From 842b9cc4bd4e9c615055de0cbe204ab22fd119c8 Mon Sep 17 00:00:00 2001 From: Sergey Glukhov Date: Thu, 27 Nov 2008 16:41:25 +0400 Subject: Bug#40365 Prepared statements may insert invalid dates. set DATE|DATETIME value to 0 if ALLOW_INVALID_DATES sql_mode is not enabled. sql/field.cc: set DATE|DATETIME value to 0 if ALLOW_INVALID_DATES sql_mode is not enabled. tests/mysql_client_test.c: test case --- tests/mysql_client_test.c | 81 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 81 insertions(+) (limited to 'tests') diff --git a/tests/mysql_client_test.c b/tests/mysql_client_test.c index 9270a2a9d60..a9ec7eb358a 100644 --- a/tests/mysql_client_test.c +++ b/tests/mysql_client_test.c @@ -16218,7 +16218,87 @@ static void test_bug38486(void) DBUG_VOID_RETURN; } +static void test_bug40365(void) +{ + uint rc, i, count= 1; + MYSQL_STMT *stmt= 0; + MYSQL_BIND my_bind[2]; + my_bool is_null[2]= {0}; + MYSQL_TIME tm[2]; + + DBUG_ENTER("test_bug40365"); + + rc= mysql_query(mysql, "DROP TABLE IF EXISTS t1"); + myquery(rc); + rc= mysql_query(mysql, "CREATE TABLE t1(c1 DATETIME, \ + c2 DATE)"); + myquery(rc); + + stmt= mysql_simple_prepare(mysql, "INSERT INTO t1 VALUES(?, ?)"); + check_stmt(stmt); + verify_param_count(stmt, 2); + + bzero((char*) my_bind, sizeof(my_bind)); + my_bind[0].buffer_type= MYSQL_TYPE_DATETIME; + my_bind[1].buffer_type= MYSQL_TYPE_DATE; + for (i= 0; i < (int) array_elements(my_bind); i++) + { + my_bind[i].buffer= (void *) &tm[i]; + my_bind[i].is_null= &is_null[i]; + } + + rc= mysql_stmt_bind_param(stmt, my_bind); + check_execute(stmt, rc); + + for (i= 0; i < (int) array_elements(my_bind); i++) + { + tm[i].neg= 0; + tm[i].second_part= 0; + tm[i].year= 2009; + tm[i].month= 2; + tm[i].day= 29; + tm[i].hour= 0; + tm[i].minute= 0; + tm[i].second= 0; + } + rc= mysql_stmt_execute(stmt); + check_execute(stmt, rc); + + rc= mysql_commit(mysql); + myquery(rc); + mysql_stmt_close(stmt); + + stmt= mysql_simple_prepare(mysql, "SELECT * FROM t1"); + check_stmt(stmt); + + rc= mysql_stmt_bind_result(stmt, my_bind); + check_execute(stmt, rc); + + rc= mysql_stmt_execute(stmt); + check_execute(stmt, rc); + + rc= mysql_stmt_store_result(stmt); + check_execute(stmt, rc); + rc= mysql_stmt_fetch(stmt); + check_execute(stmt, rc); + + if (!opt_silent) + fprintf(stdout, "\n"); + + for (i= 0; i < array_elements(my_bind); i++) + { + if (!opt_silent) + fprintf(stdout, "\ntime[%d]: %02d-%02d-%02d ", + i, tm[i].year, tm[i].month, tm[i].day); + DIE_UNLESS(tm[i].year == 0); + DIE_UNLESS(tm[i].month == 0); + DIE_UNLESS(tm[i].day == 0); + } + mysql_stmt_close(stmt); + + DBUG_VOID_RETURN; +} /* Read and parse arguments and MySQL options from my.cnf */ @@ -16514,6 +16594,7 @@ static struct my_tests_st my_tests[]= { { "test_bug31669", test_bug31669 }, { "test_bug32265", test_bug32265 }, { "test_bug38486", test_bug38486 }, + { "test_bug40365", test_bug40365 }, { 0, 0 } }; -- cgit v1.2.1 From 3abcbf2729ce730fccfd0d4cc8709195cc770254 Mon Sep 17 00:00:00 2001 From: Sergey Glukhov Date: Thu, 27 Nov 2008 18:26:22 +0400 Subject: removed unused variable --- tests/mysql_client_test.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'tests') diff --git a/tests/mysql_client_test.c b/tests/mysql_client_test.c index a9ec7eb358a..ee3a053f8bd 100644 --- a/tests/mysql_client_test.c +++ b/tests/mysql_client_test.c @@ -16220,7 +16220,7 @@ static void test_bug38486(void) static void test_bug40365(void) { - uint rc, i, count= 1; + uint rc, i; MYSQL_STMT *stmt= 0; MYSQL_BIND my_bind[2]; my_bool is_null[2]= {0}; -- cgit v1.2.1 From c700b4cfab73ca9e88d6167913064e787aca646b Mon Sep 17 00:00:00 2001 From: Sergey Glukhov Date: Wed, 10 Dec 2008 18:13:11 +0400 Subject: Bug#37956 memory leak and / or crash with geometry and prepared statements! Bug#37671 crash on prepared statement + cursor + geometry + too many open files! if mysql_execute_command() returns error then free materialized_cursor object. is_rnd_inited is added to satisfy rnd_end() assertion (handler may be uninitialized in some cases) sql/sql_cursor.cc: if mysql_execute_command() returns error then free materialized_cursor object. is_rnd_inited is added to satisfy rnd_end() assertion (handler may be uninitialized in some cases) sql/sql_select.cc: added result check tests/mysql_client_test.c: test case --- tests/mysql_client_test.c | 54 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 54 insertions(+) (limited to 'tests') diff --git a/tests/mysql_client_test.c b/tests/mysql_client_test.c index ee3a053f8bd..ea4d363bdac 100644 --- a/tests/mysql_client_test.c +++ b/tests/mysql_client_test.c @@ -15899,6 +15899,59 @@ static void test_bug28934() } +/** + Bug#37956 memory leak and / or crash with geometry and prepared statements! +*/ + +static void test_bug37956(void) +{ + const char *query="select point(?,?)"; + MYSQL_STMT *stmt=NULL; + unsigned int val=0; + MYSQL_BIND bind_param[2]; + unsigned char buff[2]= { 134, 211 }; + DBUG_ENTER("test_bug37956"); + myheader("test_bug37956"); + + stmt= mysql_simple_prepare(mysql, query); + check_stmt(stmt); + + val=1; + mysql_stmt_attr_set(stmt, STMT_ATTR_UPDATE_MAX_LENGTH, (void *)&val); + val=CURSOR_TYPE_READ_ONLY; + mysql_stmt_attr_set(stmt, STMT_ATTR_CURSOR_TYPE, (void *)&val); + val=0; + mysql_stmt_attr_set(stmt, STMT_ATTR_PREFETCH_ROWS, (void *)&val); + + memset(bind_param, 0, sizeof(bind_param)); + bind_param[0].buffer_type=MYSQL_TYPE_TINY; + bind_param[0].buffer= (void *)buff; + bind_param[0].is_null=NULL; + bind_param[0].error=NULL; + bind_param[0].is_unsigned=1; + bind_param[1].buffer_type=MYSQL_TYPE_TINY; + bind_param[1].buffer= (void *)(buff+1); + bind_param[1].is_null=NULL; + bind_param[1].error=NULL; + bind_param[1].is_unsigned=1; + + if (mysql_stmt_bind_param(stmt, bind_param)) + { + mysql_stmt_close(stmt); + DIE_UNLESS(0); + } + + if (mysql_stmt_execute(stmt)) + { + mysql_stmt_close(stmt); + DBUG_VOID_RETURN; + } + /* Should never reach here: execution returns an error. */ + mysql_stmt_close(stmt); + DIE_UNLESS(0); + DBUG_VOID_RETURN; +} + /* Bug#27592 (stack overrun when storing datetime value using prepared statements) */ @@ -16595,6 +16648,7 @@ static struct my_tests_st my_tests[]= { { "test_bug32265", test_bug32265 }, { "test_bug38486", test_bug38486 }, { "test_bug40365", test_bug40365 }, + { "test_bug37956", test_bug37956 }, { 0, 0 } }; -- cgit v1.2.1 From c4e4ac1249188bd6effaaf234b77d1660e9f2d6e Mon Sep 17 00:00:00 2001 From: Sergey Glukhov Date: Thu, 11 Dec 2008 12:57:59 +0400 Subject: disable bug37956 test if geometry package is not enabled --- tests/mysql_client_test.c | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'tests') diff --git a/tests/mysql_client_test.c b/tests/mysql_client_test.c index ea4d363bdac..79d188c252c 100644 --- a/tests/mysql_client_test.c +++ b/tests/mysql_client_test.c @@ -15899,6 +15899,7 @@ static void test_bug28934() } +#ifdef HAVE_SPATIAL /** Bug#37956 memory leak and / or crash with geometry and prepared statements! */ @@ -15951,6 +15952,7 @@ static void test_bug37956(void) DIE_UNLESS(0); DBUG_VOID_RETURN; } +#endif /* Bug#27592 (stack overrun when storing datetime value using prepared statements) @@ -16648,7 +16650,9 @@ static struct my_tests_st my_tests[]= { { "test_bug32265", test_bug32265 }, { "test_bug38486", test_bug38486 }, { "test_bug40365", test_bug40365 }, +#ifdef HAVE_SPATIAL { "test_bug37956", test_bug37956 }, +#endif { 0, 0 } }; -- cgit v1.2.1 From 3b3594b6d530265758993dc7f376aa9b91c21a49 Mon Sep 17 00:00:00 2001 From: Sergey Glukhov Date: Thu, 11 Dec 2008 14:37:18 +0400 Subject: fix for pushbuild failure on 64 linux --- tests/mysql_client_test.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'tests') diff --git a/tests/mysql_client_test.c b/tests/mysql_client_test.c index 79d188c252c..50f03a1a086 100644 --- a/tests/mysql_client_test.c +++ b/tests/mysql_client_test.c @@ -15908,7 +15908,7 @@ static void test_bug37956(void) { const char *query="select point(?,?)"; MYSQL_STMT *stmt=NULL; - unsigned int val=0; + ulong val=0; MYSQL_BIND bind_param[2]; unsigned char buff[2]= { 134, 211 }; DBUG_ENTER("test_bug37956"); -- cgit v1.2.1 From a9aaa09b212d9275f79a557fc9f09b161490b79b Mon Sep 17 00:00:00 2001 From: Davi Arnaut Date: Tue, 13 Jan 2009 20:07:06 -0200 Subject: Bug#36326: nested transaction and select The problem is that the query cache stores packets containing the server status of the time when the cached statement was run. This might lead to a wrong transaction status in the client side if a statement is cached during a transaction and is later served outside a transaction context (and vice-versa). The solution is to take into account the transaction status when storing in and serving from the query cache. mysql-test/r/innodb_cache.result: Update test case result. mysql-test/r/query_cache.result: Add test case result for Bug#36326 mysql-test/t/query_cache.test: Add test case for Bug#36326 sql/mysql_priv.h: Add new flags. sql/sql_cache.cc: Remember the transaction and autocommit status stored in the packet. tests/mysql_client_test.c: Add test case for Bug#36326 --- tests/mysql_client_test.c | 60 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 60 insertions(+) (limited to 'tests') diff --git a/tests/mysql_client_test.c b/tests/mysql_client_test.c index 50f03a1a086..0fddffebf82 100644 --- a/tests/mysql_client_test.c +++ b/tests/mysql_client_test.c @@ -16354,6 +16354,63 @@ static void test_bug40365(void) DBUG_VOID_RETURN; } + + +/** + Bug#36326: nested transaction and select +*/ + +#ifdef HAVE_QUERY_CACHE + +static void test_bug36326() +{ + int rc; + + DBUG_ENTER("test_bug36326"); + myheader("test_bug36326"); + + rc= mysql_autocommit(mysql, TRUE); + myquery(rc); + rc= mysql_query(mysql, "DROP TABLE IF EXISTS t1"); + myquery(rc); + rc= mysql_query(mysql, "CREATE TABLE t1 (a INTEGER)"); + myquery(rc); + rc= mysql_query(mysql, "INSERT INTO t1 VALUES (1)"); + myquery(rc); + rc= mysql_query(mysql, "SET GLOBAL query_cache_type = 1"); + myquery(rc); + rc= mysql_query(mysql, "SET GLOBAL query_cache_size = 1048576"); + myquery(rc); + DIE_UNLESS(!(mysql->server_status & SERVER_STATUS_IN_TRANS)); + DIE_UNLESS(mysql->server_status & SERVER_STATUS_AUTOCOMMIT); + rc= mysql_query(mysql, "BEGIN"); + myquery(rc); + DIE_UNLESS(mysql->server_status & SERVER_STATUS_IN_TRANS); + rc= mysql_query(mysql, "SELECT * FROM t1"); + myquery(rc); + rc= my_process_result(mysql); + DIE_UNLESS(rc == 1); + rc= mysql_rollback(mysql); + myquery(rc); + rc= mysql_query(mysql, "ROLLBACK"); + myquery(rc); + DIE_UNLESS(!(mysql->server_status & SERVER_STATUS_IN_TRANS)); + rc= mysql_query(mysql, "SELECT * FROM t1"); + myquery(rc); + DIE_UNLESS(!(mysql->server_status & SERVER_STATUS_IN_TRANS)); + rc= my_process_result(mysql); + DIE_UNLESS(rc == 1); + rc= mysql_query(mysql, "DROP TABLE t1"); + myquery(rc); + rc= mysql_query(mysql, "SET GLOBAL query_cache_size = 0"); + myquery(rc); + + DBUG_VOID_RETURN; +} + +#endif + + /* Read and parse arguments and MySQL options from my.cnf */ @@ -16652,6 +16709,9 @@ static struct my_tests_st my_tests[]= { { "test_bug40365", test_bug40365 }, #ifdef HAVE_SPATIAL { "test_bug37956", test_bug37956 }, +#endif +#ifdef HAVE_QUERY_CACHE + { "test_bug36326", test_bug36326 }, #endif { 0, 0 } }; -- cgit v1.2.1 From 074b4bad3e501dcff8b0eff746d16c048d794a26 Mon Sep 17 00:00:00 2001 From: Alexey Kopytov Date: Thu, 19 Feb 2009 11:49:35 +0300 Subject: Fix for bug #41078: With CURSOR_TYPE_READ_ONLY mysql_stmt_fetch() returns short string value. Multibyte character sets were not taken into account when calculating max_length in Item_param::convert_str_value(). As a result, string parameters of a prepared statement could be truncated later when calculating string length in characters by dividing length in bytes by the charset's mbmaxlen value (e.g. in Field_varstring::store()). Fixed by taking charset's mbmaxlen into account when calculating max_length in Item_param::convert_str_value(). sql/item.cc: Multiply string's length in characters by charset's mbmaxlen when calculating max_length. tests/mysql_client_test.c: Added a test case for bug #41078. --- tests/mysql_client_test.c | 64 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 64 insertions(+) (limited to 'tests') diff --git a/tests/mysql_client_test.c b/tests/mysql_client_test.c index 0fddffebf82..f848e93a5c6 100644 --- a/tests/mysql_client_test.c +++ b/tests/mysql_client_test.c @@ -16410,6 +16410,69 @@ static void test_bug36326() #endif +/** + Bug#41078: With CURSOR_TYPE_READ_ONLY mysql_stmt_fetch() returns short + string value. +*/ + +static void test_bug41078(void) +{ + uint rc; + MYSQL_STMT *stmt= 0; + MYSQL_BIND param, result; + ulong cursor_type= CURSOR_TYPE_READ_ONLY; + ulong len; + char str[64]; + const char param_str[]= "abcdefghijklmn"; + my_bool is_null, error; + + DBUG_ENTER("test_bug41078"); + + rc= mysql_query(mysql, "SET NAMES UTF8"); + myquery(rc); + + stmt= mysql_simple_prepare(mysql, "SELECT ?"); + check_stmt(stmt); + verify_param_count(stmt, 1); + + rc= mysql_stmt_attr_set(stmt, STMT_ATTR_CURSOR_TYPE, &cursor_type); + check_execute(stmt, rc); + + bzero(¶m, sizeof(param)); + param.buffer_type= MYSQL_TYPE_STRING; + param.buffer= (void *) param_str; + len= sizeof(param_str) - 1; + param.length= &len; + + rc= mysql_stmt_bind_param(stmt, ¶m); + check_execute(stmt, rc); + + rc= mysql_stmt_execute(stmt); + check_execute(stmt, rc); + + bzero(&result, sizeof(result)); + result.buffer_type= MYSQL_TYPE_STRING; + result.buffer= str; + result.buffer_length= sizeof(str); + result.is_null= &is_null; + result.length= &len; + result.error= &error; + + rc= mysql_stmt_bind_result(stmt, &result); + check_execute(stmt, rc); + + rc= mysql_stmt_store_result(stmt); + check_execute(stmt, rc); + + rc= mysql_stmt_fetch(stmt); + check_execute(stmt, rc); + + DIE_UNLESS(len == sizeof(param_str) - 1 && !strcmp(str, param_str)); + + mysql_stmt_close(stmt); + + DBUG_VOID_RETURN; +} /* Read and parse arguments and MySQL options from my.cnf @@ -16713,6 +16776,7 @@ static struct my_tests_st my_tests[]= { #ifdef HAVE_QUERY_CACHE { "test_bug36326", test_bug36326 }, #endif + { "test_bug41078", test_bug41078 }, { 0, 0 } }; -- cgit v1.2.1 From 877fedaacdaa743159cf5619c15aff1e5f7274e9 Mon Sep 17 00:00:00 2001 From: Ramil Kalimullin Date: Thu, 26 Feb 2009 12:34:15 +0400 Subject: Fix for bug#19829:make test Failed in mysql_client_test *with --with-charset=utf8* Problem: wrong LONG TEXT field length is sent to a client when multibyte server character set used. Fix: always limit field length sent to a client to 2^32, as we store it in 4 byte slot. Note: mysql_client_test changed accordingly. sql/protocol.cc: Fix for bug#19829:make test Failed in mysql_client_test *with --with-charset=utf8* - limit field length sent to client to UINT_MAX32 as it may exceeds 32 bit slot for LONG TEXT fields if thd_charset->mbmaxlen > 1. tests/mysql_client_test.c: Fix for bug#19829:make test Failed in mysql_client_test *with --with-charset=utf8* - checking field members have in mind that field length is limited to UINT_MAX32. --- tests/mysql_client_test.c | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) (limited to 'tests') diff --git a/tests/mysql_client_test.c b/tests/mysql_client_test.c index f848e93a5c6..7df84c600c9 100644 --- a/tests/mysql_client_test.c +++ b/tests/mysql_client_test.c @@ -714,6 +714,7 @@ static void do_verify_prepare_field(MYSQL_RES *result, { MYSQL_FIELD *field; CHARSET_INFO *cs; + ulonglong expected_field_length; if (!(field= mysql_fetch_field_direct(result, no))) { @@ -722,6 +723,8 @@ static void do_verify_prepare_field(MYSQL_RES *result, } cs= get_charset(field->charsetnr, 0); DIE_UNLESS(cs); + if ((expected_field_length= length * cs->mbmaxlen) > UINT_MAX32) + expected_field_length= UINT_MAX32; if (!opt_silent) { fprintf(stdout, "\n field[%d]:", no); @@ -736,8 +739,8 @@ static void do_verify_prepare_field(MYSQL_RES *result, fprintf(stdout, "\n org_table:`%s`\t(expected: `%s`)", field->org_table, org_table); fprintf(stdout, "\n database :`%s`\t(expected: `%s`)", field->db, db); - fprintf(stdout, "\n length :`%lu`\t(expected: `%lu`)", - field->length, length * cs->mbmaxlen); + fprintf(stdout, "\n length :`%lu`\t(expected: `%llu`)", + field->length, expected_field_length); fprintf(stdout, "\n maxlength:`%ld`", field->max_length); fprintf(stdout, "\n charsetnr:`%d`", field->charsetnr); fprintf(stdout, "\n default :`%s`\t(expected: `%s`)", @@ -773,11 +776,11 @@ static void do_verify_prepare_field(MYSQL_RES *result, as utf8. Field length is calculated as number of characters * maximum number of bytes a character can occupy. */ - if (length && field->length != length * cs->mbmaxlen) + if (length && (field->length != expected_field_length)) { - fprintf(stderr, "Expected field length: %d, got length: %d\n", - (int) (length * cs->mbmaxlen), (int) field->length); - DIE_UNLESS(field->length == length * cs->mbmaxlen); + fprintf(stderr, "Expected field length: %llu, got length: %lu\n", + expected_field_length, field->length); + DIE_UNLESS(field->length == expected_field_length); } if (def) DIE_UNLESS(strcmp(field->def, def) == 0); -- cgit v1.2.1