('%', GET_FORMAT(datetime, 'eur'), CAST(GET_FORMAT(datetime, 'eur') AS CHAR(65535))); +LEAST('%', GET_FORMAT(datetime, 'eur'), CAST(GET_FORMAT(datetime, 'eur') AS CHAR(65535))) +% +SET NAMES latin1; +# +# End of 5.1 tests +# diff --git a/mysql-test/r/explain.result b/mysql-test/r/explain.result index f46fe8daaad..4bc6c0409f3 100644 --- a/mysql-test/r/explain.result +++ b/mysql-test/r/explain.result @@ -251,4 +251,50 @@ EXPLAIN SELECT c1 FROM t1 WHERE c2 = 1 AND c4 = 1 AND c5 = 1; id select_type table type possible_keys key key_len ref rows Extra 1 SIMPLE t1 ref c2,c2_2 c2 10 const,const 3 Using where DROP TABLE t1; +# +# Bug#56814 Explain + subselect + fulltext crashes server +# +CREATE TABLE t1(f1 VARCHAR(6) NOT NULL, +FULLTEXT KEY(f1),UNIQUE(f1)); +INSERT INTO t1 VALUES ('test'); +EXPLAIN SELECT 1 FROM t1 +WHERE 1 > ALL((SELECT 1 FROM t1 JOIN t1 a ON (MATCH(t1.f1) AGAINST ("")) +WHERE t1.f1 GROUP BY t1.f1)); +id select_type table type possible_keys key key_len ref rows Extra +1 PRIMARY t1 system NULL NULL NULL NULL 1 +2 SUBQUERY a system NULL NULL NULL NULL 1 Using filesort +2 SUBQUERY t1 fulltext f1 f1 0 1 Using where +PREPARE stmt FROM +'EXPLAIN SELECT 1 FROM t1 + WHERE 1 > ALL((SELECT 1 FROM t1 RIGHT OUTER JOIN t1 a + ON (MATCH(t1.f1) AGAINST ("")) + WHERE t1.f1 GROUP BY t1.f1))'; +EXECUTE stmt; +id select_type table type possible_keys key key_len ref rows Extra +1 PRIMARY t1 system NULL NULL NULL NULL 1 +2 SUBQUERY a system NULL NULL NULL NULL 1 Using filesort +2 SUBQUERY t1 fulltext f1 f1 0 1 Using where +EXECUTE stmt; +id select_type table type possible_keys key key_len ref rows Extra +1 PRIMARY t1 system NULL NULL NULL NULL 1 +2 SUBQUERY a system NULL NULL NULL NULL 1 Using filesort +2 SUBQUERY t1 fulltext f1 f1 0 1 Using where +DEALLOCATE PREPARE stmt; +PREPARE stmt FROM +'EXPLAIN SELECT 1 FROM t1 + WHERE 1 > ALL((SELECT 1 FROM t1 JOIN t1 a + ON (MATCH(t1.f1) AGAINST ("")) + WHERE t1.f1 GROUP BY t1.f1))'; +EXECUTE stmt; +id select_type table type possible_keys key key_len ref rows Extra +1 PRIMARY t1 system NULL NULL NULL NULL 1 +2 SUBQUERY a system NULL NULL NULL NULL 1 Using filesort +2 SUBQUERY t1 fulltext f1 f1 0 1 Using where +EXECUTE stmt; +id select_type table type possible_keys key key_len ref rows Extra +1 PRIMARY t1 system NULL NULL NULL NULL 1 +2 SUBQUERY a system NULL NULL NULL NULL 1 Using filesort +2 SUBQUERY t1 fulltext f1 f1 0 1 Using where +DEALLOCATE PREPARE stmt; +DROP TABLE t1; End of 5.1 tests. diff --git a/mysql-test/r/fulltext.result b/mysql-test/r/fulltext.result index 806675edc5a..4f406f5032c 100644 --- a/mysql-test/r/fulltext.result +++ b/mysql-test/r/fulltext.result @@ -644,4 +644,40 @@ Table Op Msg_type Msg_text test.t1 repair status OK SET myisam_sort_buffer_size=@@global.myisam_sort_buffer_size; DROP TABLE t1; +# +# Bug#54484 explain + prepared statement: crash and Got error -1 from storage engine +# +CREATE TABLE t1(f1 VARCHAR(6) NOT NULL, FULLTEXT KEY(f1), UNIQUE(f1)); +INSERT INTO t1 VALUES ('test'); +SELECT 1 FROM t1 WHERE 1 > +ALL((SELECT 1 FROM t1 JOIN t1 a +ON (MATCH(t1.f1) against ("")) +WHERE t1.f1 GROUP BY t1.f1)) xor f1; +1 +1 +PREPARE stmt FROM +'SELECT 1 FROM t1 WHERE 1 > + ALL((SELECT 1 FROM t1 RIGHT OUTER JOIN t1 a + ON (MATCH(t1.f1) against ("")) + WHERE t1.f1 GROUP BY t1.f1)) xor f1'; +EXECUTE stmt; +1 +1 +EXECUTE stmt; +1 +1 +DEALLOCATE PREPARE stmt; +PREPARE stmt FROM +'SELECT 1 FROM t1 WHERE 1 > + ALL((SELECT 1 FROM t1 JOIN t1 a + ON (MATCH(t1.f1) against ("")) + WHERE t1.f1 GROUP BY t1.f1))'; +EXECUTE stmt; +1 +1 +EXECUTE stmt; +1 +1 +DEALLOCATE PREPARE stmt; +DROP TABLE t1; End of 5.1 tests diff --git a/mysql-test/r/func_gconcat.result b/mysql-test/r/func_gconcat.result index ae48eb1e0ff..de592ece285 100644 --- a/mysql-test/r/func_gconcat.result +++ b/mysql-test/r/func_gconcat.result @@ -1029,4 +1029,12 @@ GROUP_CONCAT(t1.a ORDER BY t1.a) 1,1,2,2 DEALLOCATE PREPARE stmt; DROP TABLE t1; +# +# Bug#57194 group_concat cause crash and/or invalid memory reads with type errors +# +CREATE TABLE t1(f1 int); +INSERT INTO t1 values (0),(0); +SELECT POLYGON((SELECT 1 FROM (SELECT 1 IN (GROUP_CONCAT(t1.f1)) FROM t1, t1 t GROUP BY t.f1 ) d)); +ERROR 22007: Illegal non geometric '(select 1 from (select (1 = group_concat(`test`.`t1`.`f1` separator ',')) AS `1 IN (GROUP_CONCAT(t1.f1))` from `test`.`t1` join `test`.`t1` `t` group by `t`.`f1`) `d`)' value found during parsing +DROP TABLE t1; End of 5.1 tests diff --git a/mysql-test/r/func_math.result b/mysql-test/r/func_math.result index fd7ef72409e..649232e0b05 100644 --- a/mysql-test/r/func_math.result +++ b/mysql-test/r/func_math.result @@ -482,4 +482,20 @@ RAND(i) 0.155220427694936 DROP TABLE t1; # +# Bug#57477 SIGFPE when dividing a huge number a negative number +# +SELECT -9999999999999999991 DIV -1; +-9999999999999999991 DIV -1 +-9223372036854775808 +Warnings: +Error 1292 Truncated incorrect DECIMAL value: '' +SELECT -9223372036854775808 DIV -1; +-9223372036854775808 DIV -1 +-9223372036854775808 +SELECT -9223372036854775808 MOD -1; +-9223372036854775808 MOD -1 +0 +SELECT -9223372036854775808999 MOD -1; +-9223372036854775808999 MOD -1 +0 End of 5.1 tests diff --git a/mysql-test/r/func_misc.result b/mysql-test/r/func_misc.result index eee56ae7461..082b6eb50c2 100644 --- a/mysql-test/r/func_misc.result +++ b/mysql-test/r/func_misc.result @@ -351,4 +351,10 @@ GREATEST(a, (SELECT b FROM t1 LIMIT 1)) 3 1 DROP TABLE t1; +SELECT INET_NTOA(0); +INET_NTOA(0) +0.0.0.0 +SELECT '1' IN ('1', INET_NTOA(0)); +'1' IN ('1', INET_NTOA(0)) +1 End of tests diff --git a/mysql-test/r/group_by.result b/mysql-test/r/group_by.result index f74584f6bcf..83f1f220023 100644 --- a/mysql-test/r/group_by.result +++ b/mysql-test/r/group_by.result @@ -1845,4 +1845,14 @@ SELECT SUBSTRING(a,1,10), LENGTH(a) FROM t1 GROUP BY a; SUBSTRING(a,1,10) LENGTH(a) 1111111111 1300 DROP TABLE t1; +# +# Bug#57688 Assertion `!table || (!table->write_set || bitmap_is_set(table->write_set, field +# +CREATE TABLE t1(f1 INT NOT NULL); +INSERT INTO t1 VALUES (16777214),(0); +SELECT COUNT(*) FROM t1 LEFT JOIN t1 t2 +ON 1 WHERE t2.f1 > 1 GROUP BY t2.f1; +COUNT(*) +2 +DROP TABLE t1; # End of 5.1 tests diff --git a/mysql-test/r/join_outer.result b/mysql-test/r/join_outer.result index 8e438934b23..d9c4ac5478e 100644 --- a/mysql-test/r/join_outer.result +++ b/mysql-test/r/join_outer.result @@ -1397,4 +1397,34 @@ id select_type table type possible_keys key key_len ref rows filtered Extra Warnings: Note 1003 select straight_join `test`.`jt1`.`f1` AS `f1` from `test`.`t1` `jt6` left join (`test`.`t1` `jt3` join `test`.`t1` `jt4` left join `test`.`t1` `jt5` on(1) left join `test`.`t1` `jt2` on(1)) on((`test`.`jt6`.`f1` and 1)) left join `test`.`t1` `jt1` on(1) where 1 DROP TABLE t1; +# +# Bug#57688 Assertion `!table || (!table->write_set || bitmap_is_set(table->write_set, field +# +CREATE TABLE t1 (f1 INT NOT NULL, PRIMARY KEY (f1)); +CREATE TABLE t2 (f1 INT NOT NULL, f2 INT NOT NULL, PRIMARY KEY (f1, f2)); +INSERT INTO t1 VALUES (4); +INSERT INTO t2 VALUES (3, 3); +INSERT INTO t2 VALUES (7, 7); +EXPLAIN SELECT * FROM t1 LEFT JOIN t2 ON t2.f1 = t1.f1 +WHERE t1.f1 = 4 +GROUP BY t2.f1, t2.f2; +id select_type table type possible_keys key key_len ref rows Extra +1 SIMPLE t1 system PRIMARY NULL NULL NULL 1 Using temporary; Using filesort +1 SIMPLE t2 ref PRIMARY PRIMARY 4 const 1 Using index +SELECT * FROM t1 LEFT JOIN t2 ON t2.f1 = t1.f1 +WHERE t1.f1 = 4 +GROUP BY t2.f1, t2.f2; +f1 f1 f2 +4 NULL NULL +EXPLAIN SELECT * FROM t1 LEFT JOIN t2 ON t2.f1 = t1.f1 +WHERE t1.f1 = 4 AND t2.f1 IS NOT NULL AND t2.f2 IS NOT NULL +GROUP BY t2.f1, t2.f2; +id select_type table type possible_keys key key_len ref rows Extra +1 SIMPLE t1 system PRIMARY NULL NULL NULL 1 Using filesort +1 SIMPLE t2 ref PRIMARY PRIMARY 4 const 1 Using where; Using index +SELECT * FROM t1 LEFT JOIN t2 ON t2.f1 = t1.f1 +WHERE t1.f1 = 4 AND t2.f1 IS NOT NULL AND t2.f2 IS NOT NULL +GROUP BY t2.f1, t2.f2; +f1 f1 f2 +DROP TABLE t1,t2; End of 5.1 tests diff --git a/mysql-test/r/mysqltest.result b/mysql-test/r/mysqltest.result index 8afef65b66f..5acac076292 100644 --- a/mysql-test/r/mysqltest.result +++ b/mysql-test/r/mysqltest.result @@ -798,7 +798,7 @@ drop table t1; mysqltest: At line 1: change user failed: Unknown database 'inexistent' mysqltest: At line 1: change user failed: Access denied for user 'inexistent'@'localhost' (using password: NO) mysqltest: At line 1: change user failed: Access denied for user 'root'@'localhost' (using password: YES) -file1.txt +REPLACED_FILE1.txt file1.txt file2.txt file11.txt diff --git a/mysql-test/r/partition_innodb.result b/mysql-test/r/partition_innodb.result index 238fbf4662c..5fcb0e796b1 100644 --- a/mysql-test/r/partition_innodb.result +++ b/mysql-test/r/partition_innodb.result @@ -1,5 +1,31 @@ drop table if exists t1, t2; # +# Bug#56287: crash when using Partition datetime in sub in query +# +CREATE TABLE t1 +(c1 bigint(20) unsigned NOT NULL AUTO_INCREMENT, +c2 varchar(40) not null default '', +c3 datetime not NULL, +PRIMARY KEY (c1,c3), +KEY partidx(c3)) +ENGINE=InnoDB +PARTITION BY RANGE (TO_DAYS(c3)) +(PARTITION p200912 VALUES LESS THAN (to_days('2010-01-01')), +PARTITION p201103 VALUES LESS THAN (to_days('2011-04-01')), +PARTITION p201912 VALUES LESS THAN MAXVALUE); +insert into t1(c2,c3) values ("Test row",'2010-01-01 00:00:00'); +SELECT PARTITION_NAME, TABLE_ROWS FROM INFORMATION_SCHEMA.PARTITIONS WHERE TABLE_NAME = 't1' AND TABLE_SCHEMA = 'test'; +PARTITION_NAME TABLE_ROWS +p200912 0 +p201103 1 +p201912 0 +SELECT count(*) FROM t1 p where c3 in +(select c3 from t1 t where t.c3 < date '2011-04-26 19:19:44' + and t.c3 > date '2011-04-26 19:18:44') ; +count(*) +0 +DROP TABLE t1; +# # Bug#51830: Incorrect partition pruning on range partition (regression) # CREATE TABLE t1 (a INT NOT NULL) @@ -387,3 +413,9 @@ a b 3 2003-03-03 COMMIT; DROP TABLE t1; +CREATE TABLE t1 (i1 int NOT NULL primary key, f1 int) ENGINE = InnoDB +PARTITION BY HASH(i1) PARTITIONS 2; +INSERT INTO t1 VALUES (1,1), (2,2); +SELECT * FROM t1 WHERE i1 = ( SELECT i1 FROM t1 WHERE f1=0 LIMIT 1 ); +i1 f1 +DROP TABLE t1; diff --git a/mysql-test/r/partition_innodb_plugin.result b/mysql-test/r/partition_innodb_plugin.result index dd91eee316a..f6b5ce84338 100644 --- a/mysql-test/r/partition_innodb_plugin.result +++ b/mysql-test/r/partition_innodb_plugin.result @@ -1,3 +1,76 @@ +call mtr.add_suppression("nnoDB: Error: table `test`.`t1` .* Partition.* InnoDB internal"); +# +# Bug#55091: Server crashes on ADD PARTITION after a failed attempt +# +SET @old_innodb_file_format_check = @@global.innodb_file_format_check; +SET @old_innodb_file_format = @@global.innodb_file_format; +SET @old_innodb_file_per_table = @@global.innodb_file_per_table; +SET @old_innodb_strict_mode = @@global.innodb_strict_mode; +SET @@global.innodb_file_format = Barracuda, +@@global.innodb_file_per_table = ON, +@@global.innodb_strict_mode = ON; +# Connection con1 +CREATE TABLE t1 (id INT NOT NULL +PRIMARY KEY, +user_num CHAR(10) +) ENGINE = InnoDB +KEY_BLOCK_SIZE=4 +PARTITION BY HASH(id) PARTITIONS 1; +t1#P#p0.ibd +t1.frm +t1.par +SHOW CREATE TABLE t1; +Table Create Table +t1 CREATE TABLE `t1` ( + `id` int(11) NOT NULL, + `user_num` char(10) DEFAULT NULL, + PRIMARY KEY (`id`) +) ENGINE=InnoDB DEFAULT CHARSET=latin1 KEY_BLOCK_SIZE=4 +/*!50100 PARTITION BY HASH (id) +PARTITIONS 1 */ +SET GLOBAL innodb_file_per_table = OFF; +# Connection con2 +LOCK TABLE t1 WRITE; +# ALTER fails because COMPRESSED/KEY_BLOCK_SIZE +# are incompatible with innodb_file_per_table = OFF; +ALTER TABLE t1 ADD PARTITION PARTITIONS 1; +ERROR HY000: Got error 1478 from storage engine +t1#P#p0.ibd +t1.frm +t1.par +# This SET is not needed to reproduce the bug, +# it is here just to make the test case more realistic +SET innodb_strict_mode = OFF; +ALTER TABLE t1 ADD PARTITION PARTITIONS 2; +Warnings: +Warning 1478 InnoDB: KEY_BLOCK_SIZE requires innodb_file_per_table. +Warning 1478 InnoDB: ignoring KEY_BLOCK_SIZE=4. +Warning 1478 InnoDB: KEY_BLOCK_SIZE requires innodb_file_per_table. +Warning 1478 InnoDB: ignoring KEY_BLOCK_SIZE=4. +Warning 1478 InnoDB: KEY_BLOCK_SIZE requires innodb_file_per_table. +Warning 1478 InnoDB: ignoring KEY_BLOCK_SIZE=4. +t1.frm +t1.par +ALTER TABLE t1 REBUILD PARTITION p0; +Warnings: +Warning 1478 InnoDB: KEY_BLOCK_SIZE requires innodb_file_per_table. +Warning 1478 InnoDB: ignoring KEY_BLOCK_SIZE=4. +UNLOCK TABLES; +SHOW CREATE TABLE t1; +Table Create Table +t1 CREATE TABLE `t1` ( + `id` int(11) NOT NULL, + `user_num` char(10) DEFAULT NULL, + PRIMARY KEY (`id`) +) ENGINE=InnoDB DEFAULT CHARSET=latin1 KEY_BLOCK_SIZE=4 +/*!50100 PARTITION BY HASH (id) +PARTITIONS 3 */ +DROP TABLE t1; +# Connection default +SET @@global.innodb_strict_mode = @old_innodb_strict_mode; +SET @@global.innodb_file_format = @old_innodb_file_format; +SET @@global.innodb_file_per_table = @old_innodb_file_per_table; +SET @@global.innodb_file_format_check = @old_innodb_file_format_check; SET NAMES utf8; CREATE TABLE `t``\""e` (a INT, PRIMARY KEY (a)) ENGINE=InnoDB diff --git a/mysql-test/r/xml.result b/mysql-test/r/xml.result index fad2cab0e57..e6811789679 100644 --- a/mysql-test/r/xml.result +++ b/mysql-test/r/xml.result @@ -1093,4 +1093,17 @@ Warnings: Warning 1525 Incorrect XML value: 'parse error at line 1 pos 23: unexpected END-OF-INPUT' Warning 1525 Incorrect XML value: 'parse error at line 1 pos 23: unexpected END-OF-INPUT' DROP TABLE t1; +# +# Bug#57257 Replace(ExtractValue(...)) causes MySQL crash +# +SET NAMES utf8; +SELECT REPLACE(EXTRACTVALUE('1', '/a'),'ds',''); +REPLACE(EXTRACTVALUE('1', '/a'),'ds','') + +# +# Bug #57820 extractvalue crashes +# +SELECT AVG(DISTINCT EXTRACTVALUE((''),('$@k'))); +AVG(DISTINCT EXTRACTVALUE((''),('$@k'))) +NULL End of 5.1 tests diff --git a/mysql-test/suite/innodb_plugin/r/innodb_bug56947.result b/mysql-test/suite/innodb_plugin/r/innodb_bug56947.result new file mode 100644 index 00000000000..42101a46a5b --- /dev/null +++ b/mysql-test/suite/innodb_plugin/r/innodb_bug56947.result @@ -0,0 +1,6 @@ +create table bug56947(a int not null) engine = innodb; +CREATE TABLE `bug56947#1`(a int) ENGINE=InnoDB; +alter table bug56947 add unique index (a); +ERROR HY000: Table 'test.bug56947#1' already exists +drop table `bug56947#1`; +drop table bug56947; diff --git a/mysql-test/suite/innodb_plugin/t/innodb_bug56947.test b/mysql-test/suite/innodb_plugin/t/innodb_bug56947.test new file mode 100644 index 00000000000..88544387567 --- /dev/null +++ b/mysql-test/suite/innodb_plugin/t/innodb_bug56947.test @@ -0,0 +1,11 @@ +# +# Bug #56947 valgrind reports a memory leak in innodb-plugin.innodb-index +# +-- source include/have_innodb_plugin.inc + +create table bug56947(a int not null) engine = innodb; +CREATE TABLE `bug56947#1`(a int) ENGINE=InnoDB; +--error 156 +alter table bug56947 add unique index (a); +drop table `bug56947#1`; +drop table bug56947; diff --git a/mysql-test/t/ctype_latin1.test b/mysql-test/t/ctype_latin1.test index b12436f77ba..a7e6351161b 100644 --- a/mysql-test/t/ctype_latin1.test +++ b/mysql-test/t/ctype_latin1.test @@ -127,3 +127,8 @@ DROP TABLE `abcdef`; select hex(cast(_ascii 0x7f as char(1) character set latin1)); --echo End of 5.0 tests + +--echo # +--echo # Bug#58022 ... like ... escape export_set ( ... ) crashes when export_set returns warnings +--echo # +SELECT '' LIKE '' ESCAPE EXPORT_SET(1, 1, 1, 1, ''); diff --git a/mysql-test/t/ctype_ujis.test b/mysql-test/t/ctype_ujis.test index 400f1301dd3..4c29a2e11a0 100644 --- a/mysql-test/t/ctype_ujis.test +++ b/mysql-test/t/ctype_ujis.test @@ -1209,6 +1209,13 @@ DROP PROCEDURE sp1; DROP TABLE t1; DROP TABLE t2; +--echo # +--echo # Bug#57257 Replace(ExtractValue(...)) causes MySQL crash +--echo # +SET NAMES utf8; +SELECT CONVERT(REPLACE(EXPORT_SET('a','a','a','','a'),'00','') USING ujis); + + set names default; set character_set_database=default; set character_set_server=default; diff --git a/mysql-test/t/ctype_utf8.test b/mysql-test/t/ctype_utf8.test index 23c83310886..8e9f09d1e56 100644 --- a/mysql-test/t/ctype_utf8.test +++ b/mysql-test/t/ctype_utf8.test @@ -1466,3 +1466,23 @@ SELECT CONVERT(a, CHAR), CONVERT(b, CHAR) from t1 GROUP BY b; DROP TABLE t1; --echo End of 5.0 tests + + +# +# Bug #57272: crash in rpad() when using utf8 +# +SELECT LENGTH(RPAD(0.0115E88, 61297, _utf8'яэюя')); +SELECT LENGTH(RPAD(0.0115E88, 61297, _utf8'йцуя')); +SELECT HEX(RPAD(0x20, 2, _utf8 0xD18F)); +SELECT HEX(RPAD(0x20, 4, _utf8 0xD18F)); +SELECT HEX(LPAD(0x20, 2, _utf8 0xD18F)); +SELECT HEX(LPAD(0x20, 4, _utf8 0xD18F)); + +SELECT HEX(RPAD(_utf8 0xD18F, 3, 0x20)); +SELECT HEX(LPAD(_utf8 0xD18F, 3, 0x20)); + +SELECT HEX(INSERT(_utf8 0xD18F, 2, 1, 0x20)); +SELECT HEX(INSERT(_utf8 0xD18FD18E, 2, 1, 0x20)); + + +--echo End of 5.1 tests diff --git a/mysql-test/t/date_formats.test b/mysql-test/t/date_formats.test index e5dc7ffa53e..2a5de8ca9ba 100644 --- a/mysql-test/t/date_formats.test +++ b/mysql-test/t/date_formats.test @@ -359,3 +359,19 @@ SELECT DATE_FORMAT("0000-02-28",'%W %d %M %Y') as valid_date; SELECT DATE_FORMAT("2009-01-01",'%W %d %M %Y') as valid_date; --echo "End of 5.0 tests" + + +--echo # +--echo # Start of 5.1 tests +--echo # + +--echo # +--echo # Bug#58005 utf8 + get_format causes failed assertion: !str || str != Ptr' +--echo # +SET NAMES utf8; +SELECT LEAST('%', GET_FORMAT(datetime, 'eur'), CAST(GET_FORMAT(datetime, 'eur') AS CHAR(65535))); +SET NAMES latin1; + +--echo # +--echo # End of 5.1 tests +--echo # diff --git a/mysql-test/t/explain.test b/mysql-test/t/explain.test index b635a1b2968..c6c30b58341 100644 --- a/mysql-test/t/explain.test +++ b/mysql-test/t/explain.test @@ -228,4 +228,40 @@ EXPLAIN SELECT c1 FROM t1 WHERE c2 = 1 AND c4 = 1 AND c5 = 1; DROP TABLE t1; +--echo # +--echo # Bug#56814 Explain + subselect + fulltext crashes server +--echo # + +CREATE TABLE t1(f1 VARCHAR(6) NOT NULL, +FULLTEXT KEY(f1),UNIQUE(f1)); +INSERT INTO t1 VALUES ('test'); + +EXPLAIN SELECT 1 FROM t1 +WHERE 1 > ALL((SELECT 1 FROM t1 JOIN t1 a ON (MATCH(t1.f1) AGAINST ("")) +WHERE t1.f1 GROUP BY t1.f1)); + +PREPARE stmt FROM +'EXPLAIN SELECT 1 FROM t1 + WHERE 1 > ALL((SELECT 1 FROM t1 RIGHT OUTER JOIN t1 a + ON (MATCH(t1.f1) AGAINST ("")) + WHERE t1.f1 GROUP BY t1.f1))'; + +EXECUTE stmt; +EXECUTE stmt; + +DEALLOCATE PREPARE stmt; + +PREPARE stmt FROM +'EXPLAIN SELECT 1 FROM t1 + WHERE 1 > ALL((SELECT 1 FROM t1 JOIN t1 a + ON (MATCH(t1.f1) AGAINST ("")) + WHERE t1.f1 GROUP BY t1.f1))'; + +EXECUTE stmt; +EXECUTE stmt; + +DEALLOCATE PREPARE stmt; + +DROP TABLE t1; + --echo End of 5.1 tests. diff --git a/mysql-test/t/fulltext.test b/mysql-test/t/fulltext.test index ec64728a8c9..6de8b87197c 100644 --- a/mysql-test/t/fulltext.test +++ b/mysql-test/t/fulltext.test @@ -585,4 +585,40 @@ REPAIR TABLE t1; SET myisam_sort_buffer_size=@@global.myisam_sort_buffer_size; DROP TABLE t1; +--echo # +--echo # Bug#54484 explain + prepared statement: crash and Got error -1 from storage engine +--echo # + +CREATE TABLE t1(f1 VARCHAR(6) NOT NULL, FULLTEXT KEY(f1), UNIQUE(f1)); +INSERT INTO t1 VALUES ('test'); + +SELECT 1 FROM t1 WHERE 1 > + ALL((SELECT 1 FROM t1 JOIN t1 a + ON (MATCH(t1.f1) against ("")) + WHERE t1.f1 GROUP BY t1.f1)) xor f1; + +PREPARE stmt FROM +'SELECT 1 FROM t1 WHERE 1 > + ALL((SELECT 1 FROM t1 RIGHT OUTER JOIN t1 a + ON (MATCH(t1.f1) against ("")) + WHERE t1.f1 GROUP BY t1.f1)) xor f1'; + +EXECUTE stmt; +EXECUTE stmt; + +DEALLOCATE PREPARE stmt; + +PREPARE stmt FROM +'SELECT 1 FROM t1 WHERE 1 > + ALL((SELECT 1 FROM t1 JOIN t1 a + ON (MATCH(t1.f1) against ("")) + WHERE t1.f1 GROUP BY t1.f1))'; + +EXECUTE stmt; +EXECUTE stmt; + +DEALLOCATE PREPARE stmt; + +DROP TABLE t1; + --echo End of 5.1 tests diff --git a/mysql-test/t/func_gconcat.test b/mysql-test/t/func_gconcat.test index 926c1f92855..a7072362759 100644 --- a/mysql-test/t/func_gconcat.test +++ b/mysql-test/t/func_gconcat.test @@ -734,4 +734,16 @@ EXECUTE stmt; DEALLOCATE PREPARE stmt; DROP TABLE t1; +--echo # +--echo # Bug#57194 group_concat cause crash and/or invalid memory reads with type errors +--echo # + +CREATE TABLE t1(f1 int); +INSERT INTO t1 values (0),(0); +--disable_ps_protocol +--error ER_ILLEGAL_VALUE_FOR_TYPE +SELECT POLYGON((SELECT 1 FROM (SELECT 1 IN (GROUP_CONCAT(t1.f1)) FROM t1, t1 t GROUP BY t.f1 ) d)); +--enable_ps_protocol +DROP TABLE t1; + --echo End of 5.1 tests diff --git a/mysql-test/t/func_math.test b/mysql-test/t/func_math.test index 91fdce8addb..b0c92c9d6ab 100644 --- a/mysql-test/t/func_math.test +++ b/mysql-test/t/func_math.test @@ -308,5 +308,11 @@ SELECT RAND(i) FROM t1; DROP TABLE t1; --echo # +--echo # Bug#57477 SIGFPE when dividing a huge number a negative number +--echo # +SELECT -9999999999999999991 DIV -1; +SELECT -9223372036854775808 DIV -1; +SELECT -9223372036854775808 MOD -1; +SELECT -9223372036854775808999 MOD -1; --echo End of 5.1 tests diff --git a/mysql-test/t/func_misc.test b/mysql-test/t/func_misc.test index c6b5ffd5a3f..f47418fa773 100644 --- a/mysql-test/t/func_misc.test +++ b/mysql-test/t/func_misc.test @@ -479,4 +479,12 @@ SELECT DISTINCT GREATEST(a, (SELECT b FROM t1 LIMIT 1)) FROM t1 UNION SELECT 1; DROP TABLE t1; + +# +# Bug #57283: inet_ntoa() crashes +# +SELECT INET_NTOA(0); +SELECT '1' IN ('1', INET_NTOA(0)); + + --echo End of tests diff --git a/mysql-test/t/group_by.test b/mysql-test/t/group_by.test index 75ec1d82b02..580c2e5091c 100644 --- a/mysql-test/t/group_by.test +++ b/mysql-test/t/group_by.test @@ -1235,5 +1235,16 @@ SELECT SUBSTRING(a,1,10), LENGTH(a) FROM t1 GROUP BY a; SELECT SUBSTRING(a,1,10), LENGTH(a) FROM t1 GROUP BY a; DROP TABLE t1; +--echo # +--echo # Bug#57688 Assertion `!table || (!table->write_set || bitmap_is_set(table->write_set, field +--echo # + +CREATE TABLE t1(f1 INT NOT NULL); +INSERT INTO t1 VALUES (16777214),(0); + +SELECT COUNT(*) FROM t1 LEFT JOIN t1 t2 +ON 1 WHERE t2.f1 > 1 GROUP BY t2.f1; + +DROP TABLE t1; --echo # End of 5.1 tests diff --git a/mysql-test/t/join_outer.test b/mysql-test/t/join_outer.test index cf881e6aaa2..3251ff292b6 100644 --- a/mysql-test/t/join_outer.test +++ b/mysql-test/t/join_outer.test @@ -981,4 +981,33 @@ EXPLAIN EXTENDED SELECT STRAIGHT_JOIN jt1.f1 FROM t1 AS jt1 DROP TABLE t1; +--echo # +--echo # Bug#57688 Assertion `!table || (!table->write_set || bitmap_is_set(table->write_set, field +--echo # + +CREATE TABLE t1 (f1 INT NOT NULL, PRIMARY KEY (f1)); +CREATE TABLE t2 (f1 INT NOT NULL, f2 INT NOT NULL, PRIMARY KEY (f1, f2)); + +INSERT INTO t1 VALUES (4); +INSERT INTO t2 VALUES (3, 3); +INSERT INTO t2 VALUES (7, 7); + +EXPLAIN SELECT * FROM t1 LEFT JOIN t2 ON t2.f1 = t1.f1 +WHERE t1.f1 = 4 +GROUP BY t2.f1, t2.f2; + +SELECT * FROM t1 LEFT JOIN t2 ON t2.f1 = t1.f1 +WHERE t1.f1 = 4 +GROUP BY t2.f1, t2.f2; + +EXPLAIN SELECT * FROM t1 LEFT JOIN t2 ON t2.f1 = t1.f1 +WHERE t1.f1 = 4 AND t2.f1 IS NOT NULL AND t2.f2 IS NOT NULL +GROUP BY t2.f1, t2.f2; + +SELECT * FROM t1 LEFT JOIN t2 ON t2.f1 = t1.f1 +WHERE t1.f1 = 4 AND t2.f1 IS NOT NULL AND t2.f2 IS NOT NULL +GROUP BY t2.f1, t2.f2; + +DROP TABLE t1,t2; + --echo End of 5.1 tests diff --git a/mysql-test/t/mysqltest.test b/mysql-test/t/mysqltest.test index d6bdbc2b3c1..c250b8768d2 100644 --- a/mysql-test/t/mysqltest.test +++ b/mysql-test/t/mysqltest.test @@ -2496,6 +2496,8 @@ write_file $MYSQLTEST_VARDIR/tmp/testdir/file1.txt; hello EOF +# Verify that --replace_result also work on list_files +--replace_result file REPLACED_FILE list_files $MYSQLTEST_VARDIR/tmp/testdir; # list_files gets the directory list before creating the new file list_files_write_file $MYSQLTEST_VARDIR/tmp/testdir/file2.txt $MYSQLTEST_VARDIR/tmp/testdir *; diff --git a/mysql-test/t/partition_innodb.test b/mysql-test/t/partition_innodb.test index e1ac7b4c7eb..dc8bcbb4cb9 100644 --- a/mysql-test/t/partition_innodb.test +++ b/mysql-test/t/partition_innodb.test @@ -8,6 +8,30 @@ drop table if exists t1, t2; let $MYSQLD_DATADIR= `SELECT @@datadir`; --echo # +--echo # Bug#56287: crash when using Partition datetime in sub in query +--echo # +CREATE TABLE t1 +(c1 bigint(20) unsigned NOT NULL AUTO_INCREMENT, + c2 varchar(40) not null default '', + c3 datetime not NULL, + PRIMARY KEY (c1,c3), + KEY partidx(c3)) +ENGINE=InnoDB +PARTITION BY RANGE (TO_DAYS(c3)) +(PARTITION p200912 VALUES LESS THAN (to_days('2010-01-01')), + PARTITION p201103 VALUES LESS THAN (to_days('2011-04-01')), + PARTITION p201912 VALUES LESS THAN MAXVALUE); + +insert into t1(c2,c3) values ("Test row",'2010-01-01 00:00:00'); + +SELECT PARTITION_NAME, TABLE_ROWS FROM INFORMATION_SCHEMA.PARTITIONS WHERE TABLE_NAME = 't1' AND TABLE_SCHEMA = 'test'; +SELECT count(*) FROM t1 p where c3 in +(select c3 from t1 t where t.c3 < date '2011-04-26 19:19:44' + and t.c3 > date '2011-04-26 19:18:44') ; + +DROP TABLE t1; + +--echo # --echo # Bug#51830: Incorrect partition pruning on range partition (regression) --echo # CREATE TABLE t1 (a INT NOT NULL) @@ -401,3 +425,16 @@ connection default; SELECT * FROM t1; COMMIT; DROP TABLE t1; + +# +# Bug #55146 Assertion `m_part_spec.start_part == m_part_spec.end_part' in index_read_idx_map +# + +CREATE TABLE t1 (i1 int NOT NULL primary key, f1 int) ENGINE = InnoDB + PARTITION BY HASH(i1) PARTITIONS 2; + +INSERT INTO t1 VALUES (1,1), (2,2); + +SELECT * FROM t1 WHERE i1 = ( SELECT i1 FROM t1 WHERE f1=0 LIMIT 1 ); + +DROP TABLE t1; diff --git a/mysql-test/t/partition_innodb_plugin.test b/mysql-test/t/partition_innodb_plugin.test index eeb990c0d81..626e5d19b99 100644 --- a/mysql-test/t/partition_innodb_plugin.test +++ b/mysql-test/t/partition_innodb_plugin.test @@ -1,5 +1,74 @@ --source include/have_partition.inc --source include/have_innodb_plugin.inc +# Remove the line below when bug#53307 is solved. +--source include/not_valgrind.inc + +let $MYSQLD_DATADIR= `SELECT @@datadir`; + +call mtr.add_suppression("nnoDB: Error: table `test`.`t1` .* Partition.* InnoDB internal"); +--echo # +--echo # Bug#55091: Server crashes on ADD PARTITION after a failed attempt +--echo # +SET @old_innodb_file_format_check = @@global.innodb_file_format_check; +SET @old_innodb_file_format = @@global.innodb_file_format; +SET @old_innodb_file_per_table = @@global.innodb_file_per_table; +SET @old_innodb_strict_mode = @@global.innodb_strict_mode; +SET @@global.innodb_file_format = Barracuda, +@@global.innodb_file_per_table = ON, +@@global.innodb_strict_mode = ON; + +--echo # Connection con1 +--connect(con1,localhost,root,,) + +CREATE TABLE t1 (id INT NOT NULL +PRIMARY KEY, +user_num CHAR(10) +) ENGINE = InnoDB +KEY_BLOCK_SIZE=4 +PARTITION BY HASH(id) PARTITIONS 1; + +--replace_result #p# #P# +--list_files $MYSQLD_DATADIR/test +SHOW CREATE TABLE t1; + +SET GLOBAL innodb_file_per_table = OFF; + +--disconnect con1 +--connect(con2,localhost,root,,) +--echo # Connection con2 + +LOCK TABLE t1 WRITE; + +--echo # ALTER fails because COMPRESSED/KEY_BLOCK_SIZE +--echo # are incompatible with innodb_file_per_table = OFF; + +--error ER_GET_ERRNO +ALTER TABLE t1 ADD PARTITION PARTITIONS 1; + +--replace_result #p# #P# +--list_files $MYSQLD_DATADIR/test +--echo # This SET is not needed to reproduce the bug, +--echo # it is here just to make the test case more realistic +SET innodb_strict_mode = OFF; + +ALTER TABLE t1 ADD PARTITION PARTITIONS 2; +--replace_result #p# #P# +--list_files $MYSQLD_DATADIR/test + +# really bug#56172 +ALTER TABLE t1 REBUILD PARTITION p0; + +UNLOCK TABLES; +SHOW CREATE TABLE t1; +DROP TABLE t1; + +--disconnect con2 +--connection default +--echo # Connection default +SET @@global.innodb_strict_mode = @old_innodb_strict_mode; +SET @@global.innodb_file_format = @old_innodb_file_format; +SET @@global.innodb_file_per_table = @old_innodb_file_per_table; +SET @@global.innodb_file_format_check = @old_innodb_file_format_check; # # Bug#32430 - show engine innodb status causes errors diff --git a/mysql-test/t/xml.test b/mysql-test/t/xml.test index 6e7d38cdfca..a8917fc9fe7 100644 --- a/mysql-test/t/xml.test +++ b/mysql-test/t/xml.test @@ -617,4 +617,15 @@ FROM t1 ORDER BY t1.id; DROP TABLE t1; +--echo # +--echo # Bug#57257 Replace(ExtractValue(...)) causes MySQL crash +--echo # +SET NAMES utf8; +SELECT REPLACE(EXTRACTVALUE('1', '/a'),'ds',''); + +--echo # +--echo # Bug #57820 extractvalue crashes +--echo # +SELECT AVG(DISTINCT EXTRACTVALUE((''),('$@k'))); + --echo End of 5.1 tests diff --git a/mysys/my_symlink.c b/mysys/my_symlink.c index 258e227bb7b..b57edd2179a 100644 --- a/mysys/my_symlink.c +++ b/mysys/my_symlink.c @@ -113,7 +113,6 @@ int my_is_symlink(const char *filename __attribute__((unused))) #endif } - /* Resolve all symbolic links in path 'to' may be equal to 'filename' @@ -147,7 +146,23 @@ int my_realpath(char *to, const char *filename, } DBUG_RETURN(result); #else +#ifdef _WIN32 + int ret= GetFullPathName(filename,FN_REFLEN,
+ to,
+ NULL); + if (ret == 0 || ret > FN_REFLEN) + { + if (ret > FN_REFLEN) + my_errno= ENAMETOOLONG; + else + my_errno= EACCES; + if (MyFlags & MY_WME) + my_error(EE_REALPATH, MYF(0), filename, my_errno); + return -1; + } +#else my_load_path(to, filename, NullS); +#endif return 0; #endif } diff --git a/sql/ha_partition.cc b/sql/ha_partition.cc index 607f4ce2143..7bcbd241541 100644 --- a/sql/ha_partition.cc +++ b/sql/ha_partition.cc @@ -4299,8 +4299,12 @@ int ha_partition::index_read_idx_map(uchar *buf, uint index, get_partition_set(table, buf, index, &m_start_key, &m_part_spec); - /* How can it be more than one partition with the current use? */ - DBUG_ASSERT(m_part_spec.start_part == m_part_spec.end_part); + /* + We have either found exactly 1 partition + (in which case start_part == end_part) + or no matching partitions (start_part > end_part) + */ + DBUG_ASSERT(m_part_spec.start_part >= m_part_spec.end_part); for (part= m_part_spec.start_part; part <= m_part_spec.end_part; part++) { @@ -4535,6 +4539,7 @@ int ha_partition::partition_scan_set_up(uchar * buf, bool idx_read_flag) key not found. */ DBUG_PRINT("info", ("scan with no partition to scan")); + table->status= STATUS_NOT_FOUND; DBUG_RETURN(HA_ERR_END_OF_FILE); } if (m_part_spec.start_part == m_part_spec.end_part) @@ -4559,6 +4564,7 @@ int ha_partition::partition_scan_set_up(uchar * buf, bool idx_read_flag) if (start_part == MY_BIT_NONE) { DBUG_PRINT("info", ("scan with no partition to scan")); + table->status= STATUS_NOT_FOUND; DBUG_RETURN(HA_ERR_END_OF_FILE); } if (start_part > m_part_spec.start_part) diff --git a/sql/item_cmpfunc.cc b/sql/item_cmpfunc.cc index 6987dd9e053..5302406e270 100644 --- a/sql/item_cmpfunc.cc +++ b/sql/item_cmpfunc.cc @@ -4692,6 +4692,7 @@ bool Item_func_like::fix_fields(THD *thd, Item **ref) String *escape_str= escape_item->val_str(&cmp.value1); if (escape_str) { + const char *escape_str_ptr= escape_str->ptr(); if (escape_used_in_parsing && ( (((thd->variables.sql_mode & MODE_NO_BACKSLASH_ESCAPES) && escape_str->numchars() != 1) || @@ -4706,9 +4707,9 @@ bool Item_func_like::fix_fields(THD *thd, Item **ref) CHARSET_INFO *cs= escape_str->charset(); my_wc_t wc; int rc= cs->cset->mb_wc(cs, &wc, - (const uchar*) escape_str->ptr(), - (const uchar*) escape_str->ptr() + - escape_str->length()); + (const uchar*) escape_str_ptr, + (const uchar*) escape_str_ptr + + escape_str->length()); escape= (int) (rc > 0 ? wc : '\\'); } else @@ -4725,13 +4726,13 @@ bool Item_func_like::fix_fields(THD *thd, Item **ref) { char ch; uint errors; - uint32 cnvlen= copy_and_convert(&ch, 1, cs, escape_str->ptr(), + uint32 cnvlen= copy_and_convert(&ch, 1, cs, escape_str_ptr, escape_str->length(), escape_str->charset(), &errors); escape= cnvlen ? ch : '\\'; } else - escape= *(escape_str->ptr()); + escape= escape_str_ptr ? *escape_str_ptr : '\\'; } } else diff --git a/sql/item_func.cc b/sql/item_func.cc index d8b5d46938e..f8c6f48d8f5 100644 --- a/sql/item_func.cc +++ b/sql/item_func.cc @@ -1363,9 +1363,13 @@ longlong Item_func_int_div::val_int() signal_divide_by_null(); return 0; } - return (unsigned_flag ? - (ulonglong) value / (ulonglong) val2 : - value / val2); + + if (unsigned_flag) + return ((ulonglong) value / (ulonglong) val2); + else if (value == LONGLONG_MIN && val2 == -1) + return LONGLONG_MIN; + else + return value / val2; } @@ -1399,9 +1403,9 @@ longlong Item_func_mod::int_op() if (args[0]->unsigned_flag) result= args[1]->unsigned_flag ? ((ulonglong) value) % ((ulonglong) val2) : ((ulonglong) value) % val2; - else - result= args[1]->unsigned_flag ? - value % ((ulonglong) val2) : value % val2; + else result= args[1]->unsigned_flag ? + value % ((ulonglong) val2) : + (val2 == -1) ? 0 : value % val2; return result; } @@ -5304,7 +5308,17 @@ void Item_func_match::init_search(bool no_order) /* Check if init_search() has been called before */ if (ft_handler) + { + /* + We should reset ft_handler as it is cleaned up + on destruction of FT_SELECT object + (necessary in case of re-execution of subquery). + TODO: FT_SELECT should not clean up ft_handler. + */ + if (join_key) + table->file->ft_handler= ft_handler; DBUG_VOID_RETURN; + } if (key == NO_SUCH_KEY) { diff --git a/sql/item_func.h b/sql/item_func.h index 256348eee08..26a7e033692 100644 --- a/sql/item_func.h +++ b/sql/item_func.h @@ -1531,7 +1531,7 @@ public: join_key(0), ft_handler(0), table(0), master(0), concat_ws(0) { } void cleanup() { - DBUG_ENTER("Item_func_match"); + DBUG_ENTER("Item_func_match::cleanup"); Item_real_func::cleanup(); if (!master && ft_handler) ft_handler->please->close_search(ft_handler); diff --git a/sql/item_strfunc.cc b/sql/item_strfunc.cc index 5d56b0a621a..fd5c47d25cb 100644 --- a/sql/item_strfunc.cc +++ b/sql/item_strfunc.cc @@ -904,9 +904,15 @@ String *Item_func_replace::val_str(String *str) search=res2->ptr(); search_end=search+from_length; redo: + DBUG_ASSERT(res->ptr() || !offset); ptr=res->ptr()+offset; strend=res->ptr()+res->length(); - end=strend-from_length+1; + /* + In some cases val_str() can return empty string + with ptr() == NULL and length() == 0. + Let's check strend to avoid overflow. + */ + end= strend ? strend - from_length + 1 : NULL; while (ptr < end) { if (*ptr == *search) @@ -1013,6 +1019,20 @@ String *Item_func_insert::val_str(String *str) if ((length < 0) || (length > res->length())) length= res->length(); + /* + There is one exception not handled (intentionaly) by the character set + aggregation code. If one string is strong side and is binary, and + another one is weak side and is a multi-byte character string, + then we need to operate on the second string in terms on bytes when + calling ::numchars() and ::charpos(), rather than in terms of characters. + Lets substitute its character set to binary. + */ + if (collation.collation == &my_charset_bin) + { + res->set_charset(&my_charset_bin); + res2->set_charset(&my_charset_bin); + } + /* start and length are now sufficiently valid to pass to charpos function */ start= res->charpos((int) start); length= res->charpos((int) length, (uint32) start); @@ -2514,6 +2534,20 @@ String *Item_func_rpad::val_str(String *str) /* Set here so that rest of code sees out-of-bound value as such. */ if ((ulonglong) count > INT_MAX32) count= INT_MAX32; + /* + There is one exception not handled (intentionaly) by the character set + aggregation code. If one string is strong side and is binary, and + another one is weak side and is a multi-byte character string, + then we need to operate on the second string in terms on bytes when + calling ::numchars() and ::charpos(), rather than in terms of characters. + Lets substitute its character set to binary. + */ + if (collation.collation == &my_charset_bin) + { + res->set_charset(&my_charset_bin); + rpad->set_charset(&my_charset_bin); + } + if (count <= (res_char_length= res->numchars())) { // String to pad is big enough res->length(res->charpos((int) count)); // Shorten result if longer @@ -2616,6 +2650,20 @@ String *Item_func_lpad::val_str(String *str) if ((ulonglong) count > INT_MAX32) count= INT_MAX32; + /* + There is one exception not handled (intentionaly) by the character set + aggregation code. If one string is strong side and is binary, and + another one is weak side and is a multi-byte character string, + then we need to operate on the second string in terms on bytes when + calling ::numchars() and ::charpos(), rather than in terms of characters. + Lets substitute its character set to binary. + */ + if (collation.collation == &my_charset_bin) + { + res->set_charset(&my_charset_bin); + pad->set_charset(&my_charset_bin); + } + res_char_length= res->numchars(); if (count <= res_char_length) @@ -3093,6 +3141,7 @@ String* Item_func_inet_ntoa::val_str(String* str) if ((null_value= (args[0]->null_value || n > (ulonglong) LL(4294967295)))) return 0; // Null value + str->set_charset(collation.collation); str->length(0); int4store(buf,n); diff --git a/sql/item_subselect.cc b/sql/item_subselect.cc index 1ed36ce7656..d521ad0b4e8 100644 --- a/sql/item_subselect.cc +++ b/sql/item_subselect.cc @@ -1906,21 +1906,26 @@ int subselect_single_select_engine::exec() DBUG_RETURN(join->error ? join->error : 1); } if (!select_lex->uncacheable && thd->lex->describe && - !(join->select_options & SELECT_DESCRIBE) && - join->need_tmp) + !(join->select_options & SELECT_DESCRIBE)) { item->update_used_tables(); if (item->const_item()) { /* + It's necessary to keep original JOIN table because + create_sort_index() function may overwrite original + JOIN_TAB::type and wrong optimization method can be + selected on re-execution. + */ + select_lex->uncacheable|= UNCACHEABLE_EXPLAIN; + select_lex->master_unit()->uncacheable|= UNCACHEABLE_EXPLAIN; + /* Force join->join_tmp creation, because this subquery will be replaced by a simple select from the materialization temp table by optimize() called by EXPLAIN and we need to preserve the initial query structure so we can display it. */ - select_lex->uncacheable|= UNCACHEABLE_EXPLAIN; - select_lex->master_unit()->uncacheable|= UNCACHEABLE_EXPLAIN; - if (join->init_save_join_tab()) + if (join->need_tmp && join->init_save_join_tab()) DBUG_RETURN(1); /* purecov: inspected */ } } diff --git a/sql/item_sum.cc b/sql/item_sum.cc index ae9e46e2abf..65f8222d38b 100644 --- a/sql/item_sum.cc +++ b/sql/item_sum.cc @@ -3401,8 +3401,6 @@ String* Item_func_group_concat::val_str(String* str) void Item_func_group_concat::print(String *str, enum_query_type query_type) { - /* orig_args is not filled with valid values until fix_fields() */ - Item **pargs= fixed ? orig_args : args; str->append(STRING_WITH_LEN("group_concat(")); if (distinct) str->append(STRING_WITH_LEN("distinct ")); @@ -3410,7 +3408,7 @@ void Item_func_group_concat::print(String *str, enum_query_type query_type) { if (i) str->append(','); - pargs[i]->print(str, query_type); + orig_args[i]->print(str, query_type); } if (arg_count_order) { @@ -3419,7 +3417,7 @@ void Item_func_group_concat::print(String *str, enum_query_type query_type) { if (i) str->append(','); - pargs[i + arg_count_field]->print(str, query_type); + orig_args[i + arg_count_field]->print(str, query_type); if (order[i]->asc) str->append(STRING_WITH_LEN(" ASC")); else diff --git a/sql/item_timefunc.cc b/sql/item_timefunc.cc index 103bd96efd4..6335199b8de 100644 --- a/sql/item_timefunc.cc +++ b/sql/item_timefunc.cc @@ -2456,14 +2456,14 @@ String *Item_char_typecast::val_str(String *str) { // Convert character set if differ uint dummy_errors; - if (!(res= args[0]->val_str(&tmp_value)) || - str->copy(res->ptr(), res->length(), from_cs, - cast_cs, &dummy_errors)) + if (!(res= args[0]->val_str(str)) || + tmp_value.copy(res->ptr(), res->length(), from_cs, + cast_cs, &dummy_errors)) { null_value= 1; return 0; } - res= str; + res= &tmp_value; } res->set_charset(cast_cs); @@ -2497,9 +2497,9 @@ String *Item_char_typecast::val_str(String *str) { if (res->alloced_length() < (uint) cast_length) { - str->alloc(cast_length); - str->copy(*res); - res= str; + str_value.alloc(cast_length); + str_value.copy(*res); + res= &str_value; } bzero((char*) res->ptr() + res->length(), (uint) cast_length - res->length()); diff --git a/sql/item_xmlfunc.cc b/sql/item_xmlfunc.cc index 3e20b90e68e..364311877e0 100644 --- a/sql/item_xmlfunc.cc +++ b/sql/item_xmlfunc.cc @@ -2790,12 +2790,12 @@ String *Item_func_xml_extractvalue::val_str(String *str) null_value= 0; if (!nodeset_func || !(res= args[0]->val_str(str)) || - !parse_xml(res, &pxml)) + !parse_xml(res, &pxml) || + !(res= nodeset_func->val_str(&tmp_value))) { null_value= 1; return 0; } - res= nodeset_func->val_str(&tmp_value); return res; } diff --git a/sql/sql_partition.cc b/sql/sql_partition.cc index 44ed9e759c6..48d50c3a303 100644 --- a/sql/sql_partition.cc +++ b/sql/sql_partition.cc @@ -5935,6 +5935,12 @@ static void alter_partition_lock_handling(ALTER_PARTITION_PARAM_TYPE *lpt) if (lpt->thd->locked_tables) { /* + Close the table if open, to remove/destroy the already altered + table->part_info object, so that it is not reused. + */ + if (lpt->table->db_stat) + abort_and_upgrade_lock_and_close_table(lpt); + /* When we have the table locked, it is necessary to reopen the table since all table objects were closed and removed as part of the ALTER TABLE of partitioning structure. @@ -6436,7 +6442,20 @@ uint fast_alter_partition_table(THD *thd, TABLE *table, table, table_list, FALSE, NULL, written_bin_log)); err: - close_thread_tables(thd); + if (thd->locked_tables) + { + /* + table->part_info was altered in prep_alter_part_table and must be + destroyed and recreated, since otherwise it will be reused, since + we are under LOCK TABLE. + */ + alter_partition_lock_handling(lpt); + } + else + { + /* Force the table to be closed to avoid reuse of the table->part_info */ + close_thread_tables(thd); + } DBUG_RETURN(TRUE); } #endif diff --git a/sql/sql_select.cc b/sql/sql_select.cc index 77d4447fd0f..1e5cd02bd51 100644 --- a/sql/sql_select.cc +++ b/sql/sql_select.cc @@ -1713,6 +1713,9 @@ JOIN::reinit() func->clear(); } + if (!(select_options & SELECT_DESCRIBE)) + init_ftfuncs(thd, select_lex, test(order)); + DBUG_RETURN(0); } @@ -2487,6 +2490,13 @@ mysql_select(THD *thd, Item ***rref_pointer_array, { DBUG_RETURN(TRUE); } + /* + Original join tabs might be overwritten at first + subselect execution. So we need to restore them. + */ + Item_subselect *subselect= select_lex->master_unit()->item; + if (subselect && subselect->is_uncacheable() && join->reinit()) + DBUG_RETURN(TRUE); } else { @@ -13202,6 +13212,8 @@ static bool list_contains_unique_index(TABLE *table, bool (*find_func) (Field *, void *), void *data) { + if (table->pos_in_table_list->outer_join) + return 0; for (uint keynr= 0; keynr < table->s->keys; keynr++) { if (keynr == table->s->primary_key || @@ -13215,7 +13227,7 @@ list_contains_unique_index(TABLE *table, key_part < key_part_end; key_part++) { - if (key_part->field->maybe_null() || + if (key_part->field->real_maybe_null() || !find_func(key_part->field, data)) break; } diff --git a/storage/innobase/row/row0mysql.c b/storage/innobase/row/row0mysql.c index 8b770229c16..4fdd92c7cba 100644 --- a/storage/innobase/row/row0mysql.c +++ b/storage/innobase/row/row0mysql.c @@ -1981,6 +1981,7 @@ row_create_table_for_mysql( table already exists */ trx->error_state = DB_SUCCESS; + dict_mem_table_free(table); } que_graph_free((que_t*) que_node_get_parent(thr)); diff --git a/storage/innodb_plugin/ChangeLog b/storage/innodb_plugin/ChangeLog index 47ee33e062f..0cd8ac8a7e6 100644 --- a/storage/innodb_plugin/ChangeLog +++ b/storage/innodb_plugin/ChangeLog @@ -43,10 +43,17 @@ Fix Bug #57345 btr_pcur_store_position abort for load with concurrent lock/unlock tables +2010-10-11 The InnoDB Team + + * row/row0mysql.c, innodb_bug56947.result, innodb_bug56947.test: + Fix Bug #56947 InnoDB leaks memory when failing to create a table + 2010-10-06 The InnoDB Team + * row/row0mysql.c, innodb_bug57255.result, innodb_bug57255.test - Fix Bug #Cascade Delete results in "Got error -1 from storage engine" - + Fix Bug #57255 Cascade Delete results in "Got error -1 from + storage engine" + 2010-09-27 The InnoDB Team * row/row0sel.c, innodb_bug56716.result, innodb_bug56716.test: diff --git a/storage/innodb_plugin/row/row0mysql.c b/storage/innodb_plugin/row/row0mysql.c index 609533c7647..9e8d0a884f4 100644 --- a/storage/innodb_plugin/row/row0mysql.c +++ b/storage/innodb_plugin/row/row0mysql.c @@ -1879,15 +1879,13 @@ err_exit: err = trx->error_state; - if (UNIV_UNLIKELY(err != DB_SUCCESS)) { + switch (err) { + case DB_SUCCESS: + break; + case DB_OUT_OF_FILE_SPACE: trx->error_state = DB_SUCCESS; trx_general_rollback_for_mysql(trx, NULL); - /* TO DO: free table? The code below will dereference - table->name, though. */ - } - switch (err) { - case DB_OUT_OF_FILE_SPACE: ut_print_timestamp(stderr); fputs(" InnoDB: Warning: cannot create table ", stderr); @@ -1902,9 +1900,13 @@ err_exit: break; case DB_DUPLICATE_KEY: + default: /* We may also get err == DB_ERROR if the .ibd file for the table already exists */ + trx->error_state = DB_SUCCESS; + trx_general_rollback_for_mysql(trx, NULL); + dict_mem_table_free(table); break; } |