From e6f397a1635e7211fea58abe935733c8f8d7cef7 Mon Sep 17 00:00:00 2001
From: Joerg Bruehe <joerg@mysql.com>
Date: Fri, 7 Nov 2008 18:38:40 +0100
Subject: [PATCH 01/19] "spec" file for RPM builds: Fix yesterday's patch so
 that it also works for the last flag. Still part of the fix for bug#40546.

support-files/mysql.spec.sh:
  The original "sed" command relied on a blank following the flag
  which should be removed for debug builds.
  This meant the last flag would not be matched.
  Change it so that the whole string is enclosed in blanks,
  demand leading and trailing blank for each flag,
  and finally strip the leading + trailing blank.
---
 support-files/mysql.spec.sh | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/support-files/mysql.spec.sh b/support-files/mysql.spec.sh
index dc80d379b83..7bb35e6072e 100644
--- a/support-files/mysql.spec.sh
+++ b/support-files/mysql.spec.sh
@@ -320,8 +320,12 @@ do
   # We are in a subshell, so we can modify variables just for one run.
   if test "$servertype" != ' '
   then
-	CFLAGS=`echo $CFLAGS | sed -e 's/-O[0-9]* //' -e 's/-unroll2 //' -e 's/-ip //'`
-	CXXFLAGS=`echo $CXXFLAGS | sed -e 's/-O[0-9]* //' -e 's/-unroll2 //' -e 's/-ip //'`
+	CFLAGS=`echo   " $CFLAGS "   | \
+	    sed -e 's/ -O[0-9]* / /' -e 's/ -unroll2 / /' -e 's/ -ip / /' \
+	        -e 's/^ //' -e 's/ $//'`
+	CXXFLAGS=`echo " $CXXFLAGS " | \
+	    sed -e 's/ -O[0-9]* / /' -e 's/ -unroll2 / /' -e 's/ -ip / /' \
+	        -e 's/^ //' -e 's/ $//'`
   fi
 
   BuildMySQL "\
@@ -807,6 +811,10 @@ fi
 # itself - note that they must be ordered by date (important when
 # merging BK trees)
 %changelog
+* Fri Nov 07 2008 Joerg Bruehe <joerg@mysql.com>
+
+- Correct yesterday's fix, so that it also works for the last flag.
+
 * Thu Nov 06 2008 Joerg Bruehe <joerg@mysql.com>
 
 - Modify CFLAGS and CXXFLAGS such that a debug build is not optimized.

From e17915d393ae4e75f7fd7d036d864f26910e169c Mon Sep 17 00:00:00 2001
From: unknown <Patrick.Crews@Sun.COM>
Date: Mon, 9 Mar 2009 22:14:52 +0100
Subject: [PATCH 02/19] Test cases adjusted, precision changes "error Corrupt"
 changed to "status  Operation failed"

---
 mysql-test/suite/funcs_1/r/innodb_func_view.result | 4 ++--
 mysql-test/suite/funcs_1/r/innodb_views.result     | 6 +++---
 mysql-test/suite/funcs_1/r/myisam_views.result     | 2 +-
 3 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/mysql-test/suite/funcs_1/r/innodb_func_view.result b/mysql-test/suite/funcs_1/r/innodb_func_view.result
index c2689a36801..0bd83c81bcf 100644
--- a/mysql-test/suite/funcs_1/r/innodb_func_view.result
+++ b/mysql-test/suite/funcs_1/r/innodb_func_view.result
@@ -5245,7 +5245,7 @@ WHERE select_id = 1 OR select_id IS NULL order by id;
 sqrt(my_bigint)	my_bigint	id
 NULL	NULL	1
 NULL	-9223372036854775808	2
-3037000499.976	9223372036854775807	3
+3037000499.97605	9223372036854775807	3
 0	0	4
 NULL	-1	5
 2	4	6
@@ -5259,7 +5259,7 @@ WHERE select_id = 1 OR select_id IS NULL) order by id;
 sqrt(my_bigint)	my_bigint	id
 NULL	NULL	1
 NULL	-9223372036854775808	2
-3037000499.976	9223372036854775807	3
+3037000499.97605	9223372036854775807	3
 0	0	4
 NULL	-1	5
 2	4	6
diff --git a/mysql-test/suite/funcs_1/r/innodb_views.result b/mysql-test/suite/funcs_1/r/innodb_views.result
index 3d5c5a1e698..30c7261d09e 100644
--- a/mysql-test/suite/funcs_1/r/innodb_views.result
+++ b/mysql-test/suite/funcs_1/r/innodb_views.result
@@ -22824,7 +22824,7 @@ f1	f2
 ABC	3
 SELECT * FROM v1 order by 2;
 f1	my_sqrt
-ABC	1.7320508075689
+ABC	1.73205080756888
 ALTER TABLE t1 CHANGE COLUMN f2 f2 VARCHAR(30);
 INSERT INTO t1   SET f1 = 'ABC', f2 = 'DEF';
 DESCRIBE t1;
@@ -22842,7 +22842,7 @@ ABC	DEF
 SELECT * FROM v1 order by 2;
 f1	my_sqrt
 ABC	0
-ABC	1.7320508075689
+ABC	1.73205080756888
 SELECT SQRT('DEF');
 SQRT('DEF')
 0
@@ -22862,7 +22862,7 @@ my_sqrt	double	YES		NULL
 SELECT * FROM v2 order by 2;
 f1	my_sqrt
 ABC	0
-ABC	1.7320508075689
+ABC	1.73205080756888
 CREATE TABLE t2 AS SELECT f1, SQRT(f2) my_sqrt FROM t1;
 SELECT * FROM t2 order by 2;
 f1	ABC
diff --git a/mysql-test/suite/funcs_1/r/myisam_views.result b/mysql-test/suite/funcs_1/r/myisam_views.result
index e4d6dd4cf8e..c0b12796355 100644
--- a/mysql-test/suite/funcs_1/r/myisam_views.result
+++ b/mysql-test/suite/funcs_1/r/myisam_views.result
@@ -23043,7 +23043,7 @@ ERROR 42S02: Table 'test.v1' doesn't exist
 CHECK TABLE v1;
 Table	Op	Msg_type	Msg_text
 test.v1	check	Error	Table 'test.v1' doesn't exist
-test.v1	check	error	Corrupt
+test.v1	check	status	Operation failed
 DESCRIBE v1;
 ERROR 42S02: Table 'test.v1' doesn't exist
 EXPLAIN SELECT * FROM v1;

From 44d582e6c982eeac73de270738c7eacef2b2104a Mon Sep 17 00:00:00 2001
From: unknown <kent.boortz@sun.com>
Date: Mon, 9 Mar 2009 22:16:24 +0100
Subject: [PATCH 03/19] Back patched libedit portability changes from 5.1.32

---
 cmd-line-utils/libedit/makelist.sh         | 4 ++--
 cmd-line-utils/libedit/readline.c          | 5 +----
 cmd-line-utils/libedit/readline/readline.h | 2 +-
 cmd-line-utils/libedit/vi.c                | 4 ++--
 4 files changed, 6 insertions(+), 9 deletions(-)

diff --git a/cmd-line-utils/libedit/makelist.sh b/cmd-line-utils/libedit/makelist.sh
index fdd3f934e15..5d25b4776c9 100644
--- a/cmd-line-utils/libedit/makelist.sh
+++ b/cmd-line-utils/libedit/makelist.sh
@@ -84,7 +84,7 @@ case $FLAG in
     cat $FILES | $AWK '
 	BEGIN {
 	    printf("/* Automatically generated file, do not edit */\n");
-	    printf("#include \"sys.h\"\n#include \"el.h\"\n");
+	    printf("#include \"config.h\"\n#include \"el.h\"\n");
 	    printf("private const struct el_bindings_t el_func_help[] = {\n");
 	    low = "abcdefghijklmnopqrstuvwxyz_";
 	    high = "ABCDEFGHIJKLMNOPQRSTUVWXYZ_";
@@ -169,7 +169,7 @@ case $FLAG in
     cat $FILES | $AWK '/el_action_t/ { print $3 }' | sort | $AWK '
 	BEGIN {
 	    printf("/* Automatically generated file, do not edit */\n");
-	    printf("#include \"sys.h\"\n#include \"el.h\"\n");
+	    printf("#include \"config.h\"\n#include \"el.h\"\n");
 	    printf("private const el_func_t el_func[] = {");
 	    maxlen = 80;
 	    needn = 1;
diff --git a/cmd-line-utils/libedit/readline.c b/cmd-line-utils/libedit/readline.c
index ca8796fbd37..1f1b18c97d8 100644
--- a/cmd-line-utils/libedit/readline.c
+++ b/cmd-line-utils/libedit/readline.c
@@ -51,13 +51,10 @@
 #else
 #include "np/vis.h"
 #endif
-#ifdef HAVE_ALLOCA_H
-#include <alloca.h>
-#endif
+#include "readline/readline.h"
 #include "el.h"
 #include "fcns.h"		/* for EL_NUM_FCNS */
 #include "histedit.h"
-#include "readline/readline.h"
 #include "filecomplete.h"
 
 void rl_prep_terminal(int);
diff --git a/cmd-line-utils/libedit/readline/readline.h b/cmd-line-utils/libedit/readline/readline.h
index c4806734bc5..c77b080c439 100644
--- a/cmd-line-utils/libedit/readline/readline.h
+++ b/cmd-line-utils/libedit/readline/readline.h
@@ -66,7 +66,7 @@ typedef KEYMAP_ENTRY *Keymap;
 
 #ifndef CTRL
 #include <sys/ioctl.h>
-#if !defined(__sun__) && !defined(__hpux__)
+#if !defined(__sun) && !defined(__hpux) && !defined(_AIX)
 #include <sys/ttydefaults.h>
 #endif
 #ifndef CTRL
diff --git a/cmd-line-utils/libedit/vi.c b/cmd-line-utils/libedit/vi.c
index 602383f3231..00a9f493a9b 100644
--- a/cmd-line-utils/libedit/vi.c
+++ b/cmd-line-utils/libedit/vi.c
@@ -914,14 +914,14 @@ vi_comment_out(EditLine *el, int c)
  * NB: posix implies that we should enter insert mode, however
  * this is against historical precedent...
  */
-#ifdef __weak_reference
+#if defined(__weak_reference) && !defined(__FreeBSD__)
 extern char *get_alias_text(const char *) __weak_reference(get_alias_text);
 #endif
 protected el_action_t
 /*ARGSUSED*/
 vi_alias(EditLine *el, int c)
 {
-#ifdef __weak_reference
+#if defined(__weak_reference) && !defined(__FreeBSD__)
 	char alias_name[3];
 	char *alias_text;
 

From 150b0850b3e36f4bfb251added83d3b6c4ca5025 Mon Sep 17 00:00:00 2001
From: unknown <kent.boortz@sun.com>
Date: Thu, 19 Mar 2009 16:40:54 +0100
Subject: [PATCH 04/19] cmd-line-utils/libedit/readline/readline.h  - Header
 <sys/ttydefaults.h> missing or not usable on QNX and OpenServer 6

include/my_global.h
 - Moved down definition of function rint(), as for some platforms (in
   this case Netware) 'longlong' is not defined until later in
   "my_global.h"
---
 cmd-line-utils/libedit/readline/readline.h |  2 +-
 include/my_global.h                        | 69 +++++++++++-----------
 2 files changed, 36 insertions(+), 35 deletions(-)

diff --git a/cmd-line-utils/libedit/readline/readline.h b/cmd-line-utils/libedit/readline/readline.h
index c77b080c439..0e300faed89 100644
--- a/cmd-line-utils/libedit/readline/readline.h
+++ b/cmd-line-utils/libedit/readline/readline.h
@@ -66,7 +66,7 @@ typedef KEYMAP_ENTRY *Keymap;
 
 #ifndef CTRL
 #include <sys/ioctl.h>
-#if !defined(__sun) && !defined(__hpux) && !defined(_AIX)
+#if !defined(__sun) && !defined(__hpux) && !defined(_AIX) && !defined(__QNXNTO__) && !defined(__USLC__)
 #include <sys/ttydefaults.h>
 #endif
 #ifndef CTRL
diff --git a/include/my_global.h b/include/my_global.h
index f5a3016bb1e..06d5b0f94b4 100644
--- a/include/my_global.h
+++ b/include/my_global.h
@@ -486,40 +486,6 @@ typedef unsigned short ushort;
 #define test_all_bits(a,b) (((a) & (b)) == (b))
 #define set_bits(type, bit_count) (sizeof(type)*8 <= (bit_count) ? ~(type) 0 : ((((type) 1) << (bit_count)) - (type) 1))
 #define array_elements(A) ((uint) (sizeof(A)/sizeof(A[0])))
-#ifndef HAVE_RINT
-/**
-   All integers up to this number can be represented exactly as double precision
-   values (DBL_MANT_DIG == 53 for IEEE 754 hardware).
-*/
-#define MAX_EXACT_INTEGER ((1LL << DBL_MANT_DIG) - 1)
-
-/**
-   rint(3) implementation for platforms that do not have it.
-   Always rounds to the nearest integer with ties being rounded to the nearest
-   even integer to mimic glibc's rint() behavior in the "round-to-nearest"
-   FPU mode. Hardware-specific optimizations are possible (frndint on x86).
-   Unlike this implementation, hardware will also honor the FPU rounding mode.
-*/
-
-static inline double rint(double x)
-{
-  double f, i;
-  f = modf(x, &i);
-  /*
-    All doubles with absolute values > MAX_EXACT_INTEGER are even anyway,
-    no need to check it.
-  */
-  if (x > 0.0)
-    i += (double) ((f > 0.5) || (f == 0.5 &&
-                                 i <= (double) MAX_EXACT_INTEGER &&
-                                 (longlong) i % 2));
-  else
-    i -= (double) ((f < -0.5) || (f == -0.5 &&
-                                  i >= (double) -MAX_EXACT_INTEGER &&
-                                  (longlong) i % 2));
-  return i;
-}
-#endif /* HAVE_RINT */
 
 /* Define some general constants */
 #ifndef TRUE
@@ -1391,4 +1357,39 @@ do { doubleget_union _tmp; \
 
 #define MY_INT64_NUM_DECIMAL_DIGITS 21
 
+#ifndef HAVE_RINT
+/**
+   All integers up to this number can be represented exactly as double precision
+   values (DBL_MANT_DIG == 53 for IEEE 754 hardware).
+*/
+#define MAX_EXACT_INTEGER ((1LL << DBL_MANT_DIG) - 1)
+
+/**
+   rint(3) implementation for platforms that do not have it.
+   Always rounds to the nearest integer with ties being rounded to the nearest
+   even integer to mimic glibc's rint() behavior in the "round-to-nearest"
+   FPU mode. Hardware-specific optimizations are possible (frndint on x86).
+   Unlike this implementation, hardware will also honor the FPU rounding mode.
+*/
+
+static inline double rint(double x)
+{
+  double f, i;
+  f = modf(x, &i);
+  /*
+    All doubles with absolute values > MAX_EXACT_INTEGER are even anyway,
+    no need to check it.
+  */
+  if (x > 0.0)
+    i += (double) ((f > 0.5) || (f == 0.5 &&
+                                 i <= (double) MAX_EXACT_INTEGER &&
+                                 (longlong) i % 2));
+  else
+    i -= (double) ((f < -0.5) || (f == -0.5 &&
+                                  i >= (double) -MAX_EXACT_INTEGER &&
+                                  (longlong) i % 2));
+  return i;
+}
+#endif /* HAVE_RINT */
+
 #endif /* my_global_h */

From 9536bd657b2c6d3228009189c7c17a028342b8f5 Mon Sep 17 00:00:00 2001
From: Georgi Kodinov <joro@sun.com>
Date: Wed, 25 Mar 2009 15:37:21 +0200
Subject: [PATCH 05/19] Bug#43748: crash when non-super user tries to kill the
 replication threads

(Pushing for Azundris)

We allow security-contexts with NULL users (for
system-threads and for unauthenticated users).
If a non-SUPER-user tried to KILL such a thread,
we tried to compare the user-fields to see whether
they owned that thread. Comparing against NULL was
not a good idea.

If KILLer does not have SUPER-privilege, we
specifically check whether both KILLer and KILLee
have a non-NULL user before testing for string-
equality. If either is NULL, we reject the KILL.

mysql-test/r/rpl_temporary.result:
  Try to have a non-SUPER user KILL a system thread.
mysql-test/t/rpl_temporary.test:
  Try to have a non-SUPER user KILL a system thread.
sql/sql_parse.cc:
  Make sure security contexts of both KILLer *and*
          KILLee are non-NULL before testing for string-equality!
---
 mysql-test/r/rpl_temporary.result | 18 ++++++++++++++++
 mysql-test/t/rpl_temporary.test   | 36 +++++++++++++++++++++++++++++++
 sql/sql_parse.cc                  | 21 +++++++++++++++++-
 3 files changed, 74 insertions(+), 1 deletion(-)

diff --git a/mysql-test/r/rpl_temporary.result b/mysql-test/r/rpl_temporary.result
index 15c069ab68d..5eefced7564 100644
--- a/mysql-test/r/rpl_temporary.result
+++ b/mysql-test/r/rpl_temporary.result
@@ -4,6 +4,24 @@ reset master;
 reset slave;
 drop table if exists t1,t2,t3,t4,t5,t6,t7,t8,t9;
 start slave;
+FLUSH PRIVILEGES;
+drop table if exists t999;
+create temporary table t999(
+id int,
+user char(255),
+host char(255),
+db char(255),
+Command char(255),
+time int,
+State char(255),
+info char(255)
+);
+LOAD DATA INFILE "./tmp/bl_dump_thread_id" into table t999;
+drop table t999;
+GRANT USAGE ON *.* TO user43748@localhost;
+KILL `select id from information_schema.processlist where command='Binlog Dump'`;
+ERROR HY000: You are not owner of thread `select id from information_schema.processlist where command='Binlog Dump'`
+DROP USER user43748@localhost;
 reset master;
 SET @save_select_limit=@@session.sql_select_limit;
 SET @@session.sql_select_limit=10, @@session.pseudo_thread_id=100;
diff --git a/mysql-test/t/rpl_temporary.test b/mysql-test/t/rpl_temporary.test
index 516f3a026c9..366fdf00c56 100644
--- a/mysql-test/t/rpl_temporary.test
+++ b/mysql-test/t/rpl_temporary.test
@@ -3,6 +3,42 @@ source include/add_anonymous_users.inc;
 
 source include/master-slave.inc;
 
+#
+# Bug#43748: crash when non-super user tries to kill the replication threads
+#
+
+--connection master
+save_master_pos;
+
+--connection slave
+sync_with_master;
+
+--connection slave
+FLUSH PRIVILEGES;
+
+# in 5.0, we need to do some hocus pocus to get a system-thread ID (-> $id)
+--source include/get_binlog_dump_thread_id.inc
+
+# make a non-privileged user on slave. try to KILL system-thread as her.
+GRANT USAGE ON *.* TO user43748@localhost;
+
+--connect (mysqltest_2_con,localhost,user43748,,test,$SLAVE_MYPORT,)
+--connection mysqltest_2_con
+
+--replace_result $id "`select id from information_schema.processlist where command='Binlog Dump'`"
+--error ER_KILL_DENIED_ERROR
+eval KILL $id;
+
+--disconnect mysqltest_2_con
+
+--connection slave
+
+DROP USER user43748@localhost;
+
+--connection master
+
+
+
 # Clean up old slave's binlogs.
 # The slave is started with --log-slave-updates
 # and this test does SHOW BINLOG EVENTS on the slave's
diff --git a/sql/sql_parse.cc b/sql/sql_parse.cc
index 2297283c92d..33adcfe3342 100644
--- a/sql/sql_parse.cc
+++ b/sql/sql_parse.cc
@@ -7386,8 +7386,27 @@ void kill_one_thread(THD *thd, ulong id, bool only_kill_query)
   VOID(pthread_mutex_unlock(&LOCK_thread_count));
   if (tmp)
   {
+
+    /*
+      If we're SUPER, we can KILL anything, including system-threads.
+      No further checks.
+
+      thd..user could in theory be NULL while we're still in
+      "unauthenticated" state. This is more a theoretical case.
+
+      tmp..user will be NULL for system threads (cf Bug#43748).
+      We need to check so Jane Random User doesn't crash the server
+      when trying to kill a) system threads or b) unauthenticated
+      users' threads.
+
+      If user of both killer and killee are non-null, proceed with
+      slayage if both are string-equal.
+    */
+
     if ((thd->security_ctx->master_access & SUPER_ACL) ||
-	!strcmp(thd->security_ctx->user, tmp->security_ctx->user))
+        ((thd->security_ctx->user != NULL) &&
+         (tmp->security_ctx->user != NULL) &&
+         !strcmp(thd->security_ctx->user, tmp->security_ctx->user)))
     {
       tmp->awake(only_kill_query ? THD::KILL_QUERY : THD::KILL_CONNECTION);
       error=0;

From e46c139dd81081aceb27902ee4b632904cae292b Mon Sep 17 00:00:00 2001
From: "Tatiana A. Nurnberg" <azundris@mysql.com>
Date: Wed, 25 Mar 2009 17:10:27 +0100
Subject: [PATCH 06/19] Bug#43748: crash when non-super user tries to kill the
 replication threads

Fine-tuning. Broke out comparison into method by
suggestion of Davi. Clarified comments. Reverting
test-case which I find too brittle; proper test
case in 5.1+.
---
 mysql-test/r/rpl_temporary.result | 18 ----------------
 mysql-test/t/rpl_temporary.test   | 36 -------------------------------
 sql/sql_class.cc                  |  7 ++++++
 sql/sql_class.h                   |  1 +
 sql/sql_parse.cc                  | 17 +++++++--------
 5 files changed, 16 insertions(+), 63 deletions(-)

diff --git a/mysql-test/r/rpl_temporary.result b/mysql-test/r/rpl_temporary.result
index 5eefced7564..15c069ab68d 100644
--- a/mysql-test/r/rpl_temporary.result
+++ b/mysql-test/r/rpl_temporary.result
@@ -4,24 +4,6 @@ reset master;
 reset slave;
 drop table if exists t1,t2,t3,t4,t5,t6,t7,t8,t9;
 start slave;
-FLUSH PRIVILEGES;
-drop table if exists t999;
-create temporary table t999(
-id int,
-user char(255),
-host char(255),
-db char(255),
-Command char(255),
-time int,
-State char(255),
-info char(255)
-);
-LOAD DATA INFILE "./tmp/bl_dump_thread_id" into table t999;
-drop table t999;
-GRANT USAGE ON *.* TO user43748@localhost;
-KILL `select id from information_schema.processlist where command='Binlog Dump'`;
-ERROR HY000: You are not owner of thread `select id from information_schema.processlist where command='Binlog Dump'`
-DROP USER user43748@localhost;
 reset master;
 SET @save_select_limit=@@session.sql_select_limit;
 SET @@session.sql_select_limit=10, @@session.pseudo_thread_id=100;
diff --git a/mysql-test/t/rpl_temporary.test b/mysql-test/t/rpl_temporary.test
index 366fdf00c56..516f3a026c9 100644
--- a/mysql-test/t/rpl_temporary.test
+++ b/mysql-test/t/rpl_temporary.test
@@ -3,42 +3,6 @@ source include/add_anonymous_users.inc;
 
 source include/master-slave.inc;
 
-#
-# Bug#43748: crash when non-super user tries to kill the replication threads
-#
-
---connection master
-save_master_pos;
-
---connection slave
-sync_with_master;
-
---connection slave
-FLUSH PRIVILEGES;
-
-# in 5.0, we need to do some hocus pocus to get a system-thread ID (-> $id)
---source include/get_binlog_dump_thread_id.inc
-
-# make a non-privileged user on slave. try to KILL system-thread as her.
-GRANT USAGE ON *.* TO user43748@localhost;
-
---connect (mysqltest_2_con,localhost,user43748,,test,$SLAVE_MYPORT,)
---connection mysqltest_2_con
-
---replace_result $id "`select id from information_schema.processlist where command='Binlog Dump'`"
---error ER_KILL_DENIED_ERROR
-eval KILL $id;
-
---disconnect mysqltest_2_con
-
---connection slave
-
-DROP USER user43748@localhost;
-
---connection master
-
-
-
 # Clean up old slave's binlogs.
 # The slave is started with --log-slave-updates
 # and this test does SHOW BINLOG EVENTS on the slave's
diff --git a/sql/sql_class.cc b/sql/sql_class.cc
index 74bc669a049..aa796d6acbd 100644
--- a/sql/sql_class.cc
+++ b/sql/sql_class.cc
@@ -2144,6 +2144,13 @@ void Security_context::skip_grants()
 }
 
 
+bool Security_context::user_matches(Security_context *them)
+{
+  return ((user != NULL) && (them->user != NULL) &&
+          !strcmp(user, them->user));
+}
+
+
 /****************************************************************************
   Handling of open and locked tables states.
 
diff --git a/sql/sql_class.h b/sql/sql_class.h
index 3e3dfcd08fa..47dbac0f17b 100644
--- a/sql/sql_class.h
+++ b/sql/sql_class.h
@@ -985,6 +985,7 @@ public:
   {
     return (*priv_host ? priv_host : (char *)"%");
   }
+  bool user_matches(Security_context *);
 };
 
 
diff --git a/sql/sql_parse.cc b/sql/sql_parse.cc
index 33adcfe3342..c2d789b30b5 100644
--- a/sql/sql_parse.cc
+++ b/sql/sql_parse.cc
@@ -7391,22 +7391,21 @@ void kill_one_thread(THD *thd, ulong id, bool only_kill_query)
       If we're SUPER, we can KILL anything, including system-threads.
       No further checks.
 
-      thd..user could in theory be NULL while we're still in
-      "unauthenticated" state. This is more a theoretical case.
+      KILLer: thd->security_ctx->user could in theory be NULL while
+      we're still in "unauthenticated" state. This is a theoretical
+      case (the code suggests this could happen, so we play it safe).
 
-      tmp..user will be NULL for system threads (cf Bug#43748).
+      KILLee: tmp->security_ctx->user will be NULL for system threads.
       We need to check so Jane Random User doesn't crash the server
-      when trying to kill a) system threads or b) unauthenticated
-      users' threads.
+      when trying to kill a) system threads or b) unauthenticated users'
+      threads (Bug#43748).
 
-      If user of both killer and killee are non-null, proceed with
+      If user of both killer and killee are non-NULL, proceed with
       slayage if both are string-equal.
     */
 
     if ((thd->security_ctx->master_access & SUPER_ACL) ||
-        ((thd->security_ctx->user != NULL) &&
-         (tmp->security_ctx->user != NULL) &&
-         !strcmp(thd->security_ctx->user, tmp->security_ctx->user)))
+        thd->security_ctx->user_matches(tmp->security_ctx))
     {
       tmp->awake(only_kill_query ? THD::KILL_QUERY : THD::KILL_CONNECTION);
       error=0;

From bce4c76ae0365f3f80edccc96b26f76f0090b64d Mon Sep 17 00:00:00 2001
From: Ramil Kalimullin <ramil@mysql.com>
Date: Wed, 25 Mar 2009 20:48:10 +0400
Subject: [PATCH 07/19] Fix for bug#35383: binlog playback and replication
 breaks due to name_const substitution

Problem:
"In general, statements executed within a stored procedure
are written to the binary log using the same rules that
would apply were the statements to be executed in standalone
fashion. Some special care is taken when logging procedure
statements because statement execution within procedures
is not quite the same as in non-procedure context".

For example, each reference to a local variable in SP's
statements is replaced by NAME_CONST(var_name, var_value).
Queries like
"CREATE TABLE ... SELECT FUNC(local_var ..."
are logged as
"CREATE TABLE ... SELECT FUNC(NAME_CONST("local_var", var_value) ..."
that leads to differrent field names and
might result in "Incorrect column name" if var_value is long enough.

Fix: in 5.x we'll issue a warning in such a case.
In 6.0 we should get rid of NAME_CONST().

Note: this issue and change should be described in the documentation
("Binary Logging of Stored Programs").


mysql-test/r/binlog.result:
  Fix for bug#35383: binlog playback and replication breaks
  due to name_const substitution
    - test result.
mysql-test/t/binlog.test:
  Fix for bug#35383: binlog playback and replication breaks
  due to name_const substitution
    - test case.
sql/sp_head.cc:
  Fix for bug#35383: binlog playback and replication breaks
  due to name_const substitution
    - set thd->query_name_consts if there's NAME_CONST()
  substitution(s).
sql/sql_parse.cc:
  Fix for bug#35383: binlog playback and replication breaks
  due to name_const substitution
    - issue a warning if there's NAME_CONST() substitution and
  binary logging is on for "CREATE TABLE ... SELECT ...".
---
 mysql-test/r/binlog.result | 40 ++++++++++++++++++++++++++++++++++++++
 mysql-test/t/binlog.test   | 40 ++++++++++++++++++++++++++++++++++++++
 sql/sp_head.cc             |  5 +++++
 sql/sql_class.cc           |  1 +
 sql/sql_class.h            |  3 +++
 sql/sql_parse.cc           | 36 ++++++++++++++++++++++++++++++++++
 6 files changed, 125 insertions(+)

diff --git a/mysql-test/r/binlog.result b/mysql-test/r/binlog.result
index 80890a19b86..baab30ebbdd 100644
--- a/mysql-test/r/binlog.result
+++ b/mysql-test/r/binlog.result
@@ -604,6 +604,8 @@ END//
 CALL p1();
 c1	c2	c3	d1	d2	d3
 utf8_general_ci	utf8_unicode_ci	utf8_unicode_ci	2	2	2
+Warnings:
+Warning	1105	Invoked routine ran a statement that may cause problems with binary log, see 'NAME_CONST issues' in 'Binary Logging of Stored Programs' section of the manual.
 SHOW BINLOG EVENTS FROM 1285;
 Log_name	Pos	Event_type	Server_id	End_log_pos	Info
 master-bin.000001	1285	Query	1	1483	use `bug39182`; CREATE TEMPORARY TABLE tmp1
@@ -613,4 +615,42 @@ DROP PROCEDURE p1;
 DROP TABLE t1;
 DROP DATABASE bug39182;
 USE test;
+CREATE PROCEDURE p1(IN v1 INT)
+BEGIN
+CREATE TABLE t1 SELECT v1;
+DROP TABLE t1;
+END//
+CREATE PROCEDURE p2()
+BEGIN
+DECLARE v1 INT;
+CREATE TABLE t1 SELECT v1+1;
+DROP TABLE t1;
+END//
+CREATE PROCEDURE p3(IN v1 INT)
+BEGIN
+CREATE TABLE t1 SELECT 1 FROM DUAL WHERE v1!=0;
+DROP TABLE t1;
+END//
+CREATE PROCEDURE p4(IN v1 INT)
+BEGIN
+DECLARE v2 INT;
+CREATE TABLE t1 SELECT 1, v1, v2;
+DROP TABLE t1;
+CREATE TABLE t1 SELECT 1, v1+1, v2;
+DROP TABLE t1;
+END//
+CALL p1(1);
+CALL p2();
+Warnings:
+Warning	1105	Invoked routine ran a statement that may cause problems with binary log, see 'NAME_CONST issues' in 'Binary Logging of Stored Programs' section of the manual.
+CALL p3(0);
+Warnings:
+Warning	1105	Invoked routine ran a statement that may cause problems with binary log, see 'NAME_CONST issues' in 'Binary Logging of Stored Programs' section of the manual.
+CALL p4(0);
+Warnings:
+Warning	1105	Invoked routine ran a statement that may cause problems with binary log, see 'NAME_CONST issues' in 'Binary Logging of Stored Programs' section of the manual.
+DROP PROCEDURE p1;
+DROP PROCEDURE p2;
+DROP PROCEDURE p3;
+DROP PROCEDURE p4;
 End of 5.0 tests
diff --git a/mysql-test/t/binlog.test b/mysql-test/t/binlog.test
index b9893e02e14..8ceb219402a 100644
--- a/mysql-test/t/binlog.test
+++ b/mysql-test/t/binlog.test
@@ -161,4 +161,44 @@ DROP TABLE t1;
 DROP DATABASE bug39182;
 USE test;
 
+#
+# Bug#35383: binlog playback and replication breaks due to 
+# name_const substitution
+#
+DELIMITER //;
+CREATE PROCEDURE p1(IN v1 INT)
+BEGIN
+  CREATE TABLE t1 SELECT v1;
+  DROP TABLE t1;
+END//
+CREATE PROCEDURE p2()
+BEGIN
+  DECLARE v1 INT;
+  CREATE TABLE t1 SELECT v1+1;
+  DROP TABLE t1;
+END//
+CREATE PROCEDURE p3(IN v1 INT)
+BEGIN
+  CREATE TABLE t1 SELECT 1 FROM DUAL WHERE v1!=0;
+  DROP TABLE t1;
+END//
+CREATE PROCEDURE p4(IN v1 INT)
+BEGIN
+  DECLARE v2 INT;
+  CREATE TABLE t1 SELECT 1, v1, v2;
+  DROP TABLE t1;
+  CREATE TABLE t1 SELECT 1, v1+1, v2;
+  DROP TABLE t1;
+END//
+DELIMITER ;//
+
+CALL p1(1);
+CALL p2();
+CALL p3(0);
+CALL p4(0);
+DROP PROCEDURE p1;
+DROP PROCEDURE p2;
+DROP PROCEDURE p3;
+DROP PROCEDURE p4;
+
 --echo End of 5.0 tests
diff --git a/sql/sp_head.cc b/sql/sp_head.cc
index b51d97e66c5..76b0f2e22d2 100644
--- a/sql/sp_head.cc
+++ b/sql/sp_head.cc
@@ -894,6 +894,8 @@ subst_spvars(THD *thd, sp_instr *instr, LEX_STRING *query_str)
   qbuf.length(0);
   cur= query_str->str;
   prev_pos= res= 0;
+  thd->query_name_consts= 0;
+  
   for (Item_splocal **splocal= sp_vars_uses.front(); 
        splocal < sp_vars_uses.back(); splocal++)
   {
@@ -927,6 +929,8 @@ subst_spvars(THD *thd, sp_instr *instr, LEX_STRING *query_str)
     res|= qbuf.append(')');
     if (res)
       break;
+      
+    thd->query_name_consts++;
   }
   res|= qbuf.append(cur + prev_pos, query_str->length - prev_pos);
   if (res)
@@ -2621,6 +2625,7 @@ sp_instr_stmt::execute(THD *thd, uint *nextp)
       *nextp= m_ip+1;
     thd->query= query;
     thd->query_length= query_length;
+    thd->query_name_consts= 0;
   }
   DBUG_RETURN(res);
 }
diff --git a/sql/sql_class.cc b/sql/sql_class.cc
index 74bc669a049..07172dde549 100644
--- a/sql/sql_class.cc
+++ b/sql/sql_class.cc
@@ -219,6 +219,7 @@ THD::THD()
   one_shot_set= 0;
   file_id = 0;
   query_id= 0;
+  query_name_consts= 0;
   warn_id= 0;
   db_charset= global_system_variables.collation_database;
   bzero(ha_data, sizeof(ha_data));
diff --git a/sql/sql_class.h b/sql/sql_class.h
index 3e3dfcd08fa..8a69e3729f2 100644
--- a/sql/sql_class.h
+++ b/sql/sql_class.h
@@ -1556,6 +1556,9 @@ public:
   sp_cache   *sp_proc_cache;
   sp_cache   *sp_func_cache;
 
+  /** number of name_const() substitutions, see sp_head.cc:subst_spvars() */
+  uint       query_name_consts;
+
   /*
     If we do a purge of binary logs, log index info of the threads
     that are currently reading it needs to be adjusted. To do that
diff --git a/sql/sql_parse.cc b/sql/sql_parse.cc
index 33adcfe3342..4cfb41dbc76 100644
--- a/sql/sql_parse.cc
+++ b/sql/sql_parse.cc
@@ -3211,6 +3211,42 @@ mysql_execute_command(THD *thd)
     }
     if (select_lex->item_list.elements)		// With select
     {
+      /*
+        If:
+        a) we inside an SP and there was NAME_CONST substitution,
+        b) binlogging is on,
+        c) we log the SP as separate statements
+        raise a warning, as it may cause problems
+        (see 'NAME_CONST issues' in 'Binary Logging of Stored Programs')
+       */
+      if (thd->query_name_consts && 
+          mysql_bin_log.is_open() &&
+          !mysql_bin_log.is_query_in_union(thd, thd->query_id))
+      {
+        List_iterator_fast<Item> it(select_lex->item_list);
+        Item *item;
+        uint splocal_refs= 0;
+        /* Count SP local vars in the top-level SELECT list */
+        while ((item= it++))
+        {
+          if (item->is_splocal())
+            splocal_refs++;
+        }
+        /*
+          If it differs from number of NAME_CONST substitution applied,
+          we may have a SOME_FUNC(NAME_CONST()) in the SELECT list,
+          that may cause a problem with binary log (see BUG#35383),
+          raise a warning. 
+        */
+        if (splocal_refs != thd->query_name_consts)
+          push_warning(thd, 
+                       MYSQL_ERROR::WARN_LEVEL_WARN,
+                       ER_UNKNOWN_ERROR,
+"Invoked routine ran a statement that may cause problems with "
+"binary log, see 'NAME_CONST issues' in 'Binary Logging of Stored Programs' "
+"section of the manual.");
+      }
+      
       select_result *sel_result;
 
       select_lex->options|= SELECT_NO_UNLOCK;

From c9e9b9583e1d3bec1f208f2a7faed08b1f8bf2ad Mon Sep 17 00:00:00 2001
From: Matthias Leich <Matthias.Leich@sun.com>
Date: Thu, 26 Mar 2009 19:12:19 +0100
Subject: [PATCH 08/19] Fix for Bug#43383 main.variables-big : Weak testing
 code and result including modifications according to code review + backport
 of the fix for   Bug 41932 funcs_1: is_collation_character_set_applicability
 path                      too long for tar   which was missing in 5.0 (just a
 renaming of two files)

---
 mysql-test/r/variables-big.result             | 34 +++++------
 ...ty.result => is_coll_char_set_appl.result} |  0
 ...bility.test => is_coll_char_set_appl.test} |  0
 mysql-test/t/variables-big.test               | 57 +++++++++++++++----
 4 files changed, 61 insertions(+), 30 deletions(-)
 rename mysql-test/suite/funcs_1/r/{is_collation_character_set_applicability.result => is_coll_char_set_appl.result} (100%)
 rename mysql-test/suite/funcs_1/t/{is_collation_character_set_applicability.test => is_coll_char_set_appl.test} (100%)

diff --git a/mysql-test/r/variables-big.result b/mysql-test/r/variables-big.result
index c441f27d82d..960fc6d22f4 100644
--- a/mysql-test/r/variables-big.result
+++ b/mysql-test/r/variables-big.result
@@ -1,24 +1,20 @@
-set session transaction_prealloc_size=1024*1024*1024*1;
-show processlist;
+SET SESSION transaction_prealloc_size=1024*1024*1024*1;
+SHOW PROCESSLIST;
 Id	User	Host	db	Command	Time	State	Info
-6	root	localhost	test	Query	0	NULL	show processlist
-set session transaction_prealloc_size=1024*1024*1024*2;
-show processlist;
+<Id>	root	localhost	test	Query	<Time>	NULL	SHOW PROCESSLIST
+SET SESSION transaction_prealloc_size=1024*1024*1024*2;
+SHOW PROCESSLIST;
 Id	User	Host	db	Command	Time	State	Info
-6	root	localhost	test	Query	1	NULL	show processlist
-set session transaction_prealloc_size=1024*1024*1024*3;
-show processlist;
+<Id>	root	localhost	test	Query	<Time>	NULL	SHOW PROCESSLIST
+SET SESSION transaction_prealloc_size=1024*1024*1024*3;
+SHOW PROCESSLIST;
 Id	User	Host	db	Command	Time	State	Info
-6	root	localhost	test	Query	0	NULL	show processlist
-set session transaction_prealloc_size=1024*1024*1024*4;
-Warnings:
-Warning	1292	Truncated incorrect transaction_prealloc_size value: '4294967296'
-show processlist;
+<Id>	root	localhost	test	Query	<Time>	NULL	SHOW PROCESSLIST
+SET SESSION transaction_prealloc_size=1024*1024*1024*4;
+SHOW PROCESSLIST;
 Id	User	Host	db	Command	Time	State	Info
-6	root	localhost	test	Query	0	NULL	show processlist
-set session transaction_prealloc_size=1024*1024*1024*5;
-Warnings:
-Warning	1292	Truncated incorrect transaction_prealloc_size value: '5368709120'
-show processlist;
+<Id>	root	localhost	test	Query	<Time>	NULL	SHOW PROCESSLIST
+SET SESSION transaction_prealloc_size=1024*1024*1024*5;
+SHOW PROCESSLIST;
 Id	User	Host	db	Command	Time	State	Info
-6	root	localhost	test	Query	0	NULL	show processlist
+<Id>	root	localhost	test	Query	<Time>	NULL	SHOW PROCESSLIST
diff --git a/mysql-test/suite/funcs_1/r/is_collation_character_set_applicability.result b/mysql-test/suite/funcs_1/r/is_coll_char_set_appl.result
similarity index 100%
rename from mysql-test/suite/funcs_1/r/is_collation_character_set_applicability.result
rename to mysql-test/suite/funcs_1/r/is_coll_char_set_appl.result
diff --git a/mysql-test/suite/funcs_1/t/is_collation_character_set_applicability.test b/mysql-test/suite/funcs_1/t/is_coll_char_set_appl.test
similarity index 100%
rename from mysql-test/suite/funcs_1/t/is_collation_character_set_applicability.test
rename to mysql-test/suite/funcs_1/t/is_coll_char_set_appl.test
diff --git a/mysql-test/t/variables-big.test b/mysql-test/t/variables-big.test
index 43326f3d016..fdb11ffa907 100644
--- a/mysql-test/t/variables-big.test
+++ b/mysql-test/t/variables-big.test
@@ -5,16 +5,51 @@
 --source include/big_test.inc
 
 #
-# Bug #27322  	failure to allocate transaction_prealloc_size causes crash
+# Bug#27322 failure to allocate transaction_prealloc_size causes crash
+#
+#
+# Manual (6.0):
+# Platform Bit Size  Range                      Default
+# 32                 1024-4294967295 (4 Gi - 1) 4096
+# 64                 1024-18446744073709547520  4096
+#
+# Observation(mleich):
+# 1. - Linux 64 Bit, MySQL 64 Bit, 4 GiB RAM, 8 GiB swap
+#    - SET SESSION transaction_prealloc_size=1099511627776;
+#      SHOW PROCESSLIST;
+#      Id   User ... Info
+#      <Id> root ... SHOW PROCESSLIST
+#      SELECT @@session.transaction_prealloc_size;
+#      @@session.transaction_prealloc_size
+#      1099511627776
+#      very short runtime in 5.0
+#      excessive resource consumption + long runtime in 5.1 and 6.0
+# 2. - Win in VM, slightly older version of this test, MySQL 5.0
+#    - testcase timeout after 900s
+#      analyze-timeout-mysqld.1.err :
+#      Id User ... Time Info
+#      83 root ... 542  set session transaction_prealloc_size=1024*1024*1024*2
+#      84 root ... 1    SHOW PROCESSLIST
+#
+# There is a significant probablitity that this tests fails with testcase
+# timeout if the testing box is not powerful enough.
 #
 
-set session transaction_prealloc_size=1024*1024*1024*1;
-show processlist;
-set session transaction_prealloc_size=1024*1024*1024*2;
-show processlist;
-set session transaction_prealloc_size=1024*1024*1024*3;
-show processlist;
-set session transaction_prealloc_size=1024*1024*1024*4;
-show processlist;
-set session transaction_prealloc_size=1024*1024*1024*5;
-show processlist;
+--disable_warnings
+SET SESSION transaction_prealloc_size=1024*1024*1024*1;
+--replace_column 1 <Id> 6 <Time>
+SHOW PROCESSLIST;
+SET SESSION transaction_prealloc_size=1024*1024*1024*2;
+--replace_column 1 <Id> 6 <Time>
+SHOW PROCESSLIST;
+SET SESSION transaction_prealloc_size=1024*1024*1024*3;
+--replace_column 1 <Id> 6 <Time>
+SHOW PROCESSLIST;
+SET SESSION transaction_prealloc_size=1024*1024*1024*4;
+--replace_column 1 <Id> 6 <Time>
+SHOW PROCESSLIST;
+SET SESSION transaction_prealloc_size=1024*1024*1024*5;
+--replace_column 1 <Id> 6 <Time>
+SHOW PROCESSLIST;
+--enable_warnings
+

From c2c47b67fd6f6130b941a0b50fa701b0bb105ba7 Mon Sep 17 00:00:00 2001
From: Ramil Kalimullin <ramil@mysql.com>
Date: Fri, 27 Mar 2009 10:24:32 +0400
Subject: [PATCH 09/19] Fix for bug #26288: savepoint not deleted, comit on
 empty transaction

Problem: commit doesn't delete savepoints if there are no changes
in the transaction.

Fix: delete them in such cases.


mysql-test/r/innodb_mysql.result:
  Fix for bug #26288: savepoint not deleted, comit on empty transaction
    - test result.
mysql-test/t/innodb_mysql.test:
  Fix for bug #26288: savepoint not deleted, comit on empty transaction
    - test case.
sql/handler.cc:
  Fix for bug #26288: savepoint not deleted, comit on empty transaction
    - call transaction.cleanup() even if nht is 0 to delete
  possible savepoints.
---
 mysql-test/r/innodb_mysql.result | 24 ++++++++++++++++++++++++
 mysql-test/t/innodb_mysql.test   | 29 +++++++++++++++++++++++++++++
 sql/handler.cc                   | 16 +++++++++++++---
 3 files changed, 66 insertions(+), 3 deletions(-)

diff --git a/mysql-test/r/innodb_mysql.result b/mysql-test/r/innodb_mysql.result
index 682cc2e82e2..d95499fe3ba 100644
--- a/mysql-test/r/innodb_mysql.result
+++ b/mysql-test/r/innodb_mysql.result
@@ -1267,4 +1267,28 @@ CREATE INDEX i1 on t1 (a(3));
 SELECT * FROM t1 WHERE a = 'abcde';
 a
 DROP TABLE t1;
+#
+# BUG #26288: savepoint are not deleted on comit, if the transaction 
+# was otherwise empty
+#
+BEGIN;
+SAVEPOINT s1;
+COMMIT;
+RELEASE SAVEPOINT s1;
+ERROR 42000: SAVEPOINT s1 does not exist
+BEGIN;
+SAVEPOINT s2;
+COMMIT;
+ROLLBACK TO SAVEPOINT s2;
+ERROR 42000: SAVEPOINT s2 does not exist
+BEGIN;
+SAVEPOINT s3;
+ROLLBACK;
+RELEASE SAVEPOINT s3;
+ERROR 42000: SAVEPOINT s3 does not exist
+BEGIN;
+SAVEPOINT s4;
+ROLLBACK;
+ROLLBACK TO SAVEPOINT s4;
+ERROR 42000: SAVEPOINT s4 does not exist
 End of 5.0 tests
diff --git a/mysql-test/t/innodb_mysql.test b/mysql-test/t/innodb_mysql.test
index b4fc425cb7c..512f7fc7fe2 100644
--- a/mysql-test/t/innodb_mysql.test
+++ b/mysql-test/t/innodb_mysql.test
@@ -1025,4 +1025,33 @@ CREATE INDEX i1 on t1 (a(3));
 SELECT * FROM t1 WHERE a = 'abcde'; 
 DROP TABLE t1;
 
+
+--echo #
+--echo # BUG #26288: savepoint are not deleted on comit, if the transaction 
+--echo # was otherwise empty
+--echo #
+BEGIN;
+SAVEPOINT s1;
+COMMIT;
+--error 1305
+RELEASE SAVEPOINT s1;
+
+BEGIN;
+SAVEPOINT s2;
+COMMIT;
+--error 1305
+ROLLBACK TO SAVEPOINT s2;
+
+BEGIN;
+SAVEPOINT s3;
+ROLLBACK;
+--error 1305
+RELEASE SAVEPOINT s3;
+
+BEGIN;
+SAVEPOINT s4;
+ROLLBACK;
+--error 1305
+ROLLBACK TO SAVEPOINT s4;
+
 --echo End of 5.0 tests
diff --git a/sql/handler.cc b/sql/handler.cc
index d069d56caae..63f652fc2b4 100644
--- a/sql/handler.cc
+++ b/sql/handler.cc
@@ -730,6 +730,16 @@ end:
     if (is_real_trans)
       start_waiting_global_read_lock(thd);
   }
+  else if (all)
+  {
+    /*
+      A COMMIT of an empty transaction. There may be savepoints.
+      Destroy them. If the transaction is not empty
+      savepoints are cleared in ha_commit_one_phase()
+      or ha_rollback_trans().
+    */
+    thd->transaction.cleanup();
+  }
 #endif /* USING_TRANSACTIONS */
   DBUG_RETURN(error);
 }
@@ -825,11 +835,11 @@ int ha_rollback_trans(THD *thd, bool all)
         thd->transaction.xid_state.xid.null();
     }
     if (all)
-    {
       thd->variables.tx_isolation=thd->session_tx_isolation;
-      thd->transaction.cleanup();
-    }
   }
+  /* Always cleanup. Even if there nht==0. There may be savepoints. */
+  if (all)
+    thd->transaction.cleanup();
 #endif /* USING_TRANSACTIONS */
   if (all)
     thd->transaction_rollback_request= FALSE;

From 0b60184b90cfb7ed1eb927e5106eb194677d43f7 Mon Sep 17 00:00:00 2001
From: Alexey Kopytov <Alexey.Kopytov@sun.com>
Date: Fri, 27 Mar 2009 13:12:50 +0300
Subject: [PATCH 10/19] Fix for bug #43432:  Union on floats does unnecessary
 rounding

UNION could convert fixed-point FLOAT(M,D)/DOUBLE(M,D) columns
to FLOAT/DOUBLE when aggregating data types from the SELECT
substatements. While there is nothing particularly wrong with
this behavior, especially when M is greater than the hardware
precision limits, it could be confusing in cases when all
SELECT statements in a union have the same
FLOAT(M,D)/DOUBLE(M,D) columns with equal precision
specifications listed in the same position.

Since the manual is quite vague on what data type should be
returned in such cases, the bug was fixed by implementing the
most 'expected' behavior: do not convert FLOAT(M,D)/DOUBLE(M,D)
to anything else if all SELECT statements in a UNION have the
same precision for that column.

mysql-test/r/union.result:
  Added a test case for bug #43432.
mysql-test/t/union.test:
  Added a test case for bug #43432.
sql/field.cc:
  Replaced FLT_DIG+6 and DBL_DIG+7 with a symbolic constant.
sql/item.cc:
  Do not convert FLOAT(M,D)/DOUBLE(M,D)
  to anything else if all SELECT statements in a UNION have the
  same precision for that column.
sql/mysql_priv.h:
  Added a symbolic constant for FLT_DIG+6 and DBL_DIG+7.
---
 mysql-test/r/union.result | 12 ++++++++++++
 mysql-test/t/union.test   | 15 +++++++++++++++
 sql/field.cc              |  6 +++---
 sql/item.cc               | 30 +++++++++++++++++++-----------
 sql/mysql_priv.h          |  5 +++++
 5 files changed, 54 insertions(+), 14 deletions(-)

diff --git a/mysql-test/r/union.result b/mysql-test/r/union.result
index 6007fdd403a..3ae7953e283 100644
--- a/mysql-test/r/union.result
+++ b/mysql-test/r/union.result
@@ -1506,4 +1506,16 @@ DESC t6;
 Field	Type	Null	Key	Default	Extra
 NULL	int(11)	YES		NULL	
 DROP TABLE t1, t2, t3, t4, t5, t6;
+CREATE TABLE t1 (f FLOAT(9,6));
+CREATE TABLE t2 AS SELECT f FROM t1 UNION SELECT f FROM t1;
+SHOW FIELDS FROM t2;
+Field	Type	Null	Key	Default	Extra
+f	float(9,6)	YES		NULL	
+DROP TABLE t1, t2;
+CREATE TABLE t1(d DOUBLE(9,6));
+CREATE TABLE t2 AS SELECT d FROM t1 UNION SELECT d FROM t1;
+SHOW FIELDS FROM t2;
+Field	Type	Null	Key	Default	Extra
+d	double(9,6)	YES		NULL	
+DROP TABLE t1, t2;
 End of 5.0 tests
diff --git a/mysql-test/t/union.test b/mysql-test/t/union.test
index 44f21abda19..35b9be60f2b 100644
--- a/mysql-test/t/union.test
+++ b/mysql-test/t/union.test
@@ -1000,4 +1000,19 @@ SELECT * FROM (SELECT * FROM (SELECT NULL)a) b UNION SELECT a FROM t1;
 DESC t6;
 
 DROP TABLE t1, t2, t3, t4, t5, t6;
+
+#
+# Bug #43432: Union on floats does unnecessary rounding
+#
+
+CREATE TABLE t1 (f FLOAT(9,6));
+CREATE TABLE t2 AS SELECT f FROM t1 UNION SELECT f FROM t1;
+SHOW FIELDS FROM t2;
+DROP TABLE t1, t2;
+
+CREATE TABLE t1(d DOUBLE(9,6));
+CREATE TABLE t2 AS SELECT d FROM t1 UNION SELECT d FROM t1;
+SHOW FIELDS FROM t2;
+DROP TABLE t1, t2;
+
 --echo End of 5.0 tests
diff --git a/sql/field.cc b/sql/field.cc
index f8ab4b852ec..36cc4681dec 100644
--- a/sql/field.cc
+++ b/sql/field.cc
@@ -8587,16 +8587,16 @@ bool create_field::init(THD *thd, char *fld_name, enum_field_types fld_type,
       else if (tmp_length > PRECISION_FOR_FLOAT)
       {
         sql_type= FIELD_TYPE_DOUBLE;
-        length= DBL_DIG+7; /* -[digits].E+### */
+        length= MAX_DOUBLE_STR_LENGTH; 
       }
       else
-        length= FLT_DIG+6; /* -[digits].E+## */
+        length= MAX_FLOAT_STR_LENGTH; 
       decimals= NOT_FIXED_DEC;
       break;
     }
     if (!fld_length && !fld_decimals)
     {
-      length=  FLT_DIG+6;
+      length=  MAX_FLOAT_STR_LENGTH;
       decimals= NOT_FIXED_DEC;
     }
     if (length < decimals &&
diff --git a/sql/item.cc b/sql/item.cc
index f32828629cf..f2b52a0f865 100644
--- a/sql/item.cc
+++ b/sql/item.cc
@@ -6949,18 +6949,26 @@ bool Item_type_holder::join_types(THD *thd, Item *item)
   {
     if (decimals != NOT_FIXED_DEC)
     {
-      int delta1= max_length_orig - decimals_orig;
-      int delta2= item->max_length - item->decimals;
-      max_length= max(delta1, delta2) + decimals;
-      if (fld_type == MYSQL_TYPE_FLOAT && max_length > FLT_DIG + 2) 
+      /*
+        For FLOAT(M,D)/DOUBLE(M,D) do not change precision
+         if both fields have the same M and D
+      */
+      if (item->max_length != max_length_orig ||
+          item->decimals != decimals_orig)
       {
-        max_length= FLT_DIG + 6;
-        decimals= NOT_FIXED_DEC;
-      } 
-      if (fld_type == MYSQL_TYPE_DOUBLE && max_length > DBL_DIG + 2) 
-      {
-        max_length= DBL_DIG + 7;
-        decimals= NOT_FIXED_DEC;
+        int delta1= max_length_orig - decimals_orig;
+        int delta2= item->max_length - item->decimals;
+        max_length= max(delta1, delta2) + decimals;
+        if (fld_type == MYSQL_TYPE_FLOAT && max_length > FLT_DIG + 2)
+        {
+          max_length= MAX_FLOAT_STR_LENGTH;
+          decimals= NOT_FIXED_DEC;
+        } 
+        else if (fld_type == MYSQL_TYPE_DOUBLE && max_length > DBL_DIG + 2)
+        {
+          max_length= MAX_DOUBLE_STR_LENGTH;
+          decimals= NOT_FIXED_DEC;
+        }
       }
     }
     else
diff --git a/sql/mysql_priv.h b/sql/mysql_priv.h
index b855af9a8d3..58ab7a08837 100644
--- a/sql/mysql_priv.h
+++ b/sql/mysql_priv.h
@@ -251,6 +251,11 @@ MY_LOCALE *my_locale_by_number(uint number);
 #define PRECISION_FOR_DOUBLE 53
 #define PRECISION_FOR_FLOAT  24
 
+/* -[digits].E+## */
+#define MAX_FLOAT_STR_LENGTH (FLT_DIG + 6)
+/* -[digits].E+### */
+#define MAX_DOUBLE_STR_LENGTH (DBL_DIG + 7)
+
 /*
   Default time to wait before aborting a new client connection
   that does not respond to "initial server greeting" timely

From 50ed1ef7520bbff8a88ea33f7838544b1c3ce4e2 Mon Sep 17 00:00:00 2001
From: Staale Smedseng <staale.smedseng@sun.com>
Date: Fri, 27 Mar 2009 12:09:15 +0100
Subject: [PATCH 11/19] Bug#39953 Triggers are not working properly with multi
 table updates

Attempt to execute trigger or stored function with multi-UPDATE
which used - but didn't update - a table that was also used by
the calling statement led to an error. Read-only reference to
tables used in the calling statement should be allowed.

This problem was caused by the fact that check for conflicting
use of tables in SP/triggers was performed in open_tables(),
and in case of multi-UPDATE we didn't know exact lock type at
this stage.

We solve the problem by moving this check to lock_tables(), so
it can be performed after exact lock types for tables used by
multi-UPDATE are determined.


mysql-test/r/trigger.result:
  Results for the added test case is added.
mysql-test/t/trigger.test:
  A new test case is added, verifying correct table multi-update
  conflict resolution, both read-only and write.
sql/sql_base.cc:
  The check for conflicting use of tables in SP/triggers is moved
  to lock_tables(), to be performed after the exact lock types
  have been determined. Also, an assert is added to open_ltable()
  to ensure this func is not used in a prelocked context.
---
 mysql-test/r/trigger.result | 20 ++++++++++++
 mysql-test/t/trigger.test   | 33 +++++++++++++++++++
 sql/sql_base.cc             | 64 ++++++++++++++++++++++---------------
 3 files changed, 91 insertions(+), 26 deletions(-)

diff --git a/mysql-test/r/trigger.result b/mysql-test/r/trigger.result
index a07318435f6..a88a6973d61 100644
--- a/mysql-test/r/trigger.result
+++ b/mysql-test/r/trigger.result
@@ -1961,4 +1961,24 @@ select * from t2;
 s1
 drop table t1;
 drop temporary table t2;
+#------------------------------------------------------------------------
+# Bug#39953 Triggers are not working properly with multi table updates
+#------------------------------------------------------------------------
+DROP TABLE IF EXISTS t1;
+DROP TRIGGER IF EXISTS t_insert;
+DROP TABLE IF EXISTS t2;
+CREATE TABLE t1 (a int, date_insert timestamp, PRIMARY KEY (a));
+INSERT INTO t1 (a) VALUES (2),(5);
+CREATE TABLE t2 (a int, b int, PRIMARY KEY (a));
+CREATE TRIGGER t_insert AFTER INSERT ON t2 FOR EACH ROW BEGIN UPDATE t1,t2 SET
+date_insert=NOW() WHERE t1.a=t2.b AND t2.a=NEW.a; END |
+INSERT INTO t2 (a,b) VALUES (1,2);
+DROP TRIGGER t_insert;
+CREATE TRIGGER t_insert AFTER INSERT ON t2 FOR EACH ROW BEGIN UPDATE t1,t2 SET
+date_insert=NOW(),b=b+1 WHERE t1.a=t2.b AND t2.a=NEW.a; END |
+INSERT INTO t2 (a,b) VALUES (3,5);
+ERROR HY000: Can't update table 't2' in stored function/trigger because it is already used by statement which invoked this stored function/trigger.
+DROP TABLE t1;
+DROP TRIGGER t_insert;
+DROP TABLE t2;
 End of 5.0 tests
diff --git a/mysql-test/t/trigger.test b/mysql-test/t/trigger.test
index 2f62ad38621..9a0277a98c2 100644
--- a/mysql-test/t/trigger.test
+++ b/mysql-test/t/trigger.test
@@ -2217,4 +2217,37 @@ select * from t1;
 select * from t2;
 drop table t1;
 drop temporary table t2;
+
+--echo #------------------------------------------------------------------------
+--echo # Bug#39953 Triggers are not working properly with multi table updates
+--echo #------------------------------------------------------------------------
+
+--disable_warnings
+DROP TABLE IF EXISTS t1;
+DROP TRIGGER IF EXISTS t_insert;
+DROP TABLE IF EXISTS t2;
+--enable_warnings
+
+CREATE TABLE t1 (a int, date_insert timestamp, PRIMARY KEY (a));
+INSERT INTO t1 (a) VALUES (2),(5);
+CREATE TABLE t2 (a int, b int, PRIMARY KEY (a));
+DELIMITER |;
+CREATE TRIGGER t_insert AFTER INSERT ON t2 FOR EACH ROW BEGIN UPDATE t1,t2 SET
+date_insert=NOW() WHERE t1.a=t2.b AND t2.a=NEW.a; END |
+DELIMITER ;|
+INSERT INTO t2 (a,b) VALUES (1,2);
+
+DROP TRIGGER t_insert;
+
+DELIMITER |;
+CREATE TRIGGER t_insert AFTER INSERT ON t2 FOR EACH ROW BEGIN UPDATE t1,t2 SET
+date_insert=NOW(),b=b+1 WHERE t1.a=t2.b AND t2.a=NEW.a; END |
+DELIMITER ;|
+--error ER_CANT_UPDATE_USED_TABLE_IN_SF_OR_TRG
+INSERT INTO t2 (a,b) VALUES (3,5);
+
+DROP TABLE t1;
+DROP TRIGGER t_insert;
+DROP TABLE t2;
+
 --echo End of 5.0 tests
diff --git a/sql/sql_base.cc b/sql/sql_base.cc
index 0cf3e023be9..b43085436e5 100644
--- a/sql/sql_base.cc
+++ b/sql/sql_base.cc
@@ -1596,27 +1596,11 @@ TABLE *open_table(THD *thd, TABLE_LIST *table_list, MEM_ROOT *mem_root,
   {						// Using table locks
     TABLE *best_table= 0;
     int best_distance= INT_MIN;
-    bool check_if_used= thd->prelocked_mode &&
-                        ((int) table_list->lock_type >=
-                         (int) TL_WRITE_ALLOW_WRITE);
     for (table=thd->open_tables; table ; table=table->next)
     {
       if (table->s->key_length == key_length &&
           !memcmp(table->s->table_cache_key, key, key_length))
       {
-        if (check_if_used && table->query_id &&
-            table->query_id != thd->query_id)
-        {
-          /*
-            If we are in stored function or trigger we should ensure that
-            we won't change table that is already used by calling statement.
-            So if we are opening table for writing, we should check that it
-            is not already open by some calling stamement.
-          */
-          my_error(ER_CANT_UPDATE_USED_TABLE_IN_SF_OR_TRG, MYF(0),
-                   table->s->table_name);
-          DBUG_RETURN(0);
-        }
         if (!my_strcasecmp(system_charset_info, table->alias, alias) &&
             table->query_id != thd->query_id && /* skip tables already used */
             !(thd->prelocked_mode && table->query_id))
@@ -1640,13 +1624,13 @@ TABLE *open_table(THD *thd, TABLE_LIST *table_list, MEM_ROOT *mem_root,
           {
             best_distance= distance;
             best_table= table;
-            if (best_distance == 0 && !check_if_used)
+            if (best_distance == 0)
             {
               /*
-                If we have found perfect match and we don't need to check that
-                table is not used by one of calling statements (assuming that
-                we are inside of function or trigger) we can finish iterating
-                through open tables list.
+                We have found a perfect match and can finish iterating
+                through open tables list. Check for table use conflict
+                between calling statement and SP/trigger is done in
+                lock_tables().
               */
               break;
             }
@@ -2944,9 +2928,9 @@ static bool check_lock_and_start_stmt(THD *thd, TABLE *table,
     lock_type		Lock to use for open
 
   NOTE
-    This function don't do anything like SP/SF/views/triggers analysis done
-    in open_tables(). It is intended for opening of only one concrete table.
-    And used only in special contexts.
+    This function doesn't do anything like SP/SF/views/triggers analysis done 
+    in open_tables()/lock_tables(). It is intended for opening of only one
+    concrete table. And used only in special contexts.
 
   RETURN VALUES
     table		Opened table
@@ -3262,8 +3246,36 @@ int lock_tables(THD *thd, TABLE_LIST *tables, uint count, bool *need_reopen)
     TABLE_LIST *first_not_own= thd->lex->first_not_own_table();
     for (table= tables; table != first_not_own; table= table->next_global)
     {
-      if (!table->placeholder() &&
-	  check_lock_and_start_stmt(thd, table->table, table->lock_type))
+      if (table->placeholder())
+        continue;
+
+      /*
+        In a stored function or trigger we should ensure that we won't change
+        a table that is already used by the calling statement.
+      */
+      if (thd->prelocked_mode &&
+          table->lock_type >= TL_WRITE_ALLOW_WRITE)
+      {
+        for (TABLE* opentab= thd->open_tables; opentab; opentab= opentab->next)
+        {
+          /* 
+            issue an error if the tables are the same (by key comparison),
+            but query_id isn't
+          */
+          if (opentab->query_id && 
+              table->table->query_id != opentab->query_id &&
+              table->table->s->key_length == opentab->s->key_length &&
+              !memcmp(table->table->s->table_cache_key,
+                      opentab->s->table_cache_key, opentab->s->key_length))
+          {
+            my_error(ER_CANT_UPDATE_USED_TABLE_IN_SF_OR_TRG, MYF(0),
+                     table->table->s->table_name);
+            DBUG_RETURN(-1);
+          }
+        }
+      }
+
+      if (check_lock_and_start_stmt(thd, table->table, table->lock_type))
       {
 	ha_rollback_stmt(thd);
 	DBUG_RETURN(-1);

From 5f2bda83dd398f122c5691da705b6cbee8aaee88 Mon Sep 17 00:00:00 2001
From: Georgi Kodinov <joro@sun.com>
Date: Fri, 27 Mar 2009 16:25:16 +0200
Subject: [PATCH 12/19] fixed a compilation warning

---
 sql/sql_insert.cc | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/sql/sql_insert.cc b/sql/sql_insert.cc
index b79f979df05..48438ba033c 100644
--- a/sql/sql_insert.cc
+++ b/sql/sql_insert.cc
@@ -1609,7 +1609,9 @@ public:
   uint query_length;
 
   delayed_row(enum_duplicates dup_arg, bool ignore_arg, bool log_query_arg)
-    :record(0), query(0), time_zone(0), dup(dup_arg), ignore(ignore_arg), log_query(log_query_arg) {}
+    :record(0), query(0), dup(dup_arg), ignore(ignore_arg), 
+    log_query(log_query_arg), time_zone(0) 
+    {}
   ~delayed_row()
   {
     x_free(record);

From f56ad8c82c9bf37196c4d4bd4305735a5da4ad76 Mon Sep 17 00:00:00 2001
From: Georgi Kodinov <joro@sun.com>
Date: Fri, 27 Mar 2009 16:29:56 +0200
Subject: [PATCH 13/19] tree name changed

---
 .bzr-mysql/default.conf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.bzr-mysql/default.conf b/.bzr-mysql/default.conf
index 557df1b1ffe..f79c1cd6319 100644
--- a/.bzr-mysql/default.conf
+++ b/.bzr-mysql/default.conf
@@ -1,4 +1,4 @@
 [MYSQL]
 post_commit_to = "commits@lists.mysql.com"
 post_push_to = "commits@lists.mysql.com"
-tree_name = "mysql-5.0-bugteam"
+tree_name = "mysql-5.0"

From c517fc2b00b2d9922abe67f3bee7b9ad18368712 Mon Sep 17 00:00:00 2001
From: "Bernt M. Johnsen" <bernt.johnsen@sun.com>
Date: Tue, 31 Mar 2009 10:38:33 +0200
Subject: [PATCH 14/19] Bug 43355 Prepared for commit on 5.0 gca

---
 mysql-test/r/ps_1general.result |   8 +--
 mysql-test/r/sp.result          |   4 +-
 mysql-test/t/ps_1general.test   | 121 +++++++++++++++++---------------
 mysql-test/t/sp.test            |  39 ++++++----
 4 files changed, 97 insertions(+), 75 deletions(-)

diff --git a/mysql-test/r/ps_1general.result b/mysql-test/r/ps_1general.result
index 83dcbc61e68..5e951b866f7 100644
--- a/mysql-test/r/ps_1general.result
+++ b/mysql-test/r/ps_1general.result
@@ -418,17 +418,17 @@ prepare stmt3 from ' lock tables t1 read ' ;
 ERROR HY000: This command is not supported in the prepared statement protocol yet
 prepare stmt3 from ' unlock tables ' ;
 ERROR HY000: This command is not supported in the prepared statement protocol yet
-prepare stmt1 from ' load data infile ''data.txt''
-into table t1 fields terminated by ''\t'' ';
+prepare stmt1 from ' load data infile ''<MYSQLTEST_VARDIR>/tmp/data.txt''
+     into table t1 fields terminated by ''\t'' ';
 ERROR HY000: This command is not supported in the prepared statement protocol yet
-prepare stmt1 from ' select * into outfile ''data.txt'' from t1 ';
+prepare stmt1 from ' select * into outfile ''<MYSQLTEST_VARDIR>/tmp/data.txt'' from t1 ';
 execute stmt1 ;
 prepare stmt1 from ' optimize table t1 ' ;
 prepare stmt1 from ' analyze table t1 ' ;
 prepare stmt1 from ' checksum table t1 ' ;
 ERROR HY000: This command is not supported in the prepared statement protocol yet
 prepare stmt1 from ' repair table t1 ' ;
-prepare stmt1 from ' restore table t1 from ''data.txt'' ' ;
+prepare stmt1 from ' restore table t1 from ''<MYSQLTEST_VARDIR>/tmp/data.txt'' ' ;
 ERROR HY000: This command is not supported in the prepared statement protocol yet
 prepare stmt1 from ' handler t1 open ';
 ERROR HY000: This command is not supported in the prepared statement protocol yet
diff --git a/mysql-test/r/sp.result b/mysql-test/r/sp.result
index 84a4166a45d..236fa3d8681 100644
--- a/mysql-test/r/sp.result
+++ b/mysql-test/r/sp.result
@@ -4390,9 +4390,9 @@ drop procedure if exists bug13012|
 create procedure bug13012()
 BEGIN
 REPAIR TABLE t1;
-BACKUP TABLE t1 to '../tmp';
+BACKUP TABLE t1 to '<MYSQLTEST_VARDIR>/tmp/';
 DROP TABLE t1;
-RESTORE TABLE t1 FROM '../tmp';
+RESTORE TABLE t1 FROM '<MYSQLTEST_VARDIR>/tmp/';
 END|
 call bug13012()|
 Table	Op	Msg_type	Msg_text
diff --git a/mysql-test/t/ps_1general.test b/mysql-test/t/ps_1general.test
index 952931f2ad1..65e7f6a8682 100644
--- a/mysql-test/t/ps_1general.test
+++ b/mysql-test/t/ps_1general.test
@@ -70,71 +70,71 @@ prepare stmt1 from ' select 1 as my_col ' ;
 # prepare with parameter
 prepare stmt1 from ' select ? as my_col ' ;
 # prepare must fail (incomplete statements/wrong syntax)
---error 1064
+--error ER_PARSE_ERROR
 prepare ;
---error 1064
+--error ER_PARSE_ERROR
 prepare stmt1 ;
---error 1064
+--error ER_PARSE_ERROR
 prepare stmt1 from ;
---error 1064
+--error ER_PARSE_ERROR
 prepare_garbage stmt1 from ' select 1 ' ;
---error 1064
+--error ER_PARSE_ERROR
 prepare stmt1 from_garbage ' select 1 ' ;
---error 1064
+--error ER_PARSE_ERROR
 prepare stmt1 from ' select_garbage 1 ' ;
---error 1064
+--error ER_PARSE_ERROR
 prepare from ' select 1 ' ;
---error 1064
+--error ER_PARSE_ERROR
 prepare stmt1 ' select 1 ' ;
---error 1064
+--error ER_PARSE_ERROR
 prepare ? from ' select ? as my_col ' ;
 # statement in variable
 set @arg00='select 1 as my_col';
 prepare stmt1 from @arg00;
 # prepare must fail (query variable is empty)
 set @arg00='';
---error 1065
+--error ER_EMPTY_QUERY
 prepare stmt1 from @arg00;
 set @arg00=NULL;
 # prepare must fail (query variable is NULL)
---error 1064
+--error ER_PARSE_ERROR
 prepare stmt1 from @arg01;
 
 prepare stmt1 from ' select * from t1 where a <= 2 ' ;
 # prepare must fail (column x does not exist)
---error 1054
+--error ER_BAD_FIELD_ERROR
 prepare stmt1 from ' select * from t1 where x <= 2 ' ;
 # cases derived from client_test.c: test_null()
 # prepare must fail (column x does not exist)
---error 1054
+--error ER_BAD_FIELD_ERROR
 prepare stmt1 from ' insert into t1(a,x) values(?,?) ' ;
---error 1054
+--error ER_BAD_FIELD_ERROR
 prepare stmt1 from ' insert into t1(x,a) values(?,?) ' ;
 --disable_warnings
 drop table if exists not_exist ;
 --enable_warnings
 # prepare must fail (table does not exist)
---error 1146
+--error ER_NO_SUCH_TABLE
 prepare stmt1 from ' select * from not_exist where a <= 2 ' ;
 
 # case derived from client_test.c: test_prepare_syntax()
 # prepare must fail (incomplete statement)
---error 1064
+--error ER_PARSE_ERROR
 prepare stmt1 from ' insert into t1 values(? ' ;
---error 1064
+--error ER_PARSE_ERROR
 prepare stmt1 from ' select a, b from t1
                      where a=? and where ' ;
 
 ################ EXECUTE ################
 # execute must fail (statement never_prepared never prepared)
---error 1243
+--error ER_UNKNOWN_STMT_HANDLER
 execute never_prepared ;
 # execute must fail (prepare stmt1 just failed,
 #         but there was a successful prepare of stmt1 before)
 prepare stmt1 from ' select * from t1 where a <= 2 ' ;
---error 1146
+--error ER_NO_SUCH_TABLE
 prepare stmt1 from ' select * from not_exist where a <= 2 ' ;
---error 1243
+--error ER_UNKNOWN_STMT_HANDLER
 execute stmt1 ;
 
 # drop the table between prepare and execute
@@ -149,7 +149,7 @@ prepare stmt2 from ' select * from t5 ' ;
 execute stmt2 ;
 drop table t5 ;
 # execute must fail (table was dropped after prepare)
---error 1146
+--error ER_NO_SUCH_TABLE
 execute stmt2 ;
 # cases derived from client_test.c: test_select_prepare()
 # 1. drop + create table (same column names/types/order) 
@@ -218,7 +218,7 @@ create table t5
   f3 int
 );
 insert into t5( f1, f2, f3) values( 9, 'recreated table', 9);
---error 1054
+--error ER_BAD_FIELD_ERROR
 execute stmt2 ;
 drop table t5 ;
 
@@ -231,24 +231,24 @@ set @arg01='two' ;
 prepare stmt1 from ' select * from t1 where a <= ? ' ;
 execute stmt1 using @arg00;
 # execute must fail (too small number of parameters)
---error 1210
+--error ER_WRONG_ARGUMENTS
 execute stmt1 ;
 # execute must fail (too big number of parameters)
---error 1210
+--error ER_WRONG_ARGUMENTS
 execute stmt1 using @arg00, @arg01;
 # execute must fail (parameter is not set)
 execute stmt1 using @not_set;
 
 ################ DEALLOCATE ################
 # deallocate must fail (the statement 'never_prepared' was never prepared)
---error 1243
+--error ER_UNKNOWN_STMT_HANDLER
 deallocate prepare never_prepared ;
 # deallocate must fail (prepare stmt1 just failed,
 #         but there was a successful prepare before)
 prepare stmt1 from ' select * from t1 where a <= 2 ' ;
---error 1146
+--error ER_NO_SUCH_TABLE
 prepare stmt1 from ' select * from not_exist where a <= 2 ' ;
---error 1243
+--error ER_UNKNOWN_STMT_HANDLER
 deallocate prepare stmt1;
 create table t5
 (
@@ -330,17 +330,17 @@ prepare stmt4 from ' show engine bdb logs ';
 execute stmt4;
 --enable_result_log
 prepare stmt4 from ' show grants for user ';
---error 1295
+--error ER_UNSUPPORTED_PS
 prepare stmt4 from ' show create table t2 ';
---error 1295
+--error ER_UNSUPPORTED_PS
 prepare stmt4 from ' show master status ';
---error 1295
+--error ER_UNSUPPORTED_PS
 prepare stmt4 from ' show master logs ';
---error 1295
+--error ER_UNSUPPORTED_PS
 prepare stmt4 from ' show slave status ';
---error 1295
+--error ER_UNSUPPORTED_PS
 prepare stmt4 from ' show warnings limit 20 ';
---error 1295
+--error ER_UNSUPPORTED_PS
 prepare stmt4 from ' show errors limit 20 ';
 prepare stmt4 from ' show storage engines ';
 --replace_column 2 YES/NO
@@ -355,7 +355,7 @@ drop table if exists t5;
 prepare stmt1 from ' drop table if exists t5 ' ;
 execute stmt1 ;
 prepare stmt1 from ' drop table t5 ' ;
---error 1051
+--error ER_BAD_TABLE_ERROR
 execute stmt1 ;
 
 ## SELECT @@version
@@ -428,14 +428,14 @@ prepare stmt1 from ' deallocate prepare never_prepared ' ;
 prepare stmt1 from 'alter view v1 as select 2';
 
 ## switch the database connection
---error 1295
+--error ER_UNSUPPORTED_PS
 prepare stmt4 from ' use test ' ;
 
 ## create/drop database
---error 1295
+--error ER_UNSUPPORTED_PS
 prepare stmt3 from ' create database mysqltest ';
 create database mysqltest ;
---error 1295
+--error ER_UNSUPPORTED_PS
 prepare stmt3 from ' drop database mysqltest ';
 drop database mysqltest ;
 
@@ -444,29 +444,40 @@ drop database mysqltest ;
 prepare stmt3 from ' describe t2 ';
 execute stmt3;
 drop table t2 ;
---error 1146
+--error ER_NO_SUCH_TABLE
 execute stmt3;
 ## lock/unlock
---error 1295
+--error ER_UNSUPPORTED_PS
 prepare stmt3 from ' lock tables t1 read ' ;
---error 1295
+--error ER_UNSUPPORTED_PS
 prepare stmt3 from ' unlock tables ' ;
 ## Load/Unload table contents
---error 1295
-prepare stmt1 from ' load data infile ''data.txt''
-into table t1 fields terminated by ''\t'' ';
-prepare stmt1 from ' select * into outfile ''data.txt'' from t1 ';
-execute stmt1 ;
+
+--let $datafile = $MYSQLTEST_VARDIR/tmp/data.txt
+--error 0,1
+--remove_file $datafile
+
+--replace_result $MYSQLTEST_VARDIR <MYSQLTEST_VARDIR>
+--error ER_UNSUPPORTED_PS
+eval prepare stmt1 from ' load data infile ''$datafile''
+     into table t1 fields terminated by ''\t'' ';
+--replace_result $MYSQLTEST_VARDIR <MYSQLTEST_VARDIR>
+eval prepare stmt1 from ' select * into outfile ''$datafile'' from t1 ';
+     execute stmt1 ;
 ## 
 prepare stmt1 from ' optimize table t1 ' ;
 prepare stmt1 from ' analyze table t1 ' ;
---error 1295
+--error ER_UNSUPPORTED_PS
 prepare stmt1 from ' checksum table t1 ' ;
 prepare stmt1 from ' repair table t1 ' ;
---error 1295
-prepare stmt1 from ' restore table t1 from ''data.txt'' ' ;
+--replace_result $MYSQLTEST_VARDIR <MYSQLTEST_VARDIR>
+--error ER_UNSUPPORTED_PS
+eval prepare stmt1 from ' restore table t1 from ''$datafile'' ' ;
+--remove_file $datafile
+
+
 ## handler
---error 1295
+--error ER_UNSUPPORTED_PS
 prepare stmt1 from ' handler t1 open ';
 
 
@@ -492,11 +503,11 @@ SET sql_mode=ansi;
 execute stmt5;
 SET sql_mode="";
 
---error 1295
+--error ER_UNSUPPORTED_PS
 prepare stmt1 from ' flush local privileges ' ;
---error 1295
+--error ER_UNSUPPORTED_PS
 prepare stmt1 from ' reset query cache ' ;
---error 1295
+--error ER_UNSUPPORTED_PS
 prepare stmt1 from ' KILL 0 ';
 
 ## simple explain
@@ -582,7 +593,7 @@ drop table if exists new_t2;
 --enable_warnings
 prepare stmt3 from ' rename table t2 to new_t2 ';
 execute stmt3;
---error 1050
+--error ER_TABLE_EXISTS_ERROR
 execute stmt3;
 rename table new_t2 to t2;
 drop table t2;
@@ -593,13 +604,13 @@ create table t5 (a int) ;
 # rename must fail, t7 does not exist
 # Clean up the filename here because embedded server reports whole path
 --replace_result \\ / $MYSQLTEST_VARDIR . /master-data/ / t7.frm t7
---error 1017
+--error ER_FILE_NOT_FOUND
 execute stmt1 ;
 create table t7 (a int) ;
 # rename, t5 -> t6 and t7 -> t8
 execute stmt1 ;
 # rename must fail, t5 and t7 does not exist t6 and t8 already exist
---error 1050
+--error ER_TABLE_EXISTS_ERROR
 execute stmt1 ;
 rename table t6 to t5, t8 to t7 ;
 # rename, t5 -> t6 and t7 -> t8
diff --git a/mysql-test/t/sp.test b/mysql-test/t/sp.test
index d5bb565cbc8..e3d3298cc50 100644
--- a/mysql-test/t/sp.test
+++ b/mysql-test/t/sp.test
@@ -1271,7 +1271,7 @@ select *, f8() from v1|
 
 # Let us test what will happen if function is missing
 drop function f1|
---error 1356
+--error ER_VIEW_INVALID
 select * from v1|
 
 # And what will happen if we have recursion which involves
@@ -1310,9 +1310,9 @@ select f0()|
 select * from v0|
 select *, f0() from v0, (select 123) as d1|
 # But these should not !
---error 1100
+--error ER_TABLE_NOT_LOCKED
 select id, f3() from t1|
---error 1100
+--error ER_TABLE_NOT_LOCKED
 select f4()|
 unlock tables|
 
@@ -1322,9 +1322,9 @@ lock tables v2 read, mysql.proc read|
 select * from v2|
 select * from v1|
 # These should not work as we have too little instances of tables locked
---error 1100
+--error ER_TABLE_NOT_LOCKED
 select * from v1, t1|
---error 1100
+--error ER_TABLE_NOT_LOCKED
 select f4()|
 unlock tables|
 
@@ -4501,14 +4501,14 @@ begin
    select bug12379();
 end|
 
---error 1062
+--error ER_DUP_ENTRY
 select bug12379()|
 select 1|
 call bug12379_1()|
 select 2|
 call bug12379_2()|
 select 3|
---error 1062
+--error ER_DUP_ENTRY
 call bug12379_3()|
 select 4|
 
@@ -5235,18 +5235,29 @@ drop procedure bug5967|
 #
 # Bug#13012 "SP: REPAIR/BACKUP/RESTORE TABLE crashes the server"
 #
+--let $backupdir = $MYSQLTEST_VARDIR/tmp/
+--error 0,1
+--remove_file $backupdir/t1.frm
+--error 0,1
+--remove_file $backupdir/t1.MYD
+
 --disable_warnings
 drop procedure if exists bug13012|
+--replace_result $MYSQLTEST_VARDIR <MYSQLTEST_VARDIR>
 --enable_warnings
-create procedure bug13012()
-BEGIN
-  REPAIR TABLE t1;
-  BACKUP TABLE t1 to '../tmp';
-  DROP TABLE t1;
-  RESTORE TABLE t1 FROM '../tmp';
-END|
+eval create procedure bug13012()
+    BEGIN
+       REPAIR TABLE t1;
+       BACKUP TABLE t1 to '$backupdir';
+       DROP TABLE t1;
+       RESTORE TABLE t1 FROM '$backupdir';
+    END|
 call bug13012()|
+
+--remove_file $backupdir/t1.frm
+--remove_file $backupdir/t1.MYD
 drop procedure bug13012|
+
 create view v1 as select * from t1|
 create procedure bug13012()
 BEGIN

From f8acc70aac761baf6550621bc3f3feb56d988add Mon Sep 17 00:00:00 2001
From: Ignacio Galarza <ignacio.galarza@sun.com>
Date: Tue, 31 Mar 2009 17:48:45 -0400
Subject: [PATCH 15/19] Bug#29248 - MyISAMchk & MyISAMpack failing with *
 wildcard on Windows platform - Link against setargv.obj for wild-card
 expansion.

---
 myisam/CMakeLists.txt | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/myisam/CMakeLists.txt b/myisam/CMakeLists.txt
index a557d61b87f..225c04ff457 100755
--- a/myisam/CMakeLists.txt
+++ b/myisam/CMakeLists.txt
@@ -41,6 +41,8 @@ TARGET_LINK_LIBRARIES(myisamlog myisam mysys debug dbug strings zlib wsock32)
 ADD_EXECUTABLE(myisampack myisampack.c)
 TARGET_LINK_LIBRARIES(myisampack myisam mysys debug dbug strings zlib wsock32)
 
+SET_TARGET_PROPERTIES(myisamchk myisampack PROPERTIES LINK_FLAGS "setargv.obj")
+
 IF(EMBED_MANIFESTS)
   MYSQL_EMBED_MANIFEST("myisam_ftdump" "asInvoker")
   MYSQL_EMBED_MANIFEST("myisamchk" "asInvoker")

From 02884a4d986f29c50ff60cefa15464faa26e79bb Mon Sep 17 00:00:00 2001
From: Gleb Shchepa <gshchepa@mysql.com>
Date: Wed, 1 Apr 2009 16:02:26 +0500
Subject: [PATCH 16/19] Backport bug #37348 fix 5.1 --> 5.0.

Original commentary:

Bug #37348: Crash in or immediately after JOIN::make_sum_func_list

The optimizer pulls up aggregate functions which should be aggregated in
an outer select. At some point it may substitute such a function for a field
in the temporary table. The setup_copy_fields function doesn't take this
into account and may overrun the copy_field buffer.

Fixed by filtering out the fields referenced through the specialized
reference for aggregates (Item_aggregate_ref).
Added an assertion to make sure bugs that cause similar discrepancy
don't go undetected.


mysql-test/r/func_group.result:
  Backport bug #37348 fix 5.1 --> 5.0.
mysql-test/t/func_group.test:
  Backport bug #37348 fix 5.1 --> 5.0.
sql/item.cc:
  Backport bug #37348 fix 5.1 --> 5.0.
sql/item.h:
  Backport bug #37348 fix 5.1 --> 5.0.
sql/sql_select.cc:
  Backport bug #37348 fix 5.1 --> 5.0.
---
 mysql-test/r/func_group.result | 37 +++++++++++++++++++++++++++++++
 mysql-test/t/func_group.test   | 40 ++++++++++++++++++++++++++++++++++
 sql/item.cc                    |  1 +
 sql/item.h                     |  2 +-
 sql/sql_select.cc              | 11 +++++++++-
 5 files changed, 89 insertions(+), 2 deletions(-)

diff --git a/mysql-test/r/func_group.result b/mysql-test/r/func_group.result
index 85ddfaac4e0..d892deba63c 100644
--- a/mysql-test/r/func_group.result
+++ b/mysql-test/r/func_group.result
@@ -1448,4 +1448,41 @@ COUNT(*)
 0
 SET SQL_MODE=default;
 DROP TABLE t1;
+CREATE TABLE derived1 (a bigint(21));
+INSERT INTO derived1 VALUES (2);
+CREATE TABLE D (
+pk int(11) NOT NULL AUTO_INCREMENT,
+int_nokey int(11) DEFAULT NULL,
+int_key int(11) DEFAULT NULL,
+filler blob,
+PRIMARY KEY (pk),
+KEY int_key (int_key)
+);
+INSERT INTO D VALUES 
+(39,40,4,repeat('  X', 42)),
+(43,56,4,repeat('  X', 42)),
+(47,12,4,repeat('  X', 42)),
+(71,28,4,repeat('  X', 42)),
+(76,54,4,repeat('  X', 42)),
+(83,45,4,repeat('  X', 42)),
+(105,53,12,NULL);
+SELECT 
+(SELECT COUNT( int_nokey ) 
+FROM derived1 AS X 
+WHERE 
+X.int_nokey < 61 
+GROUP BY pk 
+LIMIT 1) 
+FROM D AS X 
+WHERE X.int_key < 13  
+GROUP BY int_nokey LIMIT 1;
+(SELECT COUNT( int_nokey ) 
+FROM derived1 AS X 
+WHERE 
+X.int_nokey < 61 
+GROUP BY pk 
+LIMIT 1)
+1
+DROP TABLE derived1;
+DROP TABLE D;
 End of 5.0 tests
diff --git a/mysql-test/t/func_group.test b/mysql-test/t/func_group.test
index 38779ac1a2f..cfa2e038fa2 100644
--- a/mysql-test/t/func_group.test
+++ b/mysql-test/t/func_group.test
@@ -955,5 +955,45 @@ SET SQL_MODE=default;
 DROP TABLE t1;
 
 
+#
+# Bug #37348: Crash in or immediately after JOIN::make_sum_func_list
+#
+
+CREATE TABLE derived1 (a bigint(21));
+INSERT INTO derived1 VALUES (2);
+
+
+CREATE TABLE D (
+  pk int(11) NOT NULL AUTO_INCREMENT,
+  int_nokey int(11) DEFAULT NULL,
+  int_key int(11) DEFAULT NULL,
+  filler blob,
+  PRIMARY KEY (pk),
+  KEY int_key (int_key)
+);
+
+INSERT INTO D VALUES 
+  (39,40,4,repeat('  X', 42)),
+  (43,56,4,repeat('  X', 42)),
+  (47,12,4,repeat('  X', 42)),
+  (71,28,4,repeat('  X', 42)),
+  (76,54,4,repeat('  X', 42)),
+  (83,45,4,repeat('  X', 42)),
+  (105,53,12,NULL);
+
+SELECT 
+  (SELECT COUNT( int_nokey ) 
+   FROM derived1 AS X 
+   WHERE 
+     X.int_nokey < 61 
+   GROUP BY pk 
+   LIMIT 1) 
+FROM D AS X 
+WHERE X.int_key < 13  
+GROUP BY int_nokey LIMIT 1;
+
+DROP TABLE derived1;
+DROP TABLE D;
+
 ###
 --echo End of 5.0 tests
diff --git a/sql/item.cc b/sql/item.cc
index 220c72059d1..c284e8b3bf4 100644
--- a/sql/item.cc
+++ b/sql/item.cc
@@ -1323,6 +1323,7 @@ public:
     else
       Item_ident::print(str);
   }
+  virtual Ref_Type ref_type() { return AGGREGATE_REF; }
 };
 
 
diff --git a/sql/item.h b/sql/item.h
index 852b0fcc1ba..22eb0c08e2d 100644
--- a/sql/item.h
+++ b/sql/item.h
@@ -1899,7 +1899,7 @@ class Item_ref :public Item_ident
 protected:
   void set_properties();
 public:
-  enum Ref_Type { REF, DIRECT_REF, VIEW_REF, OUTER_REF };
+  enum Ref_Type { REF, DIRECT_REF, VIEW_REF, OUTER_REF, AGGREGATE_REF };
   Field *result_field;			 /* Save result here */
   Item **ref;
   Item_ref(Name_resolution_context *context_arg,
diff --git a/sql/sql_select.cc b/sql/sql_select.cc
index 3b4668a3925..777d32ba149 100644
--- a/sql/sql_select.cc
+++ b/sql/sql_select.cc
@@ -14205,6 +14205,7 @@ setup_copy_fields(THD *thd, TMP_TABLE_PARAM *param,
   Item *pos;
   List_iterator_fast<Item> li(all_fields);
   Copy_field *copy= NULL;
+  IF_DBUG(Copy_field *copy_start);
   res_selected_fields.empty();
   res_all_fields.empty();
   List_iterator_fast<Item> itr(res_all_fields);
@@ -14217,12 +14218,19 @@ setup_copy_fields(THD *thd, TMP_TABLE_PARAM *param,
     goto err2;
 
   param->copy_funcs.empty();
+  IF_DBUG(copy_start= copy);
   for (i= 0; (pos= li++); i++)
   {
     Field *field;
     char *tmp;
     Item *real_pos= pos->real_item();
-    if (real_pos->type() == Item::FIELD_ITEM)
+    /*
+      Aggregate functions can be substituted for fields (by e.g. temp tables).
+      We need to filter those substituted fields out.
+    */
+    if (real_pos->type() == Item::FIELD_ITEM &&
+        !(real_pos != pos &&
+          ((Item_ref *)pos)->ref_type() == Item_ref::AGGREGATE_REF))
     {
       Item_field *item;
       if (!(item= new Item_field(thd, ((Item_field*) real_pos))))
@@ -14270,6 +14278,7 @@ setup_copy_fields(THD *thd, TMP_TABLE_PARAM *param,
 	  goto err;
         if (copy)
         {
+          DBUG_ASSERT (param->field_count > (uint) (copy - copy_start));
           copy->set(tmp, item->result_field);
           item->result_field->move_field(copy->to_ptr,copy->to_null_ptr,1);
 #ifdef HAVE_purify

From 02f8ec4d762a9ffdb8810387ab0ebd1416d3e87d Mon Sep 17 00:00:00 2001
From: Chad MILLER <chad@mysql.com>
Date: Thu, 2 Apr 2009 11:29:28 -0400
Subject: [PATCH 17/19] Bug#43876: mysqld_multi introduces --no-defaults which
 screws up my system Bug#32136: mysqld_multi --defaults-file not respected
 while using \ 	--mysqld=mysqld_safe

Revert change that adds "--no-defaults" to mysqld_multi.

This closes Bug#43508 and re-opens Bug#32136.
---
 scripts/mysqld_multi.sh | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/scripts/mysqld_multi.sh b/scripts/mysqld_multi.sh
index 631e1e38cc7..3cb4665eb1c 100644
--- a/scripts/mysqld_multi.sh
+++ b/scripts/mysqld_multi.sh
@@ -293,12 +293,7 @@ sub start_mysqlds()
   @groups = &find_groups($groupids);
   for ($i = 0; defined($groups[$i]); $i++)
   {
-    # Defaults are made explicit parameters to server execution...
     @options = defaults_for_group($groups[$i]);
-    # ...so server MUST NOT try to read again from some config file, especially
-    # as the "right" file may be unknown to the server if we are using
-    # --defaults-file=... params in here.
-    unshift(@options,"--no-defaults");  
 
     $mysqld_found= 1; # The default
     $mysqld_found= 0 if (!length($mysqld));

From 72e978828edb6b6cc045e6c728747dafd46b8732 Mon Sep 17 00:00:00 2001
From: Davi Arnaut <Davi.Arnaut@Sun.COM>
Date: Fri, 3 Apr 2009 16:11:54 -0300
Subject: [PATCH 18/19] Bug#43230: SELECT ... FOR UPDATE can hang with FLUSH
 TABLES WITH READ LOCK indefinitely

The problem is that a SELECT .. FOR UPDATE statement might open
a table and later wait for a impeding global read lock without
noticing whether it is holding a table that is being waited upon
the the flush phase of the process that took the global read
lock.

The same problem also affected the following statements:

LOCK TABLES .. WRITE
UPDATE .. SET (update and multi-table update)
TRUNCATE TABLE ..
LOAD DATA ..

The solution is to make the above statements wait for a impending
global read lock before opening the tables. If there is no
impending global read lock, the statement raises a temporary
protection against global read locks and progresses smoothly
towards completion.

Important notice: the patch does not try to address all possible
cases, only those which are common and can be fixed unintrusively
enough for 5.0.

mysql-test/r/lock_multi.result:
  Add test case result for Bug#43230
mysql-test/t/lock_multi.test:
  Add test case for Bug#43230
sql/sql_lex.cc:
  Initialize flag.
sql/sql_lex.h:
  Add a flag to the lexer.
sql/sql_parse.cc:
  Wait for the global read lock is a write lock is going to be
  taken. The wait is done before opening tables.
sql/sql_yacc.yy:
  Protect against the GRL if its a SELECT .. FOR UPDATE or LOCK TABLES
  .. WRITE statement.
---
 mysql-test/r/lock_multi.result |  55 ++++++++++++++
 mysql-test/t/lock_multi.test   | 128 +++++++++++++++++++++++++++++++++
 sql/sql_lex.cc                 |   1 +
 sql/sql_lex.h                  |  16 +++++
 sql/sql_parse.cc               |  26 ++++++-
 sql/sql_yacc.yy                |   7 +-
 6 files changed, 231 insertions(+), 2 deletions(-)

diff --git a/mysql-test/r/lock_multi.result b/mysql-test/r/lock_multi.result
index d1b50a0080c..037b375fe0b 100644
--- a/mysql-test/r/lock_multi.result
+++ b/mysql-test/r/lock_multi.result
@@ -133,3 +133,58 @@ ALTER TABLE t1 ADD COLUMN a INT;
 # 2.2.1. normal mode
 # 2.2.2. PS mode
 DROP TABLE t1;
+create table t1 (a int);
+create table t2 like t1;
+# con1
+lock tables t1 write;
+# con2
+flush tables with read lock;
+# con5
+# global read lock is taken
+# con3
+select * from t2 for update;
+# waiting for release of read lock
+# con4
+# would hang and later cause a deadlock
+flush tables t2;
+# clean up
+unlock tables;
+unlock tables;
+a
+drop table t1,t2;
+#
+# Lightweight version:
+# Ensure that the wait for a GRL is done before opening tables.
+#
+create table t1 (a int);
+create table t2 like t1;
+#
+# UPDATE
+#
+# default
+flush tables with read lock;
+# con1
+update t2 set a = 1;
+# default
+# statement is waiting for release of read lock
+# con2
+flush table t2;
+# default
+unlock tables;
+# con1
+#
+# LOCK TABLES .. WRITE
+#
+# default
+flush tables with read lock;
+# con1
+lock tables t2 write;
+# default
+# statement is waiting for release of read lock
+# con2
+flush table t2;
+# default
+unlock tables;
+# con1
+unlock tables;
+drop table t1,t2;
diff --git a/mysql-test/t/lock_multi.test b/mysql-test/t/lock_multi.test
index 6c3c942b046..fa6af85f29c 100644
--- a/mysql-test/t/lock_multi.test
+++ b/mysql-test/t/lock_multi.test
@@ -683,6 +683,134 @@ DROP TABLE t1;
 --disconnect locker
 --disconnect writer
 
+#
+# Bug#43230: SELECT ... FOR UPDATE can hang with FLUSH TABLES WITH READ LOCK indefinitely
+#
+
+connect (con1,localhost,root,,);
+connect (con2,localhost,root,,);
+connect (con3,localhost,root,,);
+connect (con4,localhost,root,,);
+connect (con5,localhost,root,,);
+
+create table t1 (a int);
+create table t2 like t1;
+
+connection con1;
+--echo # con1
+lock tables t1 write;
+connection con2;
+--echo # con2
+send flush tables with read lock;
+connection con5;
+--echo # con5
+let $show_statement= SHOW PROCESSLIST;
+let $field= State;
+let $condition= = 'Flushing tables';
+--source include/wait_show_condition.inc
+--echo # global read lock is taken
+connection con3;
+--echo # con3
+send select * from t2 for update;
+connection con5;
+let $show_statement= SHOW PROCESSLIST;
+let $field= State;
+let $condition= = 'Waiting for release of readlock';
+--source include/wait_show_condition.inc
+--echo # waiting for release of read lock
+connection con4;
+--echo # con4
+--echo # would hang and later cause a deadlock
+flush tables t2;
+connection con1;
+--echo # clean up
+unlock tables;
+connection con2;
+--reap
+unlock tables;
+connection con3;
+--reap
+connection default;
+disconnect con5;
+disconnect con4;
+disconnect con3;
+disconnect con2;
+disconnect con1;
+
+drop table t1,t2;
+
+--echo #
+--echo # Lightweight version:
+--echo # Ensure that the wait for a GRL is done before opening tables.
+--echo #
+
+connect (con1,localhost,root,,);
+connect (con2,localhost,root,,);
+
+create table t1 (a int);
+create table t2 like t1;
+
+--echo #
+--echo # UPDATE
+--echo #
+
+connection default;
+--echo # default
+flush tables with read lock;
+connection con1;
+--echo # con1
+send update t2 set a = 1;
+connection default;
+--echo # default
+let $show_statement= SHOW PROCESSLIST;
+let $field= State;
+let $condition= = 'Waiting for release of readlock';
+--source include/wait_show_condition.inc
+--echo # statement is waiting for release of read lock
+connection con2;
+--echo # con2
+flush table t2;
+connection default;
+--echo # default
+unlock tables;
+connection con1;
+--echo # con1
+--reap
+
+--echo #
+--echo # LOCK TABLES .. WRITE
+--echo #
+
+connection default;
+--echo # default
+flush tables with read lock;
+connection con1;
+--echo # con1
+send lock tables t2 write;
+connection default;
+--echo # default
+let $show_statement= SHOW PROCESSLIST;
+let $field= State;
+let $condition= = 'Waiting for release of readlock';
+--source include/wait_show_condition.inc
+--echo # statement is waiting for release of read lock
+connection con2;
+--echo # con2
+flush table t2;
+connection default;
+--echo # default
+unlock tables;
+connection con1;
+--echo # con1
+--reap
+unlock tables;
+
+connection default;
+disconnect con2;
+disconnect con1;
+
+drop table t1,t2;
+
 # End of 5.0 tests
 
 # Wait till all disconnects are completed
diff --git a/sql/sql_lex.cc b/sql/sql_lex.cc
index 4c53772bc25..da31106648a 100644
--- a/sql/sql_lex.cc
+++ b/sql/sql_lex.cc
@@ -204,6 +204,7 @@ void lex_start(THD *thd)
   lex->nest_level=0 ;
   lex->allow_sum_func= 0;
   lex->in_sum_func= NULL;
+  lex->protect_against_global_read_lock= FALSE;
   DBUG_VOID_RETURN;
 }
 
diff --git a/sql/sql_lex.h b/sql/sql_lex.h
index 9f020f4adc5..3e762581e04 100644
--- a/sql/sql_lex.h
+++ b/sql/sql_lex.h
@@ -1176,6 +1176,22 @@ typedef struct st_lex : public Query_tables_list
 
   bool escape_used;
 
+  /*
+    Special case for SELECT .. FOR UPDATE and LOCK TABLES .. WRITE.
+
+    Protect from a impending GRL as otherwise the thread might deadlock
+    if it starts waiting for the GRL in mysql_lock_tables.
+
+    The protection is needed because there is a race between setting
+    the global read lock and waiting for all open tables to be closed.
+    The problem is a circular wait where a thread holding "old" open
+    tables will wait for the global read lock to be released while the
+    thread holding the global read lock will wait for all "old" open
+    tables to be closed -- the flush part of flush tables with read
+    lock.
+  */
+  bool protect_against_global_read_lock;
+
   st_lex();
 
   virtual ~st_lex()
diff --git a/sql/sql_parse.cc b/sql/sql_parse.cc
index ba887486aa1..02030ac2e19 100644
--- a/sql/sql_parse.cc
+++ b/sql/sql_parse.cc
@@ -2800,6 +2800,10 @@ mysql_execute_command(THD *thd)
     if (res)
       goto error;
 
+    if (!thd->locked_tables && lex->protect_against_global_read_lock &&
+        !(need_start_waiting= !wait_if_global_read_lock(thd, 0, 1)))
+      goto error;
+
     if (!(res= open_and_lock_tables(thd, all_tables)))
     {
       if (lex->describe)
@@ -3660,6 +3664,9 @@ end_with_restore_list:
     DBUG_ASSERT(first_table == all_tables && first_table != 0);
     if (update_precheck(thd, all_tables))
       break;
+    if (!thd->locked_tables &&
+        !(need_start_waiting= !wait_if_global_read_lock(thd, 0, 1)))
+      goto error;
     DBUG_ASSERT(select_lex->offset_limit == 0);
     unit->set_limit(select_lex);
     res= (up_result= mysql_update(thd, all_tables,
@@ -3686,6 +3693,15 @@ end_with_restore_list:
     else
       res= 0;
 
+    /*
+      Protection might have already been risen if its a fall through
+      from the SQLCOM_UPDATE case above.
+    */
+    if (!thd->locked_tables &&
+        lex->sql_command == SQLCOM_UPDATE_MULTI &&
+        !(need_start_waiting= !wait_if_global_read_lock(thd, 0, 1)))
+      goto error;
+
     res= mysql_multi_update_prepare(thd);
 
 #ifdef HAVE_REPLICATION
@@ -3853,7 +3869,8 @@ end_with_restore_list:
                  ER(ER_LOCK_OR_ACTIVE_TRANSACTION), MYF(0));
       goto error;
     }
-
+    if (!(need_start_waiting= !wait_if_global_read_lock(thd, 0, 1)))
+      goto error;
     res= mysql_truncate(thd, first_table, 0);
     break;
   case SQLCOM_DELETE:
@@ -4027,6 +4044,10 @@ end_with_restore_list:
     if (check_one_table_access(thd, privilege, all_tables))
       goto error;
 
+    if (!thd->locked_tables &&
+        !(need_start_waiting= !wait_if_global_read_lock(thd, 0, 1)))
+      goto error;
+
     res= mysql_load(thd, lex->exchange, first_table, lex->field_list,
                     lex->update_list, lex->value_list, lex->duplicates,
                     lex->ignore, (bool) lex->local_file);
@@ -4082,6 +4103,9 @@ end_with_restore_list:
       goto error;
     if (check_table_access(thd, LOCK_TABLES_ACL | SELECT_ACL, all_tables, 0))
       goto error;
+    if (lex->protect_against_global_read_lock &&
+        !(need_start_waiting= !wait_if_global_read_lock(thd, 0, 1)))
+      goto error;
     thd->in_lock_tables=1;
     thd->options|= OPTION_TABLE_LOCK;
 
diff --git a/sql/sql_yacc.yy b/sql/sql_yacc.yy
index 51fb5dbdfe4..b36c65854d7 100644
--- a/sql/sql_yacc.yy
+++ b/sql/sql_yacc.yy
@@ -4522,6 +4522,7 @@ select_lock_type:
 	    LEX *lex=Lex;
 	    lex->current_select->set_lock_for_tables(TL_WRITE);
 	    lex->safe_to_cache_query=0;
+            lex->protect_against_global_read_lock= TRUE;
 	  }
 	| LOCK_SYM IN_SYM SHARE_SYM MODE_SYM
 	  {
@@ -10058,8 +10059,12 @@ table_lock_list:
 table_lock:
 	table_ident opt_table_alias lock_option
 	{
-	  if (!Select->add_table_to_list(YYTHD, $1, $2, 0, (thr_lock_type) $3))
+          thr_lock_type lock_type= (thr_lock_type) $3;
+	  if (!Select->add_table_to_list(YYTHD, $1, $2, 0, lock_type))
 	   MYSQL_YYABORT;
+          /* If table is to be write locked, protect from a impending GRL. */
+          if (lock_type >= TL_WRITE_ALLOW_WRITE)
+            Lex->protect_against_global_read_lock= TRUE;
 	}
         ;
 

From 10350e2097393cb7410eedfcf6ba533faba20a56 Mon Sep 17 00:00:00 2001
From: Satya B <satya.bn@sun.com>
Date: Tue, 7 Apr 2009 16:54:32 +0530
Subject: [PATCH 19/19] Fix for Bug #43973 - backup_myisam.test fails on
 6.0-bugteam

The test started failing following the push for BUG#41541.
Some of the algorithms access bytes beyond the input data
and this can affect up to one byte less than "word size"
which is BITS_SAVED / 8.

Fixed by adding (BITS_SAVED / 8) -1 bytes to buffer size
(i.e. Memory Segment #2) to avoid accessing un-allocated data.

myisam/mi_packrec.c:
  Fixed _mi_read_pack_info() method to allocate (BITS_SAVED/8) - 1
  bytes to the Memory Segment #2
mysql-test/r/myisampack.result:
  Result file for BUG#43973
mysql-test/t/myisampack.test:
  Testcase for BUG#43973
---
 myisam/mi_packrec.c            | 36 +++++++++-------------------------
 mysql-test/r/myisampack.result | 22 +++++++++++++++++++++
 mysql-test/t/myisampack.test   | 25 +++++++++++++++++++++++
 3 files changed, 56 insertions(+), 27 deletions(-)

diff --git a/myisam/mi_packrec.c b/myisam/mi_packrec.c
index df9a4d18a6c..68911d7f129 100644
--- a/myisam/mi_packrec.c
+++ b/myisam/mi_packrec.c
@@ -208,10 +208,17 @@ my_bool _mi_read_pack_info(MI_INFO *info, pbool fix_keys)
     This segment will be reallocated after construction of the tables.
   */
   length=(uint) (elements*2+trees*(1 << myisam_quick_table_bits));
+  /*
+    To keep some algorithms simpler, we accept that they access
+    bytes beyond the end of the input data. This can affect up to
+    one byte less than the "word size" size used in this file,
+    which is BITS_SAVED / 8. To avoid accessing non-allocated
+    data, we add (BITS_SAVED / 8) - 1 bytes to the buffer size.
+  */
   if (!(share->decode_tables=(uint16*)
         my_malloc((length + OFFSET_TABLE_SIZE) * sizeof(uint16) +
-                  (uint) (share->pack.header_length - sizeof(header)),
-                  MYF(MY_WME | MY_ZEROFILL))))
+                  (uint) (share->pack.header_length - sizeof(header) +
+                  (BITS_SAVED / 8) - 1), MYF(MY_WME | MY_ZEROFILL))))
     goto err1;
   tmp_buff=share->decode_tables+length;
   disk_cache=(byte*) (tmp_buff+OFFSET_TABLE_SIZE);
@@ -1430,31 +1437,6 @@ static void fill_buffer(MI_BIT_BUFF *bit_buff)
     bit_buff->current_byte=0;
     return;
   }
-  else
-  {
-    uint len= 0;
-    uint i= 0;
-    /*
-      Check if the remaining buffer/record to read is less than the word size.
-      If so read byte by byte
-
-      Note: if this branch becomes a bottleneck it can be removed, assuming
-      that the second memory segment allocates 7 extra bytes (see
-      _mi_read_pack_info()).
-    */
-    len= bit_buff->end - bit_buff->pos;
-    if (len < (BITS_SAVED / 8))
-    {
-      bit_buff->current_byte= 0;
-      for (i=0 ; i < len ; i++)
-      {
-        bit_buff->current_byte+= (((uint) ((uchar) bit_buff->pos[len - i - 1]))
-                                                                    << (8 * i));
-      }
-      bit_buff->pos= bit_buff->end;
-      return;
-    }
-  }
 
 #if BITS_SAVED == 64
   bit_buff->current_byte=  ((((uint) ((uchar) bit_buff->pos[7]))) +
diff --git a/mysql-test/r/myisampack.result b/mysql-test/r/myisampack.result
index b4b200549a5..736a550e32b 100644
--- a/mysql-test/r/myisampack.result
+++ b/mysql-test/r/myisampack.result
@@ -38,3 +38,25 @@ SELECT COUNT(*) FROM t1;
 COUNT(*)
 1024
 DROP TABLE t1;
+#
+# Bug #43973 - backup_myisam.test fails on 6.0-bugteam
+#
+CREATE DATABASE mysql_db1;
+CREATE TABLE mysql_db1.t1 (c1 VARCHAR(5), c2 int);
+CREATE INDEX i1 ON mysql_db1.t1 (c1, c2);
+INSERT INTO mysql_db1.t1 VALUES ('A',1);
+INSERT INTO mysql_db1.t1 SELECT * FROM mysql_db1.t1;
+INSERT INTO mysql_db1.t1 SELECT * FROM mysql_db1.t1;
+INSERT INTO mysql_db1.t1 SELECT * FROM mysql_db1.t1;
+INSERT INTO mysql_db1.t1 SELECT * FROM mysql_db1.t1;
+INSERT INTO mysql_db1.t1 SELECT * FROM mysql_db1.t1;
+INSERT INTO mysql_db1.t1 SELECT * FROM mysql_db1.t1;
+INSERT INTO mysql_db1.t1 SELECT * FROM mysql_db1.t1;
+FLUSH TABLE mysql_db1.t1;
+# Compress the table using MYISAMPACK tool
+# Run MYISAMCHK tool on the compressed table
+SELECT COUNT(*) FROM mysql_db1.t1 WHERE c2 < 5;
+COUNT(*)
+128
+DROP TABLE mysql_db1.t1;
+DROP DATABASE mysql_db1;
diff --git a/mysql-test/t/myisampack.test b/mysql-test/t/myisampack.test
index ace7afce88a..ce27071bcf8 100644
--- a/mysql-test/t/myisampack.test
+++ b/mysql-test/t/myisampack.test
@@ -50,3 +50,28 @@ FLUSH TABLE t1;
 --exec $MYISAMPACK $MYSQLTEST_VARDIR/master-data/test/t1
 SELECT COUNT(*) FROM t1;
 DROP TABLE t1; 
+
+--echo #
+--echo # Bug #43973 - backup_myisam.test fails on 6.0-bugteam
+--echo #
+CREATE DATABASE mysql_db1;
+CREATE TABLE mysql_db1.t1 (c1 VARCHAR(5), c2 int);
+CREATE INDEX i1 ON mysql_db1.t1 (c1, c2);
+INSERT INTO mysql_db1.t1 VALUES ('A',1);
+INSERT INTO mysql_db1.t1 SELECT * FROM mysql_db1.t1;
+INSERT INTO mysql_db1.t1 SELECT * FROM mysql_db1.t1;
+INSERT INTO mysql_db1.t1 SELECT * FROM mysql_db1.t1;
+INSERT INTO mysql_db1.t1 SELECT * FROM mysql_db1.t1;
+INSERT INTO mysql_db1.t1 SELECT * FROM mysql_db1.t1;
+INSERT INTO mysql_db1.t1 SELECT * FROM mysql_db1.t1;
+INSERT INTO mysql_db1.t1 SELECT * FROM mysql_db1.t1;
+FLUSH TABLE mysql_db1.t1;
+#
+--echo # Compress the table using MYISAMPACK tool
+--exec $MYISAMPACK -s $MYSQLTEST_VARDIR/master-data/mysql_db1/t1
+--echo # Run MYISAMCHK tool on the compressed table
+--exec $MYISAMCHK -srq $MYSQLTEST_VARDIR/master-data/mysql_db1/t1
+SELECT COUNT(*) FROM mysql_db1.t1 WHERE c2 < 5;
+#
+DROP TABLE mysql_db1.t1;
+DROP DATABASE mysql_db1;