From dd1d7ff161e22d697eec3c40893d380b0c0ef0bb Mon Sep 17 00:00:00 2001 From: Mattias Jonsson Date: Tue, 5 Oct 2010 14:57:51 +0200 Subject: Bug#55091: Server crashes on ADD PARTITION after a failed attempt In case of failure in ALTER ... PARTITION under LOCK TABLE the server could crash, due to it had modified the locked table object, which was not reverted in case of failure, resulting in a bad table definition used after the failed command. Solved by always closing the LOCKED TABLE, even in case of error. Note: this is a 5.1-only fix, bug#56172 fixed it in 5.5+ mysql-test/r/partition_innodb_plugin.result: updated result mysql-test/t/disabled.def: Only disabled valgrind instead. mysql-test/t/partition_innodb_plugin.test: Added test sql/sql_partition.cc: close_thread_tables do not close LOCKED TABLEs and destroys the table object (including part_info), so to avoid it to be reused, always close the table regardless of any previous failure. --- sql/sql_partition.cc | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) (limited to 'sql') diff --git a/sql/sql_partition.cc b/sql/sql_partition.cc index 76caa2b0c8d..7b0c47865d8 100644 --- a/sql/sql_partition.cc +++ b/sql/sql_partition.cc @@ -5934,6 +5934,12 @@ static void alter_partition_lock_handling(ALTER_PARTITION_PARAM_TYPE *lpt) int err; if (lpt->thd->locked_tables) { + /* + Close the table if open, to remove/destroy the already altered + table->part_info object, so that it is not reused. + */ + if (lpt->table->db_stat) + abort_and_upgrade_lock_and_close_table(lpt); /* When we have the table locked, it is necessary to reopen the table since all table objects were closed and removed as part of the @@ -6436,7 +6442,20 @@ uint fast_alter_partition_table(THD *thd, TABLE *table, table, table_list, FALSE, NULL, written_bin_log)); err: - close_thread_tables(thd); + if (thd->locked_tables) + { + /* + table->part_info was altered in prep_alter_part_table and must be + destroyed and recreated, since otherwise it will be reused, since + we are under LOCK TABLE. + */ + alter_partition_lock_handling(lpt); + } + else + { + /* Force the table to be closed to avoid reuse of the table->part_info */ + close_thread_tables(thd); + } DBUG_RETURN(TRUE); } #endif -- cgit v1.2.1 From 20d704978ddb14dee414f40f28bd58f82b21711c Mon Sep 17 00:00:00 2001 From: Gleb Shchepa Date: Sun, 31 Oct 2010 19:04:38 +0300 Subject: Bug #52160: crash and inconsistent results when grouping by a function and column The bugreport reveals two different bugs about grouping on a function: 1) grouping by the TIME_TO_SEC function result caused a server crash or wrong results and 2) grouping by the function returning a blob caused an unexpected "Duplicate entry" error and wrong result. Details for the 1st bug: TIME_TO_SEC() returns NULL if its argument is invalid (empty string for example). Thus its nullability depends not only on the nullability of its arguments but also on their values. Fixed by (overoptimistically) setting TIME_TO_SEC() to be nullable despite the nullability of its arguments. Details for the 2nd bug: The server is unable to create indices on blobs without explicit blob key part length. However, this fact was ignored for blob function result fields of GROUP BY intermediate tables. Fixed by disabling GROUP BY index creation for blob function result fields like regular blob fields. mysql-test/r/func_time.result: Test case for bug #52160. mysql-test/r/type_blob.result: Test case for bug #52160. mysql-test/t/func_time.test: Test case for bug #52160. mysql-test/t/type_blob.test: Test case for bug #52160. sql/item_timefunc.h: Bug #52160: crash and inconsistent results when grouping by a function and column TIME_TO_SEC() returns NULL if its argument is invalid (empty string for example). Thus its nullability depends not only Fixed by (overoptimistically) setting TIME_TO_SEC() to be nullable despite the nullability of its arguments. sql/sql_select.cc: Bug #52160: crash and inconsistent results when grouping by a function and column The server is unable to create indices on blobs without explicit blob key part length. However, this fact was ignored for blob function result fields of GROUP BY intermediate tables. Fixed by disabling GROUP BY index creation for blob function result fields like regular blob fields. --- sql/item_timefunc.h | 1 + sql/sql_select.cc | 2 ++ 2 files changed, 3 insertions(+) (limited to 'sql') diff --git a/sql/item_timefunc.h b/sql/item_timefunc.h index ef86406e1be..47bb9509582 100644 --- a/sql/item_timefunc.h +++ b/sql/item_timefunc.h @@ -331,6 +331,7 @@ public: const char *func_name() const { return "time_to_sec"; } void fix_length_and_dec() { + maybe_null= TRUE; decimals=0; max_length=10*MY_CHARSET_BIN_MB_MAXLEN; } diff --git a/sql/sql_select.cc b/sql/sql_select.cc index 08bd0c28738..77d4447fd0f 100644 --- a/sql/sql_select.cc +++ b/sql/sql_select.cc @@ -15198,6 +15198,8 @@ calc_group_buffer(JOIN *join,ORDER *group) { key_length+= 8; } + else if (type == MYSQL_TYPE_BLOB) + key_length+= MAX_BLOB_WIDTH; // Can't be used as a key else { /* -- cgit v1.2.1 From 1a5a109524cbd3445544888170686b023c6331b8 Mon Sep 17 00:00:00 2001 From: Georgi Kodinov Date: Tue, 2 Nov 2010 15:20:02 +0200 Subject: Bug #51208: Extra string allocation from thd->mem_root in sql_show.cc, find_files() Removed the extra allocation. --- sql/sql_show.cc | 6 ------ 1 file changed, 6 deletions(-) (limited to 'sql') diff --git a/sql/sql_show.cc b/sql/sql_show.cc index e074461b452..9b344204d64 100644 --- a/sql/sql_show.cc +++ b/sql/sql_show.cc @@ -534,12 +534,6 @@ find_files(THD *thd, List *files, const char *db, else if (wild_compare(uname, wild, 0)) continue; } - if (!(file_name= - thd->make_lex_string(file_name, uname, file_name_len, TRUE))) - { - my_dirend(dirp); - DBUG_RETURN(FIND_FILES_OOM); - } } else { -- cgit v1.2.1 From 8f237f5874a814daaa7431748849997d1a2aa8ea Mon Sep 17 00:00:00 2001 From: Dmitry Shulga Date: Sun, 7 Nov 2010 23:42:54 +0600 Subject: A fix and a test case for Bug#47924 -main.log_tables times out sporadically. The cause of the sporadic time out was a leaking protection against the global read lock, taken by the RENAME statement, and not released in case of an error occurred during RENAME. The leaking protection counter would lead to the value of protect_against_global_read never dropping to 0. Consequently FLUSH TABLES in all connections, including the one that leaked the protection, could not proceed. The fix is to ensure that all branchesin RENAME code properly release GRL protection. mysql-test/r/log_tables.result: Added results for test for bug#47924. mysql-test/t/log_tables.test: Added test for bug#47924. sql/sql_rename.cc: mysql_rename_tables() modified: replaced return from function to goto to clean up code block in case of error. --- sql/sql_rename.cc | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'sql') diff --git a/sql/sql_rename.cc b/sql/sql_rename.cc index e85e730db5b..df7054c94d0 100644 --- a/sql/sql_rename.cc +++ b/sql/sql_rename.cc @@ -99,7 +99,7 @@ bool mysql_rename_tables(THD *thd, TABLE_LIST *table_list, bool silent) */ my_error(ER_CANT_RENAME_LOG_TABLE, MYF(0), ren_table->table_name, ren_table->table_name); - DBUG_RETURN(1); + goto err; } } else @@ -112,7 +112,7 @@ bool mysql_rename_tables(THD *thd, TABLE_LIST *table_list, bool silent) */ my_error(ER_CANT_RENAME_LOG_TABLE, MYF(0), ren_table->table_name, ren_table->table_name); - DBUG_RETURN(1); + goto err; } else { @@ -130,7 +130,7 @@ bool mysql_rename_tables(THD *thd, TABLE_LIST *table_list, bool silent) else my_error(ER_CANT_RENAME_LOG_TABLE, MYF(0), rename_log_table[1], rename_log_table[1]); - DBUG_RETURN(1); + goto err; } } -- cgit v1.2.1 From 0a29baba4bae36b947aba9001956f3c800f4205f Mon Sep 17 00:00:00 2001 From: Sergey Glukhov Date: Mon, 8 Nov 2010 13:34:27 +0300 Subject: Fix for bug #54575: crash when joining tables with unique set column(backport from 5.1) Problem: a flaw (derefencing a NULL pointer) in the LIKE optimization code may lead to a server crash in some rare cases. Fix: check the pointer before its dereferencing. mysql-test/r/func_like.result: Fix for bug #54575: crash when joining tables with unique set column - test result. mysql-test/t/func_like.test: Fix for bug #54575: crash when joining tables with unique set column - test case. sql/item_cmpfunc.cc: Fix for bug #54575: crash when joining tables with unique set column - check res2 buffer pointer before its dereferencing as it may be NULL in some cases. --- sql/item_cmpfunc.cc | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) (limited to 'sql') diff --git a/sql/item_cmpfunc.cc b/sql/item_cmpfunc.cc index 5c2fb9857d5..4ae381af683 100644 --- a/sql/item_cmpfunc.cc +++ b/sql/item_cmpfunc.cc @@ -4220,13 +4220,14 @@ Item_func::optimize_type Item_func_like::select_optimize() const if (args[1]->const_item()) { String* res2= args[1]->val_str((String *)&tmp_value2); + const char *ptr2; - if (!res2) + if (!res2 || !(ptr2= res2->ptr())) return OPTIMIZE_NONE; - if (*res2->ptr() != wild_many) + if (*ptr2 != wild_many) { - if (args[0]->result_type() != STRING_RESULT || *res2->ptr() != wild_one) + if (args[0]->result_type() != STRING_RESULT || *ptr2 != wild_one) return OPTIMIZE_OP; } } -- cgit v1.2.1 From 50a3c55ee7e378b36bca5940e382fb18674dbd9b Mon Sep 17 00:00:00 2001 From: Sergey Glukhov Date: Mon, 8 Nov 2010 13:51:39 +0300 Subject: Bug#52711 Segfault when doing EXPLAIN SELECT with union...order by (select... where...) backport from 5.1 mysql-test/r/subselect.result: backport from 5.1 mysql-test/t/subselect.test: backport from 5.1 sql/sql_select.cc: backport from 5.1 --- sql/sql_select.cc | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'sql') diff --git a/sql/sql_select.cc b/sql/sql_select.cc index 53a6b699022..929ef3c8949 100644 --- a/sql/sql_select.cc +++ b/sql/sql_select.cc @@ -501,7 +501,7 @@ JOIN::prepare(Item ***rref_pointer_array, thd->lex->allow_sum_func= save_allow_sum_func; } - if (!thd->lex->view_prepare_mode) + if (!thd->lex->view_prepare_mode && !(select_options & SELECT_DESCRIBE)) { Item_subselect *subselect; /* Is it subselect? */ @@ -6861,7 +6861,8 @@ remove_const(JOIN *join,ORDER *first_order, COND *cond, *simple_order=0; // Must do a temp table to sort else if (!(order_tables & not_const_tables)) { - if (order->item[0]->with_subselect) + if (order->item[0]->with_subselect && + !(join->select_lex->options & SELECT_DESCRIBE)) order->item[0]->val_str(&order->item[0]->str_value); DBUG_PRINT("info",("removing: %s", order->item[0]->full_name())); continue; // skip const item -- cgit v1.2.1 From 1b88853ab80315746dc38057bbd25ec6da7e9bf6 Mon Sep 17 00:00:00 2001 From: Davi Arnaut Date: Tue, 9 Nov 2010 12:45:13 -0200 Subject: Bug#57210: remove pstack Quoting from the bug report: The pstack library has been included in MySQL since version 4.0.0. It's useless and should be removed. Details: According to its own documentation, pstack only works on Linux on x86 in 32 bit mode and requires LinuxThreads and a statically linked binary. It doesn't really support any Linux from 2003 or later and doesn't work on any other OS. The --enable-pstack option is thus deprecated and has no effect. --- sql/Makefile.am | 1 - sql/mysqld.cc | 26 ++++++++++++-------------- 2 files changed, 12 insertions(+), 15 deletions(-) (limited to 'sql') diff --git a/sql/Makefile.am b/sql/Makefile.am index 0b22481f850..40a3565cb91 100644 --- a/sql/Makefile.am +++ b/sql/Makefile.am @@ -41,7 +41,6 @@ mysqld_DEPENDENCIES= @mysql_plugin_libs@ $(SUPPORTING_LIBS) libndb.la LDADD = $(SUPPORTING_LIBS) @ZLIB_LIBS@ @NDB_SCI_LIBS@ mysqld_LDADD = libndb.la \ @MYSQLD_EXTRA_LDFLAGS@ \ - @pstack_libs@ \ @mysql_plugin_libs@ \ $(LDADD) $(CXXLDFLAGS) $(WRAPLIBS) @LIBDL@ \ $(yassl_libs) $(openssl_libs) @MYSQLD_EXTRA_LIBS@ diff --git a/sql/mysqld.cc b/sql/mysqld.cc index d9c4c7fc3f5..d17ccc47abb 100644 --- a/sql/mysqld.cc +++ b/sql/mysqld.cc @@ -70,10 +70,8 @@ #endif /* stack traces are only supported on linux intel */ -#if defined(__linux__) && defined(__i386__) && defined(USE_PSTACK) +#if defined(__linux__) && defined(__i386__) #define HAVE_STACK_TRACE_ON_SEGV -#include "../pstack/pstack.h" -char pstack_file_name[80]; #endif /* __linux__ */ /* We have HAVE_purify below as this speeds up the shutdown of MySQL */ @@ -2779,14 +2777,6 @@ pthread_handler_t signal_hand(void *arg __attribute__((unused))) if (!opt_bootstrap) create_pid_file(); -#ifdef HAVE_STACK_TRACE_ON_SEGV - if (opt_do_pstack) - { - sprintf(pstack_file_name,"mysqld-%lu-%%d-%%d.backtrace", (ulong)getpid()); - pstack_install_segv_action(pstack_file_name); - } -#endif /* HAVE_STACK_TRACE_ON_SEGV */ - /* signal to start_signal_handler that we are ready This works by waiting for start_signal_handler to free mutex, @@ -5963,9 +5953,10 @@ struct my_option my_long_options[] = NO_ARG, 0, 0, 0, 0, 0, 0}, #endif #ifdef HAVE_STACK_TRACE_ON_SEGV - {"enable-pstack", OPT_DO_PSTACK, "Print a symbolic stack trace on failure.", - &opt_do_pstack, &opt_do_pstack, 0, GET_BOOL, NO_ARG, 0, 0, - 0, 0, 0, 0}, + {"enable-pstack", OPT_DO_PSTACK, "Print a symbolic stack trace on failure. " + "This option is deprecated and has no effect; a symbolic stack trace will " + "be printed after a crash whenever possible.", &opt_do_pstack, &opt_do_pstack, + 0, GET_BOOL, NO_ARG, 0, 0, 0, 0, 0, 0}, #endif /* HAVE_STACK_TRACE_ON_SEGV */ {"engine-condition-pushdown", OPT_ENGINE_CONDITION_PUSHDOWN, @@ -8654,6 +8645,13 @@ mysqld_get_one_option(int optid, lower_case_table_names= argument ? atoi(argument) : 1; lower_case_table_names_used= 1; break; +#ifdef HAVE_STACK_TRACE_ON_SEGV + case OPT_DO_PSTACK: + sql_print_warning("'--enable-pstack' is deprecated and will be removed " + "in a future release. A symbolic stack trace will be " + "printed after a crash whenever possible."); + break; +#endif #if defined(ENABLED_DEBUG_SYNC) case OPT_DEBUG_SYNC_TIMEOUT: /* -- cgit v1.2.1 From 2c16c7e985f772154eb179ac56eabeef405b9443 Mon Sep 17 00:00:00 2001 From: Dmitry Shulga Date: Wed, 10 Nov 2010 11:49:37 +0600 Subject: Fixed Bug#57386 - main.execution_constants segfault on MIPS64EL. sql/item_func.cc: Item_func::fix_fields modified: increased minimal required stack size in call to check_stack_overrun(). --- sql/item_func.cc | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) (limited to 'sql') diff --git a/sql/item_func.cc b/sql/item_func.cc index eaf6a1b6d14..d8b5d46938e 100644 --- a/sql/item_func.cc +++ b/sql/item_func.cc @@ -157,7 +157,14 @@ Item_func::fix_fields(THD *thd, Item **ref) used_tables_cache= not_null_tables_cache= 0; const_item_cache=1; - if (check_stack_overrun(thd, STACK_MIN_SIZE, buff)) + /* + Use stack limit of STACK_MIN_SIZE * 2 since + on some platforms a recursive call to fix_fields + requires more than STACK_MIN_SIZE bytes (e.g. for + MIPS, it takes about 22kB to make one recursive + call to Item_func::fix_fields()) + */ + if (check_stack_overrun(thd, STACK_MIN_SIZE * 2, buff)) return TRUE; // Fatal error if flag is set! if (arg_count) { // Print purify happy -- cgit v1.2.1 From 4b0fe8870871c6af340ad0198dfec1c61700853d Mon Sep 17 00:00:00 2001 From: Dmitry Shulga Date: Wed, 10 Nov 2010 14:32:42 +0600 Subject: Fixed bug#56619 - Assertion failed during ALTER TABLE RENAME, DISABLE KEYS. The code of ALTER TABLE RENAME, DISABLE KEYS could issue a commit while holding LOCK_open mutex. This is a regression introduced by the fix for Bug 54453. This failed an assert guarding us against a potential deadlock with connections trying to execute FLUSH TABLES WITH READ LOCK. The fix is to move acquisition of LOCK_open outside the section that issues ha_autocommit_or_rollback(). LOCK_open is taken to protect against concurrent operations with .frms and the table definition cache, and doesn't need to cover the call to commit. A test case added to innodb_mysql.test. The patch is to be null-merged to 5.5, which already has 54453 null-merged to it. mysql-test/suite/innodb/r/innodb_mysql.result: Added test results for test for bug#56619. mysql-test/suite/innodb/t/innodb_mysql.test: Added test for bug#56619. sql/sql_table.cc: mysql_alter_table() modified: moved acquisition of LOCK_open after call to ha_autocommit_or_rollback. --- sql/sql_table.cc | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'sql') diff --git a/sql/sql_table.cc b/sql/sql_table.cc index 971e1022d63..b919ea9eae7 100644 --- a/sql/sql_table.cc +++ b/sql/sql_table.cc @@ -6832,7 +6832,6 @@ view_err: table->alias); } - VOID(pthread_mutex_lock(&LOCK_open)); /* Unlike to the above case close_cached_table() below will remove ALL instances of TABLE from table cache (it will also remove table lock @@ -6853,6 +6852,7 @@ view_err: */ ha_autocommit_or_rollback(thd, 0); + VOID(pthread_mutex_lock(&LOCK_open)); /* Then do a 'simple' rename of the table. First we need to close all instances of 'source' table. @@ -6885,6 +6885,8 @@ view_err: } } } + else + VOID(pthread_mutex_lock(&LOCK_open)); if (error == HA_ERR_WRONG_COMMAND) { -- cgit v1.2.1 From 871f36357e696d12cc4a360a8c36d7be61516ac6 Mon Sep 17 00:00:00 2001 From: Dmitry Shulga Date: Thu, 11 Nov 2010 10:52:51 +0600 Subject: Fixed bug#54375 - Error in stored procedure leaves connection in different default schema. In strict mode, when data truncation or conversion happens, THD::killed is set to THD::KILL_BAD_DATA. This is abuse of KILL mechanism to guarantee that execution of statement is aborted. The stored procedures execution, on the other hand, upon detection that a connection was killed, would terminate immediately, without trying to restore the caller's context, in particular, restore the caller's current schema. The fix is, when terminating a stored procedure execution, to only bypass cleanup if the entire connection was killed, not in case of other forms of KILL. mysql-test/r/sp-bugs.result: Added result for a test case for bug#54375. mysql-test/t/sp-bugs.test: Added test case for bug#54375. sql/sp_head.cc: sp_head::execute modified: restore saved current db if connection is not killed. --- sql/sp_head.cc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'sql') diff --git a/sql/sp_head.cc b/sql/sp_head.cc index 66d5eff5112..2473abea3c7 100644 --- a/sql/sp_head.cc +++ b/sql/sp_head.cc @@ -1372,7 +1372,7 @@ sp_head::execute(THD *thd) If the DB has changed, the pointer has changed too, but the original thd->db will then have been freed */ - if (cur_db_changed && !thd->killed) + if (cur_db_changed && thd->killed != THD::KILL_CONNECTION) { /* Force switching back to the saved current database, because it may be -- cgit v1.2.1 From e0a8c25438dac90ec697f5edaa712d9681acf96b Mon Sep 17 00:00:00 2001 From: Mattias Jonsson Date: Thu, 11 Nov 2010 11:34:55 +0100 Subject: Bug#57890: Assertion failed: next_insert_id == 0 with on duplicate key update There was a missed corner case in the partitioning handler, which caused the next_insert_id to be changed in the second level handlers (i.e the hander of a partition), which caused this debug assertion. The solution was to always ensure that only the partitioning level generates auto_increment values, since if it was done within a partition, it may fail to match the partition function. mysql-test/suite/parts/inc/partition_auto_increment.inc: Added tests mysql-test/suite/parts/r/partition_auto_increment_blackhole.result: updated results mysql-test/suite/parts/r/partition_auto_increment_innodb.result: updated results mysql-test/suite/parts/r/partition_auto_increment_memory.result: updated results mysql-test/suite/parts/r/partition_auto_increment_myisam.result: updated results sql/ha_partition.cc: In ::write_row the auto_inc value is generated through handler::update_auto_increment (which calls ::get_auto_increment() if needed). If: * INSERT_ID was set to 0 * it was updated to 0 by 'INSERT ... ON DUPLICATE KEY UPDATE' and changed partitions for the row Then it would try to generate a auto_increment value in the ::write_row, which will trigger the assert. So the solution is to prevent this by, in ha_partition::write_row set auto_inc_field_not_null and add MODE_NO_AUTO_VALUE_ON_ZERO in ha_partition::update_row (when changing partition) temporary set table->next_number_field to NULL which calling the partitions ::write_row(). --- sql/ha_partition.cc | 37 +++++++++++++++++++++++++++++++++++-- 1 file changed, 35 insertions(+), 2 deletions(-) (limited to 'sql') diff --git a/sql/ha_partition.cc b/sql/ha_partition.cc index 24c0f3e71f2..607f4ce2143 100644 --- a/sql/ha_partition.cc +++ b/sql/ha_partition.cc @@ -3050,7 +3050,9 @@ int ha_partition::write_row(uchar * buf) my_bitmap_map *old_map; HA_DATA_PARTITION *ha_data= (HA_DATA_PARTITION*) table_share->ha_data; THD *thd= ha_thd(); - timestamp_auto_set_type orig_timestamp_type= table->timestamp_field_type; + timestamp_auto_set_type saved_timestamp_type= table->timestamp_field_type; + ulong saved_sql_mode= thd->variables.sql_mode; + bool saved_auto_inc_field_not_null= table->auto_increment_field_not_null; #ifdef NOT_NEEDED uchar *rec0= m_rec0; #endif @@ -3086,6 +3088,22 @@ int ha_partition::write_row(uchar * buf) */ if (error) goto exit; + + /* + Don't allow generation of auto_increment value the partitions handler. + If a partitions handler would change the value, then it might not + match the partition any longer. + This can occur if 'SET INSERT_ID = 0; INSERT (NULL)', + So allow this by adding 'MODE_NO_AUTO_VALUE_ON_ZERO' to sql_mode. + The partitions handler::next_insert_id must always be 0. Otherwise + we need to forward release_auto_increment, or reset it for all + partitions. + */ + if (table->next_number_field->val_int() == 0) + { + table->auto_increment_field_not_null= TRUE; + thd->variables.sql_mode|= MODE_NO_AUTO_VALUE_ON_ZERO; + } } old_map= dbug_tmp_use_all_columns(table, table->read_set); @@ -3119,7 +3137,9 @@ int ha_partition::write_row(uchar * buf) set_auto_increment_if_higher(table->next_number_field); reenable_binlog(thd); exit: - table->timestamp_field_type= orig_timestamp_type; + thd->variables.sql_mode= saved_sql_mode; + table->auto_increment_field_not_null= saved_auto_inc_field_not_null; + table->timestamp_field_type= saved_timestamp_type; DBUG_RETURN(error); } @@ -3186,11 +3206,24 @@ int ha_partition::update_row(const uchar *old_data, uchar *new_data) } else { + Field *saved_next_number_field= table->next_number_field; + /* + Don't allow generation of auto_increment value for update. + table->next_number_field is never set on UPDATE. + But is set for INSERT ... ON DUPLICATE KEY UPDATE, + and since update_row() does not generate or update an auto_inc value, + we cannot have next_number_field set when moving a row + to another partition with write_row(), since that could + generate/update the auto_inc value. + This gives the same behavior for partitioned vs non partitioned tables. + */ + table->next_number_field= NULL; DBUG_PRINT("info", ("Update from partition %d to partition %d", old_part_id, new_part_id)); tmp_disable_binlog(thd); /* Do not replicate the low-level changes. */ error= m_file[new_part_id]->ha_write_row(new_data); reenable_binlog(thd); + table->next_number_field= saved_next_number_field; if (error) goto exit; -- cgit v1.2.1 From cd1c6e220de1730615c145b5337f7cce554dfdae Mon Sep 17 00:00:00 2001 From: Davi Arnaut Date: Wed, 10 Nov 2010 19:14:47 -0200 Subject: Bug#58057: 5.1 libmysql/libmysql.c unused variable/compile failure Bug#57995: Compiler flag change build error on OSX 10.4: my_getncpus.c Bug#57996: Compiler flag change build error on OSX 10.5 : bind.c Bug#57994: Compiler flag change build error : my_redel.c Bug#57993: Compiler flag change build error on FreeBsd 7.0 : regexec.c Bug#57992: Compiler flag change build error on FreeBsd : mf_keycache.c Bug#57997: Compiler flag change build error on OSX 10.6: debug_sync.cc Fix assorted compiler generated warnings. cmd-line-utils/readline/bind.c: Bug#57996: Compiler flag change build error on OSX 10.5 : bind.c Initialize variable to work around a false positive warning. include/m_string.h: Bug#57994: Compiler flag change build error : my_redel.c The expansion of stpcpy (in glibc) causes warnings if the return value of strmov is not being used. Since stpcpy is a GNU extension and the expansion ends up using a built-in provided by GCC, use the compiler provided built-in directly when possible. include/my_compiler.h: Define a dummy MY_GNUC_PREREQ when not compiling with GCC. libmysql/libmysql.c: Bug#58057: 5.1 libmysql/libmysql.c unused variable/compile failure Variable might not be used in some cases. So, tag it as unused. mysys/mf_keycache.c: Bug#57992: Compiler flag change build error on FreeBsd : mf_keycache.c Use UNINIT_VAR to work around a false positive warning. mysys/my_getncpus.c: Bug#57995: Compiler flag change build error on OSX 10.4: my_getncpus.c Declare variable in the same block where it is used. regex/regexec.c: Bug#57993: Compiler flag change build error on FreeBsd 7.0 : regexec.c Work around a compiler bug which causes the cast to not be enforced. sql/debug_sync.cc: Bug#57997: Compiler flag change build error on OSX 10.6: debug_sync.cc Use UNINIT_VAR to work around a false positive warning. sql/handler.cc: Use UNINIT_VAR to work around a false positive warning. sql/slave.cc: Use UNINIT_VAR to work around a false positive warning. sql/sql_partition.cc: Use UNINIT_VAR to work around a false positive warning. storage/myisam/ft_nlq_search.c: Use UNINIT_VAR to work around a false positive warning. storage/myisam/mi_create.c: Use UNINIT_VAR to work around a false positive warning. storage/myisammrg/myrg_open.c: Use UNINIT_VAR to work around a false positive warning. tests/mysql_client_test.c: Change function to take a pointer to const, no need for a cast. --- sql/debug_sync.cc | 2 +- sql/handler.cc | 2 +- sql/slave.cc | 2 +- sql/sql_partition.cc | 4 ++-- 4 files changed, 5 insertions(+), 5 deletions(-) (limited to 'sql') diff --git a/sql/debug_sync.cc b/sql/debug_sync.cc index 23a649a89fa..91c850c6009 100644 --- a/sql/debug_sync.cc +++ b/sql/debug_sync.cc @@ -1718,7 +1718,7 @@ static void debug_sync_execute(THD *thd, st_debug_sync_action *action) if (action->execute) { - const char *old_proc_info; + const char *UNINIT_VAR(old_proc_info); action->execute--; diff --git a/sql/handler.cc b/sql/handler.cc index a47a5fd8a3c..1525ca53bca 100644 --- a/sql/handler.cc +++ b/sql/handler.cc @@ -4141,7 +4141,7 @@ int handler::read_multi_range_first(KEY_MULTI_RANGE **found_range_p, */ int handler::read_multi_range_next(KEY_MULTI_RANGE **found_range_p) { - int result; + int UNINIT_VAR(result); DBUG_ENTER("handler::read_multi_range_next"); /* We should not be called after the last call returned EOF. */ diff --git a/sql/slave.cc b/sql/slave.cc index 57d673ea1f4..644aade517c 100644 --- a/sql/slave.cc +++ b/sql/slave.cc @@ -2321,7 +2321,7 @@ static int exec_relay_log_event(THD* thd, Relay_log_info* rli) if (slave_trans_retries) { - int temp_err; + int UNINIT_VAR(temp_err); if (exec_res && (temp_err= has_temporary_error(thd))) { const char *errmsg; diff --git a/sql/sql_partition.cc b/sql/sql_partition.cc index 702c3d99fda..44ed9e759c6 100644 --- a/sql/sql_partition.cc +++ b/sql/sql_partition.cc @@ -6747,8 +6747,8 @@ int get_part_iter_for_interval_via_mapping(partition_info *part_info, { DBUG_ASSERT(!is_subpart); Field *field= part_info->part_field_array[0]; - uint32 max_endpoint_val; - get_endpoint_func get_endpoint; + uint32 UNINIT_VAR(max_endpoint_val); + get_endpoint_func UNINIT_VAR(get_endpoint); bool can_match_multiple_values; /* is not '=' */ uint field_len= field->pack_length_in_rec(); part_iter->ret_null_part= part_iter->ret_null_part_orig= FALSE; -- cgit v1.2.1 From 1c37eaaabfca518fe9f39d477f3dbe572cd63dde Mon Sep 17 00:00:00 2001 From: "Tatiana A. Nurnberg" Date: Thu, 11 Nov 2010 07:34:14 +0000 Subject: Bug #49752: 2469.126.2 unintentionally breaks authentication against MySQL 5.1 server Server used to clip overly long user-names. This was presumably lost when code was made UTF8-clean. Now we emulate the behaviour for backward compatibility, but UTF8-ly correct. mysql-test/r/connect.result: Show that user-names that are too long get clipped now. mysql-test/t/connect.test: Show that user-names that are too long get clipped now. sql/sql_connect.cc: Clip user-name to 16 characters (not bytes). strings/CHARSET_INFO.txt: Clarify in docs. --- sql/sql_connect.cc | 13 +++++++++++++ 1 file changed, 13 insertions(+) (limited to 'sql') diff --git a/sql/sql_connect.cc b/sql/sql_connect.cc index 28c1acc4716..9fa6966baa2 100644 --- a/sql/sql_connect.cc +++ b/sql/sql_connect.cc @@ -899,6 +899,19 @@ static int check_connection(THD *thd) user_len-= 2; } + /* + Clip username to allowed length in characters (not bytes). This is + mostly for backward compatibility. + */ + { + CHARSET_INFO *cs= system_charset_info; + int err; + + user_len= (uint) cs->cset->well_formed_len(cs, user, user + user_len, + USERNAME_CHAR_LENGTH, &err); + user[user_len]= '\0'; + } + if (thd->main_security_ctx.user) x_free(thd->main_security_ctx.user); if (!(thd->main_security_ctx.user= my_strdup(user, MYF(MY_WME)))) -- cgit v1.2.1 From aa668865e271694e9b3ebbfe518cb4d0c2ad0c38 Mon Sep 17 00:00:00 2001 From: Alexander Barkov Date: Thu, 11 Nov 2010 13:25:23 +0300 Subject: Bug#57257 Replace(ExtractValue(...)) causes MySQL crash Bug#57820 extractvalue crashes Problem: ExtractValue and Replace crashed in some cases due to invalid handling of empty and NULL arguments. Per file comments: @mysql-test/r/ctype_ujis.result @mysql-test/r/xml.result @mysql-test/t/ctype_ujis.test @mysql-test/t/xml.test Adding tests @sql/item_strfunc.cc Make sure Item_func_replace::val_str safely handles empty strings. @sql/item_xmlfunc.cc set null_value if nodeset_func returned NULL, which is possible when the second argument is an unset user variable. --- sql/item_strfunc.cc | 8 +++++++- sql/item_xmlfunc.cc | 4 ++-- 2 files changed, 9 insertions(+), 3 deletions(-) (limited to 'sql') diff --git a/sql/item_strfunc.cc b/sql/item_strfunc.cc index 8fda281bd9e..fd5c47d25cb 100644 --- a/sql/item_strfunc.cc +++ b/sql/item_strfunc.cc @@ -904,9 +904,15 @@ String *Item_func_replace::val_str(String *str) search=res2->ptr(); search_end=search+from_length; redo: + DBUG_ASSERT(res->ptr() || !offset); ptr=res->ptr()+offset; strend=res->ptr()+res->length(); - end=strend-from_length+1; + /* + In some cases val_str() can return empty string + with ptr() == NULL and length() == 0. + Let's check strend to avoid overflow. + */ + end= strend ? strend - from_length + 1 : NULL; while (ptr < end) { if (*ptr == *search) diff --git a/sql/item_xmlfunc.cc b/sql/item_xmlfunc.cc index 3e20b90e68e..364311877e0 100644 --- a/sql/item_xmlfunc.cc +++ b/sql/item_xmlfunc.cc @@ -2790,12 +2790,12 @@ String *Item_func_xml_extractvalue::val_str(String *str) null_value= 0; if (!nodeset_func || !(res= args[0]->val_str(str)) || - !parse_xml(res, &pxml)) + !parse_xml(res, &pxml) || + !(res= nodeset_func->val_str(&tmp_value))) { null_value= 1; return 0; } - res= nodeset_func->val_str(&tmp_value); return res; } -- cgit v1.2.1 From c4fa6a3862dbb8009effc89997701e01de705411 Mon Sep 17 00:00:00 2001 From: "Tatiana A. Nurnberg" Date: Thu, 11 Nov 2010 11:35:48 +0000 Subject: Bug#43233: Some server variables are clipped during "update," not "check" stage Bug#55794: ulonglong options of mysqld show wrong values. Port the few remaining system variables to the correct mechanism -- range-check in check-stage (and throw error or warning at that point as needed and depending on STRICTness), update in update stage. Fix some signedness errors when retrieving sysvar values for display. mysql-test/r/variables.result: Show that we throw warnings or errors depending on strictness even for "special" variables now. mysql-test/t/variables.test: Show that we throw warnings or errors depending on strictness even for "special" variables now. sql/item_func.cc: show sys_var_ulonglong_ptr and SHOW_LONGLONG type variables as unsigned. sql/set_var.cc: move range-checking from update stage to check stage for the remaining few sys-vars that broke the pattern sql/set_var.h: add check functions. --- sql/item_func.cc | 4 ++-- sql/set_var.cc | 57 +++++++++++++++++++++++++++++++++++++++----------------- sql/set_var.h | 4 ++++ 3 files changed, 46 insertions(+), 19 deletions(-) (limited to 'sql') diff --git a/sql/item_func.cc b/sql/item_func.cc index 1b13297c951..cb19afc4fd5 100644 --- a/sql/item_func.cc +++ b/sql/item_func.cc @@ -4843,7 +4843,7 @@ void Item_func_get_system_var::fix_length_and_dec() decimals=0; break; case SHOW_LONGLONG: - unsigned_flag= FALSE; + unsigned_flag= TRUE; max_length= MY_INT64_NUM_DECIMAL_DIGITS; decimals=0; break; @@ -4984,7 +4984,7 @@ longlong Item_func_get_system_var::val_int() { case SHOW_INT: get_sys_var_safe (uint); case SHOW_LONG: get_sys_var_safe (ulong); - case SHOW_LONGLONG: get_sys_var_safe (longlong); + case SHOW_LONGLONG: get_sys_var_safe (ulonglong); case SHOW_HA_ROWS: get_sys_var_safe (ha_rows); case SHOW_BOOL: get_sys_var_safe (bool); case SHOW_MY_BOOL: get_sys_var_safe (my_bool); diff --git a/sql/set_var.cc b/sql/set_var.cc index c5517da92f8..50659651dc0 100644 --- a/sql/set_var.cc +++ b/sql/set_var.cc @@ -1579,11 +1579,16 @@ void sys_var_long_ptr_global::set_default(THD *thd, enum_var_type type) } +bool sys_var_ulonglong_ptr::check(THD *thd, set_var *var) +{ + return get_unsigned(thd, var, 0, GET_ULL); +} + + bool sys_var_ulonglong_ptr::update(THD *thd, set_var *var) { ulonglong tmp= var->save_result.ulonglong_value; pthread_mutex_lock(&LOCK_global_system_variables); - bound_unsigned(thd, &tmp, option_limits); *value= (ulonglong) tmp; pthread_mutex_unlock(&LOCK_global_system_variables); return 0; @@ -1675,25 +1680,30 @@ uchar *sys_var_thd_ulong::value_ptr(THD *thd, enum_var_type type, } -bool sys_var_thd_ha_rows::update(THD *thd, set_var *var) +bool sys_var_thd_ha_rows::check(THD *thd, set_var *var) { - ulonglong tmp= var->save_result.ulonglong_value; - - /* Don't use bigger value than given with --maximum-variable-name=.. */ - if ((ha_rows) tmp > max_system_variables.*offset) - tmp= max_system_variables.*offset; + return get_unsigned(thd, var, max_system_variables.*offset, +#ifdef BIG_TABLES + GET_ULL +#else + GET_ULONG +#endif + ); +} - bound_unsigned(thd, &tmp, option_limits); +bool sys_var_thd_ha_rows::update(THD *thd, set_var *var) +{ if (var->type == OPT_GLOBAL) { /* Lock is needed to make things safe on 32 bit systems */ - pthread_mutex_lock(&LOCK_global_system_variables); - global_system_variables.*offset= (ha_rows) tmp; + pthread_mutex_lock(&LOCK_global_system_variables); + global_system_variables.*offset= (ha_rows) + var->save_result.ulonglong_value; pthread_mutex_unlock(&LOCK_global_system_variables); } else - thd->variables.*offset= (ha_rows) tmp; + thd->variables.*offset= (ha_rows) var->save_result.ulonglong_value; return 0; } @@ -2305,6 +2315,12 @@ uchar *sys_var_key_cache_param::value_ptr(THD *thd, enum_var_type type, } +bool sys_var_key_buffer_size::check(THD *thd, set_var *var) +{ + return get_unsigned(thd, var, 0, GET_ULL); +} + + bool sys_var_key_buffer_size::update(THD *thd, set_var *var) { ulonglong tmp= var->save_result.ulonglong_value; @@ -2318,10 +2334,10 @@ bool sys_var_key_buffer_size::update(THD *thd, set_var *var) pthread_mutex_lock(&LOCK_global_system_variables); key_cache= get_key_cache(base_name); - + if (!key_cache) { - /* Key cache didn't exists */ + /* Key cache didn't exist */ if (!tmp) // Tried to delete cache goto end; // Ok, nothing to do if (!(key_cache= create_key_cache(base_name->str, base_name->length))) @@ -2371,7 +2387,6 @@ bool sys_var_key_buffer_size::update(THD *thd, set_var *var) goto end; } - bound_unsigned(thd, &tmp, option_limits); key_cache->param_buff_size= (ulonglong) tmp; /* If key cache didn't exist initialize it, else resize it */ @@ -2388,10 +2403,19 @@ bool sys_var_key_buffer_size::update(THD *thd, set_var *var) end: pthread_mutex_unlock(&LOCK_global_system_variables); + + var->save_result.ulonglong_value = SIZE_T_MAX; + return error; } +bool sys_var_key_cache_long::check(THD *thd, set_var *var) +{ + return get_unsigned(thd, var, 0, GET_ULONG); +} + + /** @todo Abort if some other thread is changing the key cache. @@ -2400,7 +2424,6 @@ end: */ bool sys_var_key_cache_long::update(THD *thd, set_var *var) { - ulonglong tmp= var->value->val_int(); LEX_STRING *base_name= &var->base; bool error= 0; @@ -2425,8 +2448,8 @@ bool sys_var_key_cache_long::update(THD *thd, set_var *var) if (key_cache->in_init) goto end; - bound_unsigned(thd, &tmp, option_limits); - *((ulong*) (((char*) key_cache) + offset))= (ulong) tmp; + *((ulong*) (((char*) key_cache) + offset))= (ulong) + var->save_result.ulonglong_value; /* Don't create a new key cache if it didn't exist diff --git a/sql/set_var.h b/sql/set_var.h index 68cd94a5670..f2d2e5d2693 100644 --- a/sql/set_var.h +++ b/sql/set_var.h @@ -196,6 +196,7 @@ public: sys_after_update_func func) :sys_var(name_arg,func), value(value_ptr_arg) { chain_sys_var(chain); } + bool check(THD *thd, set_var *var); bool update(THD *thd, set_var *var); void set_default(THD *thd, enum_var_type type); SHOW_TYPE show_type() { return SHOW_LONGLONG; } @@ -442,6 +443,7 @@ public: sys_after_update_func func) :sys_var_thd(name_arg,func), offset(offset_arg) { chain_sys_var(chain); } + bool check(THD *thd, set_var *var); bool update(THD *thd, set_var *var); void set_default(THD *thd, enum_var_type type); SHOW_TYPE show_type() { return SHOW_HA_ROWS; } @@ -854,6 +856,7 @@ public: :sys_var_key_cache_param(chain, name_arg, offsetof(KEY_CACHE, param_buff_size)) {} + bool check(THD *thd, set_var *var); bool update(THD *thd, set_var *var); SHOW_TYPE show_type() { return SHOW_LONGLONG; } }; @@ -865,6 +868,7 @@ public: sys_var_key_cache_long(sys_var_chain *chain, const char *name_arg, size_t offset_arg) :sys_var_key_cache_param(chain, name_arg, offset_arg) {} + bool check(THD *thd, set_var *var); bool update(THD *thd, set_var *var); SHOW_TYPE show_type() { return SHOW_LONG; } }; -- cgit v1.2.1 From 1b583fa5da71a764dd66ad8b3668d7c75b122444 Mon Sep 17 00:00:00 2001 From: Alexander Barkov Date: Fri, 12 Nov 2010 13:12:15 +0300 Subject: Bug#58005 utf8 + get_format causes failed assertion: !str || str != Ptr' Problem: When GET_FORMAT() is called two times from the upper level function (e.g. LEAST in the bug report), on the second call "res= args[0]->val_str(...)" and str point to the same String object. 1. Fix: changing the order from - get val_str into tmp_value then convert to str to - get val_str into str then convert to tmp_value The new order is more correct: the purpose of "str" parameter is exactly to call val_str() for arguments. The purpose of String class members (like tmp_value) is to do further actions on the result. Doing it in the other way around give unexpected surprises. 2. Using str_value instead of str to do padding, for the same reason. --- sql/item_timefunc.cc | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) (limited to 'sql') diff --git a/sql/item_timefunc.cc b/sql/item_timefunc.cc index 103bd96efd4..6335199b8de 100644 --- a/sql/item_timefunc.cc +++ b/sql/item_timefunc.cc @@ -2456,14 +2456,14 @@ String *Item_char_typecast::val_str(String *str) { // Convert character set if differ uint dummy_errors; - if (!(res= args[0]->val_str(&tmp_value)) || - str->copy(res->ptr(), res->length(), from_cs, - cast_cs, &dummy_errors)) + if (!(res= args[0]->val_str(str)) || + tmp_value.copy(res->ptr(), res->length(), from_cs, + cast_cs, &dummy_errors)) { null_value= 1; return 0; } - res= str; + res= &tmp_value; } res->set_charset(cast_cs); @@ -2497,9 +2497,9 @@ String *Item_char_typecast::val_str(String *str) { if (res->alloced_length() < (uint) cast_length) { - str->alloc(cast_length); - str->copy(*res); - res= str; + str_value.alloc(cast_length); + str_value.copy(*res); + res= &str_value; } bzero((char*) res->ptr() + res->length(), (uint) cast_length - res->length()); -- cgit v1.2.1 From 1c94d43bbb60817252a87453d3a1d1a7d0f2a35c Mon Sep 17 00:00:00 2001 From: Sergey Glukhov Date: Thu, 18 Nov 2010 11:53:08 +0300 Subject: Bug#58022 ... like ... escape export_set ( ... ) crashes when export_set returns warnings ESCAPE argument might be empty string. It leads to server crash under some circumstances. The fix: -added check if ESCAPE argument result is not empty string mysql-test/r/ctype_latin1.result: test case mysql-test/t/ctype_latin1.test: test case sql/item_cmpfunc.cc: -added check if ESCAPE argument result is not empty string --- sql/item_cmpfunc.cc | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) (limited to 'sql') diff --git a/sql/item_cmpfunc.cc b/sql/item_cmpfunc.cc index 6987dd9e053..5302406e270 100644 --- a/sql/item_cmpfunc.cc +++ b/sql/item_cmpfunc.cc @@ -4692,6 +4692,7 @@ bool Item_func_like::fix_fields(THD *thd, Item **ref) String *escape_str= escape_item->val_str(&cmp.value1); if (escape_str) { + const char *escape_str_ptr= escape_str->ptr(); if (escape_used_in_parsing && ( (((thd->variables.sql_mode & MODE_NO_BACKSLASH_ESCAPES) && escape_str->numchars() != 1) || @@ -4706,9 +4707,9 @@ bool Item_func_like::fix_fields(THD *thd, Item **ref) CHARSET_INFO *cs= escape_str->charset(); my_wc_t wc; int rc= cs->cset->mb_wc(cs, &wc, - (const uchar*) escape_str->ptr(), - (const uchar*) escape_str->ptr() + - escape_str->length()); + (const uchar*) escape_str_ptr, + (const uchar*) escape_str_ptr + + escape_str->length()); escape= (int) (rc > 0 ? wc : '\\'); } else @@ -4725,13 +4726,13 @@ bool Item_func_like::fix_fields(THD *thd, Item **ref) { char ch; uint errors; - uint32 cnvlen= copy_and_convert(&ch, 1, cs, escape_str->ptr(), + uint32 cnvlen= copy_and_convert(&ch, 1, cs, escape_str_ptr, escape_str->length(), escape_str->charset(), &errors); escape= cnvlen ? ch : '\\'; } else - escape= *(escape_str->ptr()); + escape= escape_str_ptr ? *escape_str_ptr : '\\'; } } else -- cgit v1.2.1 From 8f4af421459d01a48e66a3279c174ef17ed486c0 Mon Sep 17 00:00:00 2001 From: Alexander Barkov Date: Thu, 18 Nov 2010 16:11:18 +0300 Subject: Bug#57279 updatexml dies with: Assertion failed: str_arg[length] == 0 Problem: crash in Item_float constructor on DBUG_ASSERT due to not null-terminated string parameter. Fix: making Item_float::Item_float non-null-termintated parameter safe: - Using temporary buffer when generating error modified: @ mysql-test/r/xml.result @ mysql-test/t/xml.test @ sql/item.cc --- sql/item.cc | 22 ++++++++++++++-------- 1 file changed, 14 insertions(+), 8 deletions(-) (limited to 'sql') diff --git a/sql/item.cc b/sql/item.cc index 61dd8a97dcb..d88a6e80bfe 100644 --- a/sql/item.cc +++ b/sql/item.cc @@ -5286,8 +5286,17 @@ static uint nr_of_decimals(const char *str, const char *end) /** - This function is only called during parsing. We will signal an error if - value is not a true double value (overflow) + This function is only called during parsing: + - when parsing SQL query from sql_yacc.yy + - when parsing XPath query from item_xmlfunc.cc + We will signal an error if value is not a true double value (overflow): + eng: Illegal %s '%-.192s' value found during parsing + + Note: the string is NOT null terminated when called from item_xmlfunc.cc, + so this->name will contain some SQL query tail behind the "length" bytes. + This is Ok for now, as this Item is never seen in SHOW, + or EXPLAIN, or anywhere else in metadata. + Item->name should be fixed to use LEX_STRING eventually. */ Item_float::Item_float(const char *str_arg, uint length) @@ -5298,12 +5307,9 @@ Item_float::Item_float(const char *str_arg, uint length) &error); if (error) { - /* - Note that we depend on that str_arg is null terminated, which is true - when we are in the parser - */ - DBUG_ASSERT(str_arg[length] == 0); - my_error(ER_ILLEGAL_VALUE_FOR_TYPE, MYF(0), "double", (char*) str_arg); + char tmp[NAME_LEN + 1]; + my_snprintf(tmp, sizeof(tmp), "%.*s", length, str_arg); + my_error(ER_ILLEGAL_VALUE_FOR_TYPE, MYF(0), "double", tmp); } presentation= name=(char*) str_arg; decimals=(uint8) nr_of_decimals(str_arg, str_arg+length); -- cgit v1.2.1 From 96b0404940f7b704c4f8dd599455d4d2f013a297 Mon Sep 17 00:00:00 2001 From: Guilhem Bichot Date: Mon, 22 Nov 2010 09:57:59 +0100 Subject: Fix for Bug#56138 "valgrind errors about overlapping memory when double-assigning same variable", and related small fixes. mysql-test/t/user_var.test: test for bug sql/field_conv.cc: From the C standard, memcpy() has undefined behaviour if to->ptr==from->ptr sql/item_func.cc: In the case of BUG#56138, entry->value==ptr in which case memcpy() has undefined results per the C standard. sql/sql_select.cc: Work around a bug in old gcc --- sql/field_conv.cc | 7 ++----- sql/item_func.cc | 2 +- sql/sql_select.cc | 8 ++++++-- 3 files changed, 9 insertions(+), 8 deletions(-) (limited to 'sql') diff --git a/sql/field_conv.cc b/sql/field_conv.cc index 0bffde9671a..a4fca6f8ad7 100644 --- a/sql/field_conv.cc +++ b/sql/field_conv.cc @@ -786,11 +786,8 @@ int field_conv(Field *to,Field *from) ((Field_varstring*)from)->length_bytes == ((Field_varstring*)to)->length_bytes)) { // Identical fields -#ifdef HAVE_purify - /* This may happen if one does 'UPDATE ... SET x=x' */ - if (to->ptr != from->ptr) -#endif - memcpy(to->ptr,from->ptr,to->pack_length()); + // to->ptr==from->ptr may happen if one does 'UPDATE ... SET x=x' + memmove(to->ptr, from->ptr, to->pack_length()); return 0; } } diff --git a/sql/item_func.cc b/sql/item_func.cc index d8b5d46938e..b7afd3a624f 100644 --- a/sql/item_func.cc +++ b/sql/item_func.cc @@ -3920,7 +3920,7 @@ update_hash(user_var_entry *entry, bool set_null, void *ptr, uint length, length--; // Fix length change above entry->value[length]= 0; // Store end \0 } - memcpy(entry->value,ptr,length); + memmove(entry->value, ptr, length); if (type == DECIMAL_RESULT) ((my_decimal*)entry->value)->fix_buffer_pointer(); entry->length= length; diff --git a/sql/sql_select.cc b/sql/sql_select.cc index 77d4447fd0f..748071986b1 100644 --- a/sql/sql_select.cc +++ b/sql/sql_select.cc @@ -4034,8 +4034,12 @@ update_ref_and_keys(THD *thd, DYNAMIC_ARRAY *keyuse,JOIN_TAB *join_tab, continue; } -#ifdef HAVE_purify - /* Valgrind complains about overlapped memcpy when save_pos==use. */ +#if defined(__GNUC__) && !MY_GNUC_PREREQ(4,4) + /* + Old gcc used a memcpy(), which is undefined if save_pos==use: + http://gcc.gnu.org/bugzilla/show_bug.cgi?id=19410 + http://gcc.gnu.org/bugzilla/show_bug.cgi?id=39480 + */ if (save_pos != use) #endif *save_pos= *use; -- cgit v1.2.1 From 47bb750c9dd3883c434922e70a5547aa454b6e28 Mon Sep 17 00:00:00 2001 From: Gleb Shchepa Date: Tue, 23 Nov 2010 00:29:47 +0300 Subject: backport: Bug #55568 from 5.1-security to 5.0-security > revision-id: alexey.kopytov@sun.com-20100824103548-ikm79qlfrvggyj9h > parent: sunny.bains@oracle.com-20100816001222-xqc447tr6jwh8c53 > committer: Alexey Kopytov > branch nick: 5.1-security > timestamp: Tue 2010-08-24 14:35:48 +0400 > message: > Bug #55568: user variable assignments crash server when used > within query > > The server could crash after materializing a derived table > which requires a temporary table for grouping. > > When destroying the temporary table used to execute a query for > a derived table, JOIN::destroy() did not clean up Item_fields > pointing to fields in the temporary table. This led to > dereferencing a dangling pointer when printing out the items > tree later in the outer SELECT. > > The solution is an addendum to the patch for bug37362: in > addition to cleaning up items in tmp_all_fields3, do the same > for items in tmp_all_fields1, since now we have an example > where this is necessary. sql/field.cc: Make sure field->table_name is not set to NULL in Field::make_field() to avoid assertion failure in Item_field::make_field() after cleaning up items (the assertion fired in udf.test when running the test suite with the patch applied). sql/sql_select.cc: In addition to cleaning up items in tmp_all_fields3, do the same for items in tmp_all_fields1. Introduce a new helper function to avoid code duplication. sql/sql_select.h: Introduce a new helper function to avoid code duplication in JOIN::destroy(). --- sql/field.cc | 2 +- sql/sql_select.cc | 22 +++++++++++++++------- sql/sql_select.h | 1 + 3 files changed, 17 insertions(+), 8 deletions(-) (limited to 'sql') diff --git a/sql/field.cc b/sql/field.cc index b61e5fd2d79..3efd6111dcb 100644 --- a/sql/field.cc +++ b/sql/field.cc @@ -1365,7 +1365,7 @@ void Field::make_field(Send_field *field) } else field->org_table_name= field->db_name= ""; - if (orig_table) + if (orig_table && orig_table->alias) { field->table_name= orig_table->alias; field->org_col_name= field_name; diff --git a/sql/sql_select.cc b/sql/sql_select.cc index 929ef3c8949..ff572172afa 100644 --- a/sql/sql_select.cc +++ b/sql/sql_select.cc @@ -2226,13 +2226,8 @@ JOIN::destroy() cleanup(1); /* Cleanup items referencing temporary table columns */ - if (!tmp_all_fields3.is_empty()) - { - List_iterator_fast it(tmp_all_fields3); - Item *item; - while ((item= it++)) - item->cleanup(); - } + cleanup_item_list(tmp_all_fields1); + cleanup_item_list(tmp_all_fields3); if (exec_tmp_table1) free_tmp_table(thd, exec_tmp_table1); if (exec_tmp_table2) @@ -2243,6 +2238,19 @@ JOIN::destroy() DBUG_RETURN(error); } + +void JOIN::cleanup_item_list(List &items) const +{ + if (!items.is_empty()) + { + List_iterator_fast it(items); + Item *item; + while ((item= it++)) + item->cleanup(); + } +} + + /* An entry point to single-unit select (a select without UNION). diff --git a/sql/sql_select.h b/sql/sql_select.h index 346d98aae58..553acd25624 100644 --- a/sql/sql_select.h +++ b/sql/sql_select.h @@ -489,6 +489,7 @@ public: } private: bool make_simple_join(JOIN *join, TABLE *tmp_table); + void cleanup_item_list(List &items) const; }; -- cgit v1.2.1 From cf0cc723aaa08bf6929c3b0bb0ccd3fdca626af0 Mon Sep 17 00:00:00 2001 From: Sergey Glukhov Date: Tue, 23 Nov 2010 13:18:47 +0300 Subject: Bug#56862 Execution of a query that uses index merge returns a wrong result In case of low memory sort buffer QUICK_INDEX_MERGE_SELECT creates temporary file where is stores row ids which meet QUICK_SELECT ranges except of clustered pk range, clustered range is processed separately. In init_read_record we check if temporary file is used and choose appropriate record access method. It does not take into account that temporary file contains partial result in case of QUICK_INDEX_MERGE_SELECT with clustered pk range. The fix is always to use rr_quick if QUICK_INDEX_MERGE_SELECT with clustered pk range is used. mysql-test/suite/innodb/r/innodb_mysql.result: test case mysql-test/suite/innodb/t/innodb_mysql.test: test case mysql-test/suite/innodb_plugin/r/innodb_mysql.result: test case mysql-test/suite/innodb_plugin/t/innodb_mysql.test: test case sql/opt_range.h: added new method sql/records.cc: The fix is always to use rr_quick if QUICK_INDEX_MERGE_SELECT with clustered pk range is used. --- sql/opt_range.h | 3 +++ sql/records.cc | 9 +++++++++ 2 files changed, 12 insertions(+) (limited to 'sql') diff --git a/sql/opt_range.h b/sql/opt_range.h index c6e488cf14c..5f7a4fd3a2a 100644 --- a/sql/opt_range.h +++ b/sql/opt_range.h @@ -265,6 +265,7 @@ public: virtual bool reverse_sorted() = 0; virtual bool unique_key_range() { return false; } + virtual bool clustered_pk_range() { return false; } enum { QS_TYPE_RANGE = 0, @@ -533,6 +534,8 @@ public: THD *thd; int read_keys_and_merge(); + bool clustered_pk_range() { return test(pk_quick_select); } + /* used to get rows collected in Unique */ READ_RECORD read_record; }; diff --git a/sql/records.cc b/sql/records.cc index b6faf0227f9..b809bcf1b91 100644 --- a/sql/records.cc +++ b/sql/records.cc @@ -194,6 +194,15 @@ void init_read_record(READ_RECORD *info,THD *thd, TABLE *table, if (select && my_b_inited(&select->file)) tempfile= &select->file; + else if (select && select->quick && select->quick->clustered_pk_range()) + { + /* + In case of QUICK_INDEX_MERGE_SELECT with clustered pk range we have to + use its own access method(i.e QUICK_INDEX_MERGE_SELECT::get_next()) as + sort file does not contain rowids which satisfy clustered pk range. + */ + tempfile= 0; + } else tempfile= table->sort.io_cache; if (tempfile && my_b_inited(tempfile)) // Test if ref-records was used -- cgit v1.2.1 From a30e9dda786e4583b567348d52405f283d201167 Mon Sep 17 00:00:00 2001 From: Gleb Shchepa Date: Wed, 24 Nov 2010 23:03:16 +0300 Subject: backport of bug #54461 from 5.1-security to 5.0-security > revision-id: gshchepa@mysql.com-20100801181236-uyuq6ewaq43rw780 > parent: alexey.kopytov@sun.com-20100723115254-jjwmhq97b9wl932l > committer: Gleb Shchepa > branch nick: mysql-5.1-security > timestamp: Sun 2010-08-01 22:12:36 +0400 > Bug #54461: crash with longblob and union or update with subquery > > Queries may crash, if > 1) the GREATEST or the LEAST function has a mixed list of > numeric and LONGBLOB arguments and > 2) the result of such a function goes through an intermediate > temporary table. > > An Item that references a LONGBLOB field has max_length of > UINT_MAX32 == (2^32 - 1). > > The current implementation of GREATEST/LEAST returns REAL > result for a mixed list of numeric and string arguments (that > contradicts with the current documentation, this contradiction > was discussed and it was decided to update the documentation). > > The max_length of such a function call was calculated as a > maximum of argument max_length values (i.e. UINT_MAX32). > > That max_length value of UINT_MAX32 was used as a length for > the intermediate temporary table Field_double to hold > GREATEST/LEAST function result. > > The Field_double::val_str() method call on that field > allocates a String value. > > Since an allocation of String reserves an additional byte > for a zero-termination, the size of String buffer was > set to (UINT_MAX32 + 1), that caused an integer overflow: > actually, an empty buffer of size 0 was allocated. > > An initialization of the "first" byte of that zero-size > buffer with '\0' caused a crash. > > The Item_func_min_max::fix_length_and_dec() has been > modified to calculate max_length for the REAL result like > we do it for arithmetical operators. mysql-test/r/func_misc.result: Test case for bug #54461. mysql-test/t/func_misc.test: Test case for bug #54461. sql/item_func.cc: Bug #54461: crash with longblob and union or update with subquery The Item_func_min_max::fix_length_and_dec() has been modified to calculate max_length for the REAL result like we do it for arithmetical operators. --- sql/item_func.cc | 2 ++ 1 file changed, 2 insertions(+) (limited to 'sql') diff --git a/sql/item_func.cc b/sql/item_func.cc index cb0d6bdbe5f..8af7db7fa1a 100644 --- a/sql/item_func.cc +++ b/sql/item_func.cc @@ -2250,6 +2250,8 @@ void Item_func_min_max::fix_length_and_dec() else if ((cmp_type == DECIMAL_RESULT) || (cmp_type == INT_RESULT)) max_length= my_decimal_precision_to_length(max_int_part+decimals, decimals, unsigned_flag); + else if (cmp_type == REAL_RESULT) + max_length= float_length(decimals); cached_field_type= agg_field_type(args, arg_count); } -- cgit v1.2.1 From 7336ac45b77bb8f794de3c37d6aa4864c02c6c57 Mon Sep 17 00:00:00 2001 From: "Tatiana A. Nurnberg" Date: Thu, 25 Nov 2010 03:11:05 +0000 Subject: Assorted post-merge fixes, clean-up, integration, compat with 5.6. 43233/55794. mysql-test/r/change_user.result: Don't use -1 integer wrap around. It used to work, but now we do what's actually in the documentation. In tests, we now use DEFAULT or the numeral equivalent (as we do in the 5.6 tests). mysql-test/r/key_cache.result: Can't drop default key case is an error now, not a warning, for compatibility with 5.6. mysql-test/r/variables.result: Can't drop default key case is an error now, not a warning, for compatibility with 5.6. mysql-test/t/change_user.test: Don't use -1 integer wrap around. It used to work, but now we do what's actually in the documentation. In tests, we now use DEFAULT or the numeral equivalent (as we do in the 5.6 tests). mysql-test/t/key_cache.test: Can't drop default key case is an error now, not a warning, for compatibility with 5.6. mysql-test/t/variables.test: Can't drop default key case is an error now, not a warning, for compatibility with 5.6. sql/mysqld.cc: 0 is a legal (albeit magic) value: "drop key cache." sql/set_var.cc: bound_unsigned() can go now, it was just a kludge until things are done The Right Way, which they are now. Can't drop default key case is an error now, not a warning, for compatibility with 5.6. tests/mysql_client_test.c: Don't use -1 integer wrap around. It used to work, but now we do what's actually in the documentation. In tests, we now use DEFAULT or the numeral equivalent (as we do in the 5.6 tests). --- sql/mysqld.cc | 2 +- sql/set_var.cc | 43 ++----------------------------------------- 2 files changed, 3 insertions(+), 42 deletions(-) (limited to 'sql') diff --git a/sql/mysqld.cc b/sql/mysqld.cc index d17ccc47abb..98556e87838 100644 --- a/sql/mysqld.cc +++ b/sql/mysqld.cc @@ -6774,7 +6774,7 @@ thread is in the relay logs.", "as much as you can afford; 1GB on a 4GB machine that mainly runs MySQL is " "quite common.", &dflt_key_cache_var.param_buff_size, NULL, NULL, (GET_ULL | GET_ASK_ADDR), - REQUIRED_ARG, KEY_CACHE_SIZE, MALLOC_OVERHEAD, SIZE_T_MAX, MALLOC_OVERHEAD, + REQUIRED_ARG, KEY_CACHE_SIZE, 0, SIZE_T_MAX, MALLOC_OVERHEAD, IO_SIZE, 0}, {"key_cache_age_threshold", OPT_KEY_CACHE_AGE_THRESHOLD, "This characterizes the number of hits a hot block has to be untouched " diff --git a/sql/set_var.cc b/sql/set_var.cc index 2621c8457bc..26f97d46d52 100644 --- a/sql/set_var.cc +++ b/sql/set_var.cc @@ -1423,44 +1423,6 @@ bool throw_bounds_warning(THD *thd, bool fixed, bool unsignd, } -/** - check an unsigned user-supplied value for a systemvariable against bounds. - - TODO: This is a wrapper function to call clipping from within an update() - function. Calling bounds from within update() is fair game in theory, - but we can only send warnings from in there, not errors, and besides, - it violates our model of separating check from update phase. - To avoid breaking out of the server with an ASSERT() in strict mode, - we pretend we're not in strict mode when we go through here. Bug#43233 - was opened to remind us to replace this kludge with The Right Thing, - which of course is to do the check in the actual check phase, and then - throw an error or warning accordingly. - - @param thd thread handle - @param num the value to limit - @param option_limits the bounds-record, or NULL if none - */ -static void bound_unsigned(THD *thd, ulonglong *num, - const struct my_option *option_limits) -{ - if (option_limits) - { - my_bool fixed = FALSE; - ulonglong unadjusted= *num; - - *num= getopt_ull_limit_value(unadjusted, option_limits, &fixed); - - if (fixed) - { - ulong ssm= thd->variables.sql_mode; - thd->variables.sql_mode&= ~MODE_STRICT_ALL_TABLES; - throw_bounds_warning(thd, fixed, TRUE, option_limits->name, unadjusted); - thd->variables.sql_mode= ssm; - } - } -} - - /** Get unsigned system-variable. Negative value does not wrap around, but becomes zero. @@ -2359,9 +2321,8 @@ bool sys_var_key_buffer_size::update(THD *thd, set_var *var) { if (key_cache == dflt_key_cache) { - push_warning_printf(thd, MYSQL_ERROR::WARN_LEVEL_WARN, - ER_WARN_CANT_DROP_DEFAULT_KEYCACHE, - ER(ER_WARN_CANT_DROP_DEFAULT_KEYCACHE)); + error= 1; + my_error(ER_WARN_CANT_DROP_DEFAULT_KEYCACHE, MYF(0)); goto end; // Ignore default key cache } -- cgit v1.2.1 From a7c09ea9f8f730bcfe285ad8b3672f41dac5e468 Mon Sep 17 00:00:00 2001 From: Alexander Barkov Date: Fri, 26 Nov 2010 16:58:54 +0300 Subject: Bug#56639 Character Euro (0x88) not converted from cp1251 to utf8 Problem: MySQL cp1251 did not support 'U+20AC EURO SIGN' which was assigned a few years ago to 0x88. Fix: adding mapping: 0x88 <-> U+20AC @ mysql-test/include/ctype_8bit.inc New shared file to test 8bit character sets. @ mysql-test/r/ctype_cp1251.result @ mysql-test/t/ctype_cp1251.test Adding tests @ sql/share/charsets/cp1251.xml Adding mapping @ strings/ctype-extra.c Regenerating ctype-extra.c using strings/conf_to_src according to new cp1251.xml --- sql/share/charsets/cp1251.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'sql') diff --git a/sql/share/charsets/cp1251.xml b/sql/share/charsets/cp1251.xml index b80db9f8ec0..06ba8a5a4b9 100644 --- a/sql/share/charsets/cp1251.xml +++ b/sql/share/charsets/cp1251.xml @@ -98,7 +98,7 @@ 0050 0051 0052 0053 0054 0055 0056 0057 0058 0059 005A 005B 005C 005D 005E 005F 0060 0061 0062 0063 0064 0065 0066 0067 0068 0069 006A 006B 006C 006D 006E 006F 0070 0071 0072 0073 0074 0075 0076 0077 0078 0079 007A 007B 007C 007D 007E 007F - 0402 0403 201A 0453 201E 2026 2020 2021 0000 2030 0409 2039 040A 040C 040B 040F + 0402 0403 201A 0453 201E 2026 2020 2021 20AC 2030 0409 2039 040A 040C 040B 040F 0452 2018 2019 201C 201D 2022 2013 2014 0000 2122 0459 203A 045A 045C 045B 045F 00A0 040E 045E 0408 00A4 0490 00A6 00A7 0401 00A9 0404 00AB 00AC 00AD 00AE 0407 00B0 00B1 0406 0456 0491 00B5 00B6 00B7 0451 2116 0454 00BB 0458 0405 0455 0457 -- cgit v1.2.1 From f225470b3904a93fdec6966c9c093f545bf260b2 Mon Sep 17 00:00:00 2001 From: unknown Date: Sun, 28 Nov 2010 17:43:36 +0800 Subject: BUG#54903 BINLOG statement toggles session variables When using BINLOG statement to execute rows log events, session variables foreign_key_checks and unique_checks are changed temporarily. As each rows log event has their own special session environment and its own foreign_key_checks and unique_checks can be different from current session which executing the BINLOG statement. But these variables are not restored correctly after BINLOG statement. This problem will cause that the following statements fail or generate unexpected data. In this patch, code is added to backup and restore these two variables. So BINLOG statement will not affect current session's variables again. mysql-test/extra/binlog_tests/binlog.test: Add test to verify this patch. mysql-test/suite/binlog/r/binlog_row_binlog.result: Add test to verify this patch. mysql-test/suite/binlog/r/binlog_stm_binlog.result: Add test to verify this patch. sql/sql_binlog.cc: Add code to backup and restore thd->options. --- sql/sql_binlog.cc | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'sql') diff --git a/sql/sql_binlog.cc b/sql/sql_binlog.cc index 82de6feb1a9..31fd2de3722 100644 --- a/sql/sql_binlog.cc +++ b/sql/sql_binlog.cc @@ -50,6 +50,13 @@ void mysql_client_binlog_statement(THD* thd) } size_t decoded_len= base64_needed_decoded_length(coded_len); + /* + thd->options will be changed when applying the event. But we don't expect + it be changed permanently after BINLOG statement, so backup it first. + It will be restored at the end of this function. + */ + ulonglong thd_options= thd->options; + /* Allocation */ @@ -236,6 +243,7 @@ void mysql_client_binlog_statement(THD* thd) my_ok(thd); end: + thd->options= thd_options; rli->clear_tables_to_lock(); my_free(buf, MYF(MY_ALLOW_ZERO_PTR)); DBUG_VOID_RETURN; -- cgit v1.2.1 From 4edea18f8daa9b1c1e5614560753a03cfdcb1adb Mon Sep 17 00:00:00 2001 From: Christopher Powers Date: Mon, 29 Nov 2010 22:46:43 -0600 Subject: Bug#35333, "If Federated table can't connect to remote host, can't retrieve metadata" Improved error handling such that queries against Information_Schema.Tables won't fail if a federated table can't make a remote connection. mysql-test/r/merge.result: Updated with warnings that were previously masked. mysql-test/r/show_check.result: Updated with warnings that were previously masked. mysql-test/r/view.result: Updated with warnings that were previously masked. sql/sql_show.cc: If get_schema_tables_record() encounters an error, push a warning, set the TABLE COMMENT column with the error text, and clear the error so that the operation can continue. --- sql/sql_show.cc | 43 ++++++++++++++++++++++++++++++++++--------- 1 file changed, 34 insertions(+), 9 deletions(-) (limited to 'sql') diff --git a/sql/sql_show.cc b/sql/sql_show.cc index 9b344204d64..ee0e2bf5ce7 100644 --- a/sql/sql_show.cc +++ b/sql/sql_show.cc @@ -3636,28 +3636,28 @@ static int get_schema_tables_record(THD *thd, TABLE_LIST *tables, { const char *tmp_buff; MYSQL_TIME time; + int info_error= 0; CHARSET_INFO *cs= system_charset_info; DBUG_ENTER("get_schema_tables_record"); restore_record(table, s->default_values); table->field[1]->store(db_name->str, db_name->length, cs); table->field[2]->store(table_name->str, table_name->length, cs); + if (res) { - /* - there was errors during opening tables - */ - const char *error= thd->is_error() ? thd->main_da.message() : ""; + /* There was a table open error, so set the table type and return */ if (tables->view) table->field[3]->store(STRING_WITH_LEN("VIEW"), cs); else if (tables->schema_table) table->field[3]->store(STRING_WITH_LEN("SYSTEM VIEW"), cs); else table->field[3]->store(STRING_WITH_LEN("BASE TABLE"), cs); - table->field[20]->store(error, strlen(error), cs); - thd->clear_error(); + + goto err; } - else if (tables->view) + + if (tables->view) { table->field[3]->store(STRING_WITH_LEN("VIEW"), cs); table->field[20]->store(STRING_WITH_LEN("VIEW"), cs); @@ -3746,9 +3746,14 @@ static int get_schema_tables_record(THD *thd, TABLE_LIST *tables, if (share->comment.str) table->field[20]->store(share->comment.str, share->comment.length, cs); - if(file) + if (file) { - file->info(HA_STATUS_VARIABLE | HA_STATUS_TIME | HA_STATUS_AUTO); + /* If info() fails, then there's nothing else to do */ + if ((info_error= file->info(HA_STATUS_VARIABLE | + HA_STATUS_TIME | + HA_STATUS_AUTO)) != 0) + goto err; + enum row_type row_type = file->get_row_type(); switch (row_type) { case ROW_TYPE_NOT_USED: @@ -3826,6 +3831,26 @@ static int get_schema_tables_record(THD *thd, TABLE_LIST *tables, } } } + +err: + if (res || info_error) + { + /* + If an error was encountered, push a warning, set the TABLE COMMENT + column with the error text, and clear the error so that the operation + can continue. + */ + const char *error= thd->is_error() ? thd->main_da.message() : ""; + table->field[20]->store(error, strlen(error), cs); + + if (thd->is_error()) + { + push_warning(thd, MYSQL_ERROR::WARN_LEVEL_WARN, + thd->main_da.sql_errno(), thd->main_da.message()); + thd->clear_error(); + } + } + DBUG_RETURN(schema_table_store_record(thd, table)); } -- cgit v1.2.1 From b0094227347bd31057c3f4c90283bb04174baa19 Mon Sep 17 00:00:00 2001 From: Luis Soares Date: Tue, 30 Nov 2010 16:55:28 +0000 Subject: BUG#57288: binlog_tmp_table fails sporadically: "Failed to write the DROP statement ..." Problem: When using temporary tables and closing a session, an implicit DROP TEMPORARY TABLE IF EXISTS is written to the binary log (while cleaning up the context of the session THD - see: sql_class.cc:THD::cleanup which calls close_temporary_tables). close_temporary_tables, first checks if the binary log is opened and then proceeds to creating the DROP statements. Then, such statements, are written to the binary log through MYSQL_BIN_LOG::write(Log_event *). Inside, there is another check if the binary log is opened and if not an error is returned. This is where the faulty behavior is triggered. Given that the test case replays a binary log, with temp tables statements, and right after it issues RESET MASTER, there is a chance that is_open will report false (when the mysql session is closed and the temporary tables are written). is_open may return false, because MYSQL_BIN_LOG::reset_logs is not setting the correct flag (LOG_CLOSE_TO_BE_OPENED), on the MYSQL_LOG_BIN::log_state (instead it sets just the LOG_CLOSE_INDEX flag, leaving the log_state to LOG_CLOSED). Thence, when writing the DROP statement as part of the THD::cleanup, the thread could get a return value of false for is_open - inside MYSQL_BIN_LOG::write, ultimately reporting that it can't write the event to the binary log. Fix: We fix this by adding the correct flag, missing in the second close. --- sql/log.cc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'sql') diff --git a/sql/log.cc b/sql/log.cc index 38f4677f06f..cff69b4cf51 100644 --- a/sql/log.cc +++ b/sql/log.cc @@ -3037,7 +3037,7 @@ bool MYSQL_BIN_LOG::reset_logs(THD* thd) } /* Start logging with a new file */ - close(LOG_CLOSE_INDEX); + close(LOG_CLOSE_INDEX | LOG_CLOSE_TO_BE_OPENED); if ((error= my_delete_allow_opened(index_file_name, MYF(0)))) // Reset (open will update) { if (my_errno == ENOENT) -- cgit v1.2.1 From d5e928959e55b4c124a783b83c2c70069dbedbca Mon Sep 17 00:00:00 2001 From: Davi Arnaut Date: Fri, 26 Nov 2010 19:59:10 -0200 Subject: Bug#51817: incorrect assumption: thd->query at 0x2ab2a8360360 is an invalid pointer The problem is that the logic which checks if a pointer is valid relies on a poor heuristic based on the start and end addresses of the data segment and heap. Apart from miscalculating the heap bounds, this approach also suffers from the fact that memory can come from places other than the heap. See Bug#58528 for a more detailed explanation. On Linux, the solution is to access the process's memory through /proc/self/task//mem, which allows for retrieving the contents of pages within the virtual address space of the calling process. If a address range is not mapped, a input/output error is returned. client/mysqltest.cc: Use new interface to my_safe_print_str. include/my_stacktrace.h: Drop name from my_safe_print_str. mysys/stacktrace.c: Access the process's memory through a file descriptor and dump the contents of the memory range. The file descriptor offset is equivalent to a offset into the address space. Do not print the name of the variable associated with the address. It can be better accomplished at a higher level. sql/mysqld.cc: Put the variable dumping information within its own newline block. Use symbolic names which better convey information to the user. --- sql/mysqld.cc | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) (limited to 'sql') diff --git a/sql/mysqld.cc b/sql/mysqld.cc index 98556e87838..3a33d06fb01 100644 --- a/sql/mysqld.cc +++ b/sql/mysqld.cc @@ -2527,7 +2527,7 @@ the thread stack. Please read http://dev.mysql.com/doc/mysql/en/linux.html\n\n", if (!(test_flags & TEST_NO_STACKTRACE)) { - fprintf(stderr, "thd: 0x%lx\n",(long) thd); + fprintf(stderr, "Thread pointer: 0x%lx\n", (long) thd); fprintf(stderr, "Attempting backtrace. You can use the following " "information to find out\nwhere mysqld died. If " "you see no messages after this, something went\n" @@ -2555,11 +2555,13 @@ the thread stack. Please read http://dev.mysql.com/doc/mysql/en/linux.html\n\n", kreason= "KILLED_NO_VALUE"; break; } - fprintf(stderr, "Trying to get some variables.\n\ -Some pointers may be invalid and cause the dump to abort...\n"); - my_safe_print_str("thd->query", thd->query(), 1024); - fprintf(stderr, "thd->thread_id=%lu\n", (ulong) thd->thread_id); - fprintf(stderr, "thd->killed=%s\n", kreason); + fprintf(stderr, "\nTrying to get some variables.\n" + "Some pointers may be invalid and cause the dump to abort.\n"); + fprintf(stderr, "Query (%p): ", thd->query()); + my_safe_print_str(thd->query(), min(1024, thd->query_length())); + fprintf(stderr, "Connection ID (thread ID): %lu\n", (ulong) thd->thread_id); + fprintf(stderr, "Status: %s\n", kreason); + fputc('\n', stderr); } fprintf(stderr, "\ The manual page at http://dev.mysql.com/doc/mysql/en/crashing.html contains\n\ -- cgit v1.2.1 From e199c7cd17e9d37befd67f907f66e7f235c71d6d Mon Sep 17 00:00:00 2001 From: Christopher Powers Date: Mon, 29 Nov 2010 18:51:46 -0600 Subject: Bug#35333, "If Federated table can't connect to remote host, can't retrieve metadata" Improved error handling such that queries against Information_Schema.Tables won't fail if a Federated table is unable to connect to remote host. sql/sql_show.cc: If Handler::Info() fails, save error text in TABLE COMMENTS column, clear error. --- sql/sql_show.cc | 200 ++++++++++++++++++++++++++++++++------------------------ 1 file changed, 113 insertions(+), 87 deletions(-) (limited to 'sql') diff --git a/sql/sql_show.cc b/sql/sql_show.cc index 13045280c5f..1075e7f76d1 100644 --- a/sql/sql_show.cc +++ b/sql/sql_show.cc @@ -48,7 +48,7 @@ bool schema_table_store_record(THD *thd, TABLE *table); /*************************************************************************** -** List all table types supported +** List all table types supported ***************************************************************************/ bool mysqld_show_storage_engines(THD *thd) @@ -65,7 +65,7 @@ bool mysqld_show_storage_engines(THD *thd) Protocol::SEND_NUM_ROWS | Protocol::SEND_EOF)) DBUG_RETURN(TRUE); - const char *default_type_name= + const char *default_type_name= ha_get_storage_engine((enum db_type)thd->variables.table_type); handlerton **types; @@ -406,7 +406,7 @@ mysqld_show_create(THD *thd, TABLE_LIST *table_list) /* Clear all messages with 'error' level status and - issue a warning with 'warning' level status in + issue a warning with 'warning' level status in case of invalid view and last error is ER_VIEW_INVALID */ mysql_reset_errors(thd, true); @@ -603,7 +603,7 @@ mysqld_list_fields(THD *thd, TABLE_LIST *table_list, const char *wild) Field **ptr,*field; for (ptr=table->field ; (field= *ptr); ptr++) { - if (!wild || !wild[0] || + if (!wild || !wild[0] || !wild_case_compare(system_charset_info, field->field_name,wild)) { if (table_list->view) @@ -809,13 +809,13 @@ static bool get_field_default_value(THD *thd, TABLE *table, bool has_default; bool has_now_default; enum enum_field_types field_type= field->type(); - /* + /* We are using CURRENT_TIMESTAMP instead of NOW because it is more standard */ - has_now_default= table->timestamp_field == field && + has_now_default= table->timestamp_field == field && field->unireg_check != Field::TIMESTAMP_UN_FIELD; - + has_default= (field_type != FIELD_TYPE_BLOB && !(field->flags & NO_DEFAULT_VALUE_FLAG) && field->unireg_check != Field::NEXT_NUMBER && @@ -837,7 +837,7 @@ static bool get_field_default_value(THD *thd, TABLE *table, char *ptr= longlong2str(dec, tmp + 2, 2); uint32 length= (uint32) (ptr - tmp); tmp[0]= 'b'; - tmp[1]= '\''; + tmp[1]= '\''; tmp[length]= '\''; type.length(length + 1); quoted= 0; @@ -929,7 +929,7 @@ store_create_info(THD *thd, TABLE_LIST *table_list, String *packet) field->sql_type(type); packet->append(type.ptr(), type.length(), system_charset_info); - if (field->has_charset() && + if (field->has_charset() && !(thd->variables.sql_mode & (MODE_MYSQL323 | MODE_MYSQL40))) { if (field->charset() != share->table_charset) @@ -937,8 +937,8 @@ store_create_info(THD *thd, TABLE_LIST *table_list, String *packet) packet->append(STRING_WITH_LEN(" character set ")); packet->append(field->charset()->csname); } - /* - For string types dump collation name only if + /* + For string types dump collation name only if collation is not primary for the given charset */ if (!(field->charset()->state & MY_CS_PRIMARY)) @@ -965,11 +965,11 @@ store_create_info(THD *thd, TABLE_LIST *table_list, String *packet) packet->append(def_value.ptr(), def_value.length(), system_charset_info); } - if (!limited_mysql_mode && table->timestamp_field == field && + if (!limited_mysql_mode && table->timestamp_field == field && field->unireg_check != Field::TIMESTAMP_DN_FIELD) packet->append(STRING_WITH_LEN(" on update CURRENT_TIMESTAMP")); - if (field->unireg_check == Field::NEXT_NUMBER && + if (field->unireg_check == Field::NEXT_NUMBER && !(thd->variables.sql_mode & MODE_NO_FIELD_OPTIONS)) packet->append(STRING_WITH_LEN(" auto_increment")); @@ -1088,7 +1088,7 @@ store_create_info(THD *thd, TABLE_LIST *table_list, String *packet) packet->append(buff, (uint) (end - buff)); } - + if (share->table_charset && !(thd->variables.sql_mode & MODE_MYSQL323) && !(thd->variables.sql_mode & MODE_MYSQL40)) @@ -1179,7 +1179,7 @@ view_store_options(THD *thd, TABLE_LIST *table, String *buff) /* Append DEFINER clause to the given buffer. - + SYNOPSIS append_definer() thd [in] thread handle @@ -1209,7 +1209,7 @@ static void append_algorithm(TABLE_LIST *table, String *buff) /* Append DEFINER clause to the given buffer. - + SYNOPSIS append_definer() thd [in] thread handle @@ -1374,8 +1374,8 @@ void mysqld_list_processes(THD *thd,const char *user, bool verbose) "%s:%u", tmp_sctx->host_or_ip, tmp->peer_port); } else - thd_info->host= thd->strdup(tmp_sctx->host_or_ip[0] ? - tmp_sctx->host_or_ip : + thd_info->host= thd->strdup(tmp_sctx->host_or_ip[0] ? + tmp_sctx->host_or_ip : tmp_sctx->host ? tmp_sctx->host : ""); if ((thd_info->db=tmp->db)) // Safe test thd_info->db=thd->strdup(thd_info->db); @@ -1852,14 +1852,14 @@ void calc_sum_of_all_status(STATUS_VAR *to) I_List_iterator it(threads); THD *tmp; - + /* Get global values as base */ *to= global_status_var; - + /* Add to this status from existing threads */ while ((tmp= it++)) add_to_status(to, &tmp->status_var); - + VOID(pthread_mutex_unlock(&LOCK_thread_count)); DBUG_VOID_RETURN; } @@ -1911,7 +1911,7 @@ bool schema_table_store_record(THD *thd, TABLE *table) int error; if ((error= table->file->write_row(table->record[0]))) { - if (create_myisam_from_heap(thd, table, + if (create_myisam_from_heap(thd, table, table->pos_in_table_list->schema_table_param, error, 0)) return 1; @@ -1946,7 +1946,7 @@ int make_table_list(THD *thd, SELECT_LEX *sel, { Table_ident *table_ident; LEX_STRING ident_db, ident_table; - ident_db.str= db; + ident_db.str= db; ident_db.length= (uint) strlen(db); ident_table.str= table; ident_table.length= (uint) strlen(table); @@ -1980,10 +1980,10 @@ bool uses_only_table_name_fields(Item *item, TABLE_LIST *table) const char *field_name2= schema_table->idx_field2 >= 0 ? field_info[schema_table->idx_field2].field_name : ""; if (table->table != item_field->field->table || (cs->coll->strnncollsp(cs, (uchar *) field_name1, (uint) strlen(field_name1), - (uchar *) item_field->field_name, + (uchar *) item_field->field_name, (uint) strlen(item_field->field_name), 0) && cs->coll->strnncollsp(cs, (uchar *) field_name2, (uint) strlen(field_name2), - (uchar *) item_field->field_name, + (uchar *) item_field->field_name, (uint) strlen(item_field->field_name), 0))) return 0; } @@ -2072,7 +2072,7 @@ enum enum_schema_tables get_schema_table_idx(ST_SCHEMA_TABLE *schema_table) with_i_schema returns 1 if we added 'IS' name to list otherwise returns 0 is_wild_value if value is 1 then idx_field_vals->db_name is - wild string otherwise it's db name; + wild string otherwise it's db name; RETURN zero success @@ -2094,7 +2094,7 @@ int make_db_list(THD *thd, List *files, LIKE clause (see also get_index_field_values() function) */ if (!idx_field_vals->db_value || - !wild_case_compare(system_charset_info, + !wild_case_compare(system_charset_info, INFORMATION_SCHEMA_NAME.str, idx_field_vals->db_value)) { @@ -2179,7 +2179,7 @@ int get_all_tables(THD *thd, TABLE_LIST *tables, COND *cond) List bases; List_iterator_fast it(bases); COND *partial_cond; - uint derived_tables= lex->derived_tables; + uint derived_tables= lex->derived_tables; int error= 1; db_type not_used; Open_tables_state open_tables_state_backup; @@ -2217,7 +2217,7 @@ int get_all_tables(THD *thd, TABLE_LIST *tables, COND *cond) Let us set fake sql_command so views won't try to merge themselves into main statement. If we don't do this, SELECT * from information_schema.xxxx will cause problems. - SQLCOM_SHOW_FIELDS is used because it satisfies 'only_view_structure()' + SQLCOM_SHOW_FIELDS is used because it satisfies 'only_view_structure()' */ lex->sql_command= SQLCOM_SHOW_FIELDS; res= open_normal_and_derived_tables(thd, show_table_list, @@ -2227,15 +2227,15 @@ int get_all_tables(THD *thd, TABLE_LIST *tables, COND *cond) get_all_tables() returns 1 on failure and 0 on success thus return only these and not the result code of ::process_table() - We should use show_table_list->alias instead of + We should use show_table_list->alias instead of show_table_list->table_name because table_name could be changed during opening of I_S tables. It's safe - to use alias because alias contains original table name - in this case(this part of code is used only for + to use alias because alias contains original table name + in this case(this part of code is used only for 'show columns' & 'show statistics' commands). */ error= test(schema_table->process_table(thd, show_table_list, - table, res, + table, res, (show_table_list->view ? show_table_list->view_db.str : show_table_list->db), @@ -2263,7 +2263,7 @@ int get_all_tables(THD *thd, TABLE_LIST *tables, COND *cond) (base_name= select_lex->db) && !bases.elements)) { #ifndef NO_EMBEDDED_ACCESS_CHECKS - if (!check_access(thd,SELECT_ACL, base_name, + if (!check_access(thd,SELECT_ACL, base_name, &thd->col_access, 0, 1, with_i_schema) || sctx->master_access & (DB_ACLS | SHOW_DB_ACL) || acl_get(sctx->host, sctx->ip, sctx->priv_user, base_name,0) || @@ -2281,7 +2281,7 @@ int get_all_tables(THD *thd, TABLE_LIST *tables, COND *cond) strxmov(path, mysql_data_home, "/", base_name, NullS); end= path + (len= unpack_dirname(path,path)); len= FN_LEN - len; - find_files_result res= find_files(thd, &files, base_name, + find_files_result res= find_files(thd, &files, base_name, path, idx_field_vals.table_value, 0); if (res != FIND_FILES_OK) { @@ -2367,9 +2367,9 @@ int get_all_tables(THD *thd, TABLE_LIST *tables, COND *cond) res= open_normal_and_derived_tables(thd, show_table_list, MYSQL_LOCK_IGNORE_FLUSH); lex->sql_command= save_sql_command; - /* + /* They can drop table after table names list creation and - before table opening. We open non existing table and + before table opening. We open non existing table and get ER_NO_SUCH_TABLE error. In this case we do not store the record into I_S table and clear error. */ @@ -2381,10 +2381,10 @@ int get_all_tables(THD *thd, TABLE_LIST *tables, COND *cond) else { /* - We should use show_table_list->alias instead of + We should use show_table_list->alias instead of show_table_list->table_name because table_name could be changed during opening of I_S tables. It's safe - to use alias because alias contains original table name + to use alias because alias contains original table name in this case. */ res= schema_table->process_table(thd, show_table_list, table, @@ -2486,28 +2486,28 @@ static int get_schema_tables_record(THD *thd, TABLE_LIST *tables, { const char *tmp_buff; MYSQL_TIME time; + int info_error= 0; CHARSET_INFO *cs= system_charset_info; DBUG_ENTER("get_schema_tables_record"); restore_record(table, s->default_values); table->field[1]->store(base_name, (uint) strlen(base_name), cs); table->field[2]->store(file_name, (uint) strlen(file_name), cs); + if (res) { - /* - there was errors during opening tables - */ - const char *error= thd->net.last_error; + /* There was a table open error, so set the table type and return */ if (tables->view) table->field[3]->store(STRING_WITH_LEN("VIEW"), cs); else if (tables->schema_table) table->field[3]->store(STRING_WITH_LEN("SYSTEM VIEW"), cs); else table->field[3]->store(STRING_WITH_LEN("BASE TABLE"), cs); - table->field[20]->store(error, (uint) strlen(error), cs); - thd->clear_error(); + + goto err; } - else if (tables->view) + + if (tables->view) { table->field[3]->store(STRING_WITH_LEN("VIEW"), cs); table->field[20]->store(STRING_WITH_LEN("VIEW"), cs); @@ -2518,8 +2518,15 @@ static int get_schema_tables_record(THD *thd, TABLE_LIST *tables, TABLE_SHARE *share= show_table->s; handler *file= show_table->file; - file->info(HA_STATUS_VARIABLE | HA_STATUS_TIME | HA_STATUS_AUTO | - HA_STATUS_NO_LOCK); + if (!file) + goto err; + + if ((info_error= file->info(HA_STATUS_VARIABLE | + HA_STATUS_TIME | + HA_STATUS_AUTO | + HA_STATUS_NO_LOCK)) != 0) + goto err; + if (share->tmp_table == SYSTEM_TMP_TABLE) table->field[3]->store(STRING_WITH_LEN("SYSTEM VIEW"), cs); else if (share->tmp_table) @@ -2636,7 +2643,7 @@ static int get_schema_tables_record(THD *thd, TABLE_LIST *tables, if (share->db_create_options & HA_OPTION_DELAY_KEY_WRITE) ptr=strmov(ptr," delay_key_write=1"); if (share->row_type != ROW_TYPE_DEFAULT) - ptr=strxmov(ptr, " row_format=", + ptr=strxmov(ptr, " row_format=", ha_row_type[(uint) share->row_type], NullS); if (file->raid_type) @@ -2649,7 +2656,7 @@ static int get_schema_tables_record(THD *thd, TABLE_LIST *tables, ptr=strmov(ptr,buff); } table->field[19]->store(option_buff+1, - (ptr == option_buff ? 0 : + (ptr == option_buff ? 0 : (uint) (ptr-option_buff)-1), cs); { char *comment; @@ -2658,13 +2665,32 @@ static int get_schema_tables_record(THD *thd, TABLE_LIST *tables, { table->field[20]->store(comment, (comment == share->comment.str ? - share->comment.length : + share->comment.length : (uint) strlen(comment)), cs); if (comment != share->comment.str) my_free(comment, MYF(0)); } } } + +err: + if (res || info_error) + { + /* + If an error was encountered, push a warning, set the TABLE COMMENT + column with the error text, and clear the error so that the operation + can continue. + */ + const char *error= thd->net.last_error; + if (error) + { + table->field[20]->store(error, strlen(error), cs); + push_warning(thd, MYSQL_ERROR::WARN_LEVEL_WARN, + thd->net.last_errno, thd->net.last_error); + thd->clear_error(); + } + } + DBUG_RETURN(schema_table_store_record(thd, table)); } @@ -2691,7 +2717,7 @@ static int get_schema_column_record(THD *thd, TABLE_LIST *tables, /* I.e. we are in SELECT FROM INFORMATION_SCHEMA.COLUMS rather than in SHOW COLUMNS - */ + */ push_warning(thd, MYSQL_ERROR::WARN_LEVEL_WARN, thd->net.last_errno, thd->net.last_error); thd->clear_error(); @@ -2732,7 +2758,7 @@ static int get_schema_column_record(THD *thd, TABLE_LIST *tables, uint col_access; check_access(thd,SELECT_ACL | EXTRA_ACL, base_name, &tables->grant.privilege, 0, 0, test(tables->schema_table)); - col_access= get_column_grant(thd, &tables->grant, + col_access= get_column_grant(thd, &tables->grant, base_name, file_name, field->field_name) & COL_ACLS; if (!tables->schema_table && !col_access) @@ -2755,9 +2781,9 @@ static int get_schema_column_record(THD *thd, TABLE_LIST *tables, cs); table->field[4]->store((longlong) count, TRUE); field->sql_type(type); - table->field[14]->store(type.ptr(), type.length(), cs); + table->field[14]->store(type.ptr(), type.length(), cs); tmp_buff= strchr(type.ptr(), '('); - table->field[7]->store(type.ptr(), (uint) + table->field[7]->store(type.ptr(), (uint) (tmp_buff ? tmp_buff - type.ptr() : type.length()), cs); @@ -2778,7 +2804,7 @@ static int get_schema_column_record(THD *thd, TABLE_LIST *tables, uint32 octet_max_length= field->max_display_length(); if (is_blob && octet_max_length != (uint32) 4294967295U) octet_max_length /= field->charset()->mbmaxlen; - longlong char_max_len= is_blob ? + longlong char_max_len= is_blob ? (longlong) octet_max_length / field->charset()->mbminlen : (longlong) octet_max_length / field->charset()->mbmaxlen; table->field[8]->store(char_max_len, TRUE); @@ -2811,7 +2837,7 @@ static int get_schema_column_record(THD *thd, TABLE_LIST *tables, field_length= field->max_display_length(); decimals= -1; // return NULL break; - case FIELD_TYPE_FLOAT: + case FIELD_TYPE_FLOAT: case FIELD_TYPE_DOUBLE: field_length= field->field_length; if (decimals == NOT_FIXED_DEC) @@ -2874,7 +2900,7 @@ int fill_schema_charsets(THD *thd, TABLE_LIST *tables, COND *cond) for (cs= all_charsets ; cs < all_charsets+255 ; cs++) { CHARSET_INFO *tmp_cs= cs[0]; - if (tmp_cs && (tmp_cs->state & MY_CS_PRIMARY) && + if (tmp_cs && (tmp_cs->state & MY_CS_PRIMARY) && (tmp_cs->state & MY_CS_AVAILABLE) && !(wild && wild[0] && wild_case_compare(scs, tmp_cs->csname,wild))) @@ -2904,13 +2930,13 @@ int fill_schema_collation(THD *thd, TABLE_LIST *tables, COND *cond) { CHARSET_INFO **cl; CHARSET_INFO *tmp_cs= cs[0]; - if (!tmp_cs || !(tmp_cs->state & MY_CS_AVAILABLE) || + if (!tmp_cs || !(tmp_cs->state & MY_CS_AVAILABLE) || !(tmp_cs->state & MY_CS_PRIMARY)) continue; for (cl= all_charsets; cl < all_charsets+255 ;cl ++) { CHARSET_INFO *tmp_cl= cl[0]; - if (!tmp_cl || !(tmp_cl->state & MY_CS_AVAILABLE) || + if (!tmp_cl || !(tmp_cl->state & MY_CS_AVAILABLE) || !my_charset_same(tmp_cs, tmp_cl)) continue; if (!(wild && wild[0] && @@ -2944,13 +2970,13 @@ int fill_schema_coll_charset_app(THD *thd, TABLE_LIST *tables, COND *cond) { CHARSET_INFO **cl; CHARSET_INFO *tmp_cs= cs[0]; - if (!tmp_cs || !(tmp_cs->state & MY_CS_AVAILABLE) || + if (!tmp_cs || !(tmp_cs->state & MY_CS_AVAILABLE) || !(tmp_cs->state & MY_CS_PRIMARY)) continue; for (cl= all_charsets; cl < all_charsets+255 ;cl ++) { CHARSET_INFO *tmp_cl= cl[0]; - if (!tmp_cl || !(tmp_cl->state & MY_CS_AVAILABLE) || + if (!tmp_cl || !(tmp_cl->state & MY_CS_AVAILABLE) || !my_charset_same(tmp_cs,tmp_cl)) continue; restore_record(table, s->default_values); @@ -3014,7 +3040,7 @@ bool store_schema_proc(THD *thd, TABLE *table, TABLE *proc_table, table->field[10]->store(STRING_WITH_LEN("SQL"), cs); get_field(thd->mem_root, proc_table->field[6], &tmp_string); table->field[11]->store(tmp_string.ptr(), tmp_string.length(), cs); - table->field[12]->store(sp_data_access_name[enum_idx].str, + table->field[12]->store(sp_data_access_name[enum_idx].str, sp_data_access_name[enum_idx].length , cs); get_field(thd->mem_root, proc_table->field[7], &tmp_string); table->field[14]->store(tmp_string.ptr(), tmp_string.length(), cs); @@ -3290,10 +3316,10 @@ static int get_schema_views_record(THD *thd, TABLE_LIST *tables, if (schema_table_store_record(thd, table)) DBUG_RETURN(1); if (res) - push_warning(thd, MYSQL_ERROR::WARN_LEVEL_WARN, + push_warning(thd, MYSQL_ERROR::WARN_LEVEL_WARN, thd->net.last_errno, thd->net.last_error); } - if (res) + if (res) thd->clear_error(); DBUG_RETURN(0); } @@ -3334,7 +3360,7 @@ static int get_schema_constraints_record(THD *thd, TABLE_LIST *tables, TABLE *show_table= tables->table; KEY *key_info=show_table->key_info; uint primary_key= show_table->s->primary_key; - show_table->file->info(HA_STATUS_VARIABLE | + show_table->file->info(HA_STATUS_VARIABLE | HA_STATUS_NO_LOCK | HA_STATUS_TIME); for (uint i=0 ; i < show_table->s->keys ; i++, key_info++) @@ -3363,7 +3389,7 @@ static int get_schema_constraints_record(THD *thd, TABLE_LIST *tables, List_iterator_fast it(f_key_list); while ((f_key_info=it++)) { - if (store_constraints(thd, table, base_name, file_name, + if (store_constraints(thd, table, base_name, file_name, f_key_info->forein_id->str, (uint) strlen(f_key_info->forein_id->str), "FOREIGN KEY", 11)) @@ -3472,7 +3498,7 @@ ret: void store_key_column_usage(TABLE *table, const char*db, const char *tname, - const char *key_name, uint key_len, + const char *key_name, uint key_len, const char *con_type, uint con_len, longlong idx) { CHARSET_INFO *cs= system_charset_info; @@ -3506,7 +3532,7 @@ static int get_schema_key_column_usage_record(THD *thd, TABLE *show_table= tables->table; KEY *key_info=show_table->key_info; uint primary_key= show_table->s->primary_key; - show_table->file->info(HA_STATUS_VARIABLE | + show_table->file->info(HA_STATUS_VARIABLE | HA_STATUS_NO_LOCK | HA_STATUS_TIME); for (uint i=0 ; i < show_table->s->keys ; i++, key_info++) @@ -3523,8 +3549,8 @@ static int get_schema_key_column_usage_record(THD *thd, restore_record(table, s->default_values); store_key_column_usage(table, base_name, file_name, key_info->name, - (uint) strlen(key_info->name), - key_part->field->field_name, + (uint) strlen(key_info->name), + key_part->field->field_name, (uint) strlen(key_part->field->field_name), (longlong) f_idx); if (schema_table_store_record(thd, table)) @@ -3560,7 +3586,7 @@ static int get_schema_key_column_usage_record(THD *thd, system_charset_info); table->field[9]->set_notnull(); table->field[10]->store(f_key_info->referenced_table->str, - f_key_info->referenced_table->length, + f_key_info->referenced_table->length, system_charset_info); table->field[10]->set_notnull(); table->field[11]->store(r_info->str, r_info->length, @@ -3607,7 +3633,7 @@ int fill_variables(THD *thd, TABLE_LIST *tables, COND *cond) LEX *lex= thd->lex; const char *wild= lex->wild ? lex->wild->ptr() : NullS; pthread_mutex_lock(&LOCK_global_system_variables); - res= show_status_array(thd, wild, init_vars, + res= show_status_array(thd, wild, init_vars, lex->option_type, 0, "", tables->table); pthread_mutex_unlock(&LOCK_global_system_variables); DBUG_RETURN(res); @@ -3626,7 +3652,7 @@ int fill_status(THD *thd, TABLE_LIST *tables, COND *cond) if (lex->option_type == OPT_GLOBAL) calc_sum_of_all_status(&tmp); res= show_status_array(thd, wild, status_vars, OPT_GLOBAL, - (lex->option_type == OPT_GLOBAL ? + (lex->option_type == OPT_GLOBAL ? &tmp: &thd->status_var), "",tables->table); pthread_mutex_unlock(&LOCK_status); DBUG_RETURN(res); @@ -3717,7 +3743,7 @@ TABLE *create_schema_table(THD *thd, TABLE_LIST *table_list) break; case MYSQL_TYPE_FLOAT: case MYSQL_TYPE_DOUBLE: - if ((item= new Item_float(fields_info->field_name, 0.0, NOT_FIXED_DEC, + if ((item= new Item_float(fields_info->field_name, 0.0, NOT_FIXED_DEC, fields_info->field_length)) == NULL) DBUG_RETURN(NULL); break; @@ -3761,7 +3787,7 @@ TABLE *create_schema_table(THD *thd, TABLE_LIST *table_list) tmp_table_param->schema_table= 1; SELECT_LEX *select_lex= thd->lex->current_select; if (!(table= create_tmp_table(thd, tmp_table_param, - field_list, (ORDER*) 0, 0, 0, + field_list, (ORDER*) 0, 0, 0, (select_lex->options | thd->options | TMP_TABLE_ALL_COLUMNS), HA_POS_ERROR, table_list->alias))) @@ -4102,7 +4128,7 @@ bool get_schema_tables_result(JOIN *join, thd->no_warnings_for_error= 1; for (JOIN_TAB *tab= join->join_tab; tab < tmp_join_tab; tab++) - { + { if (!tab->table || !tab->table->pos_in_table_list) break; @@ -4454,13 +4480,13 @@ ST_FIELD_INFO variables_fields_info[]= ST_SCHEMA_TABLE schema_tables[]= { - {"CHARACTER_SETS", charsets_fields_info, create_schema_table, + {"CHARACTER_SETS", charsets_fields_info, create_schema_table, fill_schema_charsets, make_character_sets_old_format, 0, -1, -1, 0}, - {"COLLATIONS", collation_fields_info, create_schema_table, + {"COLLATIONS", collation_fields_info, create_schema_table, fill_schema_collation, make_old_format, 0, -1, -1, 0}, {"COLLATION_CHARACTER_SET_APPLICABILITY", coll_charset_app_fields_info, create_schema_table, fill_schema_coll_charset_app, 0, 0, -1, -1, 0}, - {"COLUMNS", columns_fields_info, create_schema_table, + {"COLUMNS", columns_fields_info, create_schema_table, get_all_tables, make_columns_old_format, get_schema_column_record, 1, 2, 0}, {"COLUMN_PRIVILEGES", column_privileges_fields_info, create_schema_table, fill_schema_column_privileges, 0, 0, -1, -1, 0}, @@ -4469,19 +4495,19 @@ ST_SCHEMA_TABLE schema_tables[]= {"OPEN_TABLES", open_tables_fields_info, create_schema_table, fill_open_tables, make_old_format, 0, -1, -1, 1}, {"PROFILING", query_profile_statistics_info, create_schema_table, - fill_query_profile_statistics_info, make_profile_table_for_show, + fill_query_profile_statistics_info, make_profile_table_for_show, NULL, -1, -1, false}, - {"ROUTINES", proc_fields_info, create_schema_table, + {"ROUTINES", proc_fields_info, create_schema_table, fill_schema_proc, make_proc_old_format, 0, -1, -1, 0}, {"SCHEMATA", schema_fields_info, create_schema_table, fill_schema_shemata, make_schemata_old_format, 0, 1, -1, 0}, {"SCHEMA_PRIVILEGES", schema_privileges_fields_info, create_schema_table, fill_schema_schema_privileges, 0, 0, -1, -1, 0}, - {"STATISTICS", stat_fields_info, create_schema_table, + {"STATISTICS", stat_fields_info, create_schema_table, get_all_tables, make_old_format, get_schema_stat_record, 1, 2, 0}, - {"STATUS", variables_fields_info, create_schema_table, fill_status, + {"STATUS", variables_fields_info, create_schema_table, fill_status, make_old_format, 0, -1, -1, 1}, - {"TABLES", tables_fields_info, create_schema_table, + {"TABLES", tables_fields_info, create_schema_table, get_all_tables, make_old_format, get_schema_tables_record, 1, 2, 0}, {"TABLE_CONSTRAINTS", table_constraints_fields_info, create_schema_table, get_all_tables, 0, get_schema_constraints_record, 3, 4, 0}, @@ -4491,11 +4517,11 @@ ST_SCHEMA_TABLE schema_tables[]= fill_schema_table_privileges, 0, 0, -1, -1, 0}, {"TRIGGERS", triggers_fields_info, create_schema_table, get_all_tables, make_old_format, get_schema_triggers_record, 5, 6, 0}, - {"USER_PRIVILEGES", user_privileges_fields_info, create_schema_table, + {"USER_PRIVILEGES", user_privileges_fields_info, create_schema_table, fill_schema_user_privileges, 0, 0, -1, -1, 0}, {"VARIABLES", variables_fields_info, create_schema_table, fill_variables, make_old_format, 0, -1, -1, 1}, - {"VIEWS", view_fields_info, create_schema_table, + {"VIEWS", view_fields_info, create_schema_table, get_all_tables, 0, get_schema_views_record, 1, 2, 0}, {0, 0, 0, 0, 0, 0, 0, 0, 0} }; -- cgit v1.2.1 From 647c619393f713ad6725d990128a8d1911e956f8 Mon Sep 17 00:00:00 2001 From: Luis Soares Date: Tue, 30 Nov 2010 23:32:51 +0000 Subject: BUG#46166: MYSQL_BIN_LOG::new_file_impl is not propagating error when generating new name. If find_uniq_filename returns an error, then this error is not being propagated upwards, and execution does not report error to the user (although a entry in the error log is generated). Additionally, some more errors were ignored in new_file_impl: - when writing the rotate event - when reopening the index and binary log file This patch addresses this by propagating the error up in the execution stack. Furthermore, when rotation of the binary log fails, an incident event is written, because there may be a chance that some changes for a given statement, were not properly logged. For example, in SBR, LOAD DATA INFILE statement requires more than one event to be logged, should rotation fail while logging part of the LOAD DATA events, then the logged data would become inconsistent with the data in the storage engine. mysql-test/include/restart_mysqld.inc: Refactored restart_mysqld so that it is not hardcoded for mysqld.1, but rather for the current server. mysql-test/suite/binlog/t/binlog_index.test: The error on open of index and binary log on new_file_impl is now caught. Thence the user will get an error message. We need to accomodate this change in the test case for the failing FLUSH LOGS. mysql-test/suite/rpl/t/rpl_binlog_errors-master.opt: Sets max_binlog_size to 4096. mysql-test/suite/rpl/t/rpl_binlog_errors.test: Added some test cases for asserting that the error is found and reported. sql/handler.cc: Catching error now returned by unlog (in ha_commit_trans) and returning it. sql/log.cc: Propagating errors from new_file_impl upwards. The errors that new_file_impl catches now are: - error on generate_new_name - error on writing the rotate event - error when opening the index or the binary log file. sql/log.h: Changing declaration of: - rotate_and_purge - new_file - new_file_without_locking - new_file_impl - unlog They now return int instead of void. sql/mysql_priv.h: Change signature of reload_acl_and_cache so that write_to_binlog is an int instead of bool. sql/mysqld.cc: Redeclaring not_used var as int instead of bool. sql/rpl_injector.cc: Changes to catch the return from rotate_and_purge. sql/slave.cc: Changes to catch the return values for new_file and rotate_relay_log. sql/slave.h: Changes to rotate_relay_log declaration (now returns int instead of void). sql/sql_load.cc: In SBR, some logging of LOAD DATA events goes through IO_CACHE_CALLBACK invocation at mf_iocache.c:_my_b_get. The IO_CACHE implementation is ignoring the return value for from these callbacks (pre_read and post_read), so we need to find out at the end of the execution if the error is set or not in THD. sql/sql_parse.cc: Catching the rotate_relay_log and rotate_and_purge return values. Semantic change in reload_acl_and_cache so that we report errors in binlog interactions through the write_to_binlog output parameter. If there was any failure while rotating the binary log, we should then report the error to the client when handling SQLCOMM_FLUSH. --- sql/handler.cc | 6 ++- sql/log.cc | 152 ++++++++++++++++++++++++++++++++++++++++------------ sql/log.h | 16 +++--- sql/mysql_priv.h | 2 +- sql/mysqld.cc | 2 +- sql/rpl_injector.cc | 6 +-- sql/slave.cc | 11 ++-- sql/slave.h | 2 +- sql/sql_load.cc | 7 +++ sql/sql_parse.cc | 50 ++++++++++++----- 10 files changed, 185 insertions(+), 69 deletions(-) (limited to 'sql') diff --git a/sql/handler.cc b/sql/handler.cc index 1525ca53bca..18381bc552c 100644 --- a/sql/handler.cc +++ b/sql/handler.cc @@ -1192,7 +1192,11 @@ int ha_commit_trans(THD *thd, bool all) error=ha_commit_one_phase(thd, all) ? (cookie ? 2 : 1) : 0; DBUG_EXECUTE_IF("crash_commit_before_unlog", DBUG_SUICIDE();); if (cookie) - tc_log->unlog(cookie, xid); + if(tc_log->unlog(cookie, xid)) + { + error= 2; + goto end; + } DBUG_EXECUTE_IF("crash_commit_after", DBUG_SUICIDE();); end: if (rw_trans) diff --git a/sql/log.cc b/sql/log.cc index cff69b4cf51..46dcec2e2cd 100644 --- a/sql/log.cc +++ b/sql/log.cc @@ -1871,10 +1871,11 @@ static int find_uniq_filename(char *name) *end='.'; length= (size_t) (end-start+1); - if (!(dir_info = my_dir(buff,MYF(MY_DONT_SORT)))) + if ((DBUG_EVALUATE_IF("error_unique_log_filename", 1, + !(dir_info = my_dir(buff,MYF(MY_DONT_SORT)))))) { // This shouldn't happen strmov(end,".1"); // use name+1 - DBUG_RETURN(0); + DBUG_RETURN(1); } file_info= dir_info->dir_entry; for (i=dir_info->number_off_files ; i-- ; file_info++) @@ -1888,8 +1889,7 @@ static int find_uniq_filename(char *name) my_dirend(dir_info); *end++='.'; - sprintf(end,"%06ld",max_found+1); - DBUG_RETURN(0); + DBUG_RETURN((sprintf(end,"%06ld",max_found+1) < 0)); } @@ -2101,6 +2101,8 @@ int MYSQL_LOG::generate_new_name(char *new_name, const char *log_name) { if (find_uniq_filename(new_name)) { + my_printf_error(ER_NO_UNIQUE_LOGFILE, ER(ER_NO_UNIQUE_LOGFILE), + MYF(ME_FATALERROR), log_name); sql_print_error(ER(ER_NO_UNIQUE_LOGFILE), log_name); return 1; } @@ -3066,7 +3068,8 @@ bool MYSQL_BIN_LOG::reset_logs(THD* thd) if (!thd->slave_thread) need_start_event=1; if (!open_index_file(index_file_name, 0, FALSE)) - open(save_name, log_type, 0, io_cache_type, no_auto_events, max_size, 0, FALSE); + if ((error= open(save_name, log_type, 0, io_cache_type, no_auto_events, max_size, 0, FALSE))) + goto err; my_free((uchar*) save_name, MYF(0)); err: @@ -3728,17 +3731,23 @@ bool MYSQL_BIN_LOG::is_active(const char *log_file_name_arg) incapsulation 3) allows external access to the class without a lock (which is not possible with private new_file_without_locking method). + + @retval + nonzero - error */ -void MYSQL_BIN_LOG::new_file() +int MYSQL_BIN_LOG::new_file() { - new_file_impl(1); + return new_file_impl(1); } - -void MYSQL_BIN_LOG::new_file_without_locking() +/* + @retval + nonzero - error + */ +int MYSQL_BIN_LOG::new_file_without_locking() { - new_file_impl(0); + return new_file_impl(0); } @@ -3747,19 +3756,23 @@ void MYSQL_BIN_LOG::new_file_without_locking() @param need_lock Set to 1 if caller has not locked LOCK_log + @retval + nonzero - error + @note The new file name is stored last in the index file */ -void MYSQL_BIN_LOG::new_file_impl(bool need_lock) +int MYSQL_BIN_LOG::new_file_impl(bool need_lock) { - char new_name[FN_REFLEN], *new_name_ptr, *old_name; + int error= 0, close_on_error= FALSE; + char new_name[FN_REFLEN], *new_name_ptr, *old_name, *file_to_open; DBUG_ENTER("MYSQL_BIN_LOG::new_file_impl"); if (!is_open()) { DBUG_PRINT("info",("log is closed")); - DBUG_VOID_RETURN; + DBUG_RETURN(error); } if (need_lock) @@ -3797,7 +3810,7 @@ void MYSQL_BIN_LOG::new_file_impl(bool need_lock) We have to do this here and not in open as we want to store the new file name in the current binary log file. */ - if (generate_new_name(new_name, name)) + if ((error= generate_new_name(new_name, name))) goto end; new_name_ptr=new_name; @@ -3811,7 +3824,13 @@ void MYSQL_BIN_LOG::new_file_impl(bool need_lock) */ Rotate_log_event r(new_name+dirname_length(new_name), 0, LOG_EVENT_OFFSET, is_relay_log ? Rotate_log_event::RELAY_LOG : 0); - r.write(&log_file); + if(DBUG_EVALUATE_IF("fault_injection_new_file_rotate_event", (error=close_on_error=TRUE), FALSE) || + (error= r.write(&log_file))) + { + close_on_error= TRUE; + my_printf_error(ER_ERROR_ON_WRITE, ER(ER_CANT_OPEN_FILE), MYF(ME_FATALERROR), name, errno); + goto end; + } bytes_written += r.data_written; } /* @@ -3839,17 +3858,56 @@ void MYSQL_BIN_LOG::new_file_impl(bool need_lock) */ /* reopen index binlog file, BUG#34582 */ - if (!open_index_file(index_file_name, 0, FALSE)) - open(old_name, log_type, new_name_ptr, - io_cache_type, no_auto_events, max_size, 1, FALSE); + file_to_open= index_file_name; + error= open_index_file(index_file_name, 0, FALSE); + if (!error) + { + /* reopen the binary log file. */ + file_to_open= new_name_ptr; + error= open(old_name, log_type, new_name_ptr, io_cache_type, + no_auto_events, max_size, 1, FALSE); + } + + /* handle reopening errors */ + if (error) + { + my_printf_error(ER_CANT_OPEN_FILE, ER(ER_CANT_OPEN_FILE), + MYF(ME_FATALERROR), file_to_open, error); + close_on_error= TRUE; + } + my_free(old_name,MYF(0)); end: + + if (error && close_on_error /* rotate or reopen failed */) + { + /* + Close whatever was left opened. + + We are keeping the behavior as it exists today, ie, + we disable logging and move on (see: BUG#51014). + + TODO: as part of WL#1790 consider other approaches: + - kill mysql (safety); + - try multiple locations for opening a log file; + - switch server to protected/readonly mode + - ... + */ + close(LOG_CLOSE_INDEX); + sql_print_error("Could not open %s for logging (error %d). " + "Turning logging off for the whole duration " + "of the MySQL server process. To turn it on " + "again: fix the cause, shutdown the MySQL " + "server and restart it.", + new_name_ptr, errno); + } + if (need_lock) pthread_mutex_unlock(&LOCK_log); pthread_mutex_unlock(&LOCK_index); - DBUG_VOID_RETURN; + DBUG_RETURN(error); } @@ -3872,8 +3930,7 @@ bool MYSQL_BIN_LOG::append(Log_event* ev) bytes_written+= ev->data_written; DBUG_PRINT("info",("max_size: %lu",max_size)); if ((uint) my_b_append_tell(&log_file) > max_size) - new_file_without_locking(); - + error= new_file_without_locking(); err: pthread_mutex_unlock(&LOCK_log); signal_update(); // Safe as we don't call close @@ -3902,8 +3959,7 @@ bool MYSQL_BIN_LOG::appendv(const char* buf, uint len,...) } while ((buf=va_arg(args,const char*)) && (len=va_arg(args,uint))); DBUG_PRINT("info",("max_size: %lu",max_size)); if ((uint) my_b_append_tell(&log_file) > max_size) - new_file_without_locking(); - + error= new_file_without_locking(); err: if (!error) signal_update(); @@ -4252,7 +4308,7 @@ MYSQL_BIN_LOG::flush_and_set_pending_rows_event(THD *thd, if (!error) { signal_update(); - rotate_and_purge(RP_LOCK_LOG_IS_ALREADY_LOCKED); + error= rotate_and_purge(RP_LOCK_LOG_IS_ALREADY_LOCKED); } } @@ -4448,7 +4504,9 @@ bool MYSQL_BIN_LOG::write(Log_event *event_info) if (flush_and_sync()) goto err; signal_update(); - rotate_and_purge(RP_LOCK_LOG_IS_ALREADY_LOCKED); + if ((error= rotate_and_purge(RP_LOCK_LOG_IS_ALREADY_LOCKED))) + goto err; + } error=0; @@ -4531,8 +4589,19 @@ bool general_log_write(THD *thd, enum enum_server_command command, return FALSE; } -void MYSQL_BIN_LOG::rotate_and_purge(uint flags) +/** + @note + If rotation fails, for instance the server was unable + to create a new log file, we still try to write an + incident event to the current log. + + @retval + nonzero - error +*/ +int MYSQL_BIN_LOG::rotate_and_purge(uint flags) { + int error= 0; + DBUG_ENTER("MYSQL_BIN_LOG::rotate_and_purge"); #ifdef HAVE_REPLICATION bool check_purge= false; #endif @@ -4541,26 +4610,38 @@ void MYSQL_BIN_LOG::rotate_and_purge(uint flags) if ((flags & RP_FORCE_ROTATE) || (my_b_tell(&log_file) >= (my_off_t) max_size)) { - new_file_without_locking(); + if ((error= new_file_without_locking())) + /** + Be conservative... There are possible lost events (eg, + failing to log the Execute_load_query_log_event + on a LOAD DATA while using a non-transactional + table)! + + We give it a shot and try to write an incident event anyway + to the current log. + */ + if (!write_incident(current_thd, FALSE)) + flush_and_sync(); + #ifdef HAVE_REPLICATION check_purge= true; #endif } if (!(flags & RP_LOCK_LOG_IS_ALREADY_LOCKED)) pthread_mutex_unlock(&LOCK_log); - #ifdef HAVE_REPLICATION /* NOTE: Run purge_logs wo/ holding LOCK_log as it otherwise will deadlock in ndbcluster_binlog_index_purge_file */ - if (check_purge && expire_logs_days) + if (!error && check_purge && expire_logs_days) { time_t purge_time= my_time(0) - expire_logs_days*24*60*60; if (purge_time >= 0) purge_logs_before_date(purge_time); } #endif + DBUG_RETURN(error); } uint MYSQL_BIN_LOG::next_file_id() @@ -4759,7 +4840,7 @@ bool MYSQL_BIN_LOG::write_incident(THD *thd, bool lock) if (!error && !(error= flush_and_sync())) { signal_update(); - rotate_and_purge(RP_LOCK_LOG_IS_ALREADY_LOCKED); + error= rotate_and_purge(RP_LOCK_LOG_IS_ALREADY_LOCKED); } pthread_mutex_unlock(&LOCK_log); } @@ -4871,7 +4952,8 @@ bool MYSQL_BIN_LOG::write(THD *thd, IO_CACHE *cache, Log_event *commit_event, pthread_mutex_unlock(&LOCK_prep_xids); } else - rotate_and_purge(RP_LOCK_LOG_IS_ALREADY_LOCKED); + if (rotate_and_purge(RP_LOCK_LOG_IS_ALREADY_LOCKED)) + goto err; } VOID(pthread_mutex_unlock(&LOCK_log)); @@ -5676,7 +5758,7 @@ int TC_LOG_MMAP::sync() cookie points directly to the memory where xid was logged. */ -void TC_LOG_MMAP::unlog(ulong cookie, my_xid xid) +int TC_LOG_MMAP::unlog(ulong cookie, my_xid xid) { PAGE *p=pages+(cookie/tc_log_page_size); my_xid *x=(my_xid *)(data+cookie); @@ -5694,6 +5776,7 @@ void TC_LOG_MMAP::unlog(ulong cookie, my_xid xid) if (p->waiters == 0) // the page is in pool and ready to rock pthread_cond_signal(&COND_pool); // ping ... for overflow() pthread_mutex_unlock(&p->lock); + return 0; } void TC_LOG_MMAP::close() @@ -5935,8 +6018,9 @@ int TC_LOG_BINLOG::log_xid(THD *thd, my_xid xid) DBUG_RETURN(!binlog_end_trans(thd, trx_data, &xle, TRUE)); } -void TC_LOG_BINLOG::unlog(ulong cookie, my_xid xid) +int TC_LOG_BINLOG::unlog(ulong cookie, my_xid xid) { + DBUG_ENTER("TC_LOG_BINLOG::unlog"); pthread_mutex_lock(&LOCK_prep_xids); DBUG_ASSERT(prepared_xids > 0); if (--prepared_xids == 0) { @@ -5944,7 +6028,7 @@ void TC_LOG_BINLOG::unlog(ulong cookie, my_xid xid) pthread_cond_signal(&COND_prep_xids); } pthread_mutex_unlock(&LOCK_prep_xids); - rotate_and_purge(0); // as ::write() did not rotate + DBUG_RETURN(rotate_and_purge(0)); // as ::write() did not rotate } int TC_LOG_BINLOG::recover(IO_CACHE *log, Format_description_log_event *fdle) diff --git a/sql/log.h b/sql/log.h index 8f1ed7ee90c..2b0bc6111b3 100644 --- a/sql/log.h +++ b/sql/log.h @@ -39,7 +39,7 @@ class TC_LOG virtual int open(const char *opt_name)=0; virtual void close()=0; virtual int log_xid(THD *thd, my_xid xid)=0; - virtual void unlog(ulong cookie, my_xid xid)=0; + virtual int unlog(ulong cookie, my_xid xid)=0; }; class TC_LOG_DUMMY: public TC_LOG // use it to disable the logging @@ -49,7 +49,7 @@ public: int open(const char *opt_name) { return 0; } void close() { } int log_xid(THD *thd, my_xid xid) { return 1; } - void unlog(ulong cookie, my_xid xid) { } + int unlog(ulong cookie, my_xid xid) { return 0; } }; #ifdef HAVE_MMAP @@ -94,7 +94,7 @@ class TC_LOG_MMAP: public TC_LOG int open(const char *opt_name); void close(); int log_xid(THD *thd, my_xid xid); - void unlog(ulong cookie, my_xid xid); + int unlog(ulong cookie, my_xid xid); int recover(); private: @@ -283,8 +283,8 @@ class MYSQL_BIN_LOG: public TC_LOG, private MYSQL_LOG new_file() is locking. new_file_without_locking() does not acquire LOCK_log. */ - void new_file_without_locking(); - void new_file_impl(bool need_lock); + int new_file_without_locking(); + int new_file_impl(bool need_lock); public: MYSQL_LOG::generate_name; @@ -314,7 +314,7 @@ public: int open(const char *opt_name); void close(); int log_xid(THD *thd, my_xid xid); - void unlog(ulong cookie, my_xid xid); + int unlog(ulong cookie, my_xid xid); int recover(IO_CACHE *log, Format_description_log_event *fdle); #if !defined(MYSQL_CLIENT) int flush_and_set_pending_rows_event(THD *thd, Rows_log_event* event); @@ -354,7 +354,7 @@ public: bool open_index_file(const char *index_file_name_arg, const char *log_name, bool need_mutex); /* Use this to start writing a new log file */ - void new_file(); + int new_file(); void reset_gathered_updates(THD *thd); bool write(Log_event* event_info); // binary log write @@ -379,7 +379,7 @@ public: void make_log_name(char* buf, const char* log_ident); bool is_active(const char* log_file_name); int update_log_index(LOG_INFO* linfo, bool need_update_threads); - void rotate_and_purge(uint flags); + int rotate_and_purge(uint flags); bool flush_and_sync(); int purge_logs(const char *to_log, bool included, bool need_mutex, bool need_update_threads, diff --git a/sql/mysql_priv.h b/sql/mysql_priv.h index 709a49b2036..526133c20c6 100644 --- a/sql/mysql_priv.h +++ b/sql/mysql_priv.h @@ -1063,7 +1063,7 @@ uint cached_table_definitions(void); void kill_mysql(void); void close_connection(THD *thd, uint errcode, bool lock); bool reload_acl_and_cache(THD *thd, ulong options, TABLE_LIST *tables, - bool *write_to_binlog); + int *write_to_binlog); #ifndef NO_EMBEDDED_ACCESS_CHECKS bool check_access(THD *thd, ulong access, const char *db, ulong *save_priv, bool no_grant, bool no_errors, bool schema_db); diff --git a/sql/mysqld.cc b/sql/mysqld.cc index 3a33d06fb01..1a3a0886c1f 100644 --- a/sql/mysqld.cc +++ b/sql/mysqld.cc @@ -2839,7 +2839,7 @@ pthread_handler_t signal_hand(void *arg __attribute__((unused))) case SIGHUP: if (!abort_loop) { - bool not_used; + int not_used; mysql_print_status(); // Print some debug info reload_acl_and_cache((THD*) 0, (REFRESH_LOG | REFRESH_TABLES | REFRESH_FAST | diff --git a/sql/rpl_injector.cc b/sql/rpl_injector.cc index 43f4e7d849d..b797621d696 100644 --- a/sql/rpl_injector.cc +++ b/sql/rpl_injector.cc @@ -229,8 +229,7 @@ int injector::record_incident(THD *thd, Incident incident) Incident_log_event ev(thd, incident); if (int error= mysql_bin_log.write(&ev)) return error; - mysql_bin_log.rotate_and_purge(RP_FORCE_ROTATE); - return 0; + return mysql_bin_log.rotate_and_purge(RP_FORCE_ROTATE); } int injector::record_incident(THD *thd, Incident incident, LEX_STRING const message) @@ -238,6 +237,5 @@ int injector::record_incident(THD *thd, Incident incident, LEX_STRING const mess Incident_log_event ev(thd, incident, message); if (int error= mysql_bin_log.write(&ev)) return error; - mysql_bin_log.rotate_and_purge(RP_FORCE_ROTATE); - return 0; + return mysql_bin_log.rotate_and_purge(RP_FORCE_ROTATE); } diff --git a/sql/slave.cc b/sql/slave.cc index 644aade517c..96319de5427 100644 --- a/sql/slave.cc +++ b/sql/slave.cc @@ -3398,8 +3398,7 @@ static int process_io_rotate(Master_info *mi, Rotate_log_event *rev) Rotate the relay log makes binlog format detection easier (at next slave start or mysqlbinlog) */ - rotate_relay_log(mi); /* will take the right mutexes */ - DBUG_RETURN(0); + DBUG_RETURN(rotate_relay_log(mi) /* will take the right mutexes */); } /* @@ -4482,10 +4481,11 @@ err: is void). */ -void rotate_relay_log(Master_info* mi) +int rotate_relay_log(Master_info* mi) { DBUG_ENTER("rotate_relay_log"); Relay_log_info* rli= &mi->rli; + int error= 0; /* We don't lock rli->run_lock. This would lead to deadlocks. */ pthread_mutex_lock(&mi->run_lock); @@ -4501,7 +4501,8 @@ void rotate_relay_log(Master_info* mi) } /* If the relay log is closed, new_file() will do nothing. */ - rli->relay_log.new_file(); + if ((error= rli->relay_log.new_file())) + goto end; /* We harvest now, because otherwise BIN_LOG_HEADER_SIZE will not immediately @@ -4519,7 +4520,7 @@ void rotate_relay_log(Master_info* mi) rli->relay_log.harvest_bytes_written(&rli->log_space_total); end: pthread_mutex_unlock(&mi->run_lock); - DBUG_VOID_RETURN; + DBUG_RETURN(error); } diff --git a/sql/slave.h b/sql/slave.h index f356d28b626..da14b3ab4b0 100644 --- a/sql/slave.h +++ b/sql/slave.h @@ -189,7 +189,7 @@ int purge_relay_logs(Relay_log_info* rli, THD *thd, bool just_reset, const char** errmsg); void set_slave_thread_options(THD* thd); void set_slave_thread_default_charset(THD *thd, Relay_log_info const *rli); -void rotate_relay_log(Master_info* mi); +int rotate_relay_log(Master_info* mi); int apply_event_and_update_pos(Log_event* ev, THD* thd, Relay_log_info* rli); pthread_handler_t handle_slave_io(void *arg); diff --git a/sql/sql_load.cc b/sql/sql_load.cc index 4b68f2a3821..f2aedf5d0aa 100644 --- a/sql/sql_load.cc +++ b/sql/sql_load.cc @@ -567,6 +567,13 @@ int mysql_load(THD *thd,sql_exchange *ex,TABLE_LIST *table_list, transactional_table, errcode); } + + /* + Flushing the IO CACHE while writing the execute load query log event + may result in error (for instance, because the max_binlog_size has been + reached, and rotation of the binary log failed). + */ + error= error || mysql_bin_log.get_log_file()->error; } if (error) goto err; diff --git a/sql/sql_parse.cc b/sql/sql_parse.cc index 7cf64134d70..c81bd36cfad 100644 --- a/sql/sql_parse.cc +++ b/sql/sql_parse.cc @@ -1474,7 +1474,7 @@ bool dispatch_command(enum enum_server_command command, THD *thd, #endif case COM_REFRESH: { - bool not_used; + int not_used; status_var_increment(thd->status_var.com_stat[SQLCOM_FLUSH]); ulong options= (ulong) (uchar) packet[0]; if (check_global_access(thd,RELOAD_ACL)) @@ -3227,7 +3227,11 @@ end_with_restore_list: { Incident_log_event ev(thd, incident); (void) mysql_bin_log.write(&ev); /* error is ignored */ - mysql_bin_log.rotate_and_purge(RP_FORCE_ROTATE); + if (mysql_bin_log.rotate_and_purge(RP_FORCE_ROTATE)) + { + res= 1; + break; + } } DBUG_PRINT("debug", ("Just after generate_incident()")); } @@ -4051,7 +4055,7 @@ end_with_restore_list: lex->no_write_to_binlog= 1; case SQLCOM_FLUSH: { - bool write_to_binlog; + int write_to_binlog; if (check_global_access(thd,RELOAD_ACL)) goto error; @@ -4068,12 +4072,22 @@ end_with_restore_list: /* Presumably, RESET and binlog writing doesn't require synchronization */ - if (!lex->no_write_to_binlog && write_to_binlog) + + if (write_to_binlog > 0) // we should write + { + if (!lex->no_write_to_binlog) + res= write_bin_log(thd, FALSE, thd->query(), thd->query_length()); + } else if (write_to_binlog < 0) { - if ((res= write_bin_log(thd, FALSE, thd->query(), thd->query_length()))) - break; - } - my_ok(thd); + /* + We should not write, but rather report error because + reload_acl_and_cache binlog interactions failed + */ + res= 1; + } + + if (!res) + my_ok(thd); } break; @@ -6862,7 +6876,10 @@ void add_join_natural(TABLE_LIST *a, TABLE_LIST *b, List *using_fields, @param thd Thread handler (can be NULL!) @param options What should be reset/reloaded (tables, privileges, slave...) @param tables Tables to flush (if any) - @param write_to_binlog True if we can write to the binlog. + @param write_to_binlog < 0 if there was an error while interacting with the binary log inside + reload_acl_and_cache, + 0 if we should not write to the binary log, + > 0 if we can write to the binlog. @note Depending on 'options', it may be very bad to write the query to the binlog (e.g. FLUSH SLAVE); this is a @@ -6876,11 +6893,11 @@ void add_join_natural(TABLE_LIST *a, TABLE_LIST *b, List *using_fields, */ bool reload_acl_and_cache(THD *thd, ulong options, TABLE_LIST *tables, - bool *write_to_binlog) + int *write_to_binlog) { bool result=0; select_errors=0; /* Write if more errors */ - bool tmp_write_to_binlog= 1; + int tmp_write_to_binlog= *write_to_binlog= 1; DBUG_ASSERT(!thd || !thd->in_sub_stmt); @@ -6943,12 +6960,16 @@ bool reload_acl_and_cache(THD *thd, ulong options, TABLE_LIST *tables, tmp_write_to_binlog= 0; if( mysql_bin_log.is_open() ) { - mysql_bin_log.rotate_and_purge(RP_FORCE_ROTATE); + if (mysql_bin_log.rotate_and_purge(RP_FORCE_ROTATE)) + *write_to_binlog= -1; } #ifdef HAVE_REPLICATION + int rotate_error= 0; pthread_mutex_lock(&LOCK_active_mi); - rotate_relay_log(active_mi); + rotate_error= rotate_relay_log(active_mi); pthread_mutex_unlock(&LOCK_active_mi); + if (rotate_error) + *write_to_binlog= -1; #endif /* flush slow and general logs */ @@ -7059,7 +7080,8 @@ bool reload_acl_and_cache(THD *thd, ulong options, TABLE_LIST *tables, #endif if (options & REFRESH_USER_RESOURCES) reset_mqh((LEX_USER *) NULL, 0); /* purecov: inspected */ - *write_to_binlog= tmp_write_to_binlog; + if (*write_to_binlog != -1) + *write_to_binlog= tmp_write_to_binlog; /* If the query was killed then this function must fail. */ -- cgit v1.2.1 From db830d26b346fd98bc595e747ea33159a0f5994b Mon Sep 17 00:00:00 2001 From: Mattias Jonsson Date: Wed, 1 Dec 2010 12:20:46 +0100 Subject: Bug#56380: valgrind memory leak warning from partition tests There could be memory leaks if ALTER ... PARTITION command fails. Problem was that the list of items to free was not set in the partition info structure when fix_partition_func call failed during ALTER ... PARTITION. Solved by always setting the list in the partition info struct. sql/table.cc: item_free_list is not set if (!work_part_info_used) and fix_partition_func failed. Which may result in a mem leak. --- sql/table.cc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'sql') diff --git a/sql/table.cc b/sql/table.cc index 18523f08551..b43d29294a8 100644 --- a/sql/table.cc +++ b/sql/table.cc @@ -1867,8 +1867,8 @@ int open_table_from_share(THD *thd, TABLE_SHARE *share, const char *alias, { if (work_part_info_used) tmp= fix_partition_func(thd, outparam, is_create_table); - outparam->part_info->item_free_list= part_func_arena.free_list; } + outparam->part_info->item_free_list= part_func_arena.free_list; partititon_err: if (tmp) { -- cgit v1.2.1 From fc9f3efaec61ea3086c1df2942a1157fdf9ca1c2 Mon Sep 17 00:00:00 2001 From: Mats Kindahl Date: Wed, 1 Dec 2010 13:54:50 +0100 Subject: BUG#58246: INSTALL PLUGIN not secure & crashable When installing plugins, there is a missing check for slash (/) in the path on Windows. Note that on Windows, both / and \ can be used to separate directories. This patch fixes the issue by: - Adding a FN_DIRSEP symbol for all platforms consisting of a string of legal directory separators. - Adding a charset-aware version of strcspn(). - Adding a check_valid_path() function that uses my_strcspn() to check if any FN_DIRSEP character is in the supplied string. - Using the check_valid_path() function in sql_plugin.cc and sql_udf.cc (which means replacing the existing test there). include/config-netware.h: Adding FN_DIRSEP ****** Adding FN_DIRSEP include/config-win.h: Adding FN_DIRSEP ****** Adding FN_DIRSEP include/m_ctype.h: Adding my_strspn() and my_strcspn(). ****** Adding my_strspn() and my_strcspn(). include/my_global.h: Adding FN_DIRSEP ****** Adding FN_DIRSEP mysql-test/t/plugin_not_embedded.test: Adding test that file names containing / is disallowed on *all* platforms. ****** Adding test that file names containing / is disallowed on *all* platforms. sql/sql_plugin.cc: Introducing check_if_path() function for checking if filename is a path to include / on Windows. ****** Introducing check_if_path() function for checking if filename is a path to include / on Windows. sql/sql_udf.cc: Switching to use check_if_path() function. ****** Switching to use check_if_path() function. strings/my_strchr.c: Adding my_strspn() and my_strcspn(). ****** Adding my_strspn() and my_strcspn(). --- sql/sql_plugin.cc | 23 ++++++++++++++++++++++- sql/sql_plugin.h | 1 + sql/sql_udf.cc | 12 ++---------- 3 files changed, 25 insertions(+), 11 deletions(-) (limited to 'sql') diff --git a/sql/sql_plugin.cc b/sql/sql_plugin.cc index e0fc88c3068..d8423fd153b 100644 --- a/sql/sql_plugin.cc +++ b/sql/sql_plugin.cc @@ -231,6 +231,26 @@ extern bool check_if_table_exists(THD *thd, TABLE_LIST *table, bool *exists); #endif /* EMBEDDED_LIBRARY */ +/** + Check if the provided path is valid in the sense that it does cause + a relative reference outside the directory. + + @note Currently, this function only check if there are any + characters in FN_DIRSEP in the string, but it might change in the + future. + + @code + check_valid_path("../foo.so") -> true + check_valid_path("foo.so") -> false + @endcode + */ +bool check_valid_path(const char *path, size_t len) +{ + size_t prefix= my_strcspn(files_charset_info, path, path + len, FN_DIRSEP); + return prefix < len; +} + + /**************************************************************************** Value type thunks, allows the C world to play in the C++ world ****************************************************************************/ @@ -354,13 +374,14 @@ static st_plugin_dl *plugin_dl_add(const LEX_STRING *dl, int report) struct st_plugin_dl *tmp, plugin_dl; void *sym; DBUG_ENTER("plugin_dl_add"); + DBUG_PRINT("enter", ("dl->str: '%s', dl->length: %d", dl->str, dl->length)); plugin_dir_len= strlen(opt_plugin_dir); /* Ensure that the dll doesn't have a path. This is done to ensure that only approved libraries from the plugin directory are used (to make this even remotely secure). */ - if (my_strchr(files_charset_info, dl->str, dl->str + dl->length, FN_LIBCHAR) || + if (check_valid_path(dl->str, dl->length) || check_string_char_length((LEX_STRING *) dl, "", NAME_CHAR_LEN, system_charset_info, 1) || plugin_dir_len + dl->length + 1 >= FN_REFLEN) diff --git a/sql/sql_plugin.h b/sql/sql_plugin.h index 004d0d5abb7..72984865807 100644 --- a/sql/sql_plugin.h +++ b/sql/sql_plugin.h @@ -131,6 +131,7 @@ extern bool mysql_uninstall_plugin(THD *thd, const LEX_STRING *name); extern bool plugin_register_builtin(struct st_mysql_plugin *plugin); extern void plugin_thdvar_init(THD *thd); extern void plugin_thdvar_cleanup(THD *thd); +extern bool check_valid_path(const char *path, size_t length); typedef my_bool (plugin_foreach_func)(THD *thd, plugin_ref plugin, diff --git a/sql/sql_udf.cc b/sql/sql_udf.cc index d455a66c4f2..1d5335f0652 100644 --- a/sql/sql_udf.cc +++ b/sql/sql_udf.cc @@ -173,10 +173,7 @@ void udf_init() On windows we must check both FN_LIBCHAR and '/'. */ - if (my_strchr(files_charset_info, dl_name, - dl_name + strlen(dl_name), FN_LIBCHAR) || - IF_WIN(my_strchr(files_charset_info, dl_name, - dl_name + strlen(dl_name), '/'), 0) || + if (check_valid_path(dl_name, strlen(dl_name)) || check_string_char_length(&name, "", NAME_CHAR_LEN, system_charset_info, 1)) { @@ -416,13 +413,8 @@ int mysql_create_function(THD *thd,udf_func *udf) Ensure that the .dll doesn't have a path This is done to ensure that only approved dll from the system directories are used (to make this even remotely secure). - - On windows we must check both FN_LIBCHAR and '/'. */ - if (my_strchr(files_charset_info, udf->dl, - udf->dl + strlen(udf->dl), FN_LIBCHAR) || - IF_WIN(my_strchr(files_charset_info, udf->dl, - udf->dl + strlen(udf->dl), '/'), 0)) + if (check_valid_path(udf->dl, strlen(udf->dl))) { my_message(ER_UDF_NO_PATHS, ER(ER_UDF_NO_PATHS), MYF(0)); DBUG_RETURN(1); -- cgit v1.2.1 From d56a6dd02792e9a6bd5d0a644feb152f4cdae0a1 Mon Sep 17 00:00:00 2001 From: Tor Didriksen Date: Thu, 2 Dec 2010 08:14:43 +0100 Subject: BUG#58246 post-push fix broken DBG build. --- sql/sql_plugin.cc | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'sql') diff --git a/sql/sql_plugin.cc b/sql/sql_plugin.cc index d8423fd153b..03a729258ca 100644 --- a/sql/sql_plugin.cc +++ b/sql/sql_plugin.cc @@ -374,7 +374,8 @@ static st_plugin_dl *plugin_dl_add(const LEX_STRING *dl, int report) struct st_plugin_dl *tmp, plugin_dl; void *sym; DBUG_ENTER("plugin_dl_add"); - DBUG_PRINT("enter", ("dl->str: '%s', dl->length: %d", dl->str, dl->length)); + DBUG_PRINT("enter", ("dl->str: '%s', dl->length: %d", + dl->str, (int) dl->length)); plugin_dir_len= strlen(opt_plugin_dir); /* Ensure that the dll doesn't have a path. -- cgit v1.2.1 From a4b106c882d56516b0f9c01b54432608a30577c8 Mon Sep 17 00:00:00 2001 From: Georgi Kodinov Date: Fri, 3 Dec 2010 16:56:36 +0200 Subject: Backport of bug #55564 to 5.0-security --- sql/item_func.cc | 8 ++++++++ sql/item_func.h | 1 + 2 files changed, 9 insertions(+) (limited to 'sql') diff --git a/sql/item_func.cc b/sql/item_func.cc index 8af7db7fa1a..6cd8f34ecef 100644 --- a/sql/item_func.cc +++ b/sql/item_func.cc @@ -4303,6 +4303,14 @@ longlong Item_func_set_user_var::val_int_result() return entry->val_int(&null_value); } +bool Item_func_set_user_var::val_bool_result() +{ + DBUG_ASSERT(fixed == 1); + check(TRUE); + update(); // Store expression + return entry->val_int(&null_value) != 0; +} + String *Item_func_set_user_var::str_result(String *str) { DBUG_ASSERT(fixed == 1); diff --git a/sql/item_func.h b/sql/item_func.h index 47a13559e90..ccab6c855c6 100644 --- a/sql/item_func.h +++ b/sql/item_func.h @@ -1300,6 +1300,7 @@ public: my_decimal *val_decimal(my_decimal *); double val_result(); longlong val_int_result(); + bool val_bool_result(); String *str_result(String *str); my_decimal *val_decimal_result(my_decimal *); bool is_null_result(); -- cgit v1.2.1 From 844138c90b9ca1ebaee04d1ea7c8731b933f7550 Mon Sep 17 00:00:00 2001 From: Luis Soares Date: Fri, 3 Dec 2010 17:17:45 +0000 Subject: BUG#46697: Table name in error message is not populated When a query fails with a different error on the slave, the sql thread outputs a message (M) containing: 1. the error message format for the master error code 2. the master error code 3. the error message for the slave's error code 4. the slave error code Given that the slave has no information on the error message itself that the master outputs, it can only print its own version of the message format (but stripped from the additional data if the message format requires). This may confuse users. To fix this we augment the slave's message (M) to explicitly state that the master's message is actually an error message format, the one associated with the given master error code and that the slave server knows about. --- sql/log_event.cc | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'sql') diff --git a/sql/log_event.cc b/sql/log_event.cc index d0635ddac1a..b4599b8fd8c 100644 --- a/sql/log_event.cc +++ b/sql/log_event.cc @@ -3337,7 +3337,8 @@ compare_errors: rli->report(ERROR_LEVEL, 0, "\ Query caused different errors on master and slave. \ -Error on master: '%s' (%d), Error on slave: '%s' (%d). \ +Error on master: message format='%s' error code=%d ; \ +Error on slave: actual message='%s', error code=%d. \ Default database: '%s'. Query: '%s'", ER_SAFE(expected_error), expected_error, -- cgit v1.2.1 From e5a88caf08749b6ac1de4d5420f04b6125898e08 Mon Sep 17 00:00:00 2001 From: Gleb Shchepa Date: Mon, 6 Dec 2010 23:38:31 +0300 Subject: Bug #57187: more user variable fun with multiple assignments and comparison in query A query that compares assignments of the same user variable caused Valgrind warnings: access to freed memory region. In case of a DECIMAL argument the assignment operator (:=) may return a pointer to a stored value instead of its copy when evaluated. The next assignment to the same variable may: a) overwrite the stored value with a new one and return the same pointer or even b) reallocate stored value. Thus, if we evaluate an assignment and keep the result pointer and then evaluate another assignment to the same variable, then the kept result pointer of the first assignment will point to unexpectedly changed data or it may be a dead pointer. That may cause wrong data or crash. The user_var_entry::val_decimal method has been modified to copy user variable data. mysql-test/r/user_var.result: Test case for bug #57187. mysql-test/t/user_var.test: Test case for bug #57187. sql/item_func.cc: Bug #57187: more user variable fun with multiple assignments and comparison in query The user_var_entry::val_decimal method has been modified to copy user variable data. --- sql/item_func.cc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'sql') diff --git a/sql/item_func.cc b/sql/item_func.cc index 8bb1009ac2c..5a8f65a795a 100644 --- a/sql/item_func.cc +++ b/sql/item_func.cc @@ -4064,7 +4064,7 @@ my_decimal *user_var_entry::val_decimal(my_bool *null_value, my_decimal *val) int2my_decimal(E_DEC_FATAL_ERROR, *(longlong*) value, 0, val); break; case DECIMAL_RESULT: - val= (my_decimal *)value; + my_decimal2decimal((my_decimal *) value, val); break; case STRING_RESULT: str2my_decimal(E_DEC_FATAL_ERROR, value, length, collation.collation, val); -- cgit v1.2.1 From 5ca6880defa1f04f754000c89bf08ea8173456e7 Mon Sep 17 00:00:00 2001 From: Dmitry Shulga Date: Fri, 10 Dec 2010 13:48:50 +0600 Subject: Fixed bug#54486 - assert in my_seek, concurrent DROP/CREATE SCHEMA, CREATE TABLE, REPAIR. The cause of assert was concurrent execution of DROP DATABASE and REPAIR TABLE where first statement deleted table's file .TMD at the same time as REPAIR TABLE tried to read file details from the old file that was just removed. Additionally was fixed trouble when DROP TABLE try delete all files belong to table being dropped at the same time when REPAIR TABLE statement has just deleted .TMD file. No regression test added because this would require adding a sync point to mysys/my_redel.c. Since this bug is not present in 5.5+, adding test coverage was considered unnecessary. The patch has been verified using RQG testing. sql/sql_db.cc: mysql_rm_known_files() modified: ignore possible ENOENT error when trying delete all table's files. Such aggressive algorithm permits skip already deleted (in another thread) files. Installation of Drop_table_error_handler as internal error handler moved from mysql_rm_db() to mysql_rm_knowns_files() near to place where source of possible errors (call to mysql_rm_table_part2) located. storage/myisam/mi_check.c: mi_repair() was modified: set param->retry_repair= 0 in order to don't call following failover procedure in ha_myisam::repair(). --- sql/sql_db.cc | 31 +++++++++++++++++++++++-------- 1 file changed, 23 insertions(+), 8 deletions(-) (limited to 'sql') diff --git a/sql/sql_db.cc b/sql/sql_db.cc index 2c44c1a8449..d7d7f43a7aa 100644 --- a/sql/sql_db.cc +++ b/sql/sql_db.cc @@ -948,9 +948,6 @@ bool mysql_rm_db(THD *thd,char *db,bool if_exists, bool silent) remove_db_from_cache(db); pthread_mutex_unlock(&LOCK_open); - Drop_table_error_handler err_handler(thd->get_internal_handler()); - thd->push_internal_handler(&err_handler); - error= -1; /* We temporarily disable the binary log while dropping the objects @@ -983,8 +980,8 @@ bool mysql_rm_db(THD *thd,char *db,bool if_exists, bool silent) error = 0; reenable_binlog(thd); } - thd->pop_internal_handler(); } + if (!silent && deleted>=0) { const char *query; @@ -1213,16 +1210,34 @@ static long mysql_rm_known_files(THD *thd, MY_DIR *dirp, const char *db, else { strxmov(filePath, org_path, "/", file->name, NullS); - if (my_delete_with_symlink(filePath,MYF(MY_WME))) + /* + We ignore ENOENT error in order to skip files that was deleted + by concurrently running statement like REAPIR TABLE ... + */ + if (my_delete_with_symlink(filePath, MYF(0)) && + my_errno != ENOENT) { - goto err; + my_error(EE_DELETE, MYF(0), filePath, my_errno); + goto err; } } } - if (thd->killed || - (tot_list && mysql_rm_table_part2(thd, tot_list, 1, 0, 1, 1))) + + if (thd->killed) goto err; + if (tot_list) + { + int res= 0; + Drop_table_error_handler err_handler(thd->get_internal_handler()); + + thd->push_internal_handler(&err_handler); + res= mysql_rm_table_part2(thd, tot_list, 1, 0, 1, 1); + thd->pop_internal_handler(); + if (res) + goto err; + } + /* Remove RAID directories */ { List_iterator it(raid_dirs); -- cgit v1.2.1 From ffc16a2d06deb125f7ead5c4a9f6eb1fb3b48379 Mon Sep 17 00:00:00 2001 From: Luis Soares Date: Tue, 7 Dec 2010 15:48:18 +0000 Subject: BUG#46166 Post merge fix. In write_incident, check if binlog file is opened before actually trying to write the incident event. --- sql/log.cc | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'sql') diff --git a/sql/log.cc b/sql/log.cc index 46dcec2e2cd..5fcb5fe0367 100644 --- a/sql/log.cc +++ b/sql/log.cc @@ -4828,6 +4828,10 @@ bool MYSQL_BIN_LOG::write_incident(THD *thd, bool lock) { uint error= 0; DBUG_ENTER("MYSQL_BIN_LOG::write_incident"); + + if (!is_open()) + DBUG_RETURN(error); + LEX_STRING const write_error_msg= { C_STRING_WITH_LEN("error writing to the binary log") }; Incident incident= INCIDENT_LOST_EVENTS; -- cgit v1.2.1 From 3190d454236c73184b41dcbd7a296069ac2d115b Mon Sep 17 00:00:00 2001 From: Georgi Kodinov Date: Wed, 8 Dec 2010 16:05:26 +0200 Subject: Backport of the 5.1 fix for bug #55826 to 5.0 --- sql/item_func.cc | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) (limited to 'sql') diff --git a/sql/item_func.cc b/sql/item_func.cc index 6cd8f34ecef..3d105a159e0 100644 --- a/sql/item_func.cc +++ b/sql/item_func.cc @@ -2270,7 +2270,7 @@ void Item_func_min_max::fix_length_and_dec() stored to the value pointer, if latter is provided. RETURN - 0 If one of arguments is NULL + 0 If one of arguments is NULL or there was a execution error # index of the least/greatest argument */ @@ -2284,6 +2284,14 @@ uint Item_func_min_max::cmp_datetimes(ulonglong *value) Item **arg= args + i; bool is_null; longlong res= get_datetime_value(thd, &arg, 0, datetime_item, &is_null); + + /* Check if we need to stop (because of error or KILL) and stop the loop */ + if (thd->net.report_error) + { + null_value= 1; + return 0; + } + if ((null_value= args[i]->null_value)) return 0; if (i == 0 || (res < min_max ? cmp_sign : -cmp_sign) > 0) @@ -2312,6 +2320,12 @@ String *Item_func_min_max::val_str(String *str) if (null_value) return 0; str_res= args[min_max_idx]->val_str(str); + if (args[min_max_idx]->null_value) + { + // check if the call to val_str() above returns a NULL value + null_value= 1; + return NULL; + } str_res->set_charset(collation.collation); return str_res; } -- cgit v1.2.1 From 6330815a0ce15311cb90781d633b4c8cdfd34834 Mon Sep 17 00:00:00 2001 From: Sergey Glukhov Date: Mon, 13 Dec 2010 13:39:26 +0300 Subject: Bug#58396 group_concat and explain extended are still crashy Explain fails at fix_fields stage and some items are left unfixed, particulary Item_group_concat. Item_group_concat::orig_args field is uninitialized in this case and Item_group_concat::print call leads to crash. The fix: move the initialization of Item_group_concat::orig_args into constructor. mysql-test/r/func_gconcat.result: test case mysql-test/t/func_gconcat.test: test case sql/item_sum.cc: move the initialization of Item_group_concat::orig_args into constructor. --- sql/item_sum.cc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'sql') diff --git a/sql/item_sum.cc b/sql/item_sum.cc index 65f8222d38b..a60a6b3ef95 100644 --- a/sql/item_sum.cc +++ b/sql/item_sum.cc @@ -3003,6 +3003,7 @@ Item_func_group_concat(Name_resolution_context *context_arg, order_item->item= arg_ptr++; } } + memcpy(orig_args, args, sizeof(Item*) * arg_count); } @@ -3233,7 +3234,6 @@ Item_func_group_concat::fix_fields(THD *thd, Item **ref) if (check_sum_func(thd, ref)) return TRUE; - memcpy (orig_args, args, sizeof (Item *) * arg_count); fixed= 1; return FALSE; } -- cgit v1.2.1 From 1faf910eeb4e8f40253bf34b634af5332f367dc5 Mon Sep 17 00:00:00 2001 From: Sergey Glukhov Date: Mon, 13 Dec 2010 14:48:12 +0300 Subject: Bug#39828 : Autoinc wraps around when offset and increment > 1 Auto increment value wraps when performing a bulk insert with auto_increment_increment and auto_increment_offset greater than one. The fix: If overflow happened then return MAX_ULONGLONG value as an indication of overflow and check this before storing the value into the field in update_auto_increment(). mysql-test/r/auto_increment.result: test case mysql-test/suite/innodb/r/innodb-autoinc.result: test case fix mysql-test/suite/innodb/t/innodb-autoinc.test: test case fix mysql-test/suite/innodb_plugin/r/innodb-autoinc.result: test case fix mysql-test/suite/innodb_plugin/t/innodb-autoinc.test: test case fix mysql-test/t/auto_increment.test: test case sql/handler.cc: If overflow happened then return MAX_ULONGLONG value as an indication of overflow and check this before storing the value into the field in update_auto_increment(). --- sql/handler.cc | 30 ++++++++++++++++++++++-------- 1 file changed, 22 insertions(+), 8 deletions(-) (limited to 'sql') diff --git a/sql/handler.cc b/sql/handler.cc index 1525ca53bca..33c7f518838 100644 --- a/sql/handler.cc +++ b/sql/handler.cc @@ -2166,7 +2166,8 @@ int handler::read_first_row(uchar * buf, uint primary_key) computes the lowest number - strictly greater than "nr" - of the form: auto_increment_offset + N * auto_increment_increment - + If overflow happened then return MAX_ULONGLONG value as an + indication of overflow. In most cases increment= offset= 1, in which case we get: @verbatim 1,2,3,4,5,... @endverbatim If increment=10 and offset=5 and previous number is 1, we get: @@ -2175,13 +2176,23 @@ int handler::read_first_row(uchar * buf, uint primary_key) inline ulonglong compute_next_insert_id(ulonglong nr,struct system_variables *variables) { + const ulonglong save_nr= nr; + if (variables->auto_increment_increment == 1) - return (nr+1); // optimization of the formula below - nr= (((nr+ variables->auto_increment_increment - - variables->auto_increment_offset)) / - (ulonglong) variables->auto_increment_increment); - return (nr* (ulonglong) variables->auto_increment_increment + - variables->auto_increment_offset); + nr= nr + 1; // optimization of the formula below + else + { + nr= (((nr+ variables->auto_increment_increment - + variables->auto_increment_offset)) / + (ulonglong) variables->auto_increment_increment); + nr= (nr* (ulonglong) variables->auto_increment_increment + + variables->auto_increment_offset); + } + + if (unlikely(nr <= save_nr)) + return ULONGLONG_MAX; + + return nr; } @@ -2392,7 +2403,7 @@ int handler::update_auto_increment() variables->auto_increment_increment, nb_desired_values, &nr, &nb_reserved_values); - if (nr == ~(ulonglong) 0) + if (nr == ULONGLONG_MAX) DBUG_RETURN(HA_ERR_AUTOINC_READ_FAILED); // Mark failure /* @@ -2423,6 +2434,9 @@ int handler::update_auto_increment() } } + if (unlikely(nr == ULONGLONG_MAX)) + DBUG_RETURN(HA_ERR_AUTOINC_ERANGE); + DBUG_PRINT("info",("auto_increment: %lu", (ulong) nr)); if (unlikely(table->next_number_field->store((longlong) nr, TRUE))) -- cgit v1.2.1 From fcb83cbf15653bbed15936d8eafb4fc7de3e743b Mon Sep 17 00:00:00 2001 From: Sergey Glukhov Date: Tue, 14 Dec 2010 12:33:03 +0300 Subject: Fixed following problems: --Bug#52157 various crashes and assertions with multi-table update, stored function --Bug#54475 improper error handling causes cascading crashing failures in innodb/ndb --Bug#57703 create view cause Assertion failed: 0, file .\item_subselect.cc, line 846 --Bug#57352 valgrind warnings when creating view --Recently discovered problem when a nested materialized derived table is used before being populated and it leads to incorrect result We have several modes when we should disable subquery evaluation. The reasons for disabling are different. It could be uselessness of the evaluation as in case of 'CREATE VIEW' or 'PREPARE stmt', or we should disable subquery evaluation if tables are not locked yet as it happens in bug#54475, or too early evaluation of subqueries can lead to wrong result as it happened in Bug#19077. Main problem is that if subquery items are treated as const they are evaluated in ::fix_fields(), ::fix_length_and_dec() of the parental items as a lot of these methods have Item::val_...() calls inside. We have to make subqueries non-const to prevent unnecessary subquery evaluation. At the moment we have different methods for this. Here is a list of these modes: 1. PREPARE stmt; We use UNCACHEABLE_PREPARE flag. It is set during parsing in sql_parse.cc, mysql_new_select() for each SELECT_LEX object and cleared at the end of PREPARE in sql_prepare.cc, init_stmt_after_parse(). If this flag is set subquery becomes non-const and evaluation does not happen. 2. CREATE|ALTER VIEW, SHOW CREATE VIEW, I_S tables which process FRM files We use LEX::view_prepare_mode field. We set it before view preparation and check this flag in ::fix_fields(), ::fix_length_and_dec(). Some bugs are fixed using this approach, some are not(Bug#57352, Bug#57703). The problem here is that we have a lot of ::fix_fields(), ::fix_length_and_dec() where we use Item::val_...() calls for const items. 3. Derived tables with subquery = wrong result(Bug19077) The reason of this bug is too early subquery evaluation. It was fixed by adding Item::with_subselect field The check of this field in appropriate places prevents const item evaluation if the item have subquery. The fix for Bug19077 fixes only the problem with convert_constant_item() function and does not cover other places(::fix_fields(), ::fix_length_and_dec() again) where subqueries could be evaluated. Example: CREATE TABLE t1 (i INT, j BIGINT); INSERT INTO t1 VALUES (1, 2), (2, 2), (3, 2); SELECT * FROM (SELECT MIN(i) FROM t1 WHERE j = SUBSTRING('12', (SELECT * FROM (SELECT MIN(j) FROM t1) t2))) t3; DROP TABLE t1; 4. Derived tables with subquery where subquery is evaluated before table locking(Bug#54475, Bug#52157) Suggested solution is following: -Introduce new field LEX::context_analysis_only with the following possible flags: #define CONTEXT_ANALYSIS_ONLY_PREPARE 1 #define CONTEXT_ANALYSIS_ONLY_VIEW 2 #define CONTEXT_ANALYSIS_ONLY_DERIVED 4 -Set/clean these flags when we perform context analysis operation -Item_subselect::const_item() returns result depending on LEX::context_analysis_only. If context_analysis_only is set then we return FALSE that means that subquery is non-const. As all subquery types are wrapped by Item_subselect it allow as to make subquery non-const when it's necessary. mysql-test/r/derived.result: test case mysql-test/r/multi_update.result: test case mysql-test/r/view.result: test case mysql-test/suite/innodb/r/innodb_multi_update.result: test case mysql-test/suite/innodb/t/innodb_multi_update.test: test case mysql-test/suite/innodb_plugin/r/innodb_multi_update.result: test case mysql-test/suite/innodb_plugin/t/innodb_multi_update.test: test case mysql-test/t/derived.test: test case mysql-test/t/multi_update.test: test case mysql-test/t/view.test: test case sql/item.cc: --removed unnecessary code sql/item_cmpfunc.cc: --removed unnecessary checks --THD::is_context_analysis_only() is replaced with LEX::is_ps_or_view_context_analysis() sql/item_func.cc: --refactored context analysis checks sql/item_row.cc: --removed unnecessary checks sql/item_subselect.cc: --removed unnecessary code --added DBUG_ASSERT into Item_subselect::exec() which asserts that subquery execution can not happen if LEX::context_analysis_only is set, i.e. at context analysis stage. --Item_subselect::const_item() Return FALSE if LEX::context_analysis_only is set. It prevents subquery evaluation in ::fix_fields & ::fix_length_and_dec at context analysis stage. sql/item_subselect.h: --removed unnecessary code sql/mysql_priv.h: --Added new set of flags. sql/sql_class.h: --removed unnecessary code sql/sql_derived.cc: --added LEX::context_analysis_only analysis intialization/cleanup sql/sql_lex.cc: --init LEX::context_analysis_only field sql/sql_lex.h: --New LEX::context_analysis_only field sql/sql_parse.cc: --removed unnecessary code sql/sql_prepare.cc: --removed unnecessary code --added LEX::context_analysis_only analysis intialization/cleanup sql/sql_select.cc: --refactored context analysis checks sql/sql_show.cc: --added LEX::context_analysis_only analysis intialization/cleanup sql/sql_view.cc: --added LEX::context_analysis_only analysis intialization/cleanup --- sql/item.cc | 11 +---------- sql/item_cmpfunc.cc | 10 +++++----- sql/item_func.cc | 2 +- sql/item_row.cc | 8 ++------ sql/item_subselect.cc | 20 ++++---------------- sql/item_subselect.h | 1 - sql/mysql_priv.h | 33 +++++++++++++++++++++++++++++---- sql/sql_class.h | 2 -- sql/sql_derived.cc | 3 ++- sql/sql_lex.cc | 2 +- sql/sql_lex.h | 17 +++++++++-------- sql/sql_parse.cc | 7 ------- sql/sql_prepare.cc | 18 +++--------------- sql/sql_select.cc | 3 ++- sql/sql_show.cc | 8 ++++---- sql/sql_view.cc | 2 +- 16 files changed, 64 insertions(+), 83 deletions(-) (limited to 'sql') diff --git a/sql/item.cc b/sql/item.cc index d88a6e80bfe..c75db2dc15b 100644 --- a/sql/item.cc +++ b/sql/item.cc @@ -1712,16 +1712,7 @@ bool agg_item_set_converter(DTCollation &coll, const char *fname, if (!(conv= (*arg)->safe_charset_converter(coll.collation)) && ((*arg)->collation.repertoire == MY_REPERTOIRE_ASCII)) - { - /* - We should disable const subselect item evaluation because - subselect transformation does not happen in view_prepare_mode - and thus val_...() methods can not be called for const items. - */ - bool resolve_const= ((*arg)->type() == Item::SUBSELECT_ITEM && - thd->lex->view_prepare_mode) ? FALSE : TRUE; - conv= new Item_func_conv_charset(*arg, coll.collation, resolve_const); - } + conv= new Item_func_conv_charset(*arg, coll.collation, 1); if (!conv) { diff --git a/sql/item_cmpfunc.cc b/sql/item_cmpfunc.cc index 6987dd9e053..e2faa51479c 100644 --- a/sql/item_cmpfunc.cc +++ b/sql/item_cmpfunc.cc @@ -401,7 +401,7 @@ static bool convert_constant_item(THD *thd, Item_field *field_item, Field *field= field_item->field; int result= 0; - if (!(*item)->with_subselect && (*item)->const_item()) + if ((*item)->const_item()) { TABLE *table= field->table; ulong orig_sql_mode= thd->variables.sql_mode; @@ -497,7 +497,7 @@ void Item_bool_func2::fix_length_and_dec() } thd= current_thd; - if (!thd->is_context_analysis_only()) + if (!thd->lex->is_ps_or_view_context_analysis()) { if (args[0]->real_item()->type() == FIELD_ITEM) { @@ -801,7 +801,7 @@ Arg_comparator::can_compare_as_dates(Item *a, Item *b, ulonglong *const_value) confuse storage engines since in context analysis mode tables aren't locked. */ - if (!thd->is_context_analysis_only() && + if (!thd->lex->is_ps_or_view_context_analysis() && cmp_type != CMP_DATE_WITH_DATE && str_arg->const_item() && (str_arg->type() != Item::FUNC_ITEM || ((Item_func*)str_arg)->functype() != Item_func::GUSERVAR_FUNC)) @@ -1027,7 +1027,7 @@ Item** Arg_comparator::cache_converted_constant(THD *thd_arg, Item **value, Item_result type) { /* Don't need cache if doing context analysis only. */ - if (!thd_arg->is_context_analysis_only() && + if (!thd->lex->is_ps_or_view_context_analysis() && (*value)->const_item() && type != (*value)->result_type()) { Item_cache *cache= Item_cache::get_cache(*value, type); @@ -4686,7 +4686,7 @@ bool Item_func_like::fix_fields(THD *thd, Item **ref) return TRUE; } - if (escape_item->const_item() && !thd->lex->view_prepare_mode) + if (escape_item->const_item()) { /* If we are on execution stage */ String *escape_str= escape_item->val_str(&cmp.value1); diff --git a/sql/item_func.cc b/sql/item_func.cc index b542969cfb0..2ba4415dbac 100644 --- a/sql/item_func.cc +++ b/sql/item_func.cc @@ -6066,7 +6066,7 @@ Item_func_sp::fix_fields(THD *thd, Item **ref) if (res) DBUG_RETURN(res); - if (thd->lex->view_prepare_mode) + if (thd->lex->context_analysis_only & CONTEXT_ANALYSIS_ONLY_VIEW) { /* Here we check privileges of the stored routine only during view diff --git a/sql/item_row.cc b/sql/item_row.cc index 7535c1fa80b..408bc11eb9b 100644 --- a/sql/item_row.cc +++ b/sql/item_row.cc @@ -73,12 +73,8 @@ bool Item_row::fix_fields(THD *thd, Item **ref) used_tables_cache |= item->used_tables(); const_item_cache&= item->const_item() && !with_null; not_null_tables_cache|= item->not_null_tables(); - /* - Some subqueries transformations aren't done in the view_prepare_mode thus - is_null() will fail. So we skip is_null() calculation for CREATE VIEW as - not necessary. - */ - if (const_item_cache && !thd->lex->view_prepare_mode) + + if (const_item_cache) { if (item->cols() > 1) with_null|= item->null_inside(); diff --git a/sql/item_subselect.cc b/sql/item_subselect.cc index d521ad0b4e8..6f2286561b9 100644 --- a/sql/item_subselect.cc +++ b/sql/item_subselect.cc @@ -123,20 +123,6 @@ void Item_subselect::cleanup() } -/* - We cannot use generic Item::safe_charset_converter() because - Subselect transformation does not happen in view_prepare_mode - and thus we can not evaluate val_...() for const items. -*/ - -Item *Item_subselect::safe_charset_converter(CHARSET_INFO *tocs) -{ - Item_func_conv_charset *conv= - new Item_func_conv_charset(this, tocs, thd->lex->view_prepare_mode ? 0 : 1); - return conv->safe ? conv : NULL; -} - - void Item_singlerow_subselect::cleanup() { DBUG_ENTER("Item_singlerow_subselect::cleanup"); @@ -271,6 +257,7 @@ bool Item_subselect::exec() if (thd->is_error() || thd->killed) return 1; + DBUG_ASSERT(!thd->lex->context_analysis_only); /* Simulate a failure in sub-query execution. Used to test e.g. out of memory or query being killed conditions. @@ -307,7 +294,7 @@ table_map Item_subselect::used_tables() const bool Item_subselect::const_item() const { - return const_item_cache; + return thd->lex->context_analysis_only ? FALSE : const_item_cache; } Item *Item_subselect::get_tmp_table_item(THD *thd_arg) @@ -1638,7 +1625,8 @@ bool Item_in_subselect::fix_fields(THD *thd_arg, Item **ref) { bool result = 0; - if (thd_arg->lex->view_prepare_mode && left_expr && !left_expr->fixed) + if ((thd_arg->lex->context_analysis_only & CONTEXT_ANALYSIS_ONLY_VIEW) && + left_expr && !left_expr->fixed) result = left_expr->fix_fields(thd_arg, &left_expr); return result || Item_subselect::fix_fields(thd_arg, ref); diff --git a/sql/item_subselect.h b/sql/item_subselect.h index 3806e68e377..467e9b22637 100644 --- a/sql/item_subselect.h +++ b/sql/item_subselect.h @@ -126,7 +126,6 @@ public: virtual void reset_value_registration() {} enum_parsing_place place() { return parsing_place; } bool walk(Item_processor processor, bool walk_subquery, uchar *arg); - Item *safe_charset_converter(CHARSET_INFO *tocs); /** Get the SELECT_LEX structure associated with this Item. diff --git a/sql/mysql_priv.h b/sql/mysql_priv.h index 709a49b2036..04feb217d66 100644 --- a/sql/mysql_priv.h +++ b/sql/mysql_priv.h @@ -566,17 +566,42 @@ protected: #define MY_CHARSET_BIN_MB_MAXLEN 1 +/* + Flags below are set when we perform + context analysis of the statement and make + subqueries non-const. It prevents subquery + evaluation at context analysis stage. +*/ + +/* + Don't evaluate this subquery during statement prepare even if + it's a constant one. The flag is switched off in the end of + mysqld_stmt_prepare. +*/ +#define CONTEXT_ANALYSIS_ONLY_PREPARE 1 +/* + Special JOIN::prepare mode: changing of query is prohibited. + When creating a view, we need to just check its syntax omitting + any optimizations: afterwards definition of the view will be + reconstructed by means of ::print() methods and written to + to an .frm file. We need this definition to stay untouched. +*/ +#define CONTEXT_ANALYSIS_ONLY_VIEW 2 +/* + Don't evaluate this subquery during derived table prepare even if + it's a constant one. +*/ +#define CONTEXT_ANALYSIS_ONLY_DERIVED 4 + // uncachable cause #define UNCACHEABLE_DEPENDENT 1 #define UNCACHEABLE_RAND 2 #define UNCACHEABLE_SIDEEFFECT 4 /// forcing to save JOIN for explain #define UNCACHEABLE_EXPLAIN 8 -/** Don't evaluate subqueries in prepare even if they're not correlated */ -#define UNCACHEABLE_PREPARE 16 /* For uncorrelated SELECT in an UNION with some correlated SELECTs */ -#define UNCACHEABLE_UNITED 32 -#define UNCACHEABLE_CHECKOPTION 64 +#define UNCACHEABLE_UNITED 16 +#define UNCACHEABLE_CHECKOPTION 32 /* Used to check GROUP BY list in the MODE_ONLY_FULL_GROUP_BY mode */ #define UNDEF_POS (-1) diff --git a/sql/sql_class.h b/sql/sql_class.h index 774ae4abac4..cfb43356f2a 100644 --- a/sql/sql_class.h +++ b/sql/sql_class.h @@ -2180,8 +2180,6 @@ public: (variables.sql_mode & MODE_STRICT_ALL_TABLES))); } void set_status_var_init(); - bool is_context_analysis_only() - { return stmt_arena->is_stmt_prepare() || lex->view_prepare_mode; } void reset_n_backup_open_tables_state(Open_tables_state *backup); void restore_backup_open_tables_state(Open_tables_state *backup); void reset_sub_statement_state(Sub_statement_state *backup, uint new_state); diff --git a/sql/sql_derived.cc b/sql/sql_derived.cc index 782589f7d0f..3214c756bc7 100644 --- a/sql/sql_derived.cc +++ b/sql/sql_derived.cc @@ -147,10 +147,11 @@ bool mysql_derived_prepare(THD *thd, LEX *lex, TABLE_LIST *orig_table_list) if (!(derived_result= new select_union)) DBUG_RETURN(TRUE); // out of memory + lex->context_analysis_only|= CONTEXT_ANALYSIS_ONLY_DERIVED; // st_select_lex_unit::prepare correctly work for single select if ((res= unit->prepare(thd, derived_result, 0))) goto exit; - + lex->context_analysis_only&= ~CONTEXT_ANALYSIS_ONLY_DERIVED; if ((res= check_duplicate_names(unit->types, 0))) goto exit; diff --git a/sql/sql_lex.cc b/sql/sql_lex.cc index 24c51be2512..9ea144df9bc 100644 --- a/sql/sql_lex.cc +++ b/sql/sql_lex.cc @@ -305,7 +305,7 @@ void lex_start(THD *thd) lex->select_lex.group_list.empty(); lex->describe= 0; lex->subqueries= FALSE; - lex->view_prepare_mode= FALSE; + lex->context_analysis_only= 0; lex->derived_tables= 0; lex->lock_option= TL_READ; lex->safe_to_cache_query= 1; diff --git a/sql/sql_lex.h b/sql/sql_lex.h index 9131cec9d04..b1f30b07824 100644 --- a/sql/sql_lex.h +++ b/sql/sql_lex.h @@ -1715,14 +1715,8 @@ typedef struct st_lex : public Query_tables_list bool verbose, no_write_to_binlog; bool tx_chain, tx_release; - /* - Special JOIN::prepare mode: changing of query is prohibited. - When creating a view, we need to just check its syntax omitting - any optimizations: afterwards definition of the view will be - reconstructed by means of ::print() methods and written to - to an .frm file. We need this definition to stay untouched. - */ - bool view_prepare_mode; + + uint8 context_analysis_only; bool safe_to_cache_query; bool subqueries, ignore; st_parsing_options parsing_options; @@ -1843,6 +1837,13 @@ typedef struct st_lex : public Query_tables_list delete_dynamic(&plugins); } + inline bool is_ps_or_view_context_analysis() + { + return (context_analysis_only & + (CONTEXT_ANALYSIS_ONLY_PREPARE | + CONTEXT_ANALYSIS_ONLY_VIEW)); + } + inline void uncacheable(uint8 cause) { safe_to_cache_query= 0; diff --git a/sql/sql_parse.cc b/sql/sql_parse.cc index 7cf64134d70..abfc2ec26b3 100644 --- a/sql/sql_parse.cc +++ b/sql/sql_parse.cc @@ -5865,13 +5865,6 @@ mysql_new_select(LEX *lex, bool move_down) DBUG_RETURN(1); } select_lex->nest_level= lex->nest_level; - /* - Don't evaluate this subquery during statement prepare even if - it's a constant one. The flag is switched off in the end of - mysqld_stmt_prepare. - */ - if (thd->stmt_arena->is_stmt_prepare()) - select_lex->uncacheable|= UNCACHEABLE_PREPARE; if (move_down) { SELECT_LEX_UNIT *unit; diff --git a/sql/sql_prepare.cc b/sql/sql_prepare.cc index 5ba375f9710..aadfb831087 100644 --- a/sql/sql_prepare.cc +++ b/sql/sql_prepare.cc @@ -1688,7 +1688,7 @@ static bool mysql_test_create_view(Prepared_statement *stmt) if (open_normal_and_derived_tables(thd, tables, 0)) goto err; - lex->view_prepare_mode= 1; + lex->context_analysis_only|= CONTEXT_ANALYSIS_ONLY_VIEW; res= select_like_stmt_test(stmt, 0, 0); err: @@ -2234,19 +2234,6 @@ end: } -/** Init PS/SP specific parse tree members. */ - -static void init_stmt_after_parse(LEX *lex) -{ - SELECT_LEX *sl= lex->all_selects_list; - /* - Switch off a temporary flag that prevents evaluation of - subqueries in statement prepare. - */ - for (; sl; sl= sl->next_select_in_list()) - sl->uncacheable&= ~UNCACHEABLE_PREPARE; -} - /** SQLCOM_PREPARE implementation. @@ -3080,6 +3067,7 @@ bool Prepared_statement::prepare(const char *packet, uint packet_len) parser_state.m_lip.stmt_prepare_mode= TRUE; lex_start(thd); + lex->context_analysis_only|= CONTEXT_ANALYSIS_ONLY_PREPARE; error= parse_sql(thd, & parser_state, NULL) || thd->is_error() || @@ -3132,7 +3120,7 @@ bool Prepared_statement::prepare(const char *packet, uint packet_len) if (error == 0) { setup_set_params(); - init_stmt_after_parse(lex); + lex->context_analysis_only&= ~CONTEXT_ANALYSIS_ONLY_PREPARE; state= Query_arena::PREPARED; flags&= ~ (uint) IS_IN_USE; /* diff --git a/sql/sql_select.cc b/sql/sql_select.cc index c17cb946fa3..5bb5650fae7 100644 --- a/sql/sql_select.cc +++ b/sql/sql_select.cc @@ -538,7 +538,8 @@ JOIN::prepare(Item ***rref_pointer_array, thd->lex->allow_sum_func= save_allow_sum_func; } - if (!thd->lex->view_prepare_mode && !(select_options & SELECT_DESCRIBE)) + if (!(thd->lex->context_analysis_only & CONTEXT_ANALYSIS_ONLY_VIEW) && + !(select_options & SELECT_DESCRIBE)) { Item_subselect *subselect; /* Is it subselect? */ diff --git a/sql/sql_show.cc b/sql/sql_show.cc index ee0e2bf5ce7..ed7a8d32eb8 100644 --- a/sql/sql_show.cc +++ b/sql/sql_show.cc @@ -718,7 +718,7 @@ mysqld_show_create(THD *thd, TABLE_LIST *table_list) table_list->table_name)); /* We want to preserve the tree for views. */ - thd->lex->view_prepare_mode= TRUE; + thd->lex->context_analysis_only|= CONTEXT_ANALYSIS_ONLY_VIEW; { Show_create_error_handler view_error_suppressor(thd, table_list); @@ -3315,7 +3315,7 @@ int get_all_tables(THD *thd, TABLE_LIST *tables, COND *cond) uint derived_tables= lex->derived_tables; int error= 1; Open_tables_state open_tables_state_backup; - bool save_view_prepare_mode= lex->view_prepare_mode; + uint8 save_context_analysis_only= lex->context_analysis_only; Query_tables_list query_tables_list_backup; #ifndef NO_EMBEDDED_ACCESS_CHECKS Security_context *sctx= thd->security_ctx; @@ -3323,7 +3323,7 @@ int get_all_tables(THD *thd, TABLE_LIST *tables, COND *cond) uint table_open_method; DBUG_ENTER("get_all_tables"); - lex->view_prepare_mode= TRUE; + lex->context_analysis_only|= CONTEXT_ANALYSIS_ONLY_VIEW; lex->reset_n_backup_query_tables_list(&query_tables_list_backup); /* @@ -3540,7 +3540,7 @@ err: lex->restore_backup_query_tables_list(&query_tables_list_backup); lex->derived_tables= derived_tables; lex->all_selects_list= old_all_select_lex; - lex->view_prepare_mode= save_view_prepare_mode; + lex->context_analysis_only= save_context_analysis_only; lex->sql_command= save_sql_command; DBUG_RETURN(error); } diff --git a/sql/sql_view.cc b/sql/sql_view.cc index 133574089aa..6cb4f590ae0 100644 --- a/sql/sql_view.cc +++ b/sql/sql_view.cc @@ -545,7 +545,7 @@ bool mysql_create_view(THD *thd, TABLE_LIST *views, } /* prepare select to resolve all fields */ - lex->view_prepare_mode= 1; + lex->context_analysis_only|= CONTEXT_ANALYSIS_ONLY_VIEW; if (unit->prepare(thd, 0, 0)) { /* -- cgit v1.2.1 From 76627d5fc33749cb329a6ced6ce8ba16a3bdd558 Mon Sep 17 00:00:00 2001 From: Sergey Glukhov Date: Tue, 14 Dec 2010 19:08:25 +0300 Subject: Bug#57818 string conversion function died Bug#57913 large negative number to string conversion functions crash String object which is used as result container of the item has uninitialized 'str_charset' field. This object might be used later to preform some internal operations and str_charset field is involved in these operations. It leads to crash. The fix is to intialize str_charset in my_decimal2string() func. mysql-test/r/func_str.result: test case mysql-test/t/func_str.test: test case sql/my_decimal.cc: intialize str_charset field for result string in my_decimal2string() func. --- sql/my_decimal.cc | 1 + 1 file changed, 1 insertion(+) (limited to 'sql') diff --git a/sql/my_decimal.cc b/sql/my_decimal.cc index 3aa01880b83..26377bc1562 100644 --- a/sql/my_decimal.cc +++ b/sql/my_decimal.cc @@ -109,6 +109,7 @@ int my_decimal2string(uint mask, const my_decimal *d, result= decimal2string((decimal_t*) d, (char*) str->ptr(), &length, (int)fixed_prec, fixed_dec, filler); + str->set_charset(&my_charset_bin); str->length(length); return check_result(mask, result); } -- cgit v1.2.1 From 92a0463edb5795e1bfb0be2d09fe745daf2b7115 Mon Sep 17 00:00:00 2001 From: Luis Soares Date: Tue, 14 Dec 2010 16:43:25 +0000 Subject: BUG 46697 Addressing review comments. --- sql/log_event.cc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'sql') diff --git a/sql/log_event.cc b/sql/log_event.cc index b4599b8fd8c..d3d95c5b18f 100644 --- a/sql/log_event.cc +++ b/sql/log_event.cc @@ -3337,7 +3337,7 @@ compare_errors: rli->report(ERROR_LEVEL, 0, "\ Query caused different errors on master and slave. \ -Error on master: message format='%s' error code=%d ; \ +Error on master: message (format)='%s' error code=%d ; \ Error on slave: actual message='%s', error code=%d. \ Default database: '%s'. Query: '%s'", ER_SAFE(expected_error), -- cgit v1.2.1 From 086130e3c07a39f998935e374f17706c63be5ee6 Mon Sep 17 00:00:00 2001 From: Gleb Shchepa Date: Tue, 14 Dec 2010 23:52:53 +0300 Subject: backport of bug #54476 fix from 5.1-bugteam to 5.0-bugteam. Original revid: alexey.kopytov@sun.com-20100723115254-jjwmhq97b9wl932l > Bug #54476: crash when group_concat and 'with rollup' in > prepared statements > > Using GROUP_CONCAT() together with the WITH ROLLUP modifier > could crash the server. > > The reason was a combination of several facts: > > 1. The Item_func_group_concat class stores pointers to ORDER > objects representing the columns in the ORDER BY clause of > GROUP_CONCAT(). > > 2. find_order_in_list() called from > Item_func_group_concat::setup() modifies the ORDER objects so > that their 'item' member points to the arguments list > allocated in the Item_func_group_concat constructor. > > 3. In some cases (e.g. in JOIN::rollup_make_fields) a copy of > the original Item_func_group_concat object could be created by > using the Item_func_group_concat::Item_func_group_concat(THD > *thd, Item_func_group_concat *item) copy constructor. The > latter essentially creates a shallow copy of the source > object. Memory for the arguments array is allocated on > thd->mem_root, but the pointers for arguments and ORDER are > copied verbatim. > > What happens in the test case is that when executing the query > for the first time, after a copy of the original > Item_func_group_concat object has been created by > JOIN::rollup_make_fields(), find_order_in_list() is called for > this new object. It then resolves ORDER BY by modifying the > ORDER objects so that they point to elements of the arguments > array which is local to the cloned object. When thd->mem_root > is freed upon completing the execution, pointers in the ORDER > objects become invalid. Those ORDER objects, however, are also > shared with the original Item_func_group_concat object which is > preserved between executions of a prepared statement. So the > first call to find_order_in_list() for the original object on > the second execution tries to dereference an invalid pointer. > > The solution is to create copies of the ORDER objects when > copying Item_func_group_concat to not leave any stale pointers > in other instances with different lifecycles. mysql-test/r/func_gconcat.result: Test case for bug #54476. mysql-test/t/func_gconcat.test: Test case for bug #54476. sql/item_sum.cc: Copy the ORDER objects pointed to by the elements of the 'order' array in the copy constructor of Item_func_group_concat. sql/table.h: Removed the unused 'item_copy' member of the ORDER class. --- sql/item_sum.cc | 19 ++++++++++++++++++- sql/table.h | 1 - 2 files changed, 18 insertions(+), 2 deletions(-) (limited to 'sql') diff --git a/sql/item_sum.cc b/sql/item_sum.cc index 4c2bde90100..244ea4c34b6 100644 --- a/sql/item_sum.cc +++ b/sql/item_sum.cc @@ -3170,7 +3170,6 @@ Item_func_group_concat::Item_func_group_concat(THD *thd, tree(item->tree), unique_filter(item->unique_filter), table(item->table), - order(item->order), context(item->context), arg_count_order(item->arg_count_order), arg_count_field(item->arg_count_field), @@ -3183,6 +3182,24 @@ Item_func_group_concat::Item_func_group_concat(THD *thd, { quick_group= item->quick_group; result.set_charset(collation.collation); + + /* + Since the ORDER structures pointed to by the elements of the 'order' array + may be modified in find_order_in_list() called from + Item_func_group_concat::setup(), create a copy of those structures so that + such modifications done in this object would not have any effect on the + object being copied. + */ + ORDER *tmp; + if (!(order= (ORDER **) thd->alloc(sizeof(ORDER *) * arg_count_order + + sizeof(ORDER) * arg_count_order))) + return; + tmp= (ORDER *)(order + arg_count_order); + for (uint i= 0; i < arg_count_order; i++, tmp++) + { + memcpy(tmp, item->order[i], sizeof(ORDER)); + order[i]= tmp; + } } diff --git a/sql/table.h b/sql/table.h index f162c2ed8ca..0a89db8bbff 100644 --- a/sql/table.h +++ b/sql/table.h @@ -31,7 +31,6 @@ typedef struct st_order { struct st_order *next; Item **item; /* Point at item in select fields */ Item *item_ptr; /* Storage for initial item */ - Item **item_copy; /* For SPs; the original item ptr */ int counter; /* position in SELECT list, correct only if counter_used is true*/ bool asc; /* true if ascending */ -- cgit v1.2.1 From 1bd81f6b817cc9b8e0b61d126b7ad159117e1b29 Mon Sep 17 00:00:00 2001 From: Alexander Nozdrin Date: Wed, 15 Dec 2010 19:00:01 +0300 Subject: Patch for Bug#57952 (privilege change is not taken into account by EXECUTE). The user-visible problem was that changes to column-level privileges, happened in between of PREPARE and EXECUTE of a prepared statement, were neglected. I.e. a prepared statement could be executed with the column-level privileges as of PREPARE-time. The problem existed for column-level privileges only. A similar problem existed for stored programs: the changes between executions didn't have an effect. Technically the thing is that table references are cached in Prepared_statement::prepare() call. In subsequent Prepared_statement::execute() calls those cached values are used. There are two functions to get a field by name: find_field_in_table() and find_field_in_table_ref(). On prepare-phase find_field_in_table_ref() is called, on execute-phase -- find_field_in_table() because the table is cached. find_field_in_table() does not check column-level privileges and expects the caller to do that. The problem was that this check was forgotten. The fix is to check them there as it happens in find_field_in_table_ref(). --- sql/sql_base.cc | 12 ++++++++++++ 1 file changed, 12 insertions(+) (limited to 'sql') diff --git a/sql/sql_base.cc b/sql/sql_base.cc index 88d1e8879d1..669229a8404 100644 --- a/sql/sql_base.cc +++ b/sql/sql_base.cc @@ -3657,6 +3657,8 @@ find_field_in_natural_join(THD *thd, TABLE_LIST *table_ref, const char *name, /* Find field by name in a base table or a view with temp table algorithm. + The caller is expected to check column-level privileges. + SYNOPSIS find_field_in_table() thd thread handler @@ -3753,6 +3755,8 @@ find_field_in_table(THD *thd, TABLE *table, const char *name, uint length, This procedure detects the type of the table reference 'table_list' and calls the corresponding search routine. + The routine checks column-level privieleges for the found field. + RETURN 0 field is not found view_ref_found found value in VIEW (real result is in *ref) @@ -3944,8 +3948,16 @@ find_field_in_tables(THD *thd, Item_ident *item, when table_ref->field_translation != NULL. */ if (table_ref->table && !table_ref->view) + { found= find_field_in_table(thd, table_ref->table, name, length, TRUE, &(item->cached_field_index)); +#ifndef NO_EMBEDDED_ACCESS_CHECKS + /* Check if there are sufficient access rights to the found field. */ + if (found && check_privileges && + check_column_grant_in_table_ref(thd, table_ref, name, length)) + found= WRONG_GRANT; +#endif + } else found= find_field_in_table_ref(thd, table_ref, name, length, item->name, NULL, NULL, ref, check_privileges, -- cgit v1.2.1 From 21da523f1796555fb61d5053ec8509ca3d74a2f6 Mon Sep 17 00:00:00 2001 From: Kristofer Pettersson Date: Thu, 16 Dec 2010 11:49:40 +0100 Subject: Bug58747 57359 patch: breaks secure_file_priv+not secure yet+still accesses other folders "load data infile .." allowed for access to unautohorized tables. Due to a faulty if-statement it was possible to circumvent the secure_file_priv restriction. mysql-test/mysql-test-run.pl: * Add SECURE_LOAD_PATH environment variable to mtr test cases. mysql-test/suite/sys_vars/r/secure_file_priv2.result: * add test for bug58747 mysql-test/suite/sys_vars/t/secure_file_priv2-master.opt: * add test for bug58747 mysql-test/suite/sys_vars/t/secure_file_priv2.test: * add test for bug58747 sql/sql_load.cc: * Correct faulty if-statement * fix indentation * move my_stat() block to after is_secure_file_path() check. --- sql/sql_load.cc | 85 +++++++++++++++++++++++++++++---------------------------- 1 file changed, 43 insertions(+), 42 deletions(-) (limited to 'sql') diff --git a/sql/sql_load.cc b/sql/sql_load.cc index 4b68f2a3821..a0f9ebbe39b 100644 --- a/sql/sql_load.cc +++ b/sql/sql_load.cc @@ -314,56 +314,57 @@ int mysql_load(THD *thd,sql_exchange *ex,TABLE_LIST *table_list, (void) fn_format(name, ex->file_name, mysql_real_data_home, "", MY_RELATIVE_PATH | MY_UNPACK_FILENAME | MY_RETURN_REAL_PATH); -#if !defined(__WIN__) && ! defined(__NETWARE__) - MY_STAT stat_info; - if (!my_stat(name,&stat_info,MYF(MY_WME))) - DBUG_RETURN(TRUE); - - // if we are not in slave thread, the file must be: - if (!thd->slave_thread && - !((stat_info.st_mode & S_IROTH) == S_IROTH && // readable by others - (stat_info.st_mode & S_IFLNK) != S_IFLNK && // and not a symlink - ((stat_info.st_mode & S_IFREG) == S_IFREG || - (stat_info.st_mode & S_IFIFO) == S_IFIFO))) - { - my_error(ER_TEXTFILE_NOT_READABLE, MYF(0), name); - DBUG_RETURN(TRUE); - } - if ((stat_info.st_mode & S_IFIFO) == S_IFIFO) - is_fifo = 1; -#endif + } - if (thd->slave_thread) - { + if (thd->slave_thread) + { #if defined(HAVE_REPLICATION) && !defined(MYSQL_CLIENT) - if (strncmp(active_mi->rli.slave_patternload_file, name, - active_mi->rli.slave_patternload_file_size)) - { - /* - LOAD DATA INFILE in the slave SQL Thread can only read from - --slave-load-tmpdir". This should never happen. Please, report a bug. - */ - - sql_print_error("LOAD DATA INFILE in the slave SQL Thread can only read from --slave-load-tmpdir. " \ - "Please, report a bug."); - my_error(ER_OPTION_PREVENTS_STATEMENT, MYF(0), "--slave-load-tmpdir"); - DBUG_RETURN(TRUE); - } -#else + if (strncmp(active_mi->rli.slave_patternload_file, name, + active_mi->rli.slave_patternload_file_size)) + { /* - This is impossible and should never happen. + LOAD DATA INFILE in the slave SQL Thread can only read from + --slave-load-tmpdir". This should never happen. Please, report a bug. */ - DBUG_ASSERT(FALSE); -#endif - } - else if (!is_secure_file_path(name)) - { - /* Read only allowed from within dir specified by secure_file_priv */ - my_error(ER_OPTION_PREVENTS_STATEMENT, MYF(0), "--secure-file-priv"); + + sql_print_error("LOAD DATA INFILE in the slave SQL Thread can only read from --slave-load-tmpdir. " \ + "Please, report a bug."); + my_error(ER_OPTION_PREVENTS_STATEMENT, MYF(0), "--slave-load-tmpdir"); DBUG_RETURN(TRUE); } +#else + /* + This is impossible and should never happen. + */ + DBUG_ASSERT(FALSE); +#endif + } + else if (!is_secure_file_path(name)) + { + /* Read only allowed from within dir specified by secure_file_priv */ + my_error(ER_OPTION_PREVENTS_STATEMENT, MYF(0), "--secure-file-priv"); + DBUG_RETURN(TRUE); + } +#if !defined(__WIN__) && ! defined(__NETWARE__) + MY_STAT stat_info; + if (!my_stat(name,&stat_info,MYF(MY_WME))) + DBUG_RETURN(TRUE); + + // if we are not in slave thread, the file must be: + if (!thd->slave_thread && + !((stat_info.st_mode & S_IROTH) == S_IROTH && // readable by others + (stat_info.st_mode & S_IFLNK) != S_IFLNK && // and not a symlink + ((stat_info.st_mode & S_IFREG) == S_IFREG || + (stat_info.st_mode & S_IFIFO) == S_IFIFO))) + { + my_error(ER_TEXTFILE_NOT_READABLE, MYF(0), name); + DBUG_RETURN(TRUE); } + if ((stat_info.st_mode & S_IFIFO) == S_IFIFO) + is_fifo = 1; +#endif + if ((file=my_open(name,O_RDONLY,MYF(MY_WME))) < 0) DBUG_RETURN(TRUE); } -- cgit v1.2.1 From 4c0c5525825714ccd91c3c07e303c068bcc12ce5 Mon Sep 17 00:00:00 2001 From: Luis Soares Date: Fri, 17 Dec 2010 01:17:03 +0000 Subject: BUG#46166 Post-push fixes: - fixed platform dependent result files - appeasing valgrind warnings: Fault injection was also uncovering a previously existing potential mem leaks. For BUG#46166 testing purposes, fixed by forcing handling the leak when injecting faults. --- sql/log.cc | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) (limited to 'sql') diff --git a/sql/log.cc b/sql/log.cc index 5fcb5fe0367..f3d3420194c 100644 --- a/sql/log.cc +++ b/sql/log.cc @@ -2599,6 +2599,23 @@ bool MYSQL_BIN_LOG::open(const char *log_name, sync_purge_index_file() || DBUG_EVALUATE_IF("fault_injection_registering_index", 1, 0)) { + /** + TODO: although this was introduced to appease valgrind + when injecting emulated faults using fault_injection_registering_index + it may be good to consider what actually happens when + open_purge_index_file succeeds but register or sync fails. + + Perhaps we might need the code below in MYSQL_LOG_BIN::cleanup + for "real life" purposes as well? + */ + DBUG_EXECUTE_IF("fault_injection_registering_index", { + if (my_b_inited(&purge_index_file)) + { + end_io_cache(&purge_index_file); + my_close(purge_index_file.file, MYF(0)); + } + }); + sql_print_error("MSYQL_BIN_LOG::open failed to sync the index file."); DBUG_RETURN(1); } @@ -3827,6 +3844,7 @@ int MYSQL_BIN_LOG::new_file_impl(bool need_lock) if(DBUG_EVALUATE_IF("fault_injection_new_file_rotate_event", (error=close_on_error=TRUE), FALSE) || (error= r.write(&log_file))) { + DBUG_EXECUTE_IF("fault_injection_new_file_rotate_event", errno=2;); close_on_error= TRUE; my_printf_error(ER_ERROR_ON_WRITE, ER(ER_CANT_OPEN_FILE), MYF(ME_FATALERROR), name, errno); goto end; -- cgit v1.2.1 From d5bf6b8aa8bb1c745abeb5e245f0398858ca1461 Mon Sep 17 00:00:00 2001 From: unknown Date: Tue, 21 Dec 2010 12:47:22 +0800 Subject: Bug #56662 Assertion failed: next_insert_id == 0, file .\handler.cc Normally, auto_increment value is generated for the column by inserting either NULL or 0 into it. NO_AUTO_VALUE_ON_ZERO suppresses this behavior for 0 so that only NULL generates the auto_increment value. This behavior is also followed by a slave, specifically by the SQL Thread, when applying events in the statement format from a master. However, when applying events in the row format, the flag was ignored thus causing an assertion failure: "Assertion failed: next_insert_id == 0, file .\handler.cc" In fact, we never need to generate a auto_increment value for the column when applying events in row format on slave. So we don't allow it to happen by using 'MODE_NO_AUTO_VALUE_ON_ZERO'. Refactoring: Get rid of all the sql_mode checks to rows_log_event when applying it for avoiding problems caused by the inconsistency of the sql_mode on slave and master as the sql_mode is not set for Rows_log_event. mysql-test/extra/rpl_tests/rpl_auto_increment.test: Added test to verify if the assertion of "next_insert_id == 0" will fail in ha_external_lock() function. mysql-test/suite/rpl/r/rpl_auto_increment.result: Test result for bug#56662. sql/log_event.cc: Added code to not allow generation of auto_increment value when processing rows event by adding 'MODE_NO_AUTO_VALUE_ON_ZERO' to sql_mode. sql/rpl_record.cc: Added code to get rid of the 'MODE_STRICT_TRANS_TABLES' and MODE_STRICT_ALL_TABLES check to the table when appling the rows event and treat it as no strict. --- sql/log_event.cc | 30 ++++++++++++++++++------------ sql/log_event.h | 9 +++------ sql/rpl_record.cc | 53 ++++++++++------------------------------------------- sql/rpl_record.h | 7 ++----- 4 files changed, 33 insertions(+), 66 deletions(-) (limited to 'sql') diff --git a/sql/log_event.cc b/sql/log_event.cc index d3d95c5b18f..eb7c9c30567 100644 --- a/sql/log_event.cc +++ b/sql/log_event.cc @@ -7570,6 +7570,14 @@ int Rows_log_event::do_apply_event(Relay_log_info const *rli) // Do event specific preparations error= do_before_row_operations(rli); + /* + Bug#56662 Assertion failed: next_insert_id == 0, file handler.cc + Don't allow generation of auto_increment value when processing + rows event by setting 'MODE_NO_AUTO_VALUE_ON_ZERO'. + */ + ulong saved_sql_mode= thd->variables.sql_mode; + thd->variables.sql_mode= MODE_NO_AUTO_VALUE_ON_ZERO; + // row processing loop while (error == 0 && m_curr_row < m_rows_end) @@ -7632,6 +7640,11 @@ int Rows_log_event::do_apply_event(Relay_log_info const *rli) thd->transaction.stmt.modified_non_trans_table= TRUE; } // row processing loop + /* + Restore the sql_mode after the rows event is processed. + */ + thd->variables.sql_mode= saved_sql_mode; + DBUG_EXECUTE_IF("STOP_SLAVE_after_first_Rows_event", const_cast(rli)->abort_slave= 1;); @@ -8601,16 +8614,11 @@ Rows_log_event::write_row(const Relay_log_info *const rli, int UNINIT_VAR(keynum); auto_afree_ptr key(NULL); - /* fill table->record[0] with default values */ - bool abort_on_warnings= (rli->sql_thd->variables.sql_mode & - (MODE_STRICT_TRANS_TABLES | MODE_STRICT_ALL_TABLES)); - if ((error= prepare_record(table, m_width, - table->file->ht->db_type != DB_TYPE_NDBCLUSTER, - abort_on_warnings, m_curr_row == m_rows_buf))) - DBUG_RETURN(error); - + prepare_record(table, m_width, + table->file->ht->db_type != DB_TYPE_NDBCLUSTER); + /* unpack row into table->record[0] */ - if ((error= unpack_current_row(rli, abort_on_warnings))) + if ((error= unpack_current_row(rli))) DBUG_RETURN(error); if (m_curr_row == m_rows_buf) @@ -9454,11 +9462,9 @@ Update_rows_log_event::do_exec_row(const Relay_log_info *const rli) store_record(m_table,record[1]); - bool abort_on_warnings= (rli->sql_thd->variables.sql_mode & - (MODE_STRICT_TRANS_TABLES | MODE_STRICT_ALL_TABLES)); m_curr_row= m_curr_row_end; /* this also updates m_curr_row_end */ - if ((error= unpack_current_row(rli, abort_on_warnings))) + if ((error= unpack_current_row(rli))) return error; /* diff --git a/sql/log_event.h b/sql/log_event.h index 75f2015a684..010658e930a 100644 --- a/sql/log_event.h +++ b/sql/log_event.h @@ -3583,16 +3583,13 @@ protected: int write_row(const Relay_log_info *const, const bool); // Unpack the current row into m_table->record[0] - int unpack_current_row(const Relay_log_info *const rli, - const bool abort_on_warning= TRUE) - { + int unpack_current_row(const Relay_log_info *const rli) + { DBUG_ASSERT(m_table); - bool first_row= (m_curr_row == m_rows_buf); ASSERT_OR_RETURN_ERROR(m_curr_row < m_rows_end, HA_ERR_CORRUPT_EVENT); int const result= ::unpack_row(rli, m_table, m_width, m_curr_row, &m_cols, - &m_curr_row_end, &m_master_reclength, - abort_on_warning, first_row); + &m_curr_row_end, &m_master_reclength); if (m_curr_row_end > m_rows_end) my_error(ER_SLAVE_CORRUPT_EVENT, MYF(0)); ASSERT_OR_RETURN_ERROR(m_curr_row_end <= m_rows_end, HA_ERR_CORRUPT_EVENT); diff --git a/sql/rpl_record.cc b/sql/rpl_record.cc index 3a46bbcd6ee..4d6d5666e3a 100644 --- a/sql/rpl_record.cc +++ b/sql/rpl_record.cc @@ -180,8 +180,7 @@ int unpack_row(Relay_log_info const *rli, TABLE *table, uint const colcnt, uchar const *const row_data, MY_BITMAP const *cols, - uchar const **const row_end, ulong *const master_reclength, - const bool abort_on_warning, const bool first_row) + uchar const **const row_end, ulong *const master_reclength) { DBUG_ENTER("unpack_row"); DBUG_ASSERT(row_data); @@ -251,22 +250,9 @@ unpack_row(Relay_log_info const *rli, } else { - MYSQL_ERROR::enum_warning_level error_type= - MYSQL_ERROR::WARN_LEVEL_NOTE; - if (abort_on_warning && (table->file->has_transactions() || - first_row)) - { - error = HA_ERR_ROWS_EVENT_APPLY; - error_type= MYSQL_ERROR::WARN_LEVEL_ERROR; - } - else - { - f->set_default(); - error_type= MYSQL_ERROR::WARN_LEVEL_WARN; - } - push_warning_printf(current_thd, error_type, - ER_BAD_NULL_ERROR, - ER(ER_BAD_NULL_ERROR), + f->set_default(); + push_warning_printf(current_thd, MYSQL_ERROR::WARN_LEVEL_WARN, + ER_BAD_NULL_ERROR, ER(ER_BAD_NULL_ERROR), f->field_name); } } @@ -350,20 +336,13 @@ unpack_row(Relay_log_info const *rli, @param skip Number of columns for which default/nullable check should be skipped. @param check Specifies if lack of default error needs checking. - @param abort_on_warning - Controls how to react on lack of a field's default. - The parameter mimics the master side one for - @c check_that_all_fields_are_given_values. - + @returns 0 on success or a handler level error code */ -int prepare_record(TABLE *const table, - const uint skip, const bool check, - const bool abort_on_warning, const bool first_row) +int prepare_record(TABLE *const table, const uint skip, const bool check) { DBUG_ENTER("prepare_record"); - int error= 0; restore_record(table, s->default_values); /* @@ -386,28 +365,16 @@ int prepare_record(TABLE *const table, if ((f->flags & NO_DEFAULT_VALUE_FLAG) && (f->real_type() != MYSQL_TYPE_ENUM)) { - - MYSQL_ERROR::enum_warning_level error_type= - MYSQL_ERROR::WARN_LEVEL_NOTE; - if (abort_on_warning && (table->file->has_transactions() || - first_row)) - { - error= HA_ERR_ROWS_EVENT_APPLY; - error_type= MYSQL_ERROR::WARN_LEVEL_ERROR; - } - else - { - f->set_default(); - error_type= MYSQL_ERROR::WARN_LEVEL_WARN; - } - push_warning_printf(current_thd, error_type, + f->set_default(); + push_warning_printf(current_thd, + MYSQL_ERROR::WARN_LEVEL_WARN, ER_NO_DEFAULT_FOR_FIELD, ER(ER_NO_DEFAULT_FOR_FIELD), f->field_name); } } - DBUG_RETURN(error); + DBUG_RETURN(0); } #endif // HAVE_REPLICATION diff --git a/sql/rpl_record.h b/sql/rpl_record.h index 6e8838f82b3..e3749eb03f1 100644 --- a/sql/rpl_record.h +++ b/sql/rpl_record.h @@ -27,13 +27,10 @@ size_t pack_row(TABLE* table, MY_BITMAP const* cols, int unpack_row(Relay_log_info const *rli, TABLE *table, uint const colcnt, uchar const *const row_data, MY_BITMAP const *cols, - uchar const **const row_end, ulong *const master_reclength, - const bool abort_on_warning= TRUE, const bool first_row= TRUE); + uchar const **const row_end, ulong *const master_reclength); // Fill table's record[0] with default values. -int prepare_record(TABLE *const table, const uint skip, const bool check, - const bool abort_on_warning= TRUE, - const bool first_row= TRUE); +int prepare_record(TABLE *const table, const uint skip, const bool check); #endif #endif -- cgit v1.2.1 From e2db8e6ccb2655ec5706305b491540ad3f1c8267 Mon Sep 17 00:00:00 2001 From: Sergey Glukhov Date: Tue, 21 Dec 2010 14:34:11 +0300 Subject: Bug#58030 crash in Item_func_geometry_from_text::val_str Item_sum_max/Item_sum_min incorrectly set null_value flag and attempt to get result in parent functions leads to crash. This happens due to double evaluation of the function argumet. First evaluation happens in the comparator and second one happens in Item_cache::cache_value(). The fix is to introduce new Item_cache object which holds result of the argument and use this cached value as an argument of the comparator. mysql-test/r/func_group.result: test case mysql-test/t/func_group.test: test case sql/item.cc: added assertion that ether we have some result or result is NULL. sql/item_sum.cc: introduce new Item_cache object which holds result of the argument and use this cached value as an argument of the comparator. sql/item_sum.h: introduce new Item_cache object which holds result of the argument and use this cached value as an argument of the comparator. --- sql/item.cc | 4 ++++ sql/item_sum.cc | 20 +++++++++++--------- sql/item_sum.h | 10 +++++----- 3 files changed, 20 insertions(+), 14 deletions(-) (limited to 'sql') diff --git a/sql/item.cc b/sql/item.cc index c75db2dc15b..c01671aff56 100644 --- a/sql/item.cc +++ b/sql/item.cc @@ -5572,6 +5572,10 @@ bool Item::send(Protocol *protocol, String *buffer) String *res; if ((res=val_str(buffer))) result= protocol->store(res->ptr(),res->length(),res->charset()); + else + { + DBUG_ASSERT(null_value); + } break; } case MYSQL_TYPE_TINY: diff --git a/sql/item_sum.cc b/sql/item_sum.cc index a60a6b3ef95..5493020b67b 100644 --- a/sql/item_sum.cc +++ b/sql/item_sum.cc @@ -666,8 +666,10 @@ void Item_sum_hybrid::setup_hybrid(Item *item, Item *value_arg) value= Item_cache::get_cache(item); value->setup(item); value->store(value_arg); + arg_cache= Item_cache::get_cache(item); + arg_cache->setup(item); cmp= new Arg_comparator(); - cmp->set_cmp_func(this, args, (Item**)&value, FALSE); + cmp->set_cmp_func(this, (Item**)&arg_cache, (Item**)&value, FALSE); collation.set(item->collation); } @@ -1639,11 +1641,11 @@ Item *Item_sum_min::copy_or_same(THD* thd) bool Item_sum_min::add() { /* args[0] < value */ - int res= cmp->compare(); - if (!args[0]->null_value && - (null_value || res < 0)) + arg_cache->cache_value(); + if (!arg_cache->null_value && + (null_value || cmp->compare() < 0)) { - value->store(args[0]); + value->store(arg_cache); value->cache_value(); null_value= 0; } @@ -1662,11 +1664,11 @@ Item *Item_sum_max::copy_or_same(THD* thd) bool Item_sum_max::add() { /* args[0] > value */ - int res= cmp->compare(); - if (!args[0]->null_value && - (null_value || res > 0)) + arg_cache->cache_value(); + if (!arg_cache->null_value && + (null_value || cmp->compare() > 0)) { - value->store(args[0]); + value->store(arg_cache); value->cache_value(); null_value= 0; } diff --git a/sql/item_sum.h b/sql/item_sum.h index 26290a812f4..de988c196ec 100644 --- a/sql/item_sum.h +++ b/sql/item_sum.h @@ -823,7 +823,7 @@ class Item_cache; class Item_sum_hybrid :public Item_sum { protected: - Item_cache *value; + Item_cache *value, *arg_cache; Arg_comparator *cmp; Item_result hybrid_type; enum_field_types hybrid_field_type; @@ -832,14 +832,14 @@ protected: public: Item_sum_hybrid(Item *item_par,int sign) - :Item_sum(item_par), value(0), cmp(0), + :Item_sum(item_par), value(0), arg_cache(0), cmp(0), hybrid_type(INT_RESULT), hybrid_field_type(MYSQL_TYPE_LONGLONG), cmp_sign(sign), was_values(TRUE) { collation.set(&my_charset_bin); } Item_sum_hybrid(THD *thd, Item_sum_hybrid *item) - :Item_sum(thd, item), value(item->value), hybrid_type(item->hybrid_type), - hybrid_field_type(item->hybrid_field_type), cmp_sign(item->cmp_sign), - was_values(item->was_values) + :Item_sum(thd, item), value(item->value), arg_cache(0), + hybrid_type(item->hybrid_type), hybrid_field_type(item->hybrid_field_type), + cmp_sign(item->cmp_sign), was_values(item->was_values) { } bool fix_fields(THD *, Item **); void setup_hybrid(Item *item, Item *value_arg); -- cgit v1.2.1 From 1615419d7265ccc76db6fbe667651f2dce345ca8 Mon Sep 17 00:00:00 2001 From: Mattias Jonsson Date: Wed, 22 Dec 2010 10:50:36 +0100 Subject: Bug#54483: valgrind errors when making warnings for multiline inserts into partition Bug#57071: EXTRACT(WEEK from date_col) cannot be allowed as partitioning function There were functions allowed as partitioning functions that implicit allowed cast. That could result in unacceptable behaviour. Solution was to check that the arguments of date and time functions have allowed types (field and date/datetime/time depending on function). mysql-test/r/partition.result: Updated result mysql-test/r/partition_error.result: Updated result mysql-test/suite/parts/inc/part_supported_sql_funcs_main.inc: disabled test with not allowed arguments. mysql-test/suite/parts/r/part_supported_sql_func_innodb.result: Updated result mysql-test/suite/parts/r/part_supported_sql_func_myisam.result: Updated result mysql-test/t/partition.test: Fixed typo in bug number and removed non allowed function (bad argument) mysql-test/t/partition_error.test: Added tests to verify correct type of argument. sql/item.h: Renamed processor since it is no longer only for timezone sql/item_func.h: Added help functions for checking date/time/datetime arguments. sql/item_timefunc.h: Added processors for argument correctness sql/sql_partition.cc: renamed the processor for checking arguments. --- sql/item.h | 8 ++--- sql/item_func.h | 42 ++++++++++++++++++++++- sql/item_timefunc.h | 94 +++++++++++++++++++++++++++++++++++++++++++++++++++- sql/sql_partition.cc | 2 +- 4 files changed, 139 insertions(+), 7 deletions(-) (limited to 'sql') diff --git a/sql/item.h b/sql/item.h index 57abb43010e..d0fbdc81d0e 100644 --- a/sql/item.h +++ b/sql/item.h @@ -966,11 +966,11 @@ public: virtual bool set_no_const_sub(uchar *arg) { return FALSE; } virtual Item *replace_equal_field(uchar * arg) { return this; } /* - Check if an expression value depends on the current timezone. Used by - partitioning code to reject timezone-dependent expressions in a - (sub)partitioning function. + Check if an expression value has allowed arguments, like DATE/DATETIME + for date functions. Also used by partitioning code to reject + timezone-dependent expressions in a (sub)partitioning function. */ - virtual bool is_timezone_dependent_processor(uchar *bool_arg) + virtual bool is_arguments_valid_processor(uchar *bool_arg) { return FALSE; } diff --git a/sql/item_func.h b/sql/item_func.h index 26a7e033692..176e3dc4d44 100644 --- a/sql/item_func.h +++ b/sql/item_func.h @@ -189,6 +189,7 @@ public: null_value=1; return 0.0; } + bool has_timestamp_args() { DBUG_ASSERT(fixed == TRUE); @@ -200,6 +201,45 @@ public: } return FALSE; } + + bool has_date_args() + { + DBUG_ASSERT(fixed == TRUE); + for (uint i= 0; i < arg_count; i++) + { + if (args[i]->type() == Item::FIELD_ITEM && + (args[i]->field_type() == MYSQL_TYPE_DATE || + args[i]->field_type() == MYSQL_TYPE_DATETIME)) + return TRUE; + } + return FALSE; + } + + bool has_time_args() + { + DBUG_ASSERT(fixed == TRUE); + for (uint i= 0; i < arg_count; i++) + { + if (args[i]->type() == Item::FIELD_ITEM && + (args[i]->field_type() == MYSQL_TYPE_TIME || + args[i]->field_type() == MYSQL_TYPE_DATETIME)) + return TRUE; + } + return FALSE; + } + + bool has_datetime_args() + { + DBUG_ASSERT(fixed == TRUE); + for (uint i= 0; i < arg_count; i++) + { + if (args[i]->type() == Item::FIELD_ITEM && + args[i]->field_type() == MYSQL_TYPE_DATETIME) + return TRUE; + } + return FALSE; + } + /* We assume the result of any function that has a TIMESTAMP argument to be timezone-dependent, since a TIMESTAMP value in both numeric and string @@ -208,7 +248,7 @@ public: representation of a TIMESTAMP argument verbatim, and thus does not depend on the timezone. */ - virtual bool is_timezone_dependent_processor(uchar *bool_arg) + virtual bool is_arguments_valid_processor(uchar *bool_arg) { return has_timestamp_args(); } diff --git a/sql/item_timefunc.h b/sql/item_timefunc.h index 47bb9509582..b6356504788 100644 --- a/sql/item_timefunc.h +++ b/sql/item_timefunc.h @@ -70,6 +70,10 @@ public: enum_monotonicity_info get_monotonicity_info() const; longlong val_int_endpoint(bool left_endp, bool *incl_endp); bool check_partition_func_processor(uchar *int_arg) {return FALSE;} + bool is_arguments_valid_processor(uchar *int_arg) + { + return !has_date_args(); + } }; @@ -86,6 +90,10 @@ public: maybe_null=1; } bool check_partition_func_processor(uchar *int_arg) {return FALSE;} + bool is_arguments_valid_processor(uchar *int_arg) + { + return !has_date_args(); + } }; @@ -111,6 +119,10 @@ public: maybe_null=1; } bool check_partition_func_processor(uchar *int_arg) {return FALSE;} + bool is_arguments_valid_processor(uchar *int_arg) + { + return !has_date_args(); + } }; @@ -140,6 +152,10 @@ public: maybe_null=1; } bool check_partition_func_processor(uchar *int_arg) {return FALSE;} + bool is_arguments_valid_processor(uchar *int_arg) + { + return !has_date_args(); + } }; @@ -156,6 +172,10 @@ public: maybe_null=1; } bool check_partition_func_processor(uchar *int_arg) {return FALSE;} + bool is_arguments_valid_processor(uchar *int_arg) + { + return !has_time_args(); + } }; @@ -172,6 +192,10 @@ public: maybe_null=1; } bool check_partition_func_processor(uchar *int_arg) {return FALSE;} + bool is_arguments_valid_processor(uchar *int_arg) + { + return !has_time_args(); + } }; @@ -188,6 +212,10 @@ public: maybe_null=1; } bool check_partition_func_processor(uchar *int_arg) {return FALSE;} + bool is_arguments_valid_processor(uchar *int_arg) + { + return !has_date_args(); + } }; @@ -204,6 +232,10 @@ public: maybe_null=1; } bool check_partition_func_processor(uchar *int_arg) {return FALSE;} + bool is_arguments_valid_processor(uchar *int_arg) + { + return !has_time_args(); + } }; @@ -234,6 +266,10 @@ public: maybe_null=1; } bool check_partition_func_processor(uchar *int_arg) {return FALSE;} + bool is_arguments_valid_processor(uchar *int_arg) + { + return !has_date_args(); + } }; @@ -252,6 +288,10 @@ public: maybe_null=1; } bool check_partition_func_processor(uchar *int_arg) {return FALSE;} + bool is_arguments_valid_processor(uchar *int_arg) + { + return !has_date_args(); + } }; @@ -282,6 +322,10 @@ public: maybe_null=1; } bool check_partition_func_processor(uchar *int_arg) {return FALSE;} + bool is_arguments_valid_processor(uchar *int_arg) + { + return !has_date_args(); + } }; class Item_func_dayname :public Item_func_weekday @@ -311,7 +355,7 @@ public: (and thus may not be used as a partitioning function) when its argument is NOT of the TIMESTAMP type. */ - bool is_timezone_dependent_processor(uchar *int_arg) + bool is_arguments_valid_processor(uchar *int_arg) { return !has_timestamp_args(); } @@ -336,6 +380,10 @@ public: max_length=10*MY_CHARSET_BIN_MB_MAXLEN; } bool check_partition_func_processor(uchar *int_arg) {return FALSE;} + bool is_arguments_valid_processor(uchar *int_arg) + { + return !has_time_args(); + } }; @@ -589,6 +637,10 @@ public: const char *func_name() const { return "from_days"; } bool get_date(MYSQL_TIME *res, uint fuzzy_date); bool check_partition_func_processor(uchar *int_arg) {return FALSE;} + bool is_arguments_valid_processor(uchar *int_arg) + { + return has_date_args() || has_time_args(); + } }; @@ -715,6 +767,42 @@ class Item_extract :public Item_int_func bool eq(const Item *item, bool binary_cmp) const; virtual void print(String *str, enum_query_type query_type); bool check_partition_func_processor(uchar *int_arg) {return FALSE;} + bool is_arguments_valid_processor(uchar *int_arg) + { + switch (int_type) { + case INTERVAL_YEAR: + case INTERVAL_YEAR_MONTH: + case INTERVAL_QUARTER: + case INTERVAL_MONTH: + /* case INTERVAL_WEEK: Not allowed as partitioning function, bug#57071 */ + case INTERVAL_DAY: + return !has_date_args(); + case INTERVAL_DAY_HOUR: + case INTERVAL_DAY_MINUTE: + case INTERVAL_DAY_SECOND: + case INTERVAL_DAY_MICROSECOND: + return !has_datetime_args(); + case INTERVAL_HOUR: + case INTERVAL_HOUR_MINUTE: + case INTERVAL_HOUR_SECOND: + case INTERVAL_MINUTE: + case INTERVAL_MINUTE_SECOND: + case INTERVAL_SECOND: + case INTERVAL_MICROSECOND: + case INTERVAL_HOUR_MICROSECOND: + case INTERVAL_MINUTE_MICROSECOND: + case INTERVAL_SECOND_MICROSECOND: + return !has_time_args(); + default: + /* + INTERVAL_LAST is only an end marker, + INTERVAL_WEEK depends on default_week_format which is a session + variable and cannot be used for partitioning. See bug#57071. + */ + break; + } + return true; + } }; @@ -965,6 +1053,10 @@ public: maybe_null=1; } bool check_partition_func_processor(uchar *int_arg) {return FALSE;} + bool is_arguments_valid_processor(uchar *int_arg) + { + return !has_time_args(); + } }; diff --git a/sql/sql_partition.cc b/sql/sql_partition.cc index 48d50c3a303..835ddcc4bc6 100644 --- a/sql/sql_partition.cc +++ b/sql/sql_partition.cc @@ -1019,7 +1019,7 @@ static bool fix_fields_part_func(THD *thd, Item* func_expr, TABLE *table, opening existing tables for easier maintenance. This exception should be deprecated at some point in future so that we always throw an error. */ - if (func_expr->walk(&Item::is_timezone_dependent_processor, + if (func_expr->walk(&Item::is_arguments_valid_processor, 0, NULL)) { if (is_create_table_ind) -- cgit v1.2.1 From 87155038106b600fecd5054970e473a4d5685a1c Mon Sep 17 00:00:00 2001 From: Mattias Jonsson Date: Wed, 22 Dec 2010 15:45:17 +0100 Subject: Bug#54483: valgrind errors when making warnings for multiline inserts into partition Bug#57071: EXTRACT(WEEK from date_col) cannot be allowed as partitioning function Renamed function according to reviewers comments. sql/item.h: better name of processor function sql/item_func.h: better name of processor function sql/item_timefunc.h: better name of processor function sql/sql_partition.cc: better name of processor function Updated comment. --- sql/item.h | 2 +- sql/item_func.h | 2 +- sql/item_timefunc.h | 32 ++++++++++++++++---------------- sql/sql_partition.cc | 11 ++++++----- 4 files changed, 24 insertions(+), 23 deletions(-) (limited to 'sql') diff --git a/sql/item.h b/sql/item.h index d0fbdc81d0e..e3df08e7512 100644 --- a/sql/item.h +++ b/sql/item.h @@ -970,7 +970,7 @@ public: for date functions. Also used by partitioning code to reject timezone-dependent expressions in a (sub)partitioning function. */ - virtual bool is_arguments_valid_processor(uchar *bool_arg) + virtual bool check_valid_arguments_processor(uchar *bool_arg) { return FALSE; } diff --git a/sql/item_func.h b/sql/item_func.h index 176e3dc4d44..5c935e8f10f 100644 --- a/sql/item_func.h +++ b/sql/item_func.h @@ -248,7 +248,7 @@ public: representation of a TIMESTAMP argument verbatim, and thus does not depend on the timezone. */ - virtual bool is_arguments_valid_processor(uchar *bool_arg) + virtual bool check_valid_arguments_processor(uchar *bool_arg) { return has_timestamp_args(); } diff --git a/sql/item_timefunc.h b/sql/item_timefunc.h index b6356504788..f4299460abf 100644 --- a/sql/item_timefunc.h +++ b/sql/item_timefunc.h @@ -70,7 +70,7 @@ public: enum_monotonicity_info get_monotonicity_info() const; longlong val_int_endpoint(bool left_endp, bool *incl_endp); bool check_partition_func_processor(uchar *int_arg) {return FALSE;} - bool is_arguments_valid_processor(uchar *int_arg) + bool check_valid_arguments_processor(uchar *int_arg) { return !has_date_args(); } @@ -90,7 +90,7 @@ public: maybe_null=1; } bool check_partition_func_processor(uchar *int_arg) {return FALSE;} - bool is_arguments_valid_processor(uchar *int_arg) + bool check_valid_arguments_processor(uchar *int_arg) { return !has_date_args(); } @@ -119,7 +119,7 @@ public: maybe_null=1; } bool check_partition_func_processor(uchar *int_arg) {return FALSE;} - bool is_arguments_valid_processor(uchar *int_arg) + bool check_valid_arguments_processor(uchar *int_arg) { return !has_date_args(); } @@ -152,7 +152,7 @@ public: maybe_null=1; } bool check_partition_func_processor(uchar *int_arg) {return FALSE;} - bool is_arguments_valid_processor(uchar *int_arg) + bool check_valid_arguments_processor(uchar *int_arg) { return !has_date_args(); } @@ -172,7 +172,7 @@ public: maybe_null=1; } bool check_partition_func_processor(uchar *int_arg) {return FALSE;} - bool is_arguments_valid_processor(uchar *int_arg) + bool check_valid_arguments_processor(uchar *int_arg) { return !has_time_args(); } @@ -192,7 +192,7 @@ public: maybe_null=1; } bool check_partition_func_processor(uchar *int_arg) {return FALSE;} - bool is_arguments_valid_processor(uchar *int_arg) + bool check_valid_arguments_processor(uchar *int_arg) { return !has_time_args(); } @@ -212,7 +212,7 @@ public: maybe_null=1; } bool check_partition_func_processor(uchar *int_arg) {return FALSE;} - bool is_arguments_valid_processor(uchar *int_arg) + bool check_valid_arguments_processor(uchar *int_arg) { return !has_date_args(); } @@ -232,7 +232,7 @@ public: maybe_null=1; } bool check_partition_func_processor(uchar *int_arg) {return FALSE;} - bool is_arguments_valid_processor(uchar *int_arg) + bool check_valid_arguments_processor(uchar *int_arg) { return !has_time_args(); } @@ -266,7 +266,7 @@ public: maybe_null=1; } bool check_partition_func_processor(uchar *int_arg) {return FALSE;} - bool is_arguments_valid_processor(uchar *int_arg) + bool check_valid_arguments_processor(uchar *int_arg) { return !has_date_args(); } @@ -288,7 +288,7 @@ public: maybe_null=1; } bool check_partition_func_processor(uchar *int_arg) {return FALSE;} - bool is_arguments_valid_processor(uchar *int_arg) + bool check_valid_arguments_processor(uchar *int_arg) { return !has_date_args(); } @@ -322,7 +322,7 @@ public: maybe_null=1; } bool check_partition_func_processor(uchar *int_arg) {return FALSE;} - bool is_arguments_valid_processor(uchar *int_arg) + bool check_valid_arguments_processor(uchar *int_arg) { return !has_date_args(); } @@ -355,7 +355,7 @@ public: (and thus may not be used as a partitioning function) when its argument is NOT of the TIMESTAMP type. */ - bool is_arguments_valid_processor(uchar *int_arg) + bool check_valid_arguments_processor(uchar *int_arg) { return !has_timestamp_args(); } @@ -380,7 +380,7 @@ public: max_length=10*MY_CHARSET_BIN_MB_MAXLEN; } bool check_partition_func_processor(uchar *int_arg) {return FALSE;} - bool is_arguments_valid_processor(uchar *int_arg) + bool check_valid_arguments_processor(uchar *int_arg) { return !has_time_args(); } @@ -637,7 +637,7 @@ public: const char *func_name() const { return "from_days"; } bool get_date(MYSQL_TIME *res, uint fuzzy_date); bool check_partition_func_processor(uchar *int_arg) {return FALSE;} - bool is_arguments_valid_processor(uchar *int_arg) + bool check_valid_arguments_processor(uchar *int_arg) { return has_date_args() || has_time_args(); } @@ -767,7 +767,7 @@ class Item_extract :public Item_int_func bool eq(const Item *item, bool binary_cmp) const; virtual void print(String *str, enum_query_type query_type); bool check_partition_func_processor(uchar *int_arg) {return FALSE;} - bool is_arguments_valid_processor(uchar *int_arg) + bool check_valid_arguments_processor(uchar *int_arg) { switch (int_type) { case INTERVAL_YEAR: @@ -1053,7 +1053,7 @@ public: maybe_null=1; } bool check_partition_func_processor(uchar *int_arg) {return FALSE;} - bool is_arguments_valid_processor(uchar *int_arg) + bool check_valid_arguments_processor(uchar *int_arg) { return !has_time_args(); } diff --git a/sql/sql_partition.cc b/sql/sql_partition.cc index 835ddcc4bc6..f8e5130880b 100644 --- a/sql/sql_partition.cc +++ b/sql/sql_partition.cc @@ -1014,12 +1014,13 @@ static bool fix_fields_part_func(THD *thd, Item* func_expr, TABLE *table, } /* - We don't allow creating partitions with timezone-dependent expressions as - a (sub)partitioning function, but we want to allow such expressions when - opening existing tables for easier maintenance. This exception should be - deprecated at some point in future so that we always throw an error. + We don't allow creating partitions with expressions with non matching + arguments as a (sub)partitioning function, + but we want to allow such expressions when opening existing tables for + easier maintenance. This exception should be deprecated at some point + in future so that we always throw an error. */ - if (func_expr->walk(&Item::is_arguments_valid_processor, + if (func_expr->walk(&Item::check_valid_arguments_processor, 0, NULL)) { if (is_create_table_ind) -- cgit v1.2.1 From bc56dcea9d7047c5561cee08ec2d74077e329f7d Mon Sep 17 00:00:00 2001 From: Sergey Glukhov Date: Fri, 24 Dec 2010 14:05:04 +0300 Subject: Bug#57810 case/when/then : Assertion failed: length || !scale ASSERT happens due to improper calculation of the max_length in Item_func_div object, if dividend has max_length == 0 then Item_func_div::max_length is set to 0 under some circumstances. The fix: If decimals == NOT_FIXED_DEC then set Item_func_div::max_length to max possible DOUBLE length value. mysql-test/r/func_math.result: test case mysql-test/t/func_math.test: test case sql/item_func.cc: The fix: If decimals == NOT_FIXED_DEC then set Item_func_div::max_length to max possible DOUBLE length value. --- sql/item_func.cc | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) (limited to 'sql') diff --git a/sql/item_func.cc b/sql/item_func.cc index 2ba4415dbac..55b81c8c823 100644 --- a/sql/item_func.cc +++ b/sql/item_func.cc @@ -1329,9 +1329,14 @@ void Item_func_div::fix_length_and_dec() { decimals=max(args[0]->decimals,args[1]->decimals)+prec_increment; set_if_smaller(decimals, NOT_FIXED_DEC); - max_length=args[0]->max_length - args[0]->decimals + decimals; uint tmp=float_length(decimals); - set_if_smaller(max_length,tmp); + if (decimals == NOT_FIXED_DEC) + max_length= tmp; + else + { + max_length=args[0]->max_length - args[0]->decimals + decimals; + set_if_smaller(max_length,tmp); + } break; } case INT_RESULT: -- cgit v1.2.1 From 85323eda8a5823e4db1fa34dc998684b67e710b5 Mon Sep 17 00:00:00 2001 From: Kent Boortz Date: Tue, 28 Dec 2010 19:57:23 +0100 Subject: - Added/updated copyright headers - Removed files specific to compiling on OS/2 - Removed files specific to SCO Unix packaging - Removed "libmysqld/copyright", text is included in documentation - Removed LaTeX headers for NDB Doxygen documentation - Removed obsolete NDB files - Removed "mkisofs" binaries - Removed the "cvs2cl.pl" script - Changed a few GPL texts to use "program" instead of "library" --- sql/field.cc | 2 +- sql/gen_lex_hash.cc | 4 ++-- sql/item.h | 2 +- sql/item_cmpfunc.cc | 2 +- sql/item_cmpfunc.h | 2 +- sql/item_func.cc | 2 +- sql/item_func.h | 2 +- sql/item_subselect.cc | 2 +- sql/item_sum.cc | 2 +- sql/message.h | 15 +++++++++++++++ sql/mysqld.cc | 2 +- sql/net_serv.cc | 6 +++--- sql/opt_range.cc | 2 +- sql/set_var.cc | 2 +- sql/set_var.h | 2 +- sql/share/charsets/languages.html | 16 ++++++++++++++++ sql/sql_base.cc | 2 +- sql/sql_class.h | 2 +- sql/sql_parse.cc | 2 +- sql/sql_prepare.cc | 2 +- sql/sql_select.cc | 2 +- sql/sql_select.h | 2 +- sql/sql_show.cc | 2 +- sql/sql_update.cc | 2 +- sql/table.h | 2 +- 25 files changed, 57 insertions(+), 26 deletions(-) (limited to 'sql') diff --git a/sql/field.cc b/sql/field.cc index b61e5fd2d79..0b74f9e5a65 100644 --- a/sql/field.cc +++ b/sql/field.cc @@ -1,4 +1,4 @@ -/* Copyright (C) 2000-2006 MySQL AB +/* Copyright (c) 2000, 2010, Oracle and/or its affiliates. All rights reserved. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by diff --git a/sql/gen_lex_hash.cc b/sql/gen_lex_hash.cc index ef671ac7f9d..f59c7f0a4da 100644 --- a/sql/gen_lex_hash.cc +++ b/sql/gen_lex_hash.cc @@ -1,4 +1,4 @@ -/* Copyright (C) 2000-2006 MySQL AB +/* Copyright (C) 2000-2007 MySQL AB, 2009 Sun Microsystems, Inc. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -446,7 +446,7 @@ int main(int argc,char **argv) printf("/*\n\n Do " "not " "edit " "this " "file " "directly!\n\n*/\n"); printf("\ -/* Copyright (C) 2001-2004 MySQL AB\n\ +/* Copyright (C) 2000-2007 MySQL AB, 2008 Sun Microsystems, Inc.\n\ \n\ This program is free software; you can redistribute it and/or modify\n\ it under the terms of the GNU General Public License as published by\n\ diff --git a/sql/item.h b/sql/item.h index 31d501dc5c3..49adcc6c516 100644 --- a/sql/item.h +++ b/sql/item.h @@ -1,4 +1,4 @@ -/* Copyright (C) 2000-2006 MySQL AB +/* Copyright (c) 2000, 2010, Oracle and/or its affiliates. All rights reserved. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by diff --git a/sql/item_cmpfunc.cc b/sql/item_cmpfunc.cc index 5c2fb9857d5..60c8cbdad45 100644 --- a/sql/item_cmpfunc.cc +++ b/sql/item_cmpfunc.cc @@ -1,4 +1,4 @@ -/* Copyright (C) 2000-2006 MySQL AB +/* Copyright (c) 2000, 2010, Oracle and/or its affiliates. All rights reserved. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by diff --git a/sql/item_cmpfunc.h b/sql/item_cmpfunc.h index 233922fe2f8..3c9e976d0c3 100644 --- a/sql/item_cmpfunc.h +++ b/sql/item_cmpfunc.h @@ -1,4 +1,4 @@ -/* Copyright (C) 2000-2003 MySQL AB +/* Copyright (c) 2000, 2010, Oracle and/or its affiliates. All rights reserved. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by diff --git a/sql/item_func.cc b/sql/item_func.cc index cb0d6bdbe5f..579ef44b14f 100644 --- a/sql/item_func.cc +++ b/sql/item_func.cc @@ -1,4 +1,4 @@ -/* Copyright (C) 2000-2003 MySQL AB +/* Copyright (c) 2000, 2010, Oracle and/or its affiliates. All rights reserved. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by diff --git a/sql/item_func.h b/sql/item_func.h index 47a13559e90..96af2602821 100644 --- a/sql/item_func.h +++ b/sql/item_func.h @@ -1,4 +1,4 @@ -/* Copyright (C) 2000-2006 MySQL AB +/* Copyright (c) 2000, 2010, Oracle and/or its affiliates. All rights reserved. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by diff --git a/sql/item_subselect.cc b/sql/item_subselect.cc index 1822a7ced56..44d1378839b 100644 --- a/sql/item_subselect.cc +++ b/sql/item_subselect.cc @@ -1,4 +1,4 @@ -/* Copyright (C) 2000 MySQL AB +/* Copyright (c) 2002, 2010, Oracle and/or its affiliates. All rights reserved. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by diff --git a/sql/item_sum.cc b/sql/item_sum.cc index 244ea4c34b6..43102213b9b 100644 --- a/sql/item_sum.cc +++ b/sql/item_sum.cc @@ -1,4 +1,4 @@ -/* Copyright (C) 2000-2003 MySQL AB +/* Copyright (c) 2000, 2010, Oracle and/or its affiliates. All rights reserved. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by diff --git a/sql/message.h b/sql/message.h index 0e7c282d5a1..f2a2de5a8fb 100644 --- a/sql/message.h +++ b/sql/message.h @@ -1,3 +1,18 @@ +/* Copyright 2008 Sun Microsystems, Inc. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ + /* To change or add messages mysqld writes to the Windows error log, run mc.exe message.mc diff --git a/sql/mysqld.cc b/sql/mysqld.cc index bda4e796ce2..5f84d15588d 100644 --- a/sql/mysqld.cc +++ b/sql/mysqld.cc @@ -1,4 +1,4 @@ -/* Copyright (C) 2000-2003 MySQL AB +/* Copyright (c) 2000, 2010, Oracle and/or its affiliates. All rights reserved. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by diff --git a/sql/net_serv.cc b/sql/net_serv.cc index 1d1871e27a8..ddd57c8fb9a 100644 --- a/sql/net_serv.cc +++ b/sql/net_serv.cc @@ -1,4 +1,4 @@ -/* Copyright (C) 2000 MySQL AB +/* Copyright (c) 2000, 2010, Oracle and/or its affiliates. All rights reserved. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -15,9 +15,9 @@ /* This file is the net layer API for the MySQL client/server protocol, - which is a tightly coupled, proprietary protocol owned by MySQL AB. + which is a tightly coupled, proprietary protocol owned by Oracle. Any re-implementations of this protocol must also be under GPL - unless one has got an license from MySQL AB stating otherwise. + unless one has got an license from Oracle stating otherwise. */ /* diff --git a/sql/opt_range.cc b/sql/opt_range.cc index 35d1216387c..e62fff8329c 100644 --- a/sql/opt_range.cc +++ b/sql/opt_range.cc @@ -1,4 +1,4 @@ -/* Copyright (C) 2000-2006 MySQL AB +/* Copyright (c) 2000, 2010, Oracle and/or its affiliates. All rights reserved. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by diff --git a/sql/set_var.cc b/sql/set_var.cc index 16a22f129e6..9c327504577 100644 --- a/sql/set_var.cc +++ b/sql/set_var.cc @@ -1,4 +1,4 @@ -/* Copyright (C) 2000-2003 MySQL AB +/* Copyright (c) 2002, 2010, Oracle and/or its affiliates. All rights reserved. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by diff --git a/sql/set_var.h b/sql/set_var.h index 9945c69cac0..2c9745163e9 100644 --- a/sql/set_var.h +++ b/sql/set_var.h @@ -1,4 +1,4 @@ -/* Copyright (C) 2002-2006 MySQL AB +/* Copyright (c) 2002, 2010, Oracle and/or its affiliates. All rights reserved. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by diff --git a/sql/share/charsets/languages.html b/sql/share/charsets/languages.html index 6d1a8aafc5c..76af973113e 100644 --- a/sql/share/charsets/languages.html +++ b/sql/share/charsets/languages.html @@ -1,4 +1,20 @@ #!/bin/sh + +# Copyright (C) 2003 MySQL AB +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; version 2 of the License. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + #
 (
 echo "DROP TABLE lang;"
diff --git a/sql/sql_base.cc b/sql/sql_base.cc
index 88d1e8879d1..4a1d3a96ef8 100644
--- a/sql/sql_base.cc
+++ b/sql/sql_base.cc
@@ -1,4 +1,4 @@
-/* Copyright (C) 2000-2006 MySQL AB
+/* Copyright (c) 2000, 2010, Oracle and/or its affiliates. All rights reserved.
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
diff --git a/sql/sql_class.h b/sql/sql_class.h
index c195c8be864..2f4af15c02d 100644
--- a/sql/sql_class.h
+++ b/sql/sql_class.h
@@ -1,4 +1,4 @@
-/* Copyright (C) 2000-2006 MySQL AB
+/* Copyright (c) 2000, 2010, Oracle and/or its affiliates. All rights reserved.
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
diff --git a/sql/sql_parse.cc b/sql/sql_parse.cc
index b730e2585ae..1bd68e5424f 100644
--- a/sql/sql_parse.cc
+++ b/sql/sql_parse.cc
@@ -1,4 +1,4 @@
-/* Copyright (C) 2000-2003 MySQL AB
+/* Copyright (c) 2000, 2010, Oracle and/or its affiliates. All rights reserved.
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
diff --git a/sql/sql_prepare.cc b/sql/sql_prepare.cc
index 9815acfe815..9492b2ae180 100644
--- a/sql/sql_prepare.cc
+++ b/sql/sql_prepare.cc
@@ -1,4 +1,4 @@
-/* Copyright (C) 1995-2002 MySQL AB
+/* Copyright (c) 2002, 2010, Oracle and/or its affiliates. All rights reserved.
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
diff --git a/sql/sql_select.cc b/sql/sql_select.cc
index 53a6b699022..904610b9031 100644
--- a/sql/sql_select.cc
+++ b/sql/sql_select.cc
@@ -1,4 +1,4 @@
-/* Copyright (C) 2000-2006 MySQL AB
+/* Copyright (c) 2000, 2010, Oracle and/or its affiliates. All rights reserved.
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
diff --git a/sql/sql_select.h b/sql/sql_select.h
index 346d98aae58..a885507446e 100644
--- a/sql/sql_select.h
+++ b/sql/sql_select.h
@@ -1,4 +1,4 @@
-/* Copyright (C) 2000-2006 MySQL AB
+/* Copyright (c) 2000, 2010, Oracle and/or its affiliates. All rights reserved.
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
diff --git a/sql/sql_show.cc b/sql/sql_show.cc
index 1075e7f76d1..56f0ce78c8c 100644
--- a/sql/sql_show.cc
+++ b/sql/sql_show.cc
@@ -1,4 +1,4 @@
-/* Copyright (C) 2000-2004 MySQL AB
+/* Copyright (c) 2000, 2010, Oracle and/or its affiliates. All rights reserved.
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
diff --git a/sql/sql_update.cc b/sql/sql_update.cc
index 8d666c771ec..661f3465696 100644
--- a/sql/sql_update.cc
+++ b/sql/sql_update.cc
@@ -1,4 +1,4 @@
-/* Copyright (C) 2000-2006 MySQL AB
+/* Copyright (c) 2000, 2010, Oracle and/or its affiliates. All rights reserved.
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
diff --git a/sql/table.h b/sql/table.h
index 0a89db8bbff..33bee9f659d 100644
--- a/sql/table.h
+++ b/sql/table.h
@@ -1,4 +1,4 @@
-/* Copyright (C) 2000-2006 MySQL AB
+/* Copyright (c) 2000, 2010, Oracle and/or its affiliates. All rights reserved.
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
-- 
cgit v1.2.1


From 22639a066cde7b18133f81ca8c0528e115c08677 Mon Sep 17 00:00:00 2001
From: unknown 
Date: Wed, 29 Dec 2010 11:52:57 +0800
Subject: Bug #50914  	mysqlbinlog not handling drop of current default
 database

mysqlbinlog only prints "use $database" statements to its output stream
when the active default database changes between events. This will cause
"No Database Selected" error when dropping and recreating that database.

To fix the problem, we clear print_event_info->db when printing an event
of CREATE/DROP/ALTER database statements, so that the Query_log_event
after such statements will be printed with the use 'db' anyway except
transaction keywords.

mysql-test/r/mysqlbinlog.result:
  Test result for Bug#50914.
mysql-test/t/mysqlbinlog.test:
  Added test to verify if the approach of the mysqlbinlog prints
  "use $database" statements to its output stream will cause
  "No Database Selected" error when dropping and recreating
  that database.
sql/log_event.cc:
  Updated code to clear print_event_info->db when printing an event
  of CREATE/DROP/ALTER database statements, so that the Query_log_event
  after such statements will be printed with the use 'db' anyway except
  transaction keywords.
---
 sql/log_event.cc | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

(limited to 'sql')

diff --git a/sql/log_event.cc b/sql/log_event.cc
index eb7c9c30567..0b938df1987 100644
--- a/sql/log_event.cc
+++ b/sql/log_event.cc
@@ -2894,7 +2894,12 @@ void Query_log_event::print_query_header(IO_CACHE* file,
                 error_code);
   }
 
-  if (!(flags & LOG_EVENT_SUPPRESS_USE_F) && db)
+  if ((flags & LOG_EVENT_SUPPRESS_USE_F))
+  {
+    if (!is_trans_keyword())
+      print_event_info->db[0]= '\0';
+  }
+  else if (db)
   {
     different_db= memcmp(print_event_info->db, db, db_len + 1);
     if (different_db)
-- 
cgit v1.2.1


From cafdf6e6d20b848df396cb83dd7bfe27f1c1a22a Mon Sep 17 00:00:00 2001
From: unknown 
Date: Tue, 4 Jan 2011 12:34:39 -0600
Subject: 43818 - Patch for mysql-5.1-innodb Avoid handler::info() call for
 three Information Schema tables; TABLE_CONSTRAINTS, KEY_COLUMN_USAGE, &
 REFERENTIAL_CONTRAINTS

---
 sql/sql_show.cc | 20 +++++++++++---------
 1 file changed, 11 insertions(+), 9 deletions(-)

(limited to 'sql')

diff --git a/sql/sql_show.cc b/sql/sql_show.cc
index ed7a8d32eb8..7eff7740fc0 100644
--- a/sql/sql_show.cc
+++ b/sql/sql_show.cc
@@ -4647,9 +4647,10 @@ static int get_schema_constraints_record(THD *thd, TABLE_LIST *tables,
     TABLE *show_table= tables->table;
     KEY *key_info=show_table->key_info;
     uint primary_key= show_table->s->primary_key;
-    show_table->file->info(HA_STATUS_VARIABLE | 
-                           HA_STATUS_NO_LOCK |
-                           HA_STATUS_TIME);
+
+    // This is not needed since no statistics are displayed.
+    // show_table->file->info(HA_STATUS_VARIABLE | HA_STATUS_NO_LOCK | HA_STATUS_TIME);
+
     for (uint i=0 ; i < show_table->s->keys ; i++, key_info++)
     {
       if (i != primary_key && !(key_info->flags & HA_NOSAME))
@@ -4831,9 +4832,10 @@ static int get_schema_key_column_usage_record(THD *thd,
     TABLE *show_table= tables->table;
     KEY *key_info=show_table->key_info;
     uint primary_key= show_table->s->primary_key;
-    show_table->file->info(HA_STATUS_VARIABLE | 
-                           HA_STATUS_NO_LOCK |
-                           HA_STATUS_TIME);
+
+    // This is not needed since no statistics are displayed.
+    // show_table->file->info(HA_STATUS_VARIABLE | HA_STATUS_NO_LOCK | HA_STATUS_TIME);
+
     for (uint i=0 ; i < show_table->s->keys ; i++, key_info++)
     {
       if (i != primary_key && !(key_info->flags & HA_NOSAME))
@@ -5562,9 +5564,9 @@ get_referential_constraints_record(THD *thd, TABLE_LIST *tables,
   {
     List f_key_list;
     TABLE *show_table= tables->table;
-    show_table->file->info(HA_STATUS_VARIABLE | 
-                           HA_STATUS_NO_LOCK |
-                           HA_STATUS_TIME);
+
+    // This is not needed since no statistics are displayed.
+    // show_table->file->info(HA_STATUS_VARIABLE | HA_STATUS_NO_LOCK | HA_STATUS_TIME);
 
     show_table->file->get_foreign_key_list(thd, &f_key_list);
     FOREIGN_KEY_INFO *f_key_info;
-- 
cgit v1.2.1


From 998065c3a6f3d65e88c3926b31088a245f77406d Mon Sep 17 00:00:00 2001
From: Davi Arnaut 
Date: Fri, 7 Jan 2011 16:33:36 -0200
Subject: Bug#51023: Mysql server crashes on SIGHUP and destroys InnoDB files

From a user perspective, the problem is that a FLUSH LOGS or SIGHUP
signal could end up associating the stdout and stderr to random
files. In the case of this bug report, the streams would end up
associated to InnoDB ibd files.

The freopen(3) function is not thread-safe on FreeBSD. What this
means is that if another thread calls open(2) during freopen()
is executing that another thread's fd returned by open(2) may get
re-associated with the file being passed to freopen(3). See FreeBSD
PR number 79887 for reference:

  http://www.freebsd.org/cgi/query-pr.cgi?pr=79887

This problem is worked around by substituting a internal hook within
the FILE structure. This avoids the loss of atomicity by not having
the original fd closed before its duplicated.

Patch based on the original work by Vasil Dimov.

include/my_sys.h:
  Export my_freopen.
mysys/my_fopen.c:
  Add a my_freopen abstraction to workaround bugs in specific OSes.
  Add a prototype for getosreldate() as older FreeBSD versions did
  not define one.
sql/log.cc:
  Move freopen abstraction code over to mysys.
  The streams are now only reopened for writing.
---
 sql/log.cc | 74 +++++++++-----------------------------------------------------
 1 file changed, 10 insertions(+), 64 deletions(-)

(limited to 'sql')

diff --git a/sql/log.cc b/sql/log.cc
index f3d3420194c..23182fa1902 100644
--- a/sql/log.cc
+++ b/sql/log.cc
@@ -5171,80 +5171,26 @@ void sql_perror(const char *message)
 }
 
 
-#ifdef __WIN__
+/*
+  Change the file associated with two output streams. Used to
+  redirect stdout and stderr to a file. The streams are reopened
+  only for appending (writing at end of file).
+*/
 extern "C" my_bool reopen_fstreams(const char *filename,
                                    FILE *outstream, FILE *errstream)
 {
-  int handle_fd;
-  int err_fd, out_fd;
-  HANDLE osfh;
-
-  DBUG_ASSERT(filename && errstream);
-
-  // Services don't have stdout/stderr on Windows, so _fileno returns -1.
-  err_fd= _fileno(errstream);
-  if (err_fd < 0)
-  {
-    if (!freopen(filename, "a+", errstream))
-      return TRUE;
-
-    setbuf(errstream, NULL);
-    err_fd= _fileno(errstream);
-  }
-
-  if (outstream)
-  {
-    out_fd= _fileno(outstream);
-    if (out_fd < 0)
-    {
-      if (!freopen(filename, "a+", outstream))
-        return TRUE;
-      out_fd= _fileno(outstream);
-    }
-  }
-
-  if ((osfh= CreateFile(filename, GENERIC_READ | GENERIC_WRITE,
-                        FILE_SHARE_READ | FILE_SHARE_WRITE |
-                        FILE_SHARE_DELETE, NULL,
-                        OPEN_ALWAYS, FILE_ATTRIBUTE_NORMAL,
-                        NULL)) == INVALID_HANDLE_VALUE)
+  if (outstream && !my_freopen(filename, "a", outstream))
     return TRUE;
 
-  if ((handle_fd= _open_osfhandle((intptr_t)osfh,
-                                  _O_APPEND | _O_TEXT)) == -1)
-  {
-    CloseHandle(osfh);
+  if (errstream && !my_freopen(filename, "a", errstream))
     return TRUE;
-  }
 
-  if (_dup2(handle_fd, err_fd) < 0)
-  {
-    CloseHandle(osfh);
-    return TRUE;
-  }
-
-  if (outstream && _dup2(handle_fd, out_fd) < 0)
-  {
-    CloseHandle(osfh);
-    return TRUE;
-  }
-
-  _close(handle_fd);
-  return FALSE;
-}
-#else
-extern "C" my_bool reopen_fstreams(const char *filename,
-                                   FILE *outstream, FILE *errstream)
-{
-  if (outstream && !freopen(filename, "a+", outstream))
-    return TRUE;
-
-  if (errstream && !freopen(filename, "a+", errstream))
-    return TRUE;
+  /* The error stream must be unbuffered. */
+  if (errstream)
+    setbuf(errstream, NULL);
 
   return FALSE;
 }
-#endif
 
 
 /*
-- 
cgit v1.2.1


From 0a7cfad0804ab912d185c9478872b990783932bd Mon Sep 17 00:00:00 2001
From: Jan Wedvik 
Date: Tue, 11 Jan 2011 12:09:54 +0100
Subject: Fix for bug#58553, "Queries with pushed conditions causes 'explain
 extended' to crash mysqld".

handler::pushed_cond was not always properly reset when table objects where
recycled via the table cache.

handler::pushed_cond is now set to NULL in handler::ha_reset(). This should
prevent pushed conditions from (incorrectly) re-apperaring in later queries.
---
 sql/handler.cc    | 1 +
 sql/sql_base.cc   | 5 +++++
 sql/sql_select.cc | 1 -
 3 files changed, 6 insertions(+), 1 deletion(-)

(limited to 'sql')

diff --git a/sql/handler.cc b/sql/handler.cc
index ce4e4a9e3a9..711d2942ce0 100644
--- a/sql/handler.cc
+++ b/sql/handler.cc
@@ -4657,6 +4657,7 @@ int handler::ha_reset()
   free_io_cache(table);
   /* reset the bitmaps to point to defaults */
   table->default_column_bitmaps();
+  pushed_cond= NULL;
   DBUG_RETURN(reset());
 }
 
diff --git a/sql/sql_base.cc b/sql/sql_base.cc
index 13876b8b331..f609a073161 100644
--- a/sql/sql_base.cc
+++ b/sql/sql_base.cc
@@ -2993,6 +2993,11 @@ TABLE *open_table(THD *thd, TABLE_LIST *table_list, MEM_ROOT *mem_root,
   table->insert_values= 0;
   table->fulltext_searched= 0;
   table->file->ft_handler= 0;
+  /*
+    Check that there is no reference to a condtion from an earlier query
+    (cf. Bug#58553). 
+  */
+  DBUG_ASSERT(table->file->pushed_cond == NULL);
   table->reginfo.impossible_range= 0;
   /* Catch wrong handling of the auto_increment_field_not_null. */
   DBUG_ASSERT(!table->auto_increment_field_not_null);
diff --git a/sql/sql_select.cc b/sql/sql_select.cc
index 9e0a82aa342..067f3cfc95d 100644
--- a/sql/sql_select.cc
+++ b/sql/sql_select.cc
@@ -6380,7 +6380,6 @@ make_join_select(JOIN *join,SQL_SELECT *select,COND *cond)
           tab->select_cond=sel->cond=tmp;
           /* Push condition to storage engine if this is enabled
              and the condition is not guarded */
-          tab->table->file->pushed_cond= NULL;
 	  if (thd->variables.engine_condition_pushdown)
           {
             COND *push_cond= 
-- 
cgit v1.2.1


From 0fd846bad057cc205a5b5742c0d8c61c7c73c7f6 Mon Sep 17 00:00:00 2001
From: Dmitry Shulga 
Date: Tue, 11 Jan 2011 21:18:25 +0600
Subject: Fixed Bug#58887	- server not throwing "Packet too large" error
 if max_allowed_packet >= 16M.

This bug was introduced by patch for bug#42503.

This patch restores behaviour that there was before patch
for bug#42503 was applied.

sql/net_serv.cc:
  Restored original right condition.
---
 sql/net_serv.cc | 12 +-----------
 1 file changed, 1 insertion(+), 11 deletions(-)

(limited to 'sql')

diff --git a/sql/net_serv.cc b/sql/net_serv.cc
index d2d3b1903a2..0c559f5619d 100644
--- a/sql/net_serv.cc
+++ b/sql/net_serv.cc
@@ -170,17 +170,7 @@ my_bool net_realloc(NET *net, size_t length)
   DBUG_ENTER("net_realloc");
   DBUG_PRINT("enter",("length: %lu", (ulong) length));
 
-  /*
-    When compression is off, net->where_b is always 0.
-    With compression turned on, net->where_b may indicate
-    that we still have a piece of the previous logical
-    packet in the buffer, unprocessed. Take it into account
-    when checking that max_allowed_packet is not exceeded.
-    This ensures that the client treats max_allowed_packet
-    limit identically, regardless of compression being on
-    or off.
-  */
-  if (length >= (net->max_packet_size + net->where_b))
+  if (length >= net->max_packet_size)
   {
     DBUG_PRINT("error", ("Packet too large. Max size: %lu",
                          net->max_packet_size));
-- 
cgit v1.2.1


From 3c5662c1951f59295a41b05274ed0be793b01843 Mon Sep 17 00:00:00 2001
From: Martin Hansson 
Date: Wed, 12 Jan 2011 09:55:31 +0100
Subject: Bug#58207: invalid memory reads when using default column value and
 tmptable needed

The function DEFAULT() works by modifying the the data buffer pointers (often
referred to as 'record' or 'table record') of its argument. This modification
is done during name resolution (fix_fields().) Unfortunately, the same
modification is done when creating a temporary table, because default values
need to propagate to the new table.

Fixed by skipping the pointer modification for fields that are arguments to
the DEFAULT function.
---
 sql/sql_select.cc | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

(limited to 'sql')

diff --git a/sql/sql_select.cc b/sql/sql_select.cc
index 067f3cfc95d..8cc2ec6a0f8 100644
--- a/sql/sql_select.cc
+++ b/sql/sql_select.cc
@@ -9816,7 +9816,12 @@ Field *create_tmp_field(THD *thd, TABLE *table,Item *item, Item::Type type,
                                           convert_blob_length);
     if (orig_type == Item::REF_ITEM && orig_modify)
       ((Item_ref*)orig_item)->set_result_field(result);
-    if (field->field->eq_def(result))
+    /*
+      Fields that are used as arguments to the DEFAULT() function already have
+      their data pointers set to the default value during name resulotion. See
+      Item_default_value::fix_fields.
+    */
+    if (orig_type != Item::DEFAULT_VALUE_ITEM && field->field->eq_def(result))
       *default_field= field->field;
     return result;
   }
-- 
cgit v1.2.1


From 651313bf91d7771831de7228bb4130f0ac64c33a Mon Sep 17 00:00:00 2001
From: Oystein Grovlen 
Date: Wed, 12 Jan 2011 10:37:15 +0100
Subject: Bug#59211: Select Returns Different Value for min(year) Function

get_year_value() contains code to convert 2-digits year to
4-digits.  The fix for Bug#49910 added a check on the size of
the underlying field so that this conversion is not done for
YEAR(4) values. (Since otherwise one would convert invalid
YEAR(4) values to valid ones.)

The existing check does not work when Item_cache is used, since
it is not detected when the cache is based on a Field.  The
reported change in behavior is due to Bug#58030 which added
extra cached items in min/max computations.

The elegant solution would be to implement
Item_cache::real_item() to return the underlying Item.
However, some side effects are observed (change in explain
output) that indicates that such a change is not straight-
forward, and definitely not appropriate for an MRU.

Instead, a Item_cache::field() method has been added in order
to get access to the underlying field.  (This field() method
eliminates the need for Item_cache::eq_def() used in
test_if_ref(), but in order to limit the scope of this fix,
that code has been left as is.)


mysql-test/r/type_year.result:
  Added test case for Bug#59211.
mysql-test/t/type_year.test:
  Added test case for Bug#59211.
sql/item.h:
  Added function Item_cache::field() to get access to the
  underlying Field of a cached field Value.
sql/item_cmpfunc.cc:
  Also check underlying fields of Item_cache, not just Item_Field,
  when checking whether the value is of type YEAR(4) or not.
---
 sql/item.h          | 13 ++++++++++---
 sql/item_cmpfunc.cc |  9 ++++++---
 2 files changed, 16 insertions(+), 6 deletions(-)

(limited to 'sql')

diff --git a/sql/item.h b/sql/item.h
index eb809ca410f..fdf8d4906d1 100644
--- a/sql/item.h
+++ b/sql/item.h
@@ -2960,11 +2960,10 @@ class Item_cache: public Item_basic_constant
 protected:
   Item *example;
   table_map used_table_map;
-  /*
-    Field that this object will get value from. This is set/used by 
+  /**
+    Field that this object will get value from. This is used by 
     index-based subquery engines to detect and remove the equality injected 
     by IN->EXISTS transformation.
-    For all other uses of Item_cache, cached_field doesn't matter.
   */  
   Field *cached_field;
   enum enum_field_types cached_field_type;
@@ -3021,6 +3020,14 @@ public:
   {
     return this == item;
   }
+
+  /** 
+    If this item caches a field value, return pointer to underlying field.
+
+    @return Pointer to field, or NULL if this is not a cache for a field value.
+  */
+  Field* field() { return cached_field; }
+
   virtual void store(Item *item);
   virtual bool cache_value()= 0;
 };
diff --git a/sql/item_cmpfunc.cc b/sql/item_cmpfunc.cc
index d2e1ebbb3a1..4f2034ae902 100644
--- a/sql/item_cmpfunc.cc
+++ b/sql/item_cmpfunc.cc
@@ -1196,9 +1196,12 @@ get_year_value(THD *thd, Item ***item_arg, Item **cache_arg,
          value of 2000.
   */
   Item *real_item= item->real_item();
-  if (!(real_item->type() == Item::FIELD_ITEM &&
-        ((Item_field *)real_item)->field->type() == MYSQL_TYPE_YEAR &&
-        ((Item_field *)real_item)->field->field_length == 4))
+  Field *field= NULL;
+  if (real_item->type() == Item::FIELD_ITEM)
+    field= ((Item_field *)real_item)->field;
+  else if (real_item->type() == Item::CACHE_ITEM)
+    field= ((Item_cache *)real_item)->field();
+  if (!(field && field->type() == MYSQL_TYPE_YEAR && field->field_length == 4))
   {
     if (value < 70)
       value+= 100;
-- 
cgit v1.2.1


From 599457ae2c99944dc9c3a0de6a6792a437abfe7e Mon Sep 17 00:00:00 2001
From: Dmitry Lenev 
Date: Wed, 12 Jan 2011 16:08:30 +0300
Subject: Fix for bug #58499 "DEFINER-security view selecting from
 INVOKER-security view access check wrong".

When privilege checks were done for tables used from an
INVOKER-security view which in its turn was used from
a DEFINER-security view connection's active security
context was incorrectly used instead of security context
with privileges of the second view's creator.

This meant that users which had enough rights to access
the DEFINER-security view and as result were supposed to
be able successfully access it were unable to do so in
cases when they didn't have privileges on underlying tables
of the INVOKER-security view.

This problem was caused by the fact that for INVOKER-security
views TABLE_LIST::security_ctx member for underlying tables
were set to 0 even in cases when particular view was used from
another DEFINER-security view. This meant that when checks of
privileges on these underlying tables was done in
setup_tables_and_check_access() active connection security
context was used instead of context corresponding to the
creator of caller view.

This fix addresses the problem by ensuring that underlying
tables of an INVOKER-security view inherit security context
from the view and thus correct security context is used for
privilege checks on underlying tables in cases when such view
is used from another view with DEFINER-security.

mysql-test/r/view_grant.result:
  Added coverage for various combinations of DEFINER and
  INVOKER-security views, including test for bug #58499
  "DEFINER-security view selecting from INVOKER-security
  view access check wrong".
mysql-test/t/view_grant.test:
  Added coverage for various combinations of DEFINER and
  INVOKER-security views, including test for bug #58499
  "DEFINER-security view selecting from INVOKER-security
  view access check wrong".
sql/sql_view.cc:
  When opening a non-suid view ensure that its underlying
  tables will get the same security context as use for
  checking privileges on the view, i.e. security context
  of view invoker. This context can be different from the
  security context which is currently active for connection
  in cases when this non-suid view is used from a view with
  suid security. Inheriting security context in such situation
  allows correctly apply privileges of creator of suid view
  in checks for tables of non-suid view (since in this
  situation creator/definer of suid view serves as invoker
  for non-suid view).
---
 sql/sql_view.cc | 42 ++++++++++++++++++++++++++++--------------
 1 file changed, 28 insertions(+), 14 deletions(-)

(limited to 'sql')

diff --git a/sql/sql_view.cc b/sql/sql_view.cc
index 6cb4f590ae0..a25ef931344 100644
--- a/sql/sql_view.cc
+++ b/sql/sql_view.cc
@@ -1255,6 +1255,7 @@ bool mysql_make_view(THD *thd, File_parser *parser, TABLE_LIST *table,
     TABLE_LIST *view_tables= lex->query_tables;
     TABLE_LIST *view_tables_tail= 0;
     TABLE_LIST *tbl;
+    Security_context *security_ctx;
 
     /*
       Check rights to run commands (EXPLAIN SELECT & SHOW CREATE) which show
@@ -1396,26 +1397,39 @@ bool mysql_make_view(THD *thd, File_parser *parser, TABLE_LIST *table,
     if (table->view_suid)
     {
       /*
-        Prepare a security context to check underlying objects of the view
+        For suid views prepare a security context for checking underlying
+        objects of the view.
       */
       if (!(table->view_sctx= (Security_context *)
             thd->stmt_arena->alloc(sizeof(Security_context))))
         goto err;
-      /* Assign the context to the tables referenced in the view */
-      if (view_tables)
-      {
-        DBUG_ASSERT(view_tables_tail);
-        for (tbl= view_tables; tbl != view_tables_tail->next_global;
-             tbl= tbl->next_global)
-          tbl->security_ctx= table->view_sctx;
-      }
-      /* assign security context to SELECT name resolution contexts of view */
-      for(SELECT_LEX *sl= lex->all_selects_list;
-          sl;
-          sl= sl->next_select_in_list())
-        sl->context.security_ctx= table->view_sctx;
+      security_ctx= table->view_sctx;
+    }
+    else
+    {
+      /*
+        For non-suid views inherit security context from view's table list.
+        This allows properly handle situation when non-suid view is used
+        from within suid view.
+      */
+      security_ctx= table->security_ctx;
+    }
+
+    /* Assign the context to the tables referenced in the view */
+    if (view_tables)
+    {
+      DBUG_ASSERT(view_tables_tail);
+      for (tbl= view_tables; tbl != view_tables_tail->next_global;
+           tbl= tbl->next_global)
+        tbl->security_ctx= security_ctx;
     }
 
+    /* assign security context to SELECT name resolution contexts of view */
+    for(SELECT_LEX *sl= lex->all_selects_list;
+        sl;
+        sl= sl->next_select_in_list())
+      sl->context.security_ctx= security_ctx;
+
     /*
       Setup an error processor to hide error messages issued by stored
       routines referenced in the view
-- 
cgit v1.2.1


From 33c78e328f4d8238b7b53c246e28bb44a97ee3c0 Mon Sep 17 00:00:00 2001
From: Alexey Botchkov 
Date: Wed, 12 Jan 2011 17:02:41 +0400
Subject: Bug #57321 crashes and valgrind errors from spatial types        
 Item_func_spatial_collection::fix_length_and_dec didn't call parent's method,
 so         the maybe_null was set to '0' after it. But in this case the
 result was         just NULL, that caused wrong behaviour.

per-file comments:
  mysql-test/r/gis.result
Bug #57321 crashes and valgrind errors from spatial types
        test result updated.

  mysql-test/t/gis.test
Bug #57321 crashes and valgrind errors from spatial types
        test case added.
  sql/item_geofunc.h
Bug #57321 crashes and valgrind errors from spatial types
        Item_func_geometry::fix_length_and_dec() called in
        Item_func_spatial_collection::fix_length_and_dec().
---
 sql/item_geofunc.h | 1 +
 1 file changed, 1 insertion(+)

(limited to 'sql')

diff --git a/sql/item_geofunc.h b/sql/item_geofunc.h
index b3ecbc39933..08161badfd3 100644
--- a/sql/item_geofunc.h
+++ b/sql/item_geofunc.h
@@ -177,6 +177,7 @@ public:
   String *val_str(String *);
   void fix_length_and_dec()
   {
+    Item_geometry_func::fix_length_and_dec();
     for (unsigned int i= 0; i < arg_count; ++i)
     {
       if (args[i]->fixed && args[i]->field_type() != MYSQL_TYPE_GEOMETRY)
-- 
cgit v1.2.1


From de3c4428b8c759e85631d8d70b5845c872de5400 Mon Sep 17 00:00:00 2001
From: Karen Langford 
Date: Tue, 25 Jan 2011 15:42:40 +0100
Subject: Updating header copyright/README in source for 2011

---
 sql/handler.cc      | 2 +-
 sql/item.h          | 2 +-
 sql/item_cmpfunc.cc | 2 +-
 sql/item_geofunc.h  | 2 +-
 sql/log.cc          | 2 +-
 sql/net_serv.cc     | 2 +-
 sql/sql_base.cc     | 2 +-
 sql/sql_select.cc   | 2 +-
 sql/sql_show.cc     | 2 +-
 sql/sql_view.cc     | 2 +-
 10 files changed, 10 insertions(+), 10 deletions(-)

(limited to 'sql')

diff --git a/sql/handler.cc b/sql/handler.cc
index 711d2942ce0..5968a78b587 100644
--- a/sql/handler.cc
+++ b/sql/handler.cc
@@ -1,4 +1,4 @@
-/* Copyright 2000-2008 MySQL AB, 2008 Sun Microsystems, Inc.
+/* Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
diff --git a/sql/item.h b/sql/item.h
index 866d620d9d7..8568e89542e 100644
--- a/sql/item.h
+++ b/sql/item.h
@@ -1,4 +1,4 @@
-/* Copyright (c) 2000, 2010, Oracle and/or its affiliates. All rights reserved.
+/* Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
diff --git a/sql/item_cmpfunc.cc b/sql/item_cmpfunc.cc
index 4f2034ae902..df5ed7f38de 100644
--- a/sql/item_cmpfunc.cc
+++ b/sql/item_cmpfunc.cc
@@ -1,4 +1,4 @@
-/* Copyright (c) 2000, 2010, Oracle and/or its affiliates. All rights reserved.
+/* Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
diff --git a/sql/item_geofunc.h b/sql/item_geofunc.h
index 08161badfd3..0a6e8d03a46 100644
--- a/sql/item_geofunc.h
+++ b/sql/item_geofunc.h
@@ -1,4 +1,4 @@
-/* Copyright (C) 2000-2003 MySQL AB
+/* Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved.
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
diff --git a/sql/log.cc b/sql/log.cc
index 23182fa1902..17642696e7d 100644
--- a/sql/log.cc
+++ b/sql/log.cc
@@ -1,4 +1,4 @@
-/* Copyright 2000-2008 MySQL AB, 2008 Sun Microsystems, Inc.
+/* Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
diff --git a/sql/net_serv.cc b/sql/net_serv.cc
index 0c559f5619d..e45d57e57dc 100644
--- a/sql/net_serv.cc
+++ b/sql/net_serv.cc
@@ -1,4 +1,4 @@
-/* Copyright (c) 2000, 2010, Oracle and/or its affiliates. All rights reserved.
+/* Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
diff --git a/sql/sql_base.cc b/sql/sql_base.cc
index 995520ab16f..9765148cda1 100644
--- a/sql/sql_base.cc
+++ b/sql/sql_base.cc
@@ -1,4 +1,4 @@
-/* Copyright (c) 2000, 2010, Oracle and/or its affiliates. All rights reserved.
+/* Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
diff --git a/sql/sql_select.cc b/sql/sql_select.cc
index 8cc2ec6a0f8..95378db80d1 100644
--- a/sql/sql_select.cc
+++ b/sql/sql_select.cc
@@ -1,4 +1,4 @@
-/* Copyright (c) 2000, 2010, Oracle and/or its affiliates. All rights reserved.
+/* Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
diff --git a/sql/sql_show.cc b/sql/sql_show.cc
index cf6a34d4ef5..1524a8fb87f 100644
--- a/sql/sql_show.cc
+++ b/sql/sql_show.cc
@@ -1,4 +1,4 @@
-/* Copyright (c) 2000, 2010, Oracle and/or its affiliates. All rights reserved.
+/* Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
diff --git a/sql/sql_view.cc b/sql/sql_view.cc
index a25ef931344..ab6da7c1925 100644
--- a/sql/sql_view.cc
+++ b/sql/sql_view.cc
@@ -1,4 +1,4 @@
-/* Copyright (C) 2004 MySQL AB
+/* Copyright (c) 2004, 2011, Oracle and/or its affiliates. All rights reserved.
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
-- 
cgit v1.2.1