From 925d4fb92107c0794060bd8856958c4d13d83e4f Mon Sep 17 00:00:00 2001
From: unknown <holyfoot/hf@mysql.com/hfmain.(none)>
Date: Mon, 29 Jan 2007 11:48:31 +0400
Subject: bug #25492 (Invalid deallocation in mysql_stmt_fetch) Operating with
 the prepared statements we don't alloc MYSQL_DATA structure, but use
 MYSQL_STMT's field instead (to increase performance by reducing malloc
 calls). So we shouldn't free this structure as we did before.

libmysqld/lib_sql.cc:
  we only should free data->alloc here, as the 'data' is a member
  of STMT structure
---
 libmysqld/lib_sql.cc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libmysqld/lib_sql.cc b/libmysqld/lib_sql.cc
index fe4ac5ba676..3a8bc189e7f 100644
--- a/libmysqld/lib_sql.cc
+++ b/libmysqld/lib_sql.cc
@@ -269,7 +269,7 @@ int emb_unbuffered_fetch(MYSQL *mysql, char **row)
     *row= NULL;
     if (data)
     {
-      free_rows(data);
+      free_root(&data->alloc,MYF(0));
       ((THD*)mysql->thd)->data= NULL;
     }
   }
-- 
cgit v1.2.1


From 07f36668aecfd3d811c4ed5eb23b1bfdb8c86fdd Mon Sep 17 00:00:00 2001
From: unknown <holyfoot/hf@mysql.com/hfmain.(none)>
Date: Mon, 12 Feb 2007 15:41:36 +0400
Subject: bug #20691 (INSERT (DEFAULT) may insert garbage with NO DEFAULT NOT
 NULL field)

Some fields (GEOMETRY first of all) can't be handled properly in this
case at all. So we return an error in this case


mysql-test/r/default.result:
  result fixed
mysql-test/r/gis.result:
  result fixed
mysql-test/t/default.test:
  VIEW test added
mysql-test/t/gis.test:
  testcase added
sql/item.cc:
  set_defaults() changed with the 'reset()'
---
 mysql-test/r/default.result | 12 +++++++++++-
 mysql-test/r/gis.result     |  4 ++++
 mysql-test/t/default.test   |  9 ++++++++-
 mysql-test/t/gis.test       |  9 +++++++++
 sql/item.cc                 |  8 +++++++-
 5 files changed, 39 insertions(+), 3 deletions(-)

diff --git a/mysql-test/r/default.result b/mysql-test/r/default.result
index e2aa3b4a3cc..0b2b6769505 100644
--- a/mysql-test/r/default.result
+++ b/mysql-test/r/default.result
@@ -193,6 +193,16 @@ a	b	c	d	e	f	g	h	i	x
 two	large	00:00:05	0007-01-01	11	13	17	0019-01-01 00:00:00	23	1
 	small	00:00:00	0000-00-00	0			0000-00-00 00:00:00	0	2
 two	large	00:00:05	0007-01-01	11	13	17	0019-01-01 00:00:00	23	3
-	small	00:00:00	0000-00-00	0			0000-00-00 00:00:00	0	4
+		00:00:00	0000-00-00	0			0000-00-00 00:00:00	0	4
 drop table bug20691;
+create table t1 (id int not null);
+insert into t1 values(default);
+Warnings:
+Warning	1364	Field 'id' doesn't have a default value
+create view v1 (c) as select id from t1;
+insert into t1 values(default);
+Warnings:
+Warning	1364	Field 'id' doesn't have a default value
+drop view v1;
+drop table t1;
 End of 5.0 tests.
diff --git a/mysql-test/r/gis.result b/mysql-test/r/gis.result
index 870e160e563..df39a4d8ca2 100644
--- a/mysql-test/r/gis.result
+++ b/mysql-test/r/gis.result
@@ -717,3 +717,7 @@ desc t1;
 Field	Type	Null	Key	Default	Extra
 GeomFromText('point(1 1)')	geometry	NO			
 drop table t1;
+create table t1 (g geometry not null);
+insert into t1 values(default);
+ERROR 22003: Cannot get geometry object from data you send to the GEOMETRY field
+drop table t1;
diff --git a/mysql-test/t/default.test b/mysql-test/t/default.test
index 225ddbc3ee2..14aa4b02cfe 100644
--- a/mysql-test/t/default.test
+++ b/mysql-test/t/default.test
@@ -137,6 +137,13 @@ insert into bug20691 values (DEFAULT, DEFAULT, DEFAULT, DEFAULT, DEFAULT, DEFAUL
 select * from bug20691 order by x asc;
 drop table bug20691;
 
-###
+create table t1 (id int not null);
+insert into t1 values(default);
+
+create view v1 (c) as select id from t1;
+insert into t1 values(default);
+drop view v1;
+drop table t1;
+
 --echo End of 5.0 tests.
 
diff --git a/mysql-test/t/gis.test b/mysql-test/t/gis.test
index 95fdf642b94..ff9fcad1fcf 100644
--- a/mysql-test/t/gis.test
+++ b/mysql-test/t/gis.test
@@ -428,3 +428,12 @@ drop table t1;
 create table t1 select GeomFromText('point(1 1)');
 desc t1;
 drop table t1;
+
+#
+# Bug #20691 (DEFAULT over NOT NULL field)
+#
+create table t1 (g geometry not null);
+--error ER_CANT_CREATE_GEOMETRY_OBJECT
+insert into t1 values(default);
+drop table t1;
+
diff --git a/sql/item.cc b/sql/item.cc
index 9a55eb25e2c..b749ad97e64 100644
--- a/sql/item.cc
+++ b/sql/item.cc
@@ -5505,6 +5505,13 @@ int Item_default_value::save_in_field(Field *field_arg, bool no_conversions)
   {
     if (field_arg->flags & NO_DEFAULT_VALUE_FLAG)
     {
+      if (field_arg->reset())
+      {
+        my_message(ER_CANT_CREATE_GEOMETRY_OBJECT,
+                   ER(ER_CANT_CREATE_GEOMETRY_OBJECT), MYF(0));
+        return -1;
+      }
+
       if (context->error_processor == &view_error_processor)
       {
         TABLE_LIST *view= cached_table->top_table();
@@ -5523,7 +5530,6 @@ int Item_default_value::save_in_field(Field *field_arg, bool no_conversions)
                             ER(ER_NO_DEFAULT_FOR_FIELD),
                             field_arg->field_name);
       }
-      field_arg->set_default();
       return 1;
     }
     field_arg->set_default();
-- 
cgit v1.2.1


From fd76e1489394c44513ef646246f50c12fdf1b0a0 Mon Sep 17 00:00:00 2001
From: unknown <holyfoot/hf@mysql.com/hfmain.(none)>
Date: Tue, 13 Feb 2007 00:55:45 +0400
Subject: bug #25492 (Invalid deallocation in mysql_stmt_fetch)

libmysqld/lib_sql.cc:
  code modified to prevent freeing of memory that wasn't malloc-ed.
  Now we check if MYSQL_STMT::result was used.
---
 libmysqld/lib_sql.cc | 32 ++++++++++++++++++++++++++------
 1 file changed, 26 insertions(+), 6 deletions(-)

diff --git a/libmysqld/lib_sql.cc b/libmysqld/lib_sql.cc
index 3a8bc189e7f..8992bea943b 100644
--- a/libmysqld/lib_sql.cc
+++ b/libmysqld/lib_sql.cc
@@ -66,6 +66,16 @@ void embedded_get_error(MYSQL *mysql)
   }
 }
 
+
+static void emb_free_rows(THD *thd)
+{
+  if (thd->current_stmt)
+    free_root(&thd->data->alloc,MYF(0));
+  else
+    free_rows(thd->data);
+}
+
+
 static my_bool
 emb_advanced_command(MYSQL *mysql, enum enum_server_command command,
 		     const char *header, ulong header_length,
@@ -78,7 +88,7 @@ emb_advanced_command(MYSQL *mysql, enum enum_server_command command,
 
   if (thd->data)
   {
-    free_rows(thd->data);
+    emb_free_rows(thd);
     thd->data= 0;
   }
   /* Check that we are calling the client functions in right order */
@@ -248,13 +258,23 @@ static int emb_stmt_execute(MYSQL_STMT *stmt)
 
 int emb_read_binary_rows(MYSQL_STMT *stmt)
 {
-  MYSQL_DATA *data;
-  if (!(data= emb_read_rows(stmt->mysql, 0, 0)))
+  MYSQL *mysql= stmt->mysql;
+  embedded_get_error(mysql);
+  if (mysql->net.last_errno)
   {
-    set_stmt_errmsg(stmt, stmt->mysql->net.last_error,
-                    stmt->mysql->net.last_errno, stmt->mysql->net.sqlstate);
+    set_stmt_errmsg(stmt, mysql->net.last_error,
+                    mysql->net.last_errno, mysql->net.sqlstate);
     return 1;
   }
+
+  if (((THD*)mysql->thd)->data)
+  {
+    DBUG_ASSERT(((THD*) mysql->thd)->data == &stmt->result);
+    stmt->result.prev_ptr= NULL;
+    ((THD*)mysql->thd)->data= NULL;
+  }
+  else
+    stmt->result.rows= 0;
   return 0;
 }
 
@@ -285,7 +305,7 @@ static void emb_free_embedded_thd(MYSQL *mysql)
 {
   THD *thd= (THD*)mysql->thd;
   if (thd->data)
-    free_rows(thd->data);
+    emb_free_rows(thd);
   thread_count--;
   delete thd;
   mysql->thd=0;
-- 
cgit v1.2.1