From c2ebb0ac882feadedd0bbca71277fd2de66aa957 Mon Sep 17 00:00:00 2001
From: Alexey Kopytov <Alexey.Kopytov@Sun.com>
Date: Fri, 21 May 2010 15:23:48 +0400
Subject: Bug #42064: low memory crash when importing hex strings, in          
   Item_hex_string::Item_hex_string

The status of memory allocation in the Lex_input_stream (called
from the Parser_state constructor) was not checked which led to
a parser crash in case of the out-of-memory error.

The solution is to introduce new init() member function in
Parser_state and Lex_input_stream so that status of memory
allocation can be returned to the caller.

mysql-test/r/error_simulation.result:
  Added a test case for bug #42064.
mysql-test/t/error_simulation.test:
  Added a test case for bug #42064.
mysys/my_alloc.c:
  Added error injection code for the regression test.
mysys/my_malloc.c:
  Added error injection code for the regression test.
mysys/safemalloc.c:
  Added error injection code for the regression test.
sql/event_data_objects.cc:
  Use the new init() member function of Parser_state and check
  its return value to handle memory allocation failures.
sql/mysqld.cc:
  Added error injection code for the regression test.
sql/sp.cc:
  Use the new init() member function of Parser_state and check
  its return value to handle memory allocation failures.
sql/sql_lex.cc:
  Moved memory allocation from constructor to the separate init()
  member function.
  Added error injection code for the regression test.
sql/sql_lex.h:
  Moved memory allocation from constructor to the separate init()
  member function.
sql/sql_parse.cc:
  Use the new init() member function of Parser_state and check
  its return value to handle memory allocation failures.
sql/sql_partition.cc:
  Use the new init() member function of Parser_state and check
  its return value to handle memory allocation failures.
sql/sql_prepare.cc:
  Use the new init() member function of Parser_state and check
  its return value to handle memory allocation failures.
sql/sql_trigger.cc:
  Use the new init() member function of Parser_state and check
  its return value to handle memory allocation failures.
sql/sql_view.cc:
  Use the new init() member function of Parser_state and check
  its return value to handle memory allocation failures..
sql/thr_malloc.cc:
  Added error injection code for the regression test.
---
 sql/sql_view.cc | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

(limited to 'sql/sql_view.cc')

diff --git a/sql/sql_view.cc b/sql/sql_view.cc
index 5ec80dfb621..340409aa42f 100644
--- a/sql/sql_view.cc
+++ b/sql/sql_view.cc
@@ -1190,9 +1190,10 @@ bool mysql_make_view(THD *thd, File_parser *parser, TABLE_LIST *table,
     char old_db_buf[NAME_LEN+1];
     LEX_STRING old_db= { old_db_buf, sizeof(old_db_buf) };
     bool dbchanged;
-    Parser_state parser_state(thd,
-                              table->select_stmt.str,
-                              table->select_stmt.length);
+    Parser_state parser_state;
+    if (parser_state.init(thd, table->select_stmt.str,
+                          table->select_stmt.length))
+        goto err;
 
     /* 
       Use view db name as thread default database, in order to ensure
-- 
cgit v1.2.1


From 0f9ddfa9d8bb8d071266bcc63e92813cf18ccd2b Mon Sep 17 00:00:00 2001
From: Davi Arnaut <Davi.Arnaut@Sun.COM>
Date: Thu, 10 Jun 2010 17:45:22 -0300
Subject: Bug#42733: Type-punning warnings when compiling MySQL --            
 strict aliasing violations.

One somewhat major source of strict-aliasing violations and
related warnings is the SQL_LIST structure. For example,
consider its member function `link_in_list` which takes
a pointer to pointer of type T (any type) as a pointer to
pointer to unsigned char. Dereferencing this pointer, which
is done to reset the next field, violates strict-aliasing
rules and might cause problems for surrounding code that
uses the next field of the object being added to the list.

The solution is to use templates to parametrize the SQL_LIST
structure in order to deference the pointers with compatible
types. As a side bonus, it becomes possible to remove quite
a few casts related to acessing data members of SQL_LIST.

sql/handler.h:
  Use the appropriate template type argument.
sql/item.cc:
  Remove now-unnecessary cast.
sql/item_subselect.cc:
  Remove now-unnecessary casts.
sql/item_sum.cc:
  Use the appropriate template type argument.
  Remove now-unnecessary cast.
sql/mysql_priv.h:
  Move SQL_LIST structure to sql_list.h
  Use the appropriate template type argument.
sql/sp.cc:
  Remove now-unnecessary casts.
sql/sql_delete.cc:
  Use the appropriate template type argument.
  Remove now-unnecessary casts.
sql/sql_derived.cc:
  Remove now-unnecessary casts.
sql/sql_lex.cc:
  Remove now-unnecessary casts.
sql/sql_lex.h:
  SQL_LIST now takes a template type argument which must
  match the type of the elements of the list. Use forward
  declaration when the type is not available, it is used
  in pointers anyway.
sql/sql_list.h:
  Rename SQL_LIST to SQL_I_List. The template parameter is
  the type of object that is stored in the list.
sql/sql_olap.cc:
  Remove now-unnecessary casts.
sql/sql_parse.cc:
  Remove now-unnecessary casts.
sql/sql_prepare.cc:
  Remove now-unnecessary casts.
sql/sql_select.cc:
  Remove now-unnecessary casts.
sql/sql_show.cc:
  Remove now-unnecessary casts.
sql/sql_table.cc:
  Remove now-unnecessary casts.
sql/sql_trigger.cc:
  Remove now-unnecessary casts.
sql/sql_union.cc:
  Remove now-unnecessary casts.
sql/sql_update.cc:
  Remove now-unnecessary casts.
sql/sql_view.cc:
  Remove now-unnecessary casts.
sql/sql_yacc.yy:
  Remove now-unnecessary casts.
storage/myisammrg/ha_myisammrg.cc:
  Remove now-unnecessary casts.
---
 sql/sql_view.cc | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

(limited to 'sql/sql_view.cc')

diff --git a/sql/sql_view.cc b/sql/sql_view.cc
index 5ec80dfb621..3d0d80c8ad1 100644
--- a/sql/sql_view.cc
+++ b/sql/sql_view.cc
@@ -887,7 +887,7 @@ static int mysql_register_view(THD *thd, TABLE_LIST *view,
                               view->algorithm != VIEW_ALGORITHM_TMPTABLE)))
   {
     /* TODO: change here when we will support UNIONs */
-    for (TABLE_LIST *tbl= (TABLE_LIST *)lex->select_lex.table_list.first;
+    for (TABLE_LIST *tbl= lex->select_lex.table_list.first;
 	 tbl;
 	 tbl= tbl->next_local)
     {
@@ -1006,7 +1006,7 @@ loop_out:
   */
   if (view->updatable_view &&
       !lex->select_lex.master_unit()->is_union() &&
-      !((TABLE_LIST*)lex->select_lex.table_list.first)->next_local &&
+      !(lex->select_lex.table_list.first)->next_local &&
       find_table_in_global_list(lex->query_tables->next_global,
 				lex->query_tables->db,
 				lex->query_tables->table_name))
@@ -1349,8 +1349,7 @@ bool mysql_make_view(THD *thd, File_parser *parser, TABLE_LIST *table,
         This may change in future, for example if we enable merging of
         views with subqueries in select list.
       */
-      view_main_select_tables=
-        (TABLE_LIST*)lex->select_lex.table_list.first;
+      view_main_select_tables= lex->select_lex.table_list.first;
 
       /*
         Let us set proper lock type for tables of the view's main
-- 
cgit v1.2.1