1. 06 Jul, 2009 4 commits
  2. 03 Jul, 2009 3 commits
  3. 02 Jul, 2009 1 commit
  4. 01 Jul, 2009 1 commit
    • Staale Smedseng's avatar
      Bug #45790 Potential DoS vector: Writing of user input to log · 490f4432
      Staale Smedseng authored
      without proper formatting
            
      The problem is that a suitably crafted database identifier
      supplied to COM_CREATE_DB or COM_DROP_DB can cause a SIGSEGV,
      and thereby a denial of service. The database name is printed
      to the log without using a format string, so potential
      attackers can control the behavior of my_b_vprintf() by
      supplying their own format string. A CREATE or DROP privilege
      would be required.
            
      This patch supplies a format string to the printing of the
      database name. A test case is added to mysql_client_test.
      490f4432
  5. 29 Jun, 2009 2 commits
  6. 26 Jun, 2009 1 commit
  7. 25 Jun, 2009 2 commits
    • Satya B's avatar
      Applying InnoDB snashot 5.0-ss5406, part 2. Fixes BUG#40565 · c4170358
      Satya B authored
      BUG#40565 - Update Query Results in "1 Row Affected" But Should Be "Zero Rows"
      
      Detailed revision comments:
      
      r5232 | marko | 2009-06-03 14:31:04 +0300 (Wed, 03 Jun 2009) | 21 lines
      branches/5.0: Merge r3590 from branches/5.1 in order to fix Bug #40565
      (Update Query Results in "1 Row Affected" But Should Be "Zero Rows").
      
      Also, add a test case for Bug #40565.
      
      rb://128 approved by Heikki Tuuri
        ------------------------------------------------------------------------
        r3590 | marko | 2008-12-18 15:33:36 +0200 (Thu, 18 Dec 2008) | 11 lines
      
        branches/5.1: When converting a record to MySQL format, copy the default
        column values for columns that are SQL NULL.  This addresses failures in
        row-based replication (Bug #39648).
      
        row_prebuilt_t: Add default_rec, for the default values of the columns in
        MySQL format.
      
        row_sel_store_mysql_rec(): Use prebuilt->default_rec instead of
        padding columns.
      
        rb://64 approved by Heikki Tuuri
        ------------------------------------------------------------------------
      c4170358
    • Satya B's avatar
      Applying InnoDB snashot 5.0-ss5406, part 1. Fixes BUG#38479 · 663e41ae
      Satya B authored
      BUG#38479 - valgrind warnings in show table status for innodb tables
      
      Detailed revision comments:
      
      r5080 | vasil | 2009-05-22 14:45:34 +0300 (Fri, 22 May 2009) | 6 lines
      branches/5.0:
      
      Fix Bug#38479 valgrind warnings in show table status for innodb tables
      
      by initializing prebuilt->hint_need_to_fetch_extra_cols.
      663e41ae
  8. 22 Jun, 2009 1 commit
  9. 19 Jun, 2009 6 commits
    • Matthias Leich's avatar
      584c1fb3
    • Matthias Leich's avatar
    • Matthias Leich's avatar
      Fix for Bug#40545, Bug#40209, Bug#40618, Bug#38346 · eb910845
      Matthias Leich authored
        Details:
        - Limit the queries to character sets and collations
          which are most probably available in all build types.
          But try to preserve the intention of the tests.
        - Remove the variants adjusted to some build types.
      
        Note:
        1. The results of the review by Bar are included.
        2. I am not able to check the correctness of this patch
           on any existing build type and any MySQL version.
           So it could happen that the new test fails somewhere.
      eb910845
    • Georgi Kodinov's avatar
      Bug #36654: mysqld_multi cannot start instances with different versions · c5d904eb
      Georgi Kodinov authored
      occasionally.
      
      mysql_multi can call mysqld_safe. In doing this it's not changing the 
      current working directory. This may cause confusion in the case where 
      mysqld_multi is handling instances of servers of different versions 
      and the current working directory is the installation directory of one 
      of these servers.
      
      Fixed by enhancing the meaning of basedir in [mysqldN] sections of 
      mysqld_multi. If specified, mysqld_multi will change the current 
      working directory to the basedir directory before starting the server 
      in mysqld_multi ... start ... and then change it back to what it was.
      c5d904eb
    • V Narayanan's avatar
      Bug#43572 Handle failures from hash_init · 728d3c39
      V Narayanan authored
            
      Failure to allocate memory for the hash->array element,
      caused hash_init to return without initializing the other
      members of the hash. Thus although the dynamic array
      buffer may be allocated at a later point in the code, the
      incompletely initialized hash caused fatal failures.
      
      This patch moves the initialization of the other members
      of the hash above the array allocation, so that the usage
      of this hash will not result in fatal failures.
      728d3c39
    • Staale Smedseng's avatar
      Bug #32223 SETting max_allowed_packet variable · 2b48caa4
      Staale Smedseng authored
            
      Inconsistent behavior of session variable max_allowed_packet 
      (and net_buffer_length); only assignment to the global variable 
      has any effect, without this being obvious to the user.
            
      The patch for Bug#22891 is backported to 5.0, making the two
      session variables read-only. As this is a backport to GA 
      software, the error used when trying to assign to the read-
      only variable is ER_UNKNOWN_ERROR. The error message is the 
      same as in 5.1+.
      2b48caa4
  10. 18 Jun, 2009 2 commits
    • Alfranio Correia's avatar
    • Alexey Kopytov's avatar
      Bug #41710: MySQL 5.1.30 crashes on the latest OpenSolaris 10 · 7a512334
      Alexey Kopytov authored
       
      Change the default optimization level for Sun Studio to "-O1". 
      This is a workaround for a Sun Studio bug (see bug #41710 
      comments for details): 
       
      1. Use $GCC instead of $ac_cv_prog_gcc to check for gcc, since 
      the first one is the only documented way to do it. 
       
      2. Use $GXX instead of $ac_cv_prog_cxx_g to check for g++, 
      since the latter is set to "yes" when the C++ compiler accepts 
      "-g" which is the case for both g++ and CC. 
       
      3. When building with Sun Studio, set the default values for 
      CFLAGS/CXXFLAGS to "-O1", since unlike GCC, Sun Studio 
      interprets "-O" as "-xO3" (see the manual pages for cc and CC). 
      7a512334
  11. 17 Jun, 2009 4 commits
  12. 16 Jun, 2009 1 commit
  13. 15 Jun, 2009 4 commits
    • Georgi Kodinov's avatar
      automerge · 9a49934a
      Georgi Kodinov authored
      9a49934a
    • Georgi Kodinov's avatar
      merged 5.0-main to 5.0-bugteam · e008ba64
      Georgi Kodinov authored
      e008ba64
    • Bernt M. Johnsen's avatar
      f014fa02
    • Georgi Kodinov's avatar
      Bug #44810: index merge and order by with low sort_buffer_size · b1560b9f
      Georgi Kodinov authored
      crashes server!
      
      The problem affects the scenario when index merge is followed by a filesort
      and the sort buffer is not big enough for all the sort keys.
      In this case the filesort function will read the data to the end through the 
      index merge quick access method (and thus closing the cursor etc), 
      but will leave the pointer to the quick select method in place.
      It will then create a temporary file to hold the results of the filesort and
      will add it as a sort output file (in sort.io_cache).
      Note that filesort will copy the original 'sort' structure in an automatic
      variable and restore it after it's done.
      As a result at exiting filesort() we have a sort.io_cache filled in and 
      nothing else (as a result of close of the cursors at end of reading data 
      through index merge).
      Now create_sort_index() will note that there is a select and will clean it up
      (as it's been used already by filesort() reading the data in). While doing that
      a special case in the index merge destructor will clean up the sort.io_cache,
      assuming it's an output of the index merge method and is not needed anymore.
      As a result the code that tries to read the data back from the filesort output 
      will get no data in both memory and disk and will crash.
            
      Fixed similarly to how filesort() does it : by copying the sort.io_cache structure
      to a local variable, removing the pointer to the io_cache (so that it's not freed 
      by QUICK_INDEX_MERGE_SELECT::~QUICK_INDEX_MERGE_SELECT) and restoring the original 
      structure (together with the valid pointer) after the cleanup is done.
      This is a safe thing to do because all the structures are already cleaned up by
      hitting the end of the index merge's read method (QUICK_INDEX_MERGE_SELECT::get_next()) 
      and the cleanup code being written in a way that tolerates repeating cleanups.
      b1560b9f
  14. 12 Jun, 2009 2 commits
    • Georgi Kodinov's avatar
      fixed the build-tags command · 67384e7f
      Georgi Kodinov authored
      67384e7f
    • Georgi Kodinov's avatar
      Bug #45386: Wrong query result with MIN function in field list, · 1f2b5b30
      Georgi Kodinov authored
      WHERE and GROUP BY clause
      
      Loose index scan may use range conditions on the argument of 
      the MIN/MAX aggregate functions to find the beginning/end of 
      the interval that satisfies the range conditions in a single go.
      These range conditions may have open or closed minimum/maximum 
      values. When the comparison returns 0 (equal) the code should 
      check the type of the min/max values of the current interval 
      and accept or reject the row based on whether the limit is 
      open or not.
      There was a wrong composite condition on checking this and it was
      not working in all cases.
      Fixed by simplifying the conditions and reversing the logic.
      1f2b5b30
  15. 11 Jun, 2009 3 commits
  16. 10 Jun, 2009 2 commits
    • Davi Arnaut's avatar
      Bug#41190: shared memory connections do not work in Vista, if server started from cmdline · 42579061
      Davi Arnaut authored
      Backport to MySQL 5.0/1 fix by Vladislav Vaintroub:
      
      In Vista and later and also in when using terminal services, when
      server is started from  command line, client cannot connect to it
      via shared memory protocol.
      
      This is a regression introduced when  Bug#24731 was fixed.  The
      reason is that client is trying to attach to shared memory using
      global kernel object  namespace (all kernel objects are prefixed
      with Global\). However, server started from the command line in
      Vista and later will create shared memory and events using current
      session namespace. Thus, client is unable to find the server and
      connection fails.
      
      The fix for the client is to first try to find server using "local"
      names  (omitting Global\  prefix) and only if server is not found,
      trying global namespace.
      42579061
    • Alexey Kopytov's avatar
      Bug #45236: large blob inserts from mysqldump fail, possible · 08410f34
      Alexey Kopytov authored
                  memory issue ? 
       
      The mysql command line client could misinterpret some character 
      sequences as commands under some circumstances. 
       
      The upper limit for internal readline buffer was raised to 1 GB 
      (the same as for server's max_allowed_packet) so that any input 
      line is processed by add_line() as a whole rather than in 
      chunks.
      08410f34
  17. 09 Jun, 2009 1 commit
    • Staale Smedseng's avatar
      Bug #43414 Parenthesis (and other) warnings compiling MySQL · dae006c1
      Staale Smedseng authored
      with gcc 4.3.2
            
      Compiling MySQL with gcc 4.3.2 and later produces a number of 
      warnings, many of which are new with the recent compiler
      versions.
            
      This bug will be resolved in more than one patch to limit the
      size of changesets. This is the first patch, fixing a number 
      of the warnings, predominantly "suggest using parentheses 
      around && in ||", and empty for and while bodies.
      dae006c1