From 184ecd9899d215fece148f577bc7ba06a9ef77cd Mon Sep 17 00:00:00 2001
From: Dmitry Shulga <Dmitry.Shulga@oracle.com>
Date: Thu, 9 Jun 2011 23:30:52 +0700
Subject: Fixed bug#11840395 (formerly known as bug#60347: THE STRING
 "VERSIONDATA" SEEMS TO BE 'LEAKING' INTO THE SCHEMA NAME SPACE) and
 bug#12428824 (Parser stack overflow and crash in sp_add_used_routine with
 obscure query).

The first problem was that attempts to call a stored function by
its fully qualified name ended up with unwarranted error "ERROR 1305
(42000): FUNCTION someMixedCaseDb.my_function_name does not exist"
if this function belonged to a schema that had uppercase letters in
its name AND --lower_case_table_names was equal to either 1 or 2.

The second problem was that 5.5 version of MySQL server might have
crashed when a user tried to call stored function with too long name
or too long database name (i.e if a function and database name combined
occupied more than 2*3*64 bytes in utf8). This issue didn't affect
versions of server < 5.5.

The first problem was caused by the fact that in cases when a stored
function was called by its fully qualified name we didn't lowercase
name of its schema before performing look up of the function in
mysql.proc table even although lower_case_table_names mode was on.
As result we were unable to find this function since during its
creation we store lowercased version of schema name in the system
table in this mode and field for schema name uses binary collation.

Calls to stored functions were unaffected by this problem since for
them schema name is converted to lowercase as necessary.

The reason for the second bug was that MySQL Server didn't check length
of function name and database name before proceeding with execution of
stored function. As a consequence too long database name or function
name caused buffer overruns in places where the code assumes that their
length is within fixed limits, like mdl_key_init() in 5.5.

Again this issue didn't affect calls to stored procedures as for them
length of schema name and procedure name are properly checked.

This patch fixes both these bugs by adding calls to check_db_name()
and check_routine_name() to grammar rule which corresponds to a call
to a stored function. These functions ensure that length of database
name and function name for routine called is within standard limit.
Moreover call to check_db_name() handles conversion of database name
to lowercase if --lower_case_table_names mode is on.

Note that even although the second issue seems to be only reproducible
in 5.5 we still add code fixing it to 5.1 to be on the safe side (and
make code a bit more robust against possible future changes).

mysql-test/r/sp-error.result:
  Added testcase results for bug#12428824.
mysql-test/r/sp.result:
  Added testcase result for bug#11840395.
mysql-test/t/sp-error.test:
  Added testcase for bug#12428824.
mysql-test/t/sp.test:
  Added testcase for bug#11840395.
sql/sql_yacc.yy:
  Modified 'function_call_generic' rule to call check_db_name() and
  check_routine_name() in order to ensure that lengths of database name
  and function name are within limits. check_db_name() is also responsible
  for normalizing function's database name for lookup in cases when
  lowercase_table_names mode is on.
---
 sql/sql_yacc.yy | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

(limited to 'sql/sql_yacc.yy')

diff --git a/sql/sql_yacc.yy b/sql/sql_yacc.yy
index 4e24e69af42..719426015bd 100644
--- a/sql/sql_yacc.yy
+++ b/sql/sql_yacc.yy
@@ -8020,6 +8020,11 @@ function_call_generic:
             Create_func *builder;
             Item *item= NULL;
 
+            if (check_routine_name(&$1))
+            {
+              MYSQL_YYABORT;
+            }
+
             /*
               Implementation note:
               names are resolved with the following order:
@@ -8083,6 +8088,16 @@ function_call_generic:
               version() (a vendor can specify any schema).
             */
 
+            if (!$1.str || check_db_name(&$1))
+            {
+              my_error(ER_WRONG_DB_NAME, MYF(0), $1.str);
+              MYSQL_YYABORT;
+            }
+            if (check_routine_name(&$3))
+            {
+              MYSQL_YYABORT;
+            }
+
             builder= find_qualified_function_builder(thd);
             DBUG_ASSERT(builder);
             item= builder->create(thd, $1, $3, true, $5);
-- 
cgit v1.2.1


From 44135d4725dd3ad6d331c60b0bab1618472b8ae4 Mon Sep 17 00:00:00 2001
From: Kent Boortz <kent.boortz@oracle.com>
Date: Thu, 30 Jun 2011 17:31:31 +0200
Subject: Updated/added copyright headers

---
 sql/sql_yacc.yy | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

(limited to 'sql/sql_yacc.yy')

diff --git a/sql/sql_yacc.yy b/sql/sql_yacc.yy
index 3cd61605033..57ee9da5249 100644
--- a/sql/sql_yacc.yy
+++ b/sql/sql_yacc.yy
@@ -1,4 +1,5 @@
-/* Copyright (C) 2000-2003 MySQL AB
+/* Copyright (c) 2000-2008 MySQL AB, 2008-2010 Sun Microsystems, Inc.
+   Use is subject to license terms.
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -11,7 +12,7 @@
 
    You should have received a copy of the GNU General Public License
    along with this program; if not, write to the Free Software
-   Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA */
+   Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301  USA */
 
 /* sql_yacc.yy */
 
-- 
cgit v1.2.1


From 083a316d1f9020d48a5b9769fafbb3accad3c03a Mon Sep 17 00:00:00 2001
From: Tatjana Azundris Nuernberg <tatjana.nuernberg@oracle.com>
Date: Tue, 12 Jul 2011 06:08:52 +0100
Subject: Bug#11758414/Bug#50614: Default storage_engine not honored when set
 from within a stored procedure

When CREATE TABLE wasn't given ENGINE=... it would determine
the default ENGINE at parse-time rather than at execution
time, leading to incorrect behaviour (namely, later changes
to the default engine being ignore) when calling CREATE TABLE
from a stored procedure.

We now defer working out the default engine till execution of
CREATE TABLE.


mysql-test/r/sp_trans.result:
  results!
mysql-test/t/sp_trans.test:
  Show that CREATE TABLE (called from store routine) heeds
  any changes after CREATE SP / parse-time. Show that explicitly
  requesting an ENGINE still works.
sql/sql_parse.cc:
  If no ENGINE=... was given at parse-time, determine default
  engine at execution time of CREATE TABLE.
sql/sql_yacc.yy:
  If CREATE TABLE is not given ENGINE=..., don't bother
  figuring out the default engine during parsing; we'll
  do it at execution time instead to be aware of the
  latest updates.
---
 sql/sql_yacc.yy | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'sql/sql_yacc.yy')

diff --git a/sql/sql_yacc.yy b/sql/sql_yacc.yy
index 6245f07b9cf..f4fb822b294 100644
--- a/sql/sql_yacc.yy
+++ b/sql/sql_yacc.yy
@@ -1838,7 +1838,6 @@ create:
             lex->change=NullS;
             bzero((char*) &lex->create_info,sizeof(lex->create_info));
             lex->create_info.options=$2 | $4;
-            lex->create_info.db_type= ha_default_handlerton(thd);
             lex->create_info.default_table_charset= NULL;
             lex->name.str= 0;
             lex->name.length= 0;
@@ -1847,7 +1846,8 @@ create:
           {
             LEX *lex= YYTHD->lex;
             lex->current_select= &lex->select_lex; 
-            if (!lex->create_info.db_type)
+            if ((lex->create_info.used_fields & HA_CREATE_USED_ENGINE) &&
+                !lex->create_info.db_type)
             {
               lex->create_info.db_type= ha_default_handlerton(YYTHD);
               push_warning_printf(YYTHD, MYSQL_ERROR::WARN_LEVEL_WARN,
-- 
cgit v1.2.1


From e94de17f951582de66e6dad29b1304506daf4305 Mon Sep 17 00:00:00 2001
From: Alfranio Correia <alfranio.correia@oracle.com>
Date: Mon, 18 Jul 2011 18:18:03 +0100
Subject: BUG#11809016 - NO WAY TO DISCOVER AN INSTANCE IS NO LONGER A SLAVE
 FOLLOWING MYSQL BUG#28796

Before BUG#28796, an empty host was used to identify that an instance was no
longer a slave. However, BUG#28796 changed this behavior and one cannot set
an empty host. Besides, a RESET SLAVE only cleans up information on the next
event to retrieve from the master, disables ssl and resets heartbeat period.
So a call to SHOW SLAVE STATUS after issuing a RESET SLAVE still returns some
valid information, such as host, port, user and password.

To fix this problem, we have introduced the command RESET SLAVE ALL that does
what a regular RESET SLAVE does and also clears host, port, user and password
information thus allowing users to identify when an instance is no longer a
slave.
---
 sql/sql_yacc.yy | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'sql/sql_yacc.yy')

diff --git a/sql/sql_yacc.yy b/sql/sql_yacc.yy
index 564250a9bf2..90a55471792 100644
--- a/sql/sql_yacc.yy
+++ b/sql/sql_yacc.yy
@@ -11337,10 +11337,16 @@ reset_options:
 
 reset_option:
           SLAVE               { Lex->type|= REFRESH_SLAVE; }
+          slave_reset_options { }
         | MASTER_SYM          { Lex->type|= REFRESH_MASTER; }
         | QUERY_SYM CACHE_SYM { Lex->type|= REFRESH_QUERY_CACHE;}
         ;
 
+slave_reset_options:
+          /* empty */ { Lex->reset_slave_info.all= false; }
+        | ALL         { Lex->reset_slave_info.all= true; }
+        ;
+
 purge:
           PURGE
           {
-- 
cgit v1.2.1


From 111570dfd6e1d0abc062f63045b371074ac2b630 Mon Sep 17 00:00:00 2001
From: Alfranio Correia <alfranio.correia@oracle.com>
Date: Sun, 24 Jul 2011 12:26:58 +0100
Subject: Post-push fix for BUG#11809016.

In 5.5, REFRESH SLAVE is used as an alias for RESET SLAVE and
was removed in 5.6. Reseting a slave through REFRESH SLAVE was
causing errors in the valgrind platform since reset_slave_info
was undefined.

To fix the problem, we have set reset_slave_info while calling
REFRESH SLAVE.
---
 sql/sql_yacc.yy | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'sql/sql_yacc.yy')

diff --git a/sql/sql_yacc.yy b/sql/sql_yacc.yy
index 90a55471792..ba1b9e43713 100644
--- a/sql/sql_yacc.yy
+++ b/sql/sql_yacc.yy
@@ -11306,7 +11306,10 @@ flush_option:
         | STATUS_SYM
           { Lex->type|= REFRESH_STATUS; }
         | SLAVE
-          { Lex->type|= REFRESH_SLAVE; }
+          { 
+            Lex->type|= REFRESH_SLAVE;
+            Lex->reset_slave_info.all= false;
+          }
         | MASTER_SYM
           { Lex->type|= REFRESH_MASTER; }
         | DES_KEY_FILE
-- 
cgit v1.2.1


From 00dad1c086a3dfedb36af237ba324925831f22c4 Mon Sep 17 00:00:00 2001
From: Tatjana Azundris Nuernberg <tatjana.nuernberg@oracle.com>
Date: Thu, 11 Aug 2011 09:34:16 +0100
Subject: maintain behavior introduced in fix for MySQL bug 35765 (avert
 regression)

---
 sql/sql_yacc.yy | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

(limited to 'sql/sql_yacc.yy')

diff --git a/sql/sql_yacc.yy b/sql/sql_yacc.yy
index ff2f2a8f273..700995d5bb6 100644
--- a/sql/sql_yacc.yy
+++ b/sql/sql_yacc.yy
@@ -5036,8 +5036,7 @@ create_table_option:
           ENGINE_SYM opt_equal storage_engines
           {
             Lex->create_info.db_type= $3;
-            if ($3)
-              Lex->create_info.used_fields|= HA_CREATE_USED_ENGINE;
+            Lex->create_info.used_fields|= HA_CREATE_USED_ENGINE;
           }
         | MAX_ROWS opt_equal ulonglong_num
           {
@@ -6748,6 +6747,11 @@ alter_list_item:
           {
             LEX *lex=Lex;
             lex->alter_info.flags|= ALTER_OPTIONS;
+            if ((lex->create_info.used_fields & HA_CREATE_USED_ENGINE) &&
+                !lex->create_info.db_type)
+            {
+              lex->create_info.used_fields&= ~HA_CREATE_USED_ENGINE;
+            }
           }
         | FORCE_SYM
           {
-- 
cgit v1.2.1