1. 26 Nov, 2007 3 commits
    • unknown's avatar
      Bug#31752: check strmake() bounds · 1c72446e
      unknown authored
      strmake() called with wrong parameters:
      5.0-specific fixes.
      
      
      client/mysql.cc:
        In debug-mode, strmake() fills unused part of buffer with
        a test-pattern. This overwrites our previous extra '\0'
        (from previous bzero()).
      sql/sp.cc:
        off-by-one buffer-size.
      1c72446e
    • unknown's avatar
      Merge mysql.com:/misc/mysql/31752_/41-31752_ · fe280afa
      unknown authored
      into  mysql.com:/misc/mysql/31752_/50-31752_
      
      
      sql/log.cc:
        Auto merged
      sql/repl_failsafe.cc:
        Auto merged
      sql/set_var.cc:
        Auto merged
      strings/strmake.c:
        Auto merged
      sql/sql_show.cc:
        manually merged
      sql/unireg.cc:
        manual merge
      fe280afa
    • unknown's avatar
      Bug#31752: check strmake() bounds · a905ac34
      unknown authored
      strmake() calls are easy to get wrong. Add checks in extra
      debug mode to identify possible exploits.
      
      Remove some dead code.
      
      Remove some off-by-one errors identified with new checks.
      
      
      sql/log.cc:
        fix off-by-one buffer-length argument to prevent stack smashing
      sql/repl_failsafe.cc:
        fix off-by-one buffer-length argument to prevent stack smashing
      sql/set_var.cc:
        fix off-by-one buffer-length argument to prevent stack smashing
        (already approved, backports #31588)
      sql/sql_show.cc:
        misdimensioned buffers: functions further down the callstack
        expect bufsize of FN_REFLEN
      sql/unireg.cc:
        When EXTRA_DEBUG is enabled, strmake() will write funny patterns to
        buffers it operates on to identify possibly overflows. This leads to
        badness in mysql_create_frm(), so we explicitly put any unused bytes
        (back) into a defined state. Not a bug-fix, but part of the strmake()
        bug detector.
      strings/strmake.c:
        strmake() takes maximum string length rather than buffer-length
        (string length + 1 to accomodate \0 terminator) as argument.
        Since this is easy to get wrong, add extra debug code to identify
        off-by-ones so we can prevent stack smashing.
        
        Alternative "BAD_STRING_COMPILER" removed after checking
        with Monty.
      a905ac34
  2. 22 Nov, 2007 1 commit
  3. 19 Nov, 2007 1 commit
    • unknown's avatar
      Fix for bug #32221: bug25714, mytest, mysql_client_test complaints and · c4d0901d
      unknown authored
      crashes.
      
      MySQL distributions contain a number of programs that are used only by
      the MySQL test suite internally, i.e. they are not indended to be
      invoked directly by a user. As a result, such programs are not
      documented, do not have any built-in help or proper error reporting,
      which may confuse users.
      
      This patch fixes the problem with the following changes:
      - mytest, libmysqltest and all references to them were removed from the
      distribution since they are not used anymore
      - bug25714 now displays an error message when run with incorrect
      arguments or with the --help option
      - mysql_client_test now does not call abort() in case of errors,
      instead it does a clean exit() with a proper error status.
      
      
      BitKeeper/deleted/.del-mytest.c:
        Delete: libmysql/mytest.c
      BitKeeper/deleted/.del-myTest-package.dsp:
        Delete: VC++Files/libmysqltest/myTest-package.dsp
      BitKeeper/deleted/.del-myTest-package_ia64.dsp:
        Delete: VC++Files/libmysqltest/myTest-package_ia64.dsp
      BitKeeper/deleted/.del-myTest.dsp~4a8c480769193952:
        Delete: VC++Files/libmysqltest/myTest.dsp
      BitKeeper/deleted/.del-myTest.vcproj:
        Delete: VC++Files/libmysqltest/myTest.vcproj
      BitKeeper/deleted/.del-myTest_ia64.dsp:
        Delete: VC++Files/libmysqltest/myTest_ia64.dsp
      BitKeeper/deleted/.del-mytest.c~9a99338689e5de8:
        Delete: VC++Files/libmysqltest/mytest.c
      BitKeeper/deleted/.del-mytest.dsw~2324698861155335:
        Delete: VC++Files/libmysqltest/mytest.dsw
      VC++Files/copy_mysql_files.bat:
        Removed references to libmysqltest.
      libmysql/CMakeLists.txt:
        Removed rules for myTest.
      libmysql/Makefile.am:
        Removed mytest.c from EXTRA_DIST.
      tests/bug25714.c:
        Display a meaningful error message when run incorrectly or with the --help option.
      tests/mysql_client_test.c:
        In case of error, don't cause abnormal program termination, do a clean exit() with an error status.
      c4d0901d
  4. 09 Nov, 2007 1 commit
    • unknown's avatar
      Fix for bug #32020: loading udfs while --skip-grant-tables is enabled · 737cdfea
      unknown authored
      causes out of memory errors
      
      The code in mysql_create_function() and mysql_drop_function() assumed
      that the only reason for UDFs being uninitialized at that point is an
      out-of-memory error during initialization. However, another possible 
      reason for that is the --skip-grant-tables option in which case UDF 
      initialization is skipped and UDFs are unavailable.
      
      The solution is to check whether mysqld is running with
      --skip-grant-tables and issue a proper error in such a case.
      
      
      mysql-test/r/skip_grants.result:
        Added a test case for bug #32020.
      mysql-test/t/skip_grants.test:
        Added a test case for bug #32020.
      sql/sql_udf.cc:
        Issue a proper error when a user tries to CREATE/DROP a UDF 
        on a server running with the --skip-grant-tables option.
      737cdfea
  5. 21 Oct, 2007 1 commit
    • unknown's avatar
      Bug #28550 "Potential bugs related to the return type of the CHAR function". · 04311fab
      unknown authored
        
      Since, as of MySQL 5.0.15, CHAR() arguments larger than 255 are converted into multiple result bytes, a single CHAR() argument can now take up to 4 bytes. This patch fixes Item_func_char::fix_length_and_dec() to take this into account.
        
      This patch also fixes a regression introduced by the patch for bug21513. As now we do not always have the 'name' member of Item set for Item_hex_string and Item_bin_string, an own print() method has been added to Item_hex_string so that it could correctly be printed by Item_func::print_args().
      
      
      mysql-test/r/func_str.result:
        Import patch bug288550.patch
      mysql-test/t/func_str.test:
        Import patch bug288550.patch
      sql/item.cc:
        Import patch bug288550.patch
      sql/item.h:
        Import patch bug288550.patch
      sql/item_strfunc.h:
        Import patch bug288550.patch
      04311fab
  6. 17 Oct, 2007 1 commit
  7. 16 Oct, 2007 1 commit
  8. 15 Oct, 2007 2 commits
  9. 14 Oct, 2007 1 commit
    • unknown's avatar
      item_sum.cc: · 97a98ff5
      unknown authored
        Fixed dbug macros usage errors
      
      
      sql/item_sum.cc:
        Fixed dbug macros usage errors
      97a98ff5
  10. 13 Oct, 2007 2 commits
  11. 12 Oct, 2007 3 commits
  12. 11 Oct, 2007 3 commits
    • unknown's avatar
      Merge gleb.loc:/home/uchum/work/bk/PA/5.0-opt-31471 · 1fc06a1f
      unknown authored
      into  gleb.loc:/home/uchum/work/bk/5.0-opt
      
      
      1fc06a1f
    • unknown's avatar
      Bug#30981 CHAR(0x41 USING ucs2) doesn't add leading zero · f30eacb2
      unknown authored
      Bug#30982 CHAR(..USING..) can return a not-well-formed string
      Bug#30986 Character set introducer followed by a HEX string can return bad result
      check_well_formed_result moved to Item from Item_str_func
      fixed Item_func_char::val_str for proper ucs symbols converting
      added check for well formed strings for correct conversion of constants with underscore
      charset
      
      
      mysql-test/r/ctype_ucs.result:
        test result
      mysql-test/r/ctype_utf8.result:
        test result
      mysql-test/t/ctype_ucs.test:
        test case
      mysql-test/t/ctype_utf8.test:
        test case
      sql/item.cc:
        check_well_formed_result() moved from Item_str_func
      sql/item.h:
        check_well_formed_result() moved from Item_str_func
      sql/item_strfunc.cc:
        check_well_formed_result moved to Item
        fixed Item_func_char::val_str for proper ucs symbols converting
      sql/item_strfunc.h:
        check_well_formed_result moved to Item
      sql/sql_yacc.yy:
        added check for well formed string
      f30eacb2
    • unknown's avatar
      Bug #31440: 'select 1 regex null' asserts debug server · 76af5717
      unknown authored
      The special case with NULL as a regular expression
      was handled at prepare time. But in this special case
      the item was not marked as fixed. This caused an assertion
      at execution time.
      Fixed my marking the item as fixed even when known to 
      return NULL at prepare time.
      
      
      mysql-test/r/func_regexp.result:
        Bug #31440: test case
      mysql-test/t/func_regexp.test:
        Bug #31440: test case
      sql/item_cmpfunc.cc:
        Bug #31440: mark the item as fixed even when 
        known to return NULL.
      76af5717
  13. 10 Oct, 2007 4 commits
    • unknown's avatar
      Fixed bug #31471: decimal_bin_size: Assertion `scale >= 0 && · c866f801
      unknown authored
                        precision > 0 && scale <= precision'.
      
      A sign of a resulting item of the IFNULL function was not
      updated and the maximal length of this result was calculated
      improperly. Correct algorithm was copy&pasted from the IF
      function implementation.
      
      
      sql/item_cmpfunc.cc:
        Fixed bug #31471.
        The Item_func_ifnull::fix_length_and_dec method has been
        modified to update the Item_func_ifnull::unsigned_flag field
        and to take this field into account when calculating the
        Item_func_ifnull::max_length value.
        (See Item_func_if::fix_length_and_dec for reference).
      mysql-test/t/null.test:
        Added test case for bug #31471.
      mysql-test/r/null.result:
        Added test case for bug #31471.
      mysql-test/r/create.result:
        Update test case after the bugfix of bug #31471.
      c866f801
    • unknown's avatar
      Merge mysql.com:/home/gluh/MySQL/Merge/5.0 · 6146c0c7
      unknown authored
      into  mysql.com:/home/gluh/MySQL/Merge/5.0-opt
      
      
      libmysql/libmysql.c:
        Auto merged
      6146c0c7
    • unknown's avatar
      Bug#28893 --relay-log variable is not exposed with SHOW VARIABLES · 62f72d36
      unknown authored
      added variables relay_log, relay_log_index, relay_log_info_file to init_vars[]
      to make them visible within SHOW VARIABLES
      
      
      mysql-test/r/rpl_flush_log_loop.result:
        test result
      mysql-test/t/rpl_flush_log_loop.test:
        test case
      sql/set_var.cc:
        added variables relay_log, relay_log_index, relay_log_info_file to init_vars[]
        to make them visible within SHOW VARIABLES
      62f72d36
    • unknown's avatar
      Bug#25359 Test 'view' is dependent on current year to be 2006 · 15453e3a
      unknown authored
      removed now() call to make the test to be year independent
      
      
      mysql-test/r/view.result:
        result fix
      mysql-test/t/view.test:
        removed now() call to make the test to be year independent
      15453e3a
  14. 09 Oct, 2007 5 commits
  15. 08 Oct, 2007 1 commit
    • unknown's avatar
      Bug #31156: mysqld: item_sum.cc:918: virtual bool · 6736d404
      unknown authored
        Item_sum_distinct::setup(THD*): Assertion
      
      There was an assertion to detect a bug in ROLLUP
      implementation. However the assertion is not true
      when used in a subquery context with non-cacheable
      statements.
      Fixed by turning the assertion to accepted case
      (just like it's done for the other aggregate functions). 
      
      
      mysql-test/r/func_group.result:
        Bug #31156: test case
      mysql-test/t/func_group.test:
        Bug #31156: test case
      sql/item_sum.cc:
        Bug #31156: make it OK to call setup() several times:
         done for (e.g.) scalar subquery
      6736d404
  16. 07 Oct, 2007 1 commit
    • unknown's avatar
      Fixed bug #31019: the MOD() function and the % operator crash the server · 60761a7c
      unknown authored
      when a divisor is less than 1 and its fractional part is very long.
      For example:
      1 % .123456789123456789123456789123456789123456789123456789123456789123456789123456789;
      
      Stack buffer overflow has been fixed in the do_div_mod function.
      
      
      strings/decimal.c:
        Fixed bug #31019.
        Stack buffer overflow has been fixed in the do_div_mod function:
        a value of the upper bound of the buffer was increased where
        a decrement is required.
      mysql-test/t/type_decimal.test:
        Added test case for bug #31019.
      mysql-test/r/type_decimal.result:
        Added test case for bug #31019.
      60761a7c
  17. 05 Oct, 2007 9 commits
    • unknown's avatar
      Merge abotchkov@bk-internal.mysql.com:/home/bk/mysql-5.0-opt · d9be8ed9
      unknown authored
      into  mysql.com:/home/hf/work/30286/my50-30286
      
      
      d9be8ed9
    • unknown's avatar
      Merge mhansson@bk-internal:/home/bk/mysql-5.0-opt · a2d88511
      unknown authored
      into  dl145s.mysql.com:/data0/mhansson/bug30942/my50-bug30942
      
      
      a2d88511
    • unknown's avatar
      Merge mysql.com:/home/hf/work/30286/my41-30286 · 071e55af
      unknown authored
      into  mysql.com:/home/hf/work/30286/my50-30286
      
      
      mysql-test/t/gis.test:
        Auto merged
      sql/gstream.cc:
        Auto merged
      mysql-test/r/gis.result:
        SCCS merged
      071e55af
    • unknown's avatar
      Merge mysql.com:/home/hf/work/30955/my41-30955 · 77d786b5
      unknown authored
      into  mysql.com:/home/hf/work/30286/my41-30286
      
      
      77d786b5
    • unknown's avatar
      Merge mysql.com:/home/hf/work/30286/my41-30286 · c7aff982
      unknown authored
      into  mysql.com:/home/hf/work/30286/my50-30286
      
      
      c7aff982
    • unknown's avatar
      Merge bk@192.168.21.1:mysql-4.1-opt · c14e8c80
      unknown authored
      into  mysql.com:/home/hf/work/30286/my41-30286
      
      
      c14e8c80
    • unknown's avatar
      Merge bk@192.168.21.1:mysql-5.0-opt · 794ed298
      unknown authored
      into  mysql.com:/home/hf/work/30286/my50-30286
      
      
      794ed298
    • unknown's avatar
      Merge mysql.com:/home/hf/work/30286/my41-30286 · 8e374815
      unknown authored
      into  mysql.com:/home/hf/work/30286/my50-30286
      
      
      myisam/rt_index.c:
        Auto merged
      myisam/rt_mbr.c:
        Auto merged
      mysql-test/t/gis-rtree.test:
        Auto merged
      mysql-test/r/gis-rtree.result:
        merging
      8e374815
    • unknown's avatar
      Bug #30286 spatial index cause corruption and server crash! · 6d54b577
      unknown authored
      As the result of DOUBLE claculations can be bigger
      than DBL_MAX constant we use in code, we shouldn't use this constatn
      as a biggest possible value.
      Particularly the rtree_pick_key function set 'min_area= DBL_MAX' relying
      that any rtree_area_increase result will be less so we return valid
      key. Though in rtree_area_increase function we calculate the area
      of the rectangle, so the result can be 'inf' if the rectangle is
      huge enough, which is bigger than DBL_MAX.
      
      Code of the rtree_pick_key modified so we always return a valid key.
      
      
      myisam/rt_index.c:
        Bug #30286 spatial index cause corruption and server crash!
        
        always set the best_key with the first key we get, so we always return
        somthing valid.
      myisam/rt_mbr.c:
        Bug #30286 spatial index cause corruption and server crash!
        
        function comment extended
      mysql-test/r/gis-rtree.result:
        Bug #30286 spatial index cause corruption and server crash!
        test result
      mysql-test/t/gis-rtree.test:
        Bug #30286 spatial index cause corruption and server crash!
        test case
      6d54b577