5.0 buffer overflow for ER_UPDATE_INFO, or truncated info message in 5.1
      
5.0.86 has a buffer overflow/crash, and 5.1.40 has a truncated message.
      
errmsg.txt contains this:
      
ER_UPDATE_INFO
rum "Linii identificate (matched): %ld  Schimbate: %ld  Atentionari 
(warnings): %ld"
When that is sprintf'd into a buffer of STRING_BUFFER_USUAL_SIZE size,
a buffer overflow can happen.
      
The solution to this is to use MYSQL_ERRMSG_SIZE for the buffer size, 
instead of STRING_BUFFER_USUAL_SIZE. This will allow longer strings. 
To avoid potential crashes, we will also use my_snprintf instead of
sprintf.

            timestamp primary key 
 
Since TIMESTAMP values are adjusted by the current time zone  
settings in both numeric and string contexts, using any 
expressions involving TIMESTAMP values as a  
(sub)partitioning function leads to undeterministic behavior of  
partitioned tables. The effect may vary depending on a storage  
engine, it can be either incorrect data being retrieved or  
stored, or an assertion failure. The root cause of this is the  
fact that the calculated partition ID may differ from a  
previously calculated ID for the same data due to timezone  
adjustments of the partitioning expression value. 
 
Fixed by disabling any expressions involving TIMESTAMP values  
to be used in partitioning functions with the follwing two 
exceptions: 
 
1. Creating or altering into a partitioned table that violates 
the above rule is not allowed, but opening existing such tables 
results in a warning rather than an error so that such tables 
could be fixed. 
 
2. UNIX_TIMESTAMP() is the only way to get a 
timezone-independent value from a TIMESTAMP column, because it 
returns the internal representation (a time_t value) of a 
TIMESTAMP argument verbatim. So UNIX_TIMESTAMP(timestamp_column)
is allowed and should be used to fix existing tables if one 
wants to use TIMESTAMP columns with partitioning.

      
As documented in the bug report, the double checked locking
pattern has inherent issues, and cannot guarantee correct
initialization.

This patch replaces the logic in init_available_charsets()
with the use of pthread_once(3). A wrapper function,
my_pthread_once(), is introduced and is used in lieu of direct
calls to init_available_charsets(). Related defines
MY_PTHREAD_ONCE_* are also introduced.

For the Windows platform, the implementation in lp:sysbench is
ported. For single-thread use, a simple define calls the
function and sets the pthread_once control variable.

Charset initialization is modified to use my_pthread_once().

compatibility, not to change the -D_WIN32_WINNT=0x0501 in 5.1, XP
compatibility.

Windows 2000.
      
      Visual Studio 2003 and 2005 require
        _WIN32_WINNT >= 0x0500 (Win2000)  for TryEnterCriticalSection.

The fix inserts newline and comma characters as appropriate
into the constraint reporting code to match the formatting
required by SHOW CREATE TABLE. Additionally, a erroneously
duplicated copy of check_if_incompatible_data() was removed
from db2i_constraints.cc since the correct version is already
in ha_ibmdb2i.cc.

This fix changes the character set used within the
IBMDB2I handler to hash table names to information
about open tables. Previously, tables with names
that differed only in letter case would hash to the
same data structure. This caused incorrect behavior
or errors when two such tables were in use simultaneously.

      
The help text for --init-slave=name:
"Command(s) that are executed when a slave connects to this master".
This text indicate that the --init-slave option is set on a  master 
server, and the master server passes the option's argument to slave 
which connects to it. This is wrong. Actually the --init-slave option 
just can be set on a slave server, and then the slave server executes 
the argument each time the SQL thread starts.

Correct the help text for --init-slave option as following:
"Command(s) that are executed by a slave server each time the SQL thread starts."

The help text for --init-slave=name:
"Command(s) that are executed when a slave connects to this master".
This text indicate that the --init-slave option is set on a  master 
server, and the master server passes the option's argument to slave 
which connects to it. This is wrong. Actually the --init-slave option 
just can be set on a slave server, and then the slave server executes 
the argument each time the SQL thread starts.

Correct the help text for --init-slave option as following:
"Command(s) that are executed by a slave server each time the SQL thread starts."

SPATIAL and FULLTEXT indexes don't support algorithm
selection. 
Disabled by creating a special grammar rule for these
in the parser.
Added some encasulation of duplicate parser code.

A few problems were found in the fix for bug 43668:
1) Comparison of the YEAR column with NULL always returned TRUE;
2) Comparison of the YEAR column with constants always returned
   unpredictable result;
3) Unnecessary conversion warnings when comparing a non-integer
   constant with a NULL value in the YEAR column;

The problems described above have been resolved with an
exception: zero (i.e. invalid) YEAR column value comparison
with 00 or 2000 still fail (it is not a regression and it was
not a regression), so MIN/MAX on YEAR column containing zero
value still fail.

Arg_comparator uses Item_cache objects to store constants being compared when
they're need a type conversion. Because this cache wasn't initialized properly
Arg_comparator might produce wrong comparison result.

The Arg_comparator::cache_converted_constant function now initializes cache
prior to usage.

      
This fix has been proposed by Sergey Petrunya and has been contributed
under SCA by sca@askmonty.org.
      
The cause for this valgrind error is that in the function
add_cond_and_fix() in sql_select.cc an Item_cond_and object is
created. This is marked as fixed but does not have a correct
table_map() attribute. Later, in make_join_select(), if
engine_condition_pushdown is in use, this table map is used and
results in the valgrind error.
      
The fix is to add a call to update_used_tables() in add_cond_and_fix()
so that the table map is updated correctly.
      
This patch is tested by multiple existing tests (e.g. the tests
innodb_mysql, innodb, fulltext, compress all produces this valgrind
warning/error without this fix).

There are three issues that caused rpl_killed_ddl fails sporadically
in pb2:

 1) thd->clear_error() was not called before create Query event
if operation is executed successfully.
 2) DATABASE d2 might do exist because the statement to CREATE or
ALTER it was killed
 3) because of bug 43353, kill the query that do DROP FUNCTION or
    DROP PROCEDURE can result in SP not found

This patch fixed all above issues by:
 1) Called thd->clear_error() if the operation succeeded.
 2) Add IF EXISTS to the DROP DATABASE d2 statement
 3) Temporarily disabled testing DROP FUNCTION/PROCEDURE IF EXISTS.

Disabled execution in valgrind to avoid false positive memory
leaks due to fault-injection tests (i.e. call to abort()).

Part 2 : 
There was a special optimization on the ref access method for 
ORDER BY ... DESC that was set without actually looking on the type of the 
selected index for ORDER BY.
Fixed the SELECT ... ORDER BY .. DESC (it uses a different code path compared
to the ASC that has been fixed with the previous fix).

Removed rpl_cross_version from experimental list.

{PROCEDURE|FUNCTION} FROM ...'

The master would hit an assertion when binary log was
active. This was due to the fact that the thread's diagnostics
area was being cleared before writing to the binlog,
independently of mysql_routine_grant returning an error or
not. When mysql_routine_grant was to return an error, the return
value and the diagnostics area contents would
mismatch. Consequently, neither my_ok would be called nor an
error would be signaled in the diagnostics area, eventually
triggering the assertion in net_end_statement.

We fix this by not clearing the diagnostics area at binlogging
time.