Commit ee2d0919 authored by Bjorn Munch's avatar Bjorn Munch

Merge from mysql-5.0.95-release

parents d3e3d103 af187dee
......@@ -8,6 +8,7 @@
*.core
*.d
*.da
*.dir
*.exe
*.gcda
*.gcno
......@@ -25,6 +26,7 @@
*.pdb
*.reject
*.res
*.rule
*.sbr
*.so
*.so.*
......@@ -32,13 +34,19 @@
*.user
*.vcproj
*.vcproj.cmake
*.vcxproj
*.vcxproj.filters
*/*.dir/*
Debug
MySql.sdf
Win32
*/*_pure_*warnings
*/.deps
*/.libs/*
*/.pure
*/debug/*
*/release/*
RelWithDebInfo
*~
.*.swp
./CMakeCache.txt
......@@ -83,6 +91,7 @@ BitKeeper/tmp/*
BitKeeper/tmp/bkr3sAHD
BitKeeper/tmp/gone
CMakeFiles/*
CMakeFiles
COPYING
COPYING.LIB
Docs/#manual.texi#
......
......@@ -119,7 +119,7 @@ bool String::set(ulonglong num, CHARSET_INFO *cs)
bool String::set(double num,uint decimals, CHARSET_INFO *cs)
{
char buff[331];
char buff[FLOATING_POINT_BUFFER];
uint dummy_errors;
str_charset=cs;
......@@ -188,7 +188,9 @@ end:
#else
#ifdef HAVE_SNPRINTF
buff[sizeof(buff)-1]=0; // Safety
snprintf(buff,sizeof(buff)-1, "%.*f",(int) decimals,num);
int num_chars= snprintf(buff, sizeof(buff)-1, "%.*f",(int) decimals, num);
DBUG_ASSERT(num_chars > 0);
DBUG_ASSERT(num_chars < (int) sizeof(buff));
#else
sprintf(buff,"%.*f",(int) decimals,num);
#endif
......
......@@ -216,6 +216,15 @@ extern int is_prefix(const char *, const char *);
double my_strtod(const char *str, char **end, int *error);
double my_atof(const char *nptr);
#ifndef NOT_FIXED_DEC
#define NOT_FIXED_DEC 31
#endif
/*
Max length of a floating point number.
*/
#define FLOATING_POINT_BUFFER (311 + NOT_FIXED_DEC)
extern char *llstr(longlong value,char *buff);
extern char *ullstr(longlong value,char *buff);
#ifndef HAVE_STRTOUL
......
......@@ -54,6 +54,9 @@ int mi_preload(MI_INFO *info, ulonglong key_map, my_bool ignore_leaves)
if (!keys || !mi_is_any_key_active(key_map) || key_file_length == pos)
DBUG_RETURN(0);
/* Preload into a non initialized key cache should never happen. */
DBUG_ASSERT(share->key_cache->key_cache_inited);
block_length= keyinfo[0].block_length;
if (ignore_leaves)
......
......@@ -368,3 +368,19 @@ Variable_name Value
key_cache_block_size 1536
SET GLOBAL key_cache_block_size= @bug28478_key_cache_block_size;
DROP TABLE t1;
#
# Bug#12361113: crash when load index into cache
#
# Note that this creates an empty disabled key cache!
SET GLOBAL key_cache_none.key_cache_block_size = 1024;
CREATE TABLE t1 (a INT, b INTEGER NOT NULL, KEY (b) ) ENGINE = MYISAM;
INSERT INTO t1 VALUES (1, 1);
CACHE INDEX t1 in key_cache_none;
ERROR HY000: Unknown key cache 'key_cache_none'
# The bug crashed the server at LOAD INDEX below. Now it will succeed
# since the default cache is used due to CACHE INDEX failed for
# key_cache_none.
LOAD INDEX INTO CACHE t1;
Table Op Msg_type Msg_text
test.t1 preload_keys status OK
DROP TABLE t1;
......@@ -407,4 +407,13 @@ SELECT f1 FROM t1;
f1
-1.79769313486231e+308
DROP TABLE t1;
#
# Bug#12406055 BUFFER OVERFLOW OF VARIABLE 'BUFF' IN STRING::SET_REAL
#
# Ignoring output from misc. float operations
select format(-1.7976931348623157E+307,256) as foo;
select least(-1.1111111111111111111111111,
- group_concat(1.7976931348623157E+308)) as foo;
select concat((truncate((-1.7976931348623157E+307),(0x1e))),
(99999999999999999999999999999999999999999999999999999999999999999)) into @a;
End of 5.0 tests
......@@ -1539,4 +1539,48 @@ select * from t1;
5.05 / 0.014
360.714286
DROP TABLE t1;
#
# Bug#12563865
# ROUNDED,TMP_BUF,DECIMAL_VALUE STACK CORRUPTION IN ALL VERSIONS >=5.0
#
SELECT substring(('M') FROM (999999999999999999999999999999999999999999999999999999999999999999999999999999999)) AS foo;
foo
Warnings:
Error 1292 Truncated incorrect DECIMAL value: ''
Error 1292 Truncated incorrect DECIMAL value: ''
SELECT min(999999999999999999999999999999999999999999999999999999999999999999999999999999999) AS foo;
foo
999999999999999999999999999999999999999999999999999999999999999999999999999999999
SELECT multipolygonfromtext(('4294967294.1'),(999999999999999999999999999999999999999999999999999999999999999999999999999999999)) AS foo;
foo
NULL
Warnings:
Error 1292 Truncated incorrect DECIMAL value: ''
SELECT convert((999999999999999999999999999999999999999999999999999999999999999999999999999999999), decimal(30,30)) AS foo;
foo
0.999999999999999999999999999999
Warnings:
Error 1264 Out of range value adjusted for column 'foo' at row 1
SELECT bit_xor(999999999999999999999999999999999999999999999999999999999999999999999999999999999) AS foo;
foo
9223372036854775807
Warnings:
Error 1292 Truncated incorrect DECIMAL value: ''
SELECT -(999999999999999999999999999999999999999999999999999999999999999999999999999999999) AS foo;
foo
-999999999999999999999999999999999999999999999999999999999999999999999999999999999
SELECT date_sub((999999999999999999999999999999999999999999999999999999999999999999999999999999999),
interval ((SELECT date_add((0x77500000),
interval ('Oml') second)))
day_minute)
AS foo;
foo
NULL
Warnings:
Error 1292 Truncated incorrect DECIMAL value: ''
Warning 1292 Truncated incorrect datetime value: '9223372036854775807'
SELECT truncate(999999999999999999999999999999999999999999999999999999999999999999999999999999999, 28) AS foo;
foo
999999999999999999999999999999999999999999999999999999999999999999999999999999999
End of 5.0 tests
This diff is collapsed.
......@@ -247,3 +247,19 @@ SET GLOBAL key_cache_block_size= @bug28478_key_cache_block_size;
DROP TABLE t1;
# End of 4.1 tests
--echo #
--echo # Bug#12361113: crash when load index into cache
--echo #
--echo # Note that this creates an empty disabled key cache!
SET GLOBAL key_cache_none.key_cache_block_size = 1024;
CREATE TABLE t1 (a INT, b INTEGER NOT NULL, KEY (b) ) ENGINE = MYISAM;
INSERT INTO t1 VALUES (1, 1);
--error ER_UNKNOWN_KEY_CACHE
CACHE INDEX t1 in key_cache_none;
--echo # The bug crashed the server at LOAD INDEX below. Now it will succeed
--echo # since the default cache is used due to CACHE INDEX failed for
--echo # key_cache_none.
LOAD INDEX INTO CACHE t1;
DROP TABLE t1;
......@@ -276,4 +276,21 @@ INSERT INTO t1 VALUES(-1.79769313486231e+308);
SELECT f1 FROM t1;
DROP TABLE t1;
--echo #
--echo # Bug#12406055 BUFFER OVERFLOW OF VARIABLE 'BUFF' IN STRING::SET_REAL
--echo #
--echo # Ignoring output from misc. float operations
--disable_result_log
let $nine_65=
99999999999999999999999999999999999999999999999999999999999999999;
select format(-1.7976931348623157E+307,256) as foo;
select least(-1.1111111111111111111111111,
- group_concat(1.7976931348623157E+308)) as foo;
eval select concat((truncate((-1.7976931348623157E+307),(0x1e))),
($nine_65)) into @a;
--enable_result_log
--echo End of 5.0 tests
......@@ -1235,4 +1235,25 @@ show create table t1;
select * from t1;
DROP TABLE t1;
--echo #
--echo # Bug#12563865
--echo # ROUNDED,TMP_BUF,DECIMAL_VALUE STACK CORRUPTION IN ALL VERSIONS >=5.0
--echo #
let $nine_81=
999999999999999999999999999999999999999999999999999999999999999999999999999999999;
eval SELECT substring(('M') FROM ($nine_81)) AS foo;
eval SELECT min($nine_81) AS foo;
eval SELECT multipolygonfromtext(('4294967294.1'),($nine_81)) AS foo;
eval SELECT convert(($nine_81), decimal(30,30)) AS foo;
eval SELECT bit_xor($nine_81) AS foo;
eval SELECT -($nine_81) AS foo;
eval SELECT date_sub(($nine_81),
interval ((SELECT date_add((0x77500000),
interval ('Oml') second)))
day_minute)
AS foo;
eval SELECT truncate($nine_81, 28) AS foo;
--echo End of 5.0 tests
This diff is collapsed.
......@@ -86,12 +86,31 @@ inline int my_decimal_int_part(uint precision, uint decimals)
class my_decimal :public decimal_t
{
/*
Several of the routines in strings/decimal.c have had buffer
overrun/underrun problems. These are *not* caught by valgrind.
To catch them, we allocate dummy fields around the buffer,
and test that their values do not change.
*/
#if !defined(DBUG_OFF)
int foo1;
#endif
decimal_digit_t buffer[DECIMAL_BUFF_LENGTH];
#if !defined(DBUG_OFF)
int foo2;
static const int test_value= 123;
#endif
public:
void init()
{
#if !defined(DBUG_OFF)
foo1= test_value;
foo2= test_value;
#endif
len= DECIMAL_BUFF_LENGTH;
buf= buffer;
#if !defined (HAVE_purify) && !defined(DBUG_OFF)
......@@ -104,6 +123,17 @@ public:
{
init();
}
~my_decimal()
{
sanity_check();
}
void sanity_check()
{
DBUG_ASSERT(foo1 == test_value);
DBUG_ASSERT(foo2 == test_value);
}
void fix_buffer_pointer() { buf= buffer; }
bool sign() const { return decimal_t::sign; }
......
......@@ -117,7 +117,7 @@ bool String::set(ulonglong num, CHARSET_INFO *cs)
bool String::set(double num,uint decimals, CHARSET_INFO *cs)
{
char buff[331];
char buff[FLOATING_POINT_BUFFER];
uint dummy_errors;
str_charset=cs;
......@@ -186,7 +186,9 @@ end:
#else
#ifdef HAVE_SNPRINTF
buff[sizeof(buff)-1]=0; // Safety
snprintf(buff,sizeof(buff)-1, "%.*f",(int) decimals,num);
int num_chars= snprintf(buff, sizeof(buff)-1, "%.*f",(int) decimals, num);
DBUG_ASSERT(num_chars > 0);
DBUG_ASSERT(num_chars < (int) sizeof(buff));
#else
sprintf(buff,"%.*f",(int) decimals,num);
#endif
......
......@@ -2680,6 +2680,11 @@ bool mysql_assign_to_keycache(THD* thd, TABLE_LIST* tables,
DBUG_RETURN(TRUE);
}
pthread_mutex_unlock(&LOCK_global_system_variables);
if (!key_cache->key_cache_inited)
{
my_error(ER_UNKNOWN_KEY_CACHE, MYF(0), key_cache_name->str);
DBUG_RETURN(TRUE);
}
check_opt.key_cache= key_cache;
DBUG_RETURN(mysql_admin_table(thd, tables, &check_opt,
"assign_to_keycache", TL_READ_NO_INSERT, 0, 0,
......
......@@ -1148,8 +1148,39 @@ bool mysql_make_view(THD *thd, File_parser *parser, TABLE_LIST *table,
if (!table->prelocking_placeholder &&
(old_lex->sql_command == SQLCOM_SELECT && old_lex->describe))
{
if (check_table_access(thd, SELECT_ACL, view_tables, 1) &&
check_table_access(thd, SHOW_VIEW_ACL, table, 1))
/*
The user we run EXPLAIN as (either the connected user who issued
the EXPLAIN statement, or the definer of a SUID stored routine
which contains the EXPLAIN) should have both SHOW_VIEW_ACL and
SELECT_ACL on the view being opened as well as on all underlying
views since EXPLAIN will disclose their structure. This user also
should have SELECT_ACL on all underlying tables of the view since
this EXPLAIN will disclose information about the number of rows in it.
To perform this privilege check we create auxiliary TABLE_LIST object
for the view in order a) to avoid trashing "table->grant" member for
original table list element, which contents can be important at later
stage for column-level privilege checking b) get TABLE_LIST object
with "security_ctx" member set to 0, i.e. forcing check_table_access()
to use active user's security context.
There is no need for creating similar copies of TABLE_LIST elements
for underlying tables since they just have been constructed and thus
have TABLE_LIST::security_ctx == 0 and fresh TABLE_LIST::grant member.
Finally at this point making sure we have SHOW_VIEW_ACL on the views
will suffice as we implicitly require SELECT_ACL anyway.
*/
TABLE_LIST view_no_suid;
bzero(static_cast<void *>(&view_no_suid), sizeof(TABLE_LIST));
view_no_suid.db= table->db;
view_no_suid.table_name= table->table_name;
DBUG_ASSERT(view_tables == NULL || view_tables->security_ctx == NULL);
if (check_table_access(thd, SELECT_ACL, view_tables, 1) ||
check_table_access(thd, SHOW_VIEW_ACL, &view_no_suid, 1))
{
my_message(ER_VIEW_NO_EXPLAIN, ER(ER_VIEW_NO_EXPLAIN), MYF(0));
goto err;
......
......@@ -175,7 +175,6 @@
*/
#define BIN_LOG_HEADER_SIZE 4
#define FLOATING_POINT_BUFFER 331
#define DEFAULT_KEY_CACHE_NAME "default"
......
......@@ -1480,9 +1480,8 @@ decimal_round(decimal_t *from, decimal_t *to, int scale,
{
int frac0=scale>0 ? ROUND_UP(scale) : scale/DIG_PER_DEC1,
frac1=ROUND_UP(from->frac), UNINIT_VAR(round_digit),
intg0=ROUND_UP(from->intg), error=E_DEC_OK, len=to->len,
intg1=ROUND_UP(from->intg +
(((intg0 + frac0)>0) && (from->buf[0] == DIG_MAX)));
intg0=ROUND_UP(from->intg), error=E_DEC_OK, len=to->len;
dec1 *buf0=from->buf, *buf1=to->buf, x, y, carry=0;
int first_dig;
......@@ -1497,6 +1496,12 @@ decimal_round(decimal_t *from, decimal_t *to, int scale,
default: DBUG_ASSERT(0);
}
/*
For my_decimal we always use len == DECIMAL_BUFF_LENGTH == 9
For internal testing here (ifdef MAIN) we always use len == 100/4
*/
DBUG_ASSERT(from->len == to->len);
if (unlikely(frac0+intg0 > len))
{
frac0=len-intg0;
......@@ -1510,17 +1515,17 @@ decimal_round(decimal_t *from, decimal_t *to, int scale,
return E_DEC_OK;
}
if (to != from || intg1>intg0)
if (to != from)
{
dec1 *p0= buf0+intg0+max(frac1, frac0);
dec1 *p1= buf1+intg1+max(frac1, frac0);
dec1 *p1= buf1+intg0+max(frac1, frac0);
DBUG_ASSERT(p0 - buf0 <= len);
DBUG_ASSERT(p1 - buf1 <= len);
while (buf0 < p0)
*(--p1) = *(--p0);
if (unlikely(intg1 > intg0))
to->buf[0]= 0;
intg0= intg1;
buf0=to->buf;
buf1=to->buf;
to->sign=from->sign;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment