diff --git a/mysql-test/r/binlog.result b/mysql-test/r/binlog.result index 80890a19b86..baab30ebbdd 100644 --- a/mysql-test/r/binlog.result +++ b/mysql-test/r/binlog.result @@ -604,6 +604,8 @@ END// CALL p1(); c1 c2 c3 d1 d2 d3 utf8_general_ci utf8_unicode_ci utf8_unicode_ci 2 2 2 +Warnings: +Warning 1105 Invoked routine ran a statement that may cause problems with binary log, see 'NAME_CONST issues' in 'Binary Logging of Stored Programs' section of the manual. SHOW BINLOG EVENTS FROM 1285; Log_name Pos Event_type Server_id End_log_pos Info master-bin.000001 1285 Query 1 1483 use `bug39182`; CREATE TEMPORARY TABLE tmp1 @@ -613,4 +615,42 @@ DROP PROCEDURE p1; DROP TABLE t1; DROP DATABASE bug39182; USE test; +CREATE PROCEDURE p1(IN v1 INT) +BEGIN +CREATE TABLE t1 SELECT v1; +DROP TABLE t1; +END// +CREATE PROCEDURE p2() +BEGIN +DECLARE v1 INT; +CREATE TABLE t1 SELECT v1+1; +DROP TABLE t1; +END// +CREATE PROCEDURE p3(IN v1 INT) +BEGIN +CREATE TABLE t1 SELECT 1 FROM DUAL WHERE v1!=0; +DROP TABLE t1; +END// +CREATE PROCEDURE p4(IN v1 INT) +BEGIN +DECLARE v2 INT; +CREATE TABLE t1 SELECT 1, v1, v2; +DROP TABLE t1; +CREATE TABLE t1 SELECT 1, v1+1, v2; +DROP TABLE t1; +END// +CALL p1(1); +CALL p2(); +Warnings: +Warning 1105 Invoked routine ran a statement that may cause problems with binary log, see 'NAME_CONST issues' in 'Binary Logging of Stored Programs' section of the manual. +CALL p3(0); +Warnings: +Warning 1105 Invoked routine ran a statement that may cause problems with binary log, see 'NAME_CONST issues' in 'Binary Logging of Stored Programs' section of the manual. +CALL p4(0); +Warnings: +Warning 1105 Invoked routine ran a statement that may cause problems with binary log, see 'NAME_CONST issues' in 'Binary Logging of Stored Programs' section of the manual. +DROP PROCEDURE p1; +DROP PROCEDURE p2; +DROP PROCEDURE p3; +DROP PROCEDURE p4; End of 5.0 tests diff --git a/mysql-test/t/binlog.test b/mysql-test/t/binlog.test index b9893e02e14..8ceb219402a 100644 --- a/mysql-test/t/binlog.test +++ b/mysql-test/t/binlog.test @@ -161,4 +161,44 @@ DROP TABLE t1; DROP DATABASE bug39182; USE test; +# +# Bug#35383: binlog playback and replication breaks due to +# name_const substitution +# +DELIMITER //; +CREATE PROCEDURE p1(IN v1 INT) +BEGIN + CREATE TABLE t1 SELECT v1; + DROP TABLE t1; +END// +CREATE PROCEDURE p2() +BEGIN + DECLARE v1 INT; + CREATE TABLE t1 SELECT v1+1; + DROP TABLE t1; +END// +CREATE PROCEDURE p3(IN v1 INT) +BEGIN + CREATE TABLE t1 SELECT 1 FROM DUAL WHERE v1!=0; + DROP TABLE t1; +END// +CREATE PROCEDURE p4(IN v1 INT) +BEGIN + DECLARE v2 INT; + CREATE TABLE t1 SELECT 1, v1, v2; + DROP TABLE t1; + CREATE TABLE t1 SELECT 1, v1+1, v2; + DROP TABLE t1; +END// +DELIMITER ;// + +CALL p1(1); +CALL p2(); +CALL p3(0); +CALL p4(0); +DROP PROCEDURE p1; +DROP PROCEDURE p2; +DROP PROCEDURE p3; +DROP PROCEDURE p4; + --echo End of 5.0 tests diff --git a/sql/sp_head.cc b/sql/sp_head.cc index b51d97e66c5..76b0f2e22d2 100644 --- a/sql/sp_head.cc +++ b/sql/sp_head.cc @@ -894,6 +894,8 @@ subst_spvars(THD *thd, sp_instr *instr, LEX_STRING *query_str) qbuf.length(0); cur= query_str->str; prev_pos= res= 0; + thd->query_name_consts= 0; + for (Item_splocal **splocal= sp_vars_uses.front(); splocal < sp_vars_uses.back(); splocal++) { @@ -927,6 +929,8 @@ subst_spvars(THD *thd, sp_instr *instr, LEX_STRING *query_str) res|= qbuf.append(')'); if (res) break; + + thd->query_name_consts++; } res|= qbuf.append(cur + prev_pos, query_str->length - prev_pos); if (res) @@ -2621,6 +2625,7 @@ sp_instr_stmt::execute(THD *thd, uint *nextp) *nextp= m_ip+1; thd->query= query; thd->query_length= query_length; + thd->query_name_consts= 0; } DBUG_RETURN(res); } diff --git a/sql/sql_class.cc b/sql/sql_class.cc index 74bc669a049..4389fd5039e 100644 --- a/sql/sql_class.cc +++ b/sql/sql_class.cc @@ -219,6 +219,7 @@ THD::THD() one_shot_set= 0; file_id = 0; query_id= 0; + query_name_consts= 0; warn_id= 0; db_charset= global_system_variables.collation_database; bzero(ha_data, sizeof(ha_data)); @@ -2144,6 +2145,13 @@ void Security_context::skip_grants() } +bool Security_context::user_matches(Security_context *them) +{ + return ((user != NULL) && (them->user != NULL) && + !strcmp(user, them->user)); +} + + /**************************************************************************** Handling of open and locked tables states. diff --git a/sql/sql_class.h b/sql/sql_class.h index 3e3dfcd08fa..d4f054a2b19 100644 --- a/sql/sql_class.h +++ b/sql/sql_class.h @@ -985,6 +985,7 @@ public: { return (*priv_host ? priv_host : (char *)"%"); } + bool user_matches(Security_context *); }; @@ -1556,6 +1557,9 @@ public: sp_cache *sp_proc_cache; sp_cache *sp_func_cache; + /** number of name_const() substitutions, see sp_head.cc:subst_spvars() */ + uint query_name_consts; + /* If we do a purge of binary logs, log index info of the threads that are currently reading it needs to be adjusted. To do that diff --git a/sql/sql_insert.cc b/sql/sql_insert.cc index b79f979df05..48438ba033c 100644 --- a/sql/sql_insert.cc +++ b/sql/sql_insert.cc @@ -1609,7 +1609,9 @@ public: uint query_length; delayed_row(enum_duplicates dup_arg, bool ignore_arg, bool log_query_arg) - :record(0), query(0), time_zone(0), dup(dup_arg), ignore(ignore_arg), log_query(log_query_arg) {} + :record(0), query(0), dup(dup_arg), ignore(ignore_arg), + log_query(log_query_arg), time_zone(0) + {} ~delayed_row() { x_free(record); diff --git a/sql/sql_parse.cc b/sql/sql_parse.cc index 2297283c92d..ba887486aa1 100644 --- a/sql/sql_parse.cc +++ b/sql/sql_parse.cc @@ -3211,6 +3211,42 @@ mysql_execute_command(THD *thd) } if (select_lex->item_list.elements) // With select { + /* + If: + a) we inside an SP and there was NAME_CONST substitution, + b) binlogging is on, + c) we log the SP as separate statements + raise a warning, as it may cause problems + (see 'NAME_CONST issues' in 'Binary Logging of Stored Programs') + */ + if (thd->query_name_consts && + mysql_bin_log.is_open() && + !mysql_bin_log.is_query_in_union(thd, thd->query_id)) + { + List_iterator_fast it(select_lex->item_list); + Item *item; + uint splocal_refs= 0; + /* Count SP local vars in the top-level SELECT list */ + while ((item= it++)) + { + if (item->is_splocal()) + splocal_refs++; + } + /* + If it differs from number of NAME_CONST substitution applied, + we may have a SOME_FUNC(NAME_CONST()) in the SELECT list, + that may cause a problem with binary log (see BUG#35383), + raise a warning. + */ + if (splocal_refs != thd->query_name_consts) + push_warning(thd, + MYSQL_ERROR::WARN_LEVEL_WARN, + ER_UNKNOWN_ERROR, +"Invoked routine ran a statement that may cause problems with " +"binary log, see 'NAME_CONST issues' in 'Binary Logging of Stored Programs' " +"section of the manual."); + } + select_result *sel_result; select_lex->options|= SELECT_NO_UNLOCK; @@ -7386,8 +7422,26 @@ void kill_one_thread(THD *thd, ulong id, bool only_kill_query) VOID(pthread_mutex_unlock(&LOCK_thread_count)); if (tmp) { + + /* + If we're SUPER, we can KILL anything, including system-threads. + No further checks. + + KILLer: thd->security_ctx->user could in theory be NULL while + we're still in "unauthenticated" state. This is a theoretical + case (the code suggests this could happen, so we play it safe). + + KILLee: tmp->security_ctx->user will be NULL for system threads. + We need to check so Jane Random User doesn't crash the server + when trying to kill a) system threads or b) unauthenticated users' + threads (Bug#43748). + + If user of both killer and killee are non-NULL, proceed with + slayage if both are string-equal. + */ + if ((thd->security_ctx->master_access & SUPER_ACL) || - !strcmp(thd->security_ctx->user, tmp->security_ctx->user)) + thd->security_ctx->user_matches(tmp->security_ctx)) { tmp->awake(only_kill_query ? THD::KILL_QUERY : THD::KILL_CONNECTION); error=0;