diff options
| -rw-r--r-- | mysql-test/r/archive.result | 16 | ||||
| -rw-r--r-- | mysql-test/r/cast.result | 17 | ||||
| -rw-r--r-- | mysql-test/r/explain.result | 15 | ||||
| -rw-r--r-- | mysql-test/r/func_gconcat.result | 1 | ||||
| -rw-r--r-- | mysql-test/r/gis.result | 8 | ||||
| -rw-r--r-- | mysql-test/r/mysqldump.result | 2 | ||||
| -rw-r--r-- | mysql-test/r/sp.result | 18 | ||||
| -rw-r--r-- | mysql-test/r/subselect3.result | 3 | ||||
| -rw-r--r-- | mysql-test/t/archive.test | 15 | ||||
| -rw-r--r-- | mysql-test/t/cast.test | 14 | ||||
| -rw-r--r-- | mysql-test/t/explain.test | 23 | ||||
| -rw-r--r-- | mysql-test/t/gis.test | 12 | ||||
| -rw-r--r-- | mysql-test/t/mysqldump.test | 2 | ||||
| -rw-r--r-- | mysql-test/t/sp.test | 24 | ||||
| -rwxr-xr-x | scripts/make_win_bin_dist | 1 | ||||
| -rw-r--r-- | sql/item_timefunc.cc | 13 | ||||
| -rw-r--r-- | sql/sql_acl.cc | 178 | ||||
| -rw-r--r-- | sql/sql_base.cc | 15 | ||||
| -rw-r--r-- | sql/sql_parse.cc | 6 | ||||
| -rw-r--r-- | storage/archive/ha_archive.cc | 2 |
20 files changed, 330 insertions, 55 deletions
diff --git a/mysql-test/r/archive.result b/mysql-test/r/archive.result index 231b7acb5b4..aacaff30898 100644 --- a/mysql-test/r/archive.result +++ b/mysql-test/r/archive.result @@ -12807,3 +12807,19 @@ DROP TABLE t1; # CREATE TABLE `a/../`(a INT) ENGINE=ARCHIVE; DROP TABLE `a/../`; +# +# BUG#57162 - valgrind errors, random data when returning +# ordered data from archive tables +# +SET sort_buffer_size=32804; +CREATE TABLE t1(a INT, b CHAR(255), c CHAR(255), d CHAR(255), +e CHAR(255), f INT) ENGINE=ARCHIVE DEFAULT CHARSET utf8; +INSERT INTO t1 VALUES(-1,'b','c','d','e',1); +INSERT INTO t1 SELECT * FROM t1; +INSERT INTO t1 SELECT * FROM t1; +INSERT INTO t1 SELECT t1.* FROM t1,t1 t2,t1 t3,t1 t4,t1 t5,t1 t6; +SELECT * FROM t1 ORDER BY f LIMIT 1; +a b c d e f +-1 b c d e 1 +DROP TABLE t1; +SET sort_buffer_size=DEFAULT; diff --git a/mysql-test/r/cast.result b/mysql-test/r/cast.result index 3e1ea824db5..89cbda9847c 100644 --- a/mysql-test/r/cast.result +++ b/mysql-test/r/cast.result @@ -451,4 +451,21 @@ SELECT CONVERT(t2.a USING UTF8) FROM t1, t1 t2 LIMIT 1 1 1 DROP TABLE t1; +# +# Bug #11765023: 57934: DOS POSSIBLE SINCE BINARY CASTING +# DOESN'T ADHERE TO MAX_ALLOWED_PACKET +SET @@GLOBAL.max_allowed_packet=2048; +Warnings: +Warning 1708 The value of 'max_allowed_packet' should be no less than the value of 'net_buffer_length' +SELECT CONVERT('a', BINARY(2049)); +CONVERT('a', BINARY(2049)) +NULL +Warnings: +Warning 1301 Result of cast_as_binary() was larger than max_allowed_packet (2048) - truncated +SELECT CONVERT('a', CHAR(2049)); +CONVERT('a', CHAR(2049)) +NULL +Warnings: +Warning 1301 Result of cast_as_char() was larger than max_allowed_packet (2048) - truncated +SET @@GLOBAL.max_allowed_packet=default; End of 5.1 tests diff --git a/mysql-test/r/explain.result b/mysql-test/r/explain.result index b9ae362f6cd..b8f791b27f4 100644 --- a/mysql-test/r/explain.result +++ b/mysql-test/r/explain.result @@ -180,7 +180,6 @@ ERROR 42000: Mixing of GROUP columns (MIN(),MAX(),COUNT(),...) with no GROUP col SHOW WARNINGS; Level Code Message Error 1140 Mixing of GROUP columns (MIN(),MAX(),COUNT(),...) with no GROUP columns is illegal if there is no GROUP BY clause -Note 1003 select 1 AS `1` from `test`.`t1` where <not>(<exists>(...)) SET SESSION sql_mode=@old_sql_mode; DROP TABLE t1; End of 5.0 tests. @@ -318,3 +317,17 @@ id select_type table type possible_keys key key_len ref rows Extra DEALLOCATE PREPARE stmt; DROP TABLE t1; End of 5.1 tests. +# +# Bug#11829785 EXPLAIN EXTENDED CRASH WITH RIGHT OUTER JOIN, SUBQUERIES +# +CREATE TABLE t1(a INT); +INSERT INTO t1 VALUES (0), (0); +PREPARE s FROM +'EXPLAIN EXTENDED +SELECT SUBSTRING(1, (SELECT 1 FROM t1 a1 RIGHT OUTER JOIN t1 ON 0)) AS d +FROM t1 WHERE 0 > ANY (SELECT @a FROM t1)'; +EXECUTE s; +ERROR 21000: Subquery returns more than 1 row +DEALLOCATE PREPARE s; +DROP TABLE t1; +# diff --git a/mysql-test/r/func_gconcat.result b/mysql-test/r/func_gconcat.result index 01b93df6894..6c400a8ddcc 100644 --- a/mysql-test/r/func_gconcat.result +++ b/mysql-test/r/func_gconcat.result @@ -1056,7 +1056,6 @@ ERROR HY000: Only constant XPATH queries are supported SHOW WARNINGS; Level Code Message Error 1105 Only constant XPATH queries are supported -Note 1003 select updatexml('1',`test`.`t1`.`a`,'1') AS `UPDATEXML('1', a, '1')` from `test`.`t1` order by (select group_concat(1 separator ',') from `test`.`t1`) DROP TABLE t1; End of 5.1 tests DROP TABLE IF EXISTS t1, t2; diff --git a/mysql-test/r/gis.result b/mysql-test/r/gis.result index 22cb6d29b2c..bfd0ddccb90 100644 --- a/mysql-test/r/gis.result +++ b/mysql-test/r/gis.result @@ -1043,6 +1043,10 @@ create spatial index i on t1 (a); ERROR 42000: A SPATIAL index may only contain a geometrical type column drop table t1; End of 5.1 tests +CREATE TABLE t0 (a BINARY(32) NOT NULL); +CREATE SPATIAL INDEX i on t0 (a); +ERROR 42000: A SPATIAL index may only contain a geometrical type column +INSERT INTO t0 VALUES (1); CREATE TABLE t1( col0 BINARY NOT NULL, col2 TIMESTAMP, @@ -1071,5 +1075,5 @@ col2 LINESTRING, SPATIAL INDEX i1 (col1, col2) ); ERROR HY000: Incorrect arguments to SPATIAL INDEX -DROP TABLE t1; -DROP TABLE t2; +DROP TABLE t0, t1, t2; +End of 5.5 tests diff --git a/mysql-test/r/mysqldump.result b/mysql-test/r/mysqldump.result index c204947a763..8f6add75fd3 100644 --- a/mysql-test/r/mysqldump.result +++ b/mysql-test/r/mysqldump.result @@ -4626,7 +4626,7 @@ DELIMITER ; /*!50003 SET collation_connection = @saved_col_connection */ ; ALTER DATABASE `test-database` CHARACTER SET utf8 COLLATE utf8_unicode_ci ; DROP DATABASE `test-database`; -USE `test`; +USE test; # # End of 5.1 tests # diff --git a/mysql-test/r/sp.result b/mysql-test/r/sp.result index f9b338dd414..6b4215e6b09 100644 --- a/mysql-test/r/sp.result +++ b/mysql-test/r/sp.result @@ -7452,6 +7452,24 @@ c1 # Cleanup drop table t1; drop procedure p1; +# +# BUG#11766234: 59299: ASSERT (TABLE_REF->TABLE || TABLE_REF->VIEW) +# FAILS IN SET_FIELD_ITERATOR +# +CREATE TABLE t1 (a INT); +CREATE TABLE t2 (a INT); +CREATE VIEW v1 AS SELECT a FROM t2; +CREATE PROCEDURE proc() SELECT * FROM t1 NATURAL JOIN v1; +ALTER TABLE t2 CHANGE COLUMN a b CHAR; + +CALL proc(); +ERROR HY000: View 'test.v1' references invalid table(s) or column(s) or function(s) or definer/invoker of view lack rights to use them +CALL proc(); +ERROR HY000: View 'test.v1' references invalid table(s) or column(s) or function(s) or definer/invoker of view lack rights to use them + +DROP TABLE t1,t2; +DROP VIEW v1; +DROP PROCEDURE proc; # -- # -- Bug 11765684 - 58674: SP-cache does not detect changes in diff --git a/mysql-test/r/subselect3.result b/mysql-test/r/subselect3.result index 2962a12d9a2..4e18a81b534 100644 --- a/mysql-test/r/subselect3.result +++ b/mysql-test/r/subselect3.result @@ -865,9 +865,6 @@ Level Code Message Note 1276 Field or reference 'test.t1.a' of SELECT #3 was resolved in SELECT #2 Note 1276 Field or reference 'test.t1.c' of SELECT #3 was resolved in SELECT #2 Error 1054 Unknown column 'c' in 'field list' -Note 1003 select `c` AS `c` from (select (select count(`test`.`t1`.`a`) from dual group by `c`) AS `(SELECT COUNT(a) FROM -(SELECT COUNT(b) FROM t1) AS x GROUP BY c -)` from `test`.`t1` group by `test`.`t1`.`b`) `y` DROP TABLE t1; End of 5.0 tests create table t0 (a int); diff --git a/mysql-test/t/archive.test b/mysql-test/t/archive.test index ce5047124a2..4686b3ca1dc 100644 --- a/mysql-test/t/archive.test +++ b/mysql-test/t/archive.test @@ -1730,3 +1730,18 @@ DROP TABLE t1; CREATE TABLE `a/../`(a INT) ENGINE=ARCHIVE; remove_file $MYSQLD_DATADIR/test/a@002f@002e@002e@002f.frm; DROP TABLE `a/../`; + +--echo # +--echo # BUG#57162 - valgrind errors, random data when returning +--echo # ordered data from archive tables +--echo # +SET sort_buffer_size=32804; +CREATE TABLE t1(a INT, b CHAR(255), c CHAR(255), d CHAR(255), + e CHAR(255), f INT) ENGINE=ARCHIVE DEFAULT CHARSET utf8; +INSERT INTO t1 VALUES(-1,'b','c','d','e',1); +INSERT INTO t1 SELECT * FROM t1; +INSERT INTO t1 SELECT * FROM t1; +INSERT INTO t1 SELECT t1.* FROM t1,t1 t2,t1 t3,t1 t4,t1 t5,t1 t6; +SELECT * FROM t1 ORDER BY f LIMIT 1; +DROP TABLE t1; +SET sort_buffer_size=DEFAULT; diff --git a/mysql-test/t/cast.test b/mysql-test/t/cast.test index f5426f8d631..a922cc9aaf7 100644 --- a/mysql-test/t/cast.test +++ b/mysql-test/t/cast.test @@ -280,5 +280,19 @@ SELECT 1 FROM ) AS s LIMIT 1; DROP TABLE t1; +--echo # +--echo # Bug #11765023: 57934: DOS POSSIBLE SINCE BINARY CASTING +--echo # DOESN'T ADHERE TO MAX_ALLOWED_PACKET + +SET @@GLOBAL.max_allowed_packet=2048; +# reconnect to make the new max packet size take effect +--connect (newconn, localhost, root,,) + +SELECT CONVERT('a', BINARY(2049)); +SELECT CONVERT('a', CHAR(2049)); + +connection default; +disconnect newconn; +SET @@GLOBAL.max_allowed_packet=default; --echo End of 5.1 tests diff --git a/mysql-test/t/explain.test b/mysql-test/t/explain.test index 931948b1b65..8376fdf1ad1 100644 --- a/mysql-test/t/explain.test +++ b/mysql-test/t/explain.test @@ -1,5 +1,5 @@ # -# Test of different EXPLAIN's +# Test of different EXPLAINs --disable_warnings drop table if exists t1; @@ -275,3 +275,24 @@ DEALLOCATE PREPARE stmt; DROP TABLE t1; --echo End of 5.1 tests. + +--echo # +--echo # Bug#11829785 EXPLAIN EXTENDED CRASH WITH RIGHT OUTER JOIN, SUBQUERIES +--echo # + +CREATE TABLE t1(a INT); + +INSERT INTO t1 VALUES (0), (0); + +PREPARE s FROM +'EXPLAIN EXTENDED +SELECT SUBSTRING(1, (SELECT 1 FROM t1 a1 RIGHT OUTER JOIN t1 ON 0)) AS d +FROM t1 WHERE 0 > ANY (SELECT @a FROM t1)'; + +--error ER_SUBQUERY_NO_1_ROW +EXECUTE s; + +DEALLOCATE PREPARE s; +DROP TABLE t1; + +--echo # diff --git a/mysql-test/t/gis.test b/mysql-test/t/gis.test index e68e70c685a..2a800140d1f 100644 --- a/mysql-test/t/gis.test +++ b/mysql-test/t/gis.test @@ -773,7 +773,14 @@ drop table t1; # # Bug #50574 5.5.x allows spatial indexes on non-spatial # columns, causing crashes! +# Bug#11767480 SPATIAL INDEXES ON NON-SPATIAL COLUMNS +# CAUSE CRASHES. # +CREATE TABLE t0 (a BINARY(32) NOT NULL); +--error ER_SPATIAL_MUST_HAVE_GEOM_COL +CREATE SPATIAL INDEX i on t0 (a); +INSERT INTO t0 VALUES (1); + --error ER_SPATIAL_MUST_HAVE_GEOM_COL CREATE TABLE t1( col0 BINARY NOT NULL, @@ -811,6 +818,7 @@ CREATE TABLE t3 ( ); # cleanup -DROP TABLE t1; -DROP TABLE t2; +DROP TABLE t0, t1, t2; + +--echo End of 5.5 tests diff --git a/mysql-test/t/mysqldump.test b/mysql-test/t/mysqldump.test index 09648faca94..e224bf6afe3 100644 --- a/mysql-test/t/mysqldump.test +++ b/mysql-test/t/mysqldump.test @@ -2199,7 +2199,7 @@ ALTER DATABASE `test-database` CHARACTER SET utf8 COLLATE utf8_unicode_ci ; DROP DATABASE `test-database`; # Switching back to test database. -USE `test`; +USE test; --echo # --echo # End of 5.1 tests diff --git a/mysql-test/t/sp.test b/mysql-test/t/sp.test index 1ed11c50ba8..b052b181d70 100644 --- a/mysql-test/t/sp.test +++ b/mysql-test/t/sp.test @@ -8713,6 +8713,30 @@ call p1(3, 2); drop table t1; drop procedure p1; + +--echo # +--echo # BUG#11766234: 59299: ASSERT (TABLE_REF->TABLE || TABLE_REF->VIEW) +--echo # FAILS IN SET_FIELD_ITERATOR +--echo # + +CREATE TABLE t1 (a INT); +CREATE TABLE t2 (a INT); +CREATE VIEW v1 AS SELECT a FROM t2; +CREATE PROCEDURE proc() SELECT * FROM t1 NATURAL JOIN v1; +ALTER TABLE t2 CHANGE COLUMN a b CHAR; + +--echo +--error ER_VIEW_INVALID +CALL proc(); +--error ER_VIEW_INVALID +CALL proc(); + +--echo +DROP TABLE t1,t2; +DROP VIEW v1; +DROP PROCEDURE proc; + + --echo --echo # -- --echo # -- Bug 11765684 - 58674: SP-cache does not detect changes in diff --git a/scripts/make_win_bin_dist b/scripts/make_win_bin_dist index 004ea9f4c3f..3c384265bec 100755 --- a/scripts/make_win_bin_dist +++ b/scripts/make_win_bin_dist @@ -181,6 +181,7 @@ cp Docs/INSTALL-BINARY $DESTDIR/Docs/ cp Docs/manual.chm $DESTDIR/Docs/ || /bin/true cp ChangeLog $DESTDIR/Docs/ || /bin/true cp support-files/my-*.ini $DESTDIR/ +cp README $DESTDIR/ if [ -f COPYING ] ; then cp COPYING $DESTDIR/ diff --git a/sql/item_timefunc.cc b/sql/item_timefunc.cc index 68e75a262dc..0952a5448e4 100644 --- a/sql/item_timefunc.cc +++ b/sql/item_timefunc.cc @@ -2524,6 +2524,19 @@ String *Item_char_typecast::val_str(String *str) String *res; uint32 length; + if (cast_length >= 0 && + ((unsigned) cast_length) > current_thd->variables.max_allowed_packet) + { + push_warning_printf(current_thd, MYSQL_ERROR::WARN_LEVEL_WARN, + ER_WARN_ALLOWED_PACKET_OVERFLOWED, + ER(ER_WARN_ALLOWED_PACKET_OVERFLOWED), + cast_cs == &my_charset_bin ? + "cast_as_binary" : func_name(), + current_thd->variables.max_allowed_packet); + null_value= 1; + return 0; + } + if (!charset_conversion) { if (!(res= args[0]->val_str(str))) diff --git a/sql/sql_acl.cc b/sql/sql_acl.cc index a269d5a1eef..18758130767 100644 --- a/sql/sql_acl.cc +++ b/sql/sql_acl.cc @@ -8399,6 +8399,94 @@ static bool parse_com_change_user_packet(MPVIO_EXT *mpvio, uint packet_length) DBUG_RETURN (0); } +#ifndef EMBEDDED_LIBRARY +/** + Get a null character terminated string from a user-supplied buffer. + + @param buffer[in, out] Pointer to the buffer to be scanned. + @param max_bytes_available[in, out] Limit the bytes to scan. + @param string_length[out] The number of characters scanned not including + the null character. + + @remark The string_length does not include the terminating null character. + However, after the call, the buffer is increased by string_length+1 + bytes, beyond the null character if there still available bytes to + scan. + + @return pointer to beginning of the string scanned. + @retval NULL The buffer content is malformed +*/ + +static +char *get_null_terminated_string(char **buffer, + size_t *max_bytes_available, + size_t *string_length) +{ + char *str= (char *)memchr(*buffer, '\0', *max_bytes_available); + + if (str == NULL) + return NULL; + + *string_length= (size_t)(str - *buffer); + *max_bytes_available-= *string_length + 1; + str= *buffer; + *buffer += *string_length + 1; + + return str; +} + +/** + Get a length encoded string from a user-supplied buffer. + + @param buffer[in, out] The buffer to scan; updates position after scan. + @param max_bytes_available[in, out] Limit the number of bytes to scan + @param string_length[out] Number of characters scanned + + @remark In case the length is zero, then the total size of the string is + considered to be 1 byte; the size byte. + + @return pointer to first byte after the header in buffer. + @retval NULL The buffer content is malformed +*/ + +static +char *get_length_encoded_string(char **buffer, + size_t *max_bytes_available, + size_t *string_length) +{ + if (*max_bytes_available == 0) + return NULL; + + /* Do double cast to prevent overflow from signed / unsigned conversion */ + size_t str_len= (size_t)(unsigned char)**buffer; + + /* + If the length encoded string has the length 0 + the total size of the string is only one byte long (the size byte) + */ + if (str_len == 0) + { + ++*buffer; + *string_length= 0; + /* + Return a pointer to the 0 character so the return value will be + an empty string. + */ + return *buffer-1; + } + + if (str_len >= *max_bytes_available) + return NULL; + + char *str= *buffer+1; + *string_length= str_len; + *max_bytes_available-= *string_length + 1; + *buffer+= *string_length + 1; + return str; +} +#endif + + /* the packet format is described in send_client_reply_packet() */ static ulong parse_client_handshake_packet(MPVIO_EXT *mpvio, uchar **buff, ulong pkt_len) @@ -8463,50 +8551,76 @@ static ulong parse_client_handshake_packet(MPVIO_EXT *mpvio, } #endif - if (end >= (char*) net->read_pos + pkt_len + 2) + if (end > (char *)net->read_pos + pkt_len) return packet_error; if ((mpvio->client_capabilities & CLIENT_TRANSACTIONS) && opt_using_transactions) net->return_status= mpvio->server_status; + + /* + In order to safely scan a head for '\0' string terminators + we must keep track of how many bytes remain in the allocated + buffer or we might read past the end of the buffer. + */ + size_t bytes_remaining_in_packet= pkt_len - (end - (char *)net->read_pos); - char *user= end; - char *passwd= strend(user) + 1; - uint user_len= passwd - user - 1, db_len; - char *db= passwd; - char db_buff[NAME_LEN + 1]; // buffer to store db in utf8 - char user_buff[USERNAME_LENGTH + 1]; // buffer to store user in utf8 - uint dummy_errors; + size_t user_len; + char *user= get_null_terminated_string(&end, &bytes_remaining_in_packet, + &user_len); + if (user == NULL) + return packet_error; /* - Old clients send null-terminated string as password; new clients send + Old clients send a null-terminated string as password; new clients send the size (1 byte) + string (not null-terminated). Hence in case of empty password both send '\0'. - - This strlen() can't be easily deleted without changing protocol. - - Cast *passwd to an unsigned char, so that it doesn't extend the sign for - *passwd > 127 and become 2**32-127+ after casting to uint. */ - uint passwd_len= mpvio->client_capabilities & CLIENT_SECURE_CONNECTION ? - (uchar) (*passwd++) : strlen(passwd); - - if (mpvio->client_capabilities & CLIENT_CONNECT_WITH_DB) + size_t passwd_len= 0; + char *passwd= NULL; + + if (mpvio->client_capabilities & CLIENT_SECURE_CONNECTION) { - db= db + passwd_len + 1; - /* strlen() can't be easily deleted without changing protocol */ - db_len= strlen(db); + /* + 4.1+ password. First byte is password length. + */ + passwd= get_length_encoded_string(&end, &bytes_remaining_in_packet, + &passwd_len); } else { - db= 0; - db_len= 0; + /* + Old passwords are zero terminated strings. + */ + passwd= get_null_terminated_string(&end, &bytes_remaining_in_packet, + &passwd_len); } - if (passwd + passwd_len + db_len > (char *) net->read_pos + pkt_len) + if (passwd == NULL) return packet_error; - char *client_plugin= passwd + passwd_len + (db ? db_len + 1 : 0); + size_t db_len= 0; + char *db= NULL; + + if (mpvio->client_capabilities & CLIENT_CONNECT_WITH_DB) + { + db= get_null_terminated_string(&end, &bytes_remaining_in_packet, + &db_len); + if (db == NULL) + return packet_error; + } + + size_t client_plugin_len= 0; + char *client_plugin= get_null_terminated_string(&end, + &bytes_remaining_in_packet, + &client_plugin_len); + if (client_plugin == NULL) + client_plugin= &empty_c_string[0]; + + char db_buff[NAME_LEN + 1]; // buffer to store db in utf8 + char user_buff[USERNAME_LENGTH + 1]; // buffer to store user in utf8 + uint dummy_errors; + /* Since 4.1 all database names are stored in utf8 */ if (db) @@ -8552,18 +8666,18 @@ static ulong parse_client_handshake_packet(MPVIO_EXT *mpvio, if (find_mpvio_user(mpvio)) return packet_error; - if (mpvio->client_capabilities & CLIENT_PLUGIN_AUTH) - { - if ((client_plugin + strlen(client_plugin)) > - (char *) net->read_pos + pkt_len) - return packet_error; - } - else + if (!(mpvio->client_capabilities & CLIENT_PLUGIN_AUTH)) { + /* + An old client is connecting + */ if (mpvio->client_capabilities & CLIENT_SECURE_CONNECTION) client_plugin= native_password_plugin_name.str; else { + /* + A really old client is connecting + */ client_plugin= old_password_plugin_name.str; /* For a passwordless accounts we use native_password_plugin. diff --git a/sql/sql_base.cc b/sql/sql_base.cc index 628e3b49719..f9d85b1e024 100644 --- a/sql/sql_base.cc +++ b/sql/sql_base.cc @@ -7602,9 +7602,10 @@ static bool setup_natural_join_row_types(THD *thd, List<TABLE_LIST> *from_clause, Name_resolution_context *context) { + DBUG_ENTER("setup_natural_join_row_types"); thd->where= "from clause"; if (from_clause->elements == 0) - return FALSE; /* We come here in the case of UNIONs. */ + DBUG_RETURN(false); /* We come here in the case of UNIONs. */ List_iterator_fast<TABLE_LIST> table_ref_it(*from_clause); TABLE_LIST *table_ref; /* Current table reference. */ @@ -7612,10 +7613,6 @@ static bool setup_natural_join_row_types(THD *thd, TABLE_LIST *left_neighbor; /* Table reference to the right of the current. */ TABLE_LIST *right_neighbor= NULL; - bool save_first_natural_join_processing= - context->select_lex->first_natural_join_processing; - - context->select_lex->first_natural_join_processing= FALSE; /* Note that tables in the list are in reversed order */ for (left_neighbor= table_ref_it++; left_neighbor ; ) @@ -7627,12 +7624,11 @@ static bool setup_natural_join_row_types(THD *thd, 1) for stored procedures, 2) for multitable update after lock failure and table reopening. */ - if (save_first_natural_join_processing) + if (context->select_lex->first_natural_join_processing) { - context->select_lex->first_natural_join_processing= FALSE; if (store_top_level_join_columns(thd, table_ref, left_neighbor, right_neighbor)) - return TRUE; + DBUG_RETURN(true); if (left_neighbor) { TABLE_LIST *first_leaf_on_the_right; @@ -7652,8 +7648,9 @@ static bool setup_natural_join_row_types(THD *thd, DBUG_ASSERT(right_neighbor); context->first_name_resolution_table= right_neighbor->first_leaf_for_name_resolution(); + context->select_lex->first_natural_join_processing= false; - return FALSE; + DBUG_RETURN (false); } diff --git a/sql/sql_parse.cc b/sql/sql_parse.cc index d9d99de2911..24f7fdb8e61 100644 --- a/sql/sql_parse.cc +++ b/sql/sql_parse.cc @@ -4434,7 +4434,11 @@ static bool execute_sqlcom_select(THD *thd, TABLE_LIST *all_tables) return 1; /* purecov: inspected */ thd->send_explain_fields(result); res= mysql_explain_union(thd, &thd->lex->unit, result); - if (lex->describe & DESCRIBE_EXTENDED) + /* + The code which prints the extended description is not robust + against malformed queries, so skip it if we have an error. + */ + if (!res && (lex->describe & DESCRIBE_EXTENDED)) { char buff[1024]; String str(buff,(uint32) sizeof(buff), system_charset_info); diff --git a/storage/archive/ha_archive.cc b/storage/archive/ha_archive.cc index d00bc6a7f25..df556a0721c 100644 --- a/storage/archive/ha_archive.cc +++ b/storage/archive/ha_archive.cc @@ -1181,7 +1181,7 @@ int ha_archive::unpack_row(azio_stream *file_to_read, uchar *record) ptr+= table->s->null_bytes; for (Field **field=table->field ; *field ; field++) { - if (!((*field)->is_null())) + if (!((*field)->is_null_in_record(record))) { ptr= (*field)->unpack(record + (*field)->offset(table->record[0]), ptr); } |