From 65c50b057375aeb7fe3b74b43a819a78ac73a92a Mon Sep 17 00:00:00 2001 From: unknown Date: Tue, 2 Feb 2010 13:09:05 +0100 Subject: [PATCH 01/21] Set version number for mysql-5.0.87sp1 release --- configure.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configure.in b/configure.in index f2d95ff826c..a68193588d3 100644 --- a/configure.in +++ b/configure.in @@ -7,7 +7,7 @@ AC_INIT(sql/mysqld.cc) AC_CANONICAL_SYSTEM # The Docs Makefile.am parses this line! # remember to also change ndb version below and update version.c in ndb -AM_INIT_AUTOMAKE(mysql, 5.0.87) +AM_INIT_AUTOMAKE(mysql, 5.0.87sp1) AM_CONFIG_HEADER([include/config.h:config.h.in]) PROTOCOL_VERSION=10 From 41894be00b993db47edbbb551f414ca9dfeec019 Mon Sep 17 00:00:00 2001 From: MySQL Build Team Date: Wed, 3 Feb 2010 16:23:26 +0100 Subject: [PATCH 02/21] Backport into build-201002030816-5.0.87sp1 > ------------------------------------------------------------ > revno: 2818.1.4 > revision-id: ramil@mysql.com-20091021090408-208mvwwrcroi2j8c > parent: azundris@mysql.com-20091021033856-ydodp4q42o58e7ka > committer: Ramil Kalimullin > branch nick: b47019-5.0-bugteam > timestamp: Wed 2009-10-21 14:04:08 +0500 > message: > Fix for bug#47019: Assertion failed: 0, file .\rt_mbr.c, > line 138 when forcing a spatial index > > Problem: "Spatial indexes can be involved in the search > for queries that use a function such as MBRContains() > or MBRWithin() in the WHERE clause". > Using spatial indexes for JOINs with =, <=> etc. > predicates is incorrect. > > Fix: disable spatial indexes for such queries. --- mysql-test/r/select.result | 29 +++++++++++++++++++++++++++++ mysql-test/t/select.test | 16 ++++++++++++++++ sql/sql_select.cc | 2 +- 3 files changed, 46 insertions(+), 1 deletion(-) diff --git a/mysql-test/r/select.result b/mysql-test/r/select.result index c9dd65108da..4bb62fbfa70 100644 --- a/mysql-test/r/select.result +++ b/mysql-test/r/select.result @@ -4401,4 +4401,33 @@ id select_type table type possible_keys key key_len ref rows Extra Warnings: Note 1003 select `test`.`t1`.`a` AS `a`,`test`.`t1`.`b` AS `b` from `test`.`t1` where ((`test`.`t1`.`a` = `test`.`t1`.`b`) and (`test`.`t1`.`a` > 1)) limit 2 DROP TABLE t1; +# +# Bug#47019: Assertion failed: 0, file .\rt_mbr.c, line 138 when +# forcing a spatial index +# +CREATE TABLE t1(a LINESTRING NOT NULL, SPATIAL KEY(a)); +INSERT INTO t1 VALUES +(GEOMFROMTEXT('LINESTRING(-1 -1, 1 -1, -1 -1, -1 1, 1 1)')), +(GEOMFROMTEXT('LINESTRING(-1 -1, 1 -1, -1 -1, -1 1, 1 1)')); +EXPLAIN SELECT 1 FROM t1 NATURAL LEFT JOIN t1 AS t2; +id select_type table type possible_keys key key_len ref rows Extra +1 SIMPLE t1 ALL NULL NULL NULL NULL 2 +1 SIMPLE t2 ALL a NULL NULL NULL 2 +SELECT 1 FROM t1 NATURAL LEFT JOIN t1 AS t2; +1 +1 +1 +1 +1 +EXPLAIN SELECT 1 FROM t1 NATURAL LEFT JOIN t1 AS t2 FORCE INDEX(a); +id select_type table type possible_keys key key_len ref rows Extra +1 SIMPLE t1 ALL NULL NULL NULL NULL 2 +1 SIMPLE t2 ALL a NULL NULL NULL 2 +SELECT 1 FROM t1 NATURAL LEFT JOIN t1 AS t2 FORCE INDEX(a); +1 +1 +1 +1 +1 +DROP TABLE t1; End of 5.0 tests diff --git a/mysql-test/t/select.test b/mysql-test/t/select.test index 60f2f191e0b..d57163dfef6 100644 --- a/mysql-test/t/select.test +++ b/mysql-test/t/select.test @@ -3750,5 +3750,21 @@ EXPLAIN EXTENDED SELECT a, b FROM t1 WHERE a > 1 AND a = b LIMIT 2; EXPLAIN EXTENDED SELECT a, b FROM t1 WHERE a > 1 AND b = a LIMIT 2; DROP TABLE t1; + + +--echo # +--echo # Bug#47019: Assertion failed: 0, file .\rt_mbr.c, line 138 when +--echo # forcing a spatial index +--echo # +CREATE TABLE t1(a LINESTRING NOT NULL, SPATIAL KEY(a)); +INSERT INTO t1 VALUES + (GEOMFROMTEXT('LINESTRING(-1 -1, 1 -1, -1 -1, -1 1, 1 1)')), + (GEOMFROMTEXT('LINESTRING(-1 -1, 1 -1, -1 -1, -1 1, 1 1)')); +EXPLAIN SELECT 1 FROM t1 NATURAL LEFT JOIN t1 AS t2; +SELECT 1 FROM t1 NATURAL LEFT JOIN t1 AS t2; +EXPLAIN SELECT 1 FROM t1 NATURAL LEFT JOIN t1 AS t2 FORCE INDEX(a); +SELECT 1 FROM t1 NATURAL LEFT JOIN t1 AS t2 FORCE INDEX(a); +DROP TABLE t1; + --echo End of 5.0 tests diff --git a/sql/sql_select.cc b/sql/sql_select.cc index 76d6833de5c..3bf67299d58 100644 --- a/sql/sql_select.cc +++ b/sql/sql_select.cc @@ -3447,7 +3447,7 @@ add_key_part(DYNAMIC_ARRAY *keyuse_array,KEY_FIELD *key_field) { if (!(form->keys_in_use_for_query.is_set(key))) continue; - if (form->key_info[key].flags & HA_FULLTEXT) + if (form->key_info[key].flags & (HA_FULLTEXT | HA_SPATIAL)) continue; // ToDo: ft-keys in non-ft queries. SerG uint key_parts= (uint) form->key_info[key].key_parts; From f483141b1a7b3cca2f57cfe6aa5150a78b392f15 Mon Sep 17 00:00:00 2001 From: MySQL Build Team Date: Wed, 3 Feb 2010 16:25:25 +0100 Subject: [PATCH 03/21] Backport into build-201002030816-5.0.87sp1 > ------------------------------------------------------------ > revno: 2818.1.5 > revision-id: ramil@mysql.com-20091023112648-gie6o3odj57cxh1e > parent: ramil@mysql.com-20091021090408-208mvwwrcroi2j8c > committer: Ramil Kalimullin > branch nick: b48258-5.0-bugteam > timestamp: Fri 2009-10-23 16:26:48 +0500 > message: > Fix for bug#48258: Assertion failed when using a spatial index > > Problem: involving a spatial index for "non-spatial" queries > (that don't containt MBRXXX() functions) may lead to failed assert. > > Fix: don't use spatial indexes in such cases. --- mysql-test/r/gis-rtree.result | 39 +++++++++++++++++++++++++++++++++++ mysql-test/t/gis-rtree.test | 21 +++++++++++++++++++ sql/opt_range.cc | 21 +++++++++++++++++++ 3 files changed, 81 insertions(+) diff --git a/mysql-test/r/gis-rtree.result b/mysql-test/r/gis-rtree.result index a4fa929c32e..165db882892 100644 --- a/mysql-test/r/gis-rtree.result +++ b/mysql-test/r/gis-rtree.result @@ -1487,4 +1487,43 @@ MBRINTERSECTS(b, GEOMFROMTEXT('LINESTRING(1 1,1102219 2)') ); COUNT(*) 2 DROP TABLE t1; +# +# Bug #48258: Assertion failed when using a spatial index +# +CREATE TABLE t1(a LINESTRING NOT NULL, SPATIAL KEY(a)); +INSERT INTO t1 VALUES +(GEOMFROMTEXT('LINESTRING(-1 -1, 1 -1, -1 -1, -1 1, 1 1)')), +(GEOMFROMTEXT('LINESTRING(-1 -1, 1 -1, -1 -1, -1 1, 1 1)')); +EXPLAIN SELECT 1 FROM t1 WHERE a = GEOMFROMTEXT('LINESTRING(-1 -1, 1 -1, -1 -1, -1 1, 1 1)'); +id select_type table type possible_keys key key_len ref rows Extra +1 SIMPLE t1 ALL a NULL NULL NULL 2 Using where +SELECT 1 FROM t1 WHERE a = GEOMFROMTEXT('LINESTRING(-1 -1, 1 -1, -1 -1, -1 1, 1 1)'); +1 +1 +1 +EXPLAIN SELECT 1 FROM t1 WHERE a < GEOMFROMTEXT('LINESTRING(-1 -1, 1 -1, -1 -1, -1 1, 1 1)'); +id select_type table type possible_keys key key_len ref rows Extra +1 SIMPLE t1 ALL a NULL NULL NULL 2 Using where +SELECT 1 FROM t1 WHERE a < GEOMFROMTEXT('LINESTRING(-1 -1, 1 -1, -1 -1, -1 1, 1 1)'); +1 +EXPLAIN SELECT 1 FROM t1 WHERE a <= GEOMFROMTEXT('LINESTRING(-1 -1, 1 -1, -1 -1, -1 1, 1 1)'); +id select_type table type possible_keys key key_len ref rows Extra +1 SIMPLE t1 ALL a NULL NULL NULL 2 Using where +SELECT 1 FROM t1 WHERE a <= GEOMFROMTEXT('LINESTRING(-1 -1, 1 -1, -1 -1, -1 1, 1 1)'); +1 +1 +1 +EXPLAIN SELECT 1 FROM t1 WHERE a > GEOMFROMTEXT('LINESTRING(-1 -1, 1 -1, -1 -1, -1 1, 1 1)'); +id select_type table type possible_keys key key_len ref rows Extra +1 SIMPLE t1 ALL a NULL NULL NULL 2 Using where +SELECT 1 FROM t1 WHERE a > GEOMFROMTEXT('LINESTRING(-1 -1, 1 -1, -1 -1, -1 1, 1 1)'); +1 +EXPLAIN SELECT 1 FROM t1 WHERE a >= GEOMFROMTEXT('LINESTRING(-1 -1, 1 -1, -1 -1, -1 1, 1 1)'); +id select_type table type possible_keys key key_len ref rows Extra +1 SIMPLE t1 ALL a NULL NULL NULL 2 Using where +SELECT 1 FROM t1 WHERE a >= GEOMFROMTEXT('LINESTRING(-1 -1, 1 -1, -1 -1, -1 1, 1 1)'); +1 +1 +1 +DROP TABLE t1; End of 5.0 tests. diff --git a/mysql-test/t/gis-rtree.test b/mysql-test/t/gis-rtree.test index 2c1632f8d40..b5de1ccf248 100644 --- a/mysql-test/t/gis-rtree.test +++ b/mysql-test/t/gis-rtree.test @@ -881,4 +881,25 @@ SELECT COUNT(*) FROM t1 IGNORE INDEX (b) WHERE DROP TABLE t1; + +--echo # +--echo # Bug #48258: Assertion failed when using a spatial index +--echo # +CREATE TABLE t1(a LINESTRING NOT NULL, SPATIAL KEY(a)); +INSERT INTO t1 VALUES + (GEOMFROMTEXT('LINESTRING(-1 -1, 1 -1, -1 -1, -1 1, 1 1)')), + (GEOMFROMTEXT('LINESTRING(-1 -1, 1 -1, -1 -1, -1 1, 1 1)')); +EXPLAIN SELECT 1 FROM t1 WHERE a = GEOMFROMTEXT('LINESTRING(-1 -1, 1 -1, -1 -1, -1 1, 1 1)'); +SELECT 1 FROM t1 WHERE a = GEOMFROMTEXT('LINESTRING(-1 -1, 1 -1, -1 -1, -1 1, 1 1)'); +EXPLAIN SELECT 1 FROM t1 WHERE a < GEOMFROMTEXT('LINESTRING(-1 -1, 1 -1, -1 -1, -1 1, 1 1)'); +SELECT 1 FROM t1 WHERE a < GEOMFROMTEXT('LINESTRING(-1 -1, 1 -1, -1 -1, -1 1, 1 1)'); +EXPLAIN SELECT 1 FROM t1 WHERE a <= GEOMFROMTEXT('LINESTRING(-1 -1, 1 -1, -1 -1, -1 1, 1 1)'); +SELECT 1 FROM t1 WHERE a <= GEOMFROMTEXT('LINESTRING(-1 -1, 1 -1, -1 -1, -1 1, 1 1)'); +EXPLAIN SELECT 1 FROM t1 WHERE a > GEOMFROMTEXT('LINESTRING(-1 -1, 1 -1, -1 -1, -1 1, 1 1)'); +SELECT 1 FROM t1 WHERE a > GEOMFROMTEXT('LINESTRING(-1 -1, 1 -1, -1 -1, -1 1, 1 1)'); +EXPLAIN SELECT 1 FROM t1 WHERE a >= GEOMFROMTEXT('LINESTRING(-1 -1, 1 -1, -1 -1, -1 1, 1 1)'); +SELECT 1 FROM t1 WHERE a >= GEOMFROMTEXT('LINESTRING(-1 -1, 1 -1, -1 -1, -1 1, 1 1)'); +DROP TABLE t1; + + --echo End of 5.0 tests. diff --git a/sql/opt_range.cc b/sql/opt_range.cc index fdf6cc03a44..c882437e6ae 100644 --- a/sql/opt_range.cc +++ b/sql/opt_range.cc @@ -4377,6 +4377,27 @@ get_mm_leaf(PARAM *param, COND *conf_func, Field *field, KEY_PART *key_part, !(conf_func->compare_collation()->state & MY_CS_BINSORT)) goto end; + if (key_part->image_type == Field::itMBR) + { + switch (type) { + case Item_func::SP_EQUALS_FUNC: + case Item_func::SP_DISJOINT_FUNC: + case Item_func::SP_INTERSECTS_FUNC: + case Item_func::SP_TOUCHES_FUNC: + case Item_func::SP_CROSSES_FUNC: + case Item_func::SP_WITHIN_FUNC: + case Item_func::SP_CONTAINS_FUNC: + case Item_func::SP_OVERLAPS_FUNC: + break; + default: + /* + We cannot involve spatial indexes for queries that + don't use MBREQUALS(), MBRDISJOINT(), etc. functions. + */ + goto end; + } + } + optimize_range= field->optimize_range(param->real_keynr[key_part->key], key_part->part); From e721962484096f1f7c5ea2339d15994b1aef0ebd Mon Sep 17 00:00:00 2001 From: MySQL Build Team Date: Wed, 3 Feb 2010 16:26:24 +0100 Subject: [PATCH 04/21] Backport into build-201002030816-5.0.87sp1 > ------------------------------------------------------------ > revno: 2818.1.6 > revision-id: joro@sun.com-20091021084345-iki6z0uceieoupey > parent: ramil@mysql.com-20091023112648-gie6o3odj57cxh1e > committer: Georgi Kodinov > branch nick: B47780-5.0-bugteam > timestamp: Wed 2009-10-21 11:43:45 +0300 > message: > Bug #47780: crash when comparing GIS items from subquery > > If the first argument to GeomFromWKB function is a geometry > field then the function just returns its value. > However in doing so it's not preserving first argument's > null_value flag and this causes unexpected null value to > be returned to the calling function. > > Fixed by updating the null_value of the GeomFromWKB function > in such cases (and all other cases that return a NULL e.g. > because of not enough memory for the return buffer). --- mysql-test/r/gis.result | 12 ++++++++++++ mysql-test/t/gis.test | 16 ++++++++++++++++ sql/item_geofunc.cc | 9 +++++++-- 3 files changed, 35 insertions(+), 2 deletions(-) diff --git a/mysql-test/r/gis.result b/mysql-test/r/gis.result index 5b7a58add06..140c133d75f 100644 --- a/mysql-test/r/gis.result +++ b/mysql-test/r/gis.result @@ -971,4 +971,16 @@ select min(`col002`) from t1 union select `col002` from t1; min(`col002`) NULL drop table t1; +# +# Bug #47780: crash when comparing GIS items from subquery +# +CREATE TABLE t1(a INT, b MULTIPOLYGON); +INSERT INTO t1 VALUES +(0, +GEOMFROMTEXT( +'multipolygon(((1 2,3 4,5 6,7 8,9 8),(7 6,5 4,3 2,1 2,3 4)))')); +# must not crash +SELECT 1 FROM t1 WHERE a <> (SELECT GEOMETRYCOLLECTIONFROMWKB(b) FROM t1); +1 +DROP TABLE t1; End of 5.0 tests diff --git a/mysql-test/t/gis.test b/mysql-test/t/gis.test index c01fa205349..701a6cef6be 100644 --- a/mysql-test/t/gis.test +++ b/mysql-test/t/gis.test @@ -654,4 +654,20 @@ insert into t1 values (),(),(); select min(`col002`) from t1 union select `col002` from t1; drop table t1; +--echo # +--echo # Bug #47780: crash when comparing GIS items from subquery +--echo # + +CREATE TABLE t1(a INT, b MULTIPOLYGON); +INSERT INTO t1 VALUES + (0, + GEOMFROMTEXT( + 'multipolygon(((1 2,3 4,5 6,7 8,9 8),(7 6,5 4,3 2,1 2,3 4)))')); + +--echo # must not crash +SELECT 1 FROM t1 WHERE a <> (SELECT GEOMETRYCOLLECTIONFROMWKB(b) FROM t1); + +DROP TABLE t1; + + --echo End of 5.0 tests diff --git a/sql/item_geofunc.cc b/sql/item_geofunc.cc index 71bd1347f6e..d3e7096a0bd 100644 --- a/sql/item_geofunc.cc +++ b/sql/item_geofunc.cc @@ -76,7 +76,9 @@ String *Item_func_geometry_from_wkb::val_str(String *str) if (args[0]->field_type() == MYSQL_TYPE_GEOMETRY) { - return args[0]->val_str(str); + String *str_ret= args[0]->val_str(str); + null_value= args[0]->null_value; + return str_ret; } wkb= args[0]->val_str(&arg_val); @@ -86,7 +88,10 @@ String *Item_func_geometry_from_wkb::val_str(String *str) str->set_charset(&my_charset_bin); if (str->reserve(SRID_SIZE, 512)) - return 0; + { + null_value= TRUE; /* purecov: inspected */ + return 0; /* purecov: inspected */ + } str->length(0); str->q_append(srid); if ((null_value= From 209a75c0932b076b8c66ba700992948a0905bea2 Mon Sep 17 00:00:00 2001 From: MySQL Build Team Date: Wed, 3 Feb 2010 16:27:27 +0100 Subject: [PATCH 05/21] Backport into build-201002030816-5.0.87sp1 > ------------------------------------------------------------ > revno: 2818.1.12 > revision-id: joro@sun.com-20091030094044-quadg0bwjy7cwqzw > parent: joro@sun.com-20091029152429-ks55fhrp4lhknyij > committer: Georgi Kodinov > branch nick: B48293-5.0-bugteam > timestamp: Fri 2009-10-30 11:40:44 +0200 > message: > Bug #48293: crash with procedure analyse, view with > 10 columns, > having clause... > > The fix for bug 46184 was not very complete. It was not covering > views using temporary tables and multiple tables in a FROM clause. > Fixed by reverting the fix for 46184 and making a more general > check that is checking at the right execution stage and for all > of the non-supported cases. > Now PROCEDURE ANALYZE on non-top level SELECT is also forbidden. > Updated the analyse.test and subselect.test accordingly. --- mysql-test/r/analyse.result | 112 ++++++++++++---------------------- mysql-test/r/subselect.result | 2 +- mysql-test/t/analyse.test | 70 +++++++++++++-------- mysql-test/t/subselect.test | 2 +- sql/sql_select.cc | 12 ++++ sql/sql_yacc.yy | 3 +- 6 files changed, 99 insertions(+), 102 deletions(-) diff --git a/mysql-test/r/analyse.result b/mysql-test/r/analyse.result index 1e3a2985f74..1820782d2f8 100644 --- a/mysql-test/r/analyse.result +++ b/mysql-test/r/analyse.result @@ -19,81 +19,10 @@ test.t1.empty_string 0 0 4 0 0.0000 NULL CHAR(0) NOT NULL test.t1.bool N Y 1 1 0 0 1.0000 NULL ENUM('N','Y') NOT NULL test.t1.d 2002-03-03 2002-03-05 10 10 0 0 10.0000 NULL ENUM('2002-03-03','2002-03-04','2002-03-05') NOT NULL create table t2 select * from t1 procedure analyse(); -select * from t2; -Field_name Min_value Max_value Min_length Max_length Empties_or_zeros Nulls Avg_value_or_avg_length Std Optimal_fieldtype -test.t1.i 1 7 1 1 0 0 4.0000 2.2361 ENUM('1','3','5','7') NOT NULL -test.t1.j 2 8 1 1 0 0 5.0000 2.2361 ENUM('2','4','6','8') NOT NULL -test.t1.empty_string 0 0 4 0 0.0000 NULL CHAR(0) NOT NULL -test.t1.bool N Y 1 1 0 0 1.0000 NULL ENUM('N','Y') NOT NULL -test.t1.d 2002-03-03 2002-03-05 10 10 0 0 10.0000 NULL ENUM('2002-03-03','2002-03-04','2002-03-05') NOT NULL -drop table t1,t2; +ERROR HY000: Incorrect usage of PROCEDURE and non-SELECT +drop table t1; EXPLAIN SELECT 1 FROM (SELECT 1) a PROCEDURE ANALYSE(); ERROR HY000: Incorrect usage of PROCEDURE and subquery -create table t1 (a int not null); -create table t2 select * from t1 where 0=1 procedure analyse(); -show create table t2; -Table Create Table -t2 CREATE TABLE `t2` ( - `Field_name` varbinary(255) NOT NULL default '', - `Min_value` varbinary(255) default NULL, - `Max_value` varbinary(255) default NULL, - `Min_length` bigint(11) NOT NULL default '0', - `Max_length` bigint(11) NOT NULL default '0', - `Empties_or_zeros` bigint(11) NOT NULL default '0', - `Nulls` bigint(11) NOT NULL default '0', - `Avg_value_or_avg_length` varbinary(255) NOT NULL default '', - `Std` varbinary(255) default NULL, - `Optimal_fieldtype` varbinary(64) NOT NULL default '' -) ENGINE=MyISAM DEFAULT CHARSET=latin1 -select * from t1 where 0=1 procedure analyse(); -Field_name Min_value Max_value Min_length Max_length Empties_or_zeros Nulls Avg_value_or_avg_length Std Optimal_fieldtype -insert into t1 values(1); -drop table t2; -create table t2 select * from t1 where 0=1 procedure analyse(); -show create table t2; -Table Create Table -t2 CREATE TABLE `t2` ( - `Field_name` varbinary(255) NOT NULL default '', - `Min_value` varbinary(255) default NULL, - `Max_value` varbinary(255) default NULL, - `Min_length` bigint(11) NOT NULL default '0', - `Max_length` bigint(11) NOT NULL default '0', - `Empties_or_zeros` bigint(11) NOT NULL default '0', - `Nulls` bigint(11) NOT NULL default '0', - `Avg_value_or_avg_length` varbinary(255) NOT NULL default '', - `Std` varbinary(255) default NULL, - `Optimal_fieldtype` varbinary(64) NOT NULL default '' -) ENGINE=MyISAM DEFAULT CHARSET=latin1 -select * from t2; -Field_name Min_value Max_value Min_length Max_length Empties_or_zeros Nulls Avg_value_or_avg_length Std Optimal_fieldtype -insert into t2 select * from t1 procedure analyse(); -select * from t2; -Field_name Min_value Max_value Min_length Max_length Empties_or_zeros Nulls Avg_value_or_avg_length Std Optimal_fieldtype -test.t1.a 1 1 1 1 0 0 1.0000 0.0000 ENUM('1') NOT NULL -insert into t1 values(2); -drop table t2; -create table t2 select * from t1 where 0=1 procedure analyse(); -show create table t2; -Table Create Table -t2 CREATE TABLE `t2` ( - `Field_name` varbinary(255) NOT NULL default '', - `Min_value` varbinary(255) default NULL, - `Max_value` varbinary(255) default NULL, - `Min_length` bigint(11) NOT NULL default '0', - `Max_length` bigint(11) NOT NULL default '0', - `Empties_or_zeros` bigint(11) NOT NULL default '0', - `Nulls` bigint(11) NOT NULL default '0', - `Avg_value_or_avg_length` varbinary(255) NOT NULL default '', - `Std` varbinary(255) default NULL, - `Optimal_fieldtype` varbinary(64) NOT NULL default '' -) ENGINE=MyISAM DEFAULT CHARSET=latin1 -select * from t2; -Field_name Min_value Max_value Min_length Max_length Empties_or_zeros Nulls Avg_value_or_avg_length Std Optimal_fieldtype -insert into t2 select * from t1 procedure analyse(); -select * from t2; -Field_name Min_value Max_value Min_length Max_length Empties_or_zeros Nulls Avg_value_or_avg_length Std Optimal_fieldtype -test.t1.a 1 2 1 1 0 0 1.5000 0.5000 ENUM('1','2') NOT NULL -drop table t1,t2; create table t1 (v varchar(128)); insert into t1 values ('abc'),('abc\'def\\hij\"klm\0opq'),('\''),('\"'),('\\'),('a\0'),('b\''),('c\"'),('d\\'),('\'b'),('\"c'),('\\d'),('a\0\0\0b'),('a\'\'\'\'b'),('a\"\"\"\"b'),('a\\\\\\\\b'),('\'\0\\\"'),('\'\''),('\"\"'),('\\\\'),('The\ZEnd'); select * from t1 procedure analyse(); @@ -157,3 +86,40 @@ SELECT * FROM (SELECT * FROM t1) d PROCEDURE ANALYSE(); ERROR HY000: Incorrect usage of PROCEDURE and subquery DROP TABLE t1; End of 4.1 tests +# +# Bug #48293: crash with procedure analyse, view with > 10 columns, +# having clause... +# +CREATE TABLE t1(a INT, b INT, c INT, d INT, e INT, +f INT, g INT, h INT, i INT, j INT,k INT); +INSERT INTO t1 VALUES (),(); +CREATE ALGORITHM=TEMPTABLE VIEW v1 AS SELECT * FROM t1; +#should have a derived table +EXPLAIN SELECT * FROM v1; +id select_type table type possible_keys key key_len ref rows Extra +1 PRIMARY ALL NULL NULL NULL NULL 2 +2 DERIVED t1 ALL NULL NULL NULL NULL 2 +#should not crash +SELECT * FROM v1 PROCEDURE analyse(); +ERROR HY000: Incorrect usage of PROCEDURE and view +#should not crash +SELECT * FROM t1 a, v1, t1 b PROCEDURE analyse(); +ERROR HY000: Incorrect usage of PROCEDURE and view +#should not crash +SELECT * FROM (SELECT * FROM t1 having a > 1) x PROCEDURE analyse(); +ERROR HY000: Incorrect usage of PROCEDURE and subquery +#should not crash +SELECT * FROM t1 a, (SELECT * FROM t1 having a > 1) x, t1 b PROCEDURE analyse(); +ERROR HY000: Incorrect usage of PROCEDURE and subquery +#should not crash +SELECT 1 FROM t1 group by a having a > 1 order by 1 PROCEDURE analyse(); +ERROR HY000: Can't use ORDER clause with this procedure +DROP VIEW v1; +DROP TABLE t1; +CREATE TABLE t1(a INT); +INSERT INTO t1 VALUES (1),(2); +# should not crash +CREATE TABLE t2 SELECT 1 FROM t1, t1 t3 GROUP BY t3.a PROCEDURE ANALYSE(); +ERROR HY000: Incorrect usage of PROCEDURE and non-SELECT +DROP TABLE t1; +End of 5.0 tests diff --git a/mysql-test/r/subselect.result b/mysql-test/r/subselect.result index eacde19ab1c..8c239d5c349 100644 --- a/mysql-test/r/subselect.result +++ b/mysql-test/r/subselect.result @@ -75,7 +75,7 @@ SELECT 1 FROM (SELECT 1 as a) b WHERE 1 IN (SELECT (SELECT a)); select (SELECT 1 FROM (SELECT 1) a PROCEDURE ANALYSE(1)); ERROR HY000: Incorrect usage of PROCEDURE and subquery SELECT 1 FROM (SELECT 1) a PROCEDURE ANALYSE((SELECT 1)); -ERROR HY000: Incorrect usage of PROCEDURE and subquery +ERROR HY000: Incorrect parameters to procedure 'ANALYSE' SELECT (SELECT 1) as a FROM (SELECT 1) b WHERE (SELECT a) IS NULL; ERROR 42S22: Unknown column 'a' in 'field list' SELECT (SELECT 1) as a FROM (SELECT 1) b WHERE (SELECT a) IS NOT NULL; diff --git a/mysql-test/t/analyse.test b/mysql-test/t/analyse.test index d8466df14bf..05f739bfd69 100644 --- a/mysql-test/t/analyse.test +++ b/mysql-test/t/analyse.test @@ -10,36 +10,13 @@ insert into t1 values (1,2,"","Y","2002-03-03"), (3,4,"","N","2002-03-04"), (5,6 select count(*) from t1 procedure analyse(); select * from t1 procedure analyse(); select * from t1 procedure analyse(2); +--error ER_WRONG_USAGE create table t2 select * from t1 procedure analyse(); -select * from t2; -drop table t1,t2; +drop table t1; --error ER_WRONG_USAGE EXPLAIN SELECT 1 FROM (SELECT 1) a PROCEDURE ANALYSE(); -# -# Test with impossible where -# -create table t1 (a int not null); -create table t2 select * from t1 where 0=1 procedure analyse(); -show create table t2; -select * from t1 where 0=1 procedure analyse(); -insert into t1 values(1); -drop table t2; -create table t2 select * from t1 where 0=1 procedure analyse(); -show create table t2; -select * from t2; -insert into t2 select * from t1 procedure analyse(); -select * from t2; -insert into t1 values(2); -drop table t2; -create table t2 select * from t1 where 0=1 procedure analyse(); -show create table t2; -select * from t2; -insert into t2 select * from t1 procedure analyse(); -select * from t2; -drop table t1,t2; - # # Bug#2813 - analyse does not quote string values in enums from string # @@ -113,3 +90,46 @@ SELECT * FROM (SELECT * FROM t1) d PROCEDURE ANALYSE(); DROP TABLE t1; --echo End of 4.1 tests + +--echo # +--echo # Bug #48293: crash with procedure analyse, view with > 10 columns, +--echo # having clause... +--echo # + +CREATE TABLE t1(a INT, b INT, c INT, d INT, e INT, + f INT, g INT, h INT, i INT, j INT,k INT); +INSERT INTO t1 VALUES (),(); + +CREATE ALGORITHM=TEMPTABLE VIEW v1 AS SELECT * FROM t1; +--echo #should have a derived table +EXPLAIN SELECT * FROM v1; +--echo #should not crash +--error ER_WRONG_USAGE +SELECT * FROM v1 PROCEDURE analyse(); +--echo #should not crash +--error ER_WRONG_USAGE +SELECT * FROM t1 a, v1, t1 b PROCEDURE analyse(); +--echo #should not crash +--error ER_WRONG_USAGE +SELECT * FROM (SELECT * FROM t1 having a > 1) x PROCEDURE analyse(); +--echo #should not crash +--error ER_WRONG_USAGE +SELECT * FROM t1 a, (SELECT * FROM t1 having a > 1) x, t1 b PROCEDURE analyse(); +--echo #should not crash +--error ER_ORDER_WITH_PROC +SELECT 1 FROM t1 group by a having a > 1 order by 1 PROCEDURE analyse(); + +DROP VIEW v1; +DROP TABLE t1; + +CREATE TABLE t1(a INT); +INSERT INTO t1 VALUES (1),(2); + +--echo # should not crash +--error ER_WRONG_USAGE +CREATE TABLE t2 SELECT 1 FROM t1, t1 t3 GROUP BY t3.a PROCEDURE ANALYSE(); + +DROP TABLE t1; + + +--echo End of 5.0 tests diff --git a/mysql-test/t/subselect.test b/mysql-test/t/subselect.test index 79918ca78a2..2b5d36da796 100644 --- a/mysql-test/t/subselect.test +++ b/mysql-test/t/subselect.test @@ -30,7 +30,7 @@ SELECT 1 IN (SELECT 1); SELECT 1 FROM (SELECT 1 as a) b WHERE 1 IN (SELECT (SELECT a)); -- error ER_WRONG_USAGE select (SELECT 1 FROM (SELECT 1) a PROCEDURE ANALYSE(1)); --- error ER_WRONG_USAGE +-- error ER_WRONG_PARAMETERS_TO_PROCEDURE SELECT 1 FROM (SELECT 1) a PROCEDURE ANALYSE((SELECT 1)); -- error ER_BAD_FIELD_ERROR SELECT (SELECT 1) as a FROM (SELECT 1) b WHERE (SELECT a) IS NULL; diff --git a/sql/sql_select.cc b/sql/sql_select.cc index 3bf67299d58..1b5be97b1d3 100644 --- a/sql/sql_select.cc +++ b/sql/sql_select.cc @@ -622,6 +622,18 @@ JOIN::prepare(Item ***rref_pointer_array, MYF(0)); /* purecov: inspected */ goto err; /* purecov: inspected */ } + if (thd->lex->derived_tables) + { + my_error(ER_WRONG_USAGE, MYF(0), "PROCEDURE", + thd->lex->derived_tables & DERIVED_VIEW ? + "view" : "subquery"); + goto err; + } + if (thd->lex->sql_command != SQLCOM_SELECT) + { + my_error(ER_WRONG_USAGE, MYF(0), "PROCEDURE", "non-SELECT"); + goto err; + } } if (!procedure && result && result->prepare(fields_list, unit_arg)) diff --git a/sql/sql_yacc.yy b/sql/sql_yacc.yy index c0247fd8d56..2fc85b4bda7 100644 --- a/sql/sql_yacc.yy +++ b/sql/sql_yacc.yy @@ -7334,8 +7334,7 @@ procedure_clause: MYSQL_YYABORT; } - if (&lex->select_lex != lex->current_select || - lex->select_lex.get_table_list()->derived) + if (&lex->select_lex != lex->current_select) { my_error(ER_WRONG_USAGE, MYF(0), "PROCEDURE", "subquery"); MYSQL_YYABORT; From 7810333553dd4ae7b7820fb729774bdba6269dd3 Mon Sep 17 00:00:00 2001 From: MySQL Build Team Date: Wed, 3 Feb 2010 16:28:51 +0100 Subject: [PATCH 06/21] Backport into build-201002030816-5.0.87sp1 > ------------------------------------------------------------ > revno: 2818.1.13 > revision-id: joro@sun.com-20091030131543-2b23fnqckgbzvete > parent: joro@sun.com-20091030094044-quadg0bwjy7cwqzw > committer: Georgi Kodinov > branch nick: B48291-5.0-bugteam > timestamp: Fri 2009-10-30 15:15:43 +0200 > message: > Bug #48291 : crash with row() operator,select into @var, and > subquery returning multiple rows > > Error handling was missing when handling subqueires in WHERE > and when assigning a SELECT result to a @variable. > This caused crash(es). > > Fixed by adding error handling code to both the WHERE > condition evaluation and to assignment to an @variable. --- mysql-test/r/select.result | 12 ++++++++++++ mysql-test/t/select.test | 17 +++++++++++++++++ sql/sql_class.cc | 6 ++++-- sql/sql_select.cc | 13 ++++++++++++- 4 files changed, 45 insertions(+), 3 deletions(-) diff --git a/mysql-test/r/select.result b/mysql-test/r/select.result index 4bb62fbfa70..5d07c97149f 100644 --- a/mysql-test/r/select.result +++ b/mysql-test/r/select.result @@ -4430,4 +4430,16 @@ SELECT 1 FROM t1 NATURAL LEFT JOIN t1 AS t2 FORCE INDEX(a); 1 1 DROP TABLE t1; +# +# Bug #48291 : crash with row() operator,select into @var, and +# subquery returning multiple rows +# +CREATE TABLE t1(a INT); +INSERT INTO t1 VALUES (2),(3); +# Should not crash +SELECT 1 FROM t1 WHERE a <> 1 AND NOT +ROW(a,a) <=> ROW((SELECT 1 FROM t1 WHERE 1=2),(SELECT 1 FROM t1)) +INTO @var0; +ERROR 21000: Subquery returns more than 1 row +DROP TABLE t1; End of 5.0 tests diff --git a/mysql-test/t/select.test b/mysql-test/t/select.test index d57163dfef6..ceb67215614 100644 --- a/mysql-test/t/select.test +++ b/mysql-test/t/select.test @@ -3766,5 +3766,22 @@ EXPLAIN SELECT 1 FROM t1 NATURAL LEFT JOIN t1 AS t2 FORCE INDEX(a); SELECT 1 FROM t1 NATURAL LEFT JOIN t1 AS t2 FORCE INDEX(a); DROP TABLE t1; + +--echo # +--echo # Bug #48291 : crash with row() operator,select into @var, and +--echo # subquery returning multiple rows +--echo # + +CREATE TABLE t1(a INT); +INSERT INTO t1 VALUES (2),(3); + +--echo # Should not crash +--error ER_SUBQUERY_NO_1_ROW +SELECT 1 FROM t1 WHERE a <> 1 AND NOT +ROW(a,a) <=> ROW((SELECT 1 FROM t1 WHERE 1=2),(SELECT 1 FROM t1)) +INTO @var0; + +DROP TABLE t1; + --echo End of 5.0 tests diff --git a/sql/sql_class.cc b/sql/sql_class.cc index 7d26759cb16..06f2229a050 100644 --- a/sql/sql_class.cc +++ b/sql/sql_class.cc @@ -2068,9 +2068,11 @@ bool select_dumpvar::send_data(List &items) else { Item_func_set_user_var *suv= new Item_func_set_user_var(mv->s, item); - suv->fix_fields(thd, 0); + if (suv->fix_fields(thd, 0)) + DBUG_RETURN (1); suv->save_item_result(item); - suv->update(); + if (suv->update()) + DBUG_RETURN (1); } } DBUG_RETURN(0); diff --git a/sql/sql_select.cc b/sql/sql_select.cc index 1b5be97b1d3..4e97836e5ec 100644 --- a/sql/sql_select.cc +++ b/sql/sql_select.cc @@ -10819,6 +10819,7 @@ evaluate_join_record(JOIN *join, JOIN_TAB *join_tab, bool not_used_in_distinct=join_tab->not_used_in_distinct; ha_rows found_records=join->found_records; COND *select_cond= join_tab->select_cond; + bool select_cond_result= TRUE; if (error > 0 || (*report_error)) // Fatal error return NESTED_LOOP_ERROR; @@ -10830,7 +10831,17 @@ evaluate_join_record(JOIN *join, JOIN_TAB *join_tab, return NESTED_LOOP_KILLED; /* purecov: inspected */ } DBUG_PRINT("info", ("select cond 0x%lx", (ulong)select_cond)); - if (!select_cond || select_cond->val_int()) + + if (select_cond) + { + select_cond_result= test(select_cond->val_int()); + + /* check for errors evaluating the condition */ + if (join->thd->net.report_error) + return NESTED_LOOP_ERROR; + } + + if (!select_cond || select_cond_result) { /* There is no select condition or the attached pushed down From 0286f0e9b0ca4f11e229bfb82916455c13c92c7b Mon Sep 17 00:00:00 2001 From: MySQL Build Team Date: Wed, 3 Feb 2010 16:29:49 +0100 Subject: [PATCH 07/21] Backport into build-201002030816-5.0.87sp1 > ------------------------------------------------------------ > revno: 2818.4.1 > revision-id: alexey.kopytov@sun.com-20091030155453-0vlfwki805h9os62 > parent: joerg@mysql.com-20091016122941-rf6z0keqvmlgjfto > committer: Alexey Kopytov > branch nick: my50-bug48131 > timestamp: Fri 2009-10-30 18:54:53 +0300 > message: > Bug #48131: crash group by with rollup, distinct, filesort, > with temporary tables > > There were two problems the test case from this bug was > triggering: > > 1. JOIN::rollup_init() was supposed to wrap all constant Items > into another object for queries with the WITH ROLLUP modifier > to ensure they are never considered as constants and therefore > are written into temporary tables if the optimizer chooses to > employ them for DISTINCT/GROUP BY handling. > > However, JOIN::rollup_init() was called before > make_join_statistics(), so Items corresponding to fields in > const tables could not be handled as intended, which was > causing all kinds of problems later in the query execution. In > particular, create_tmp_table() assumed all constant items > except "hidden" ones to be removed earlier by remove_const() > which led to improperly initialized Field objects for the > temporary table being created. This is what was causing crashes > and valgrind errors in storage engines. > > 2. Even when the above problem had been fixed, the query from > the test case produced incorrect results due to some > DISTINCT/GROUP BY optimizations being performed by the > optimizer that are inapplicable in the WITH ROLLUP case. > > Fixed by disabling inapplicable DISTINCT/GROUP BY optimizations > when the WITH ROLLUP modifier is present, and splitting the > const-wrapping part of JOIN::rollup_init() into a separate > method which is now invoked after make_join_statistics() when > the const tables are already known. --- mysql-test/r/olap.result | 20 +++++++++ mysql-test/t/olap.test | 15 +++++++ sql/sql_select.cc | 92 ++++++++++++++++++++++++++++------------ sql/sql_select.h | 1 + 4 files changed, 100 insertions(+), 28 deletions(-) diff --git a/mysql-test/r/olap.result b/mysql-test/r/olap.result index ad04e7304c9..56e06f03378 100644 --- a/mysql-test/r/olap.result +++ b/mysql-test/r/olap.result @@ -733,4 +733,24 @@ SELECT 1 FROM t1 GROUP BY (DATE(NULL)) WITH ROLLUP; 1 1 DROP TABLE t1; +# +# Bug #48131: crash group by with rollup, distinct, +# filesort, with temporary tables +# +CREATE TABLE t1 (a INT NOT NULL PRIMARY KEY); +INSERT INTO t1 VALUES (1), (2); +CREATE TABLE t2 (b INT); +INSERT INTO t2 VALUES (100); +SELECT a, b FROM t1, t2 GROUP BY a, b WITH ROLLUP; +a b +1 100 +1 NULL +2 100 +2 NULL +NULL NULL +SELECT DISTINCT b FROM t1, t2 GROUP BY a, b WITH ROLLUP; +b +100 +NULL +DROP TABLE t1, t2; End of 5.0 tests diff --git a/mysql-test/t/olap.test b/mysql-test/t/olap.test index d1e40024733..8f672af40a3 100644 --- a/mysql-test/t/olap.test +++ b/mysql-test/t/olap.test @@ -375,4 +375,19 @@ INSERT INTO t1 VALUES(0); SELECT 1 FROM t1 GROUP BY (DATE(NULL)) WITH ROLLUP; DROP TABLE t1; +--echo # +--echo # Bug #48131: crash group by with rollup, distinct, +--echo # filesort, with temporary tables +--echo # + +CREATE TABLE t1 (a INT NOT NULL PRIMARY KEY); +INSERT INTO t1 VALUES (1), (2); +CREATE TABLE t2 (b INT); +INSERT INTO t2 VALUES (100); + +SELECT a, b FROM t1, t2 GROUP BY a, b WITH ROLLUP; +SELECT DISTINCT b FROM t1, t2 GROUP BY a, b WITH ROLLUP; + +DROP TABLE t1, t2; + --echo End of 5.0 tests diff --git a/sql/sql_select.cc b/sql/sql_select.cc index 4e97836e5ec..ca7f20f5b21 100644 --- a/sql/sql_select.cc +++ b/sql/sql_select.cc @@ -928,6 +928,12 @@ JOIN::optimize() DBUG_RETURN(1); } + if (select_lex->olap == ROLLUP_TYPE && rollup_process_const_fields()) + { + DBUG_PRINT("error", ("Error: rollup_process_fields() failed")); + DBUG_RETURN(1); + } + /* Remove distinct if only const tables */ select_distinct= select_distinct && (const_tables != tables); thd_proc_info(thd, "preparing"); @@ -1055,7 +1061,7 @@ JOIN::optimize() join_tab[const_tables].select->quick->get_type() != QUICK_SELECT_I::QS_TYPE_GROUP_MIN_MAX)) { - if (group_list && + if (group_list && rollup.state == ROLLUP::STATE_NONE && list_contains_unique_index(join_tab[const_tables].table, find_field_in_order_list, (void *) group_list)) @@ -1093,7 +1099,8 @@ JOIN::optimize() if (! hidden_group_fields && rollup.state == ROLLUP::STATE_NONE) select_distinct=0; } - else if (select_distinct && tables - const_tables == 1) + else if (select_distinct && tables - const_tables == 1 && + rollup.state == ROLLUP::STATE_NONE) { /* We are only using one table. In this case we change DISTINCT to a @@ -9870,6 +9877,7 @@ create_tmp_table(THD *thd,TMP_TABLE_PARAM *param,List &fields, for (; cur_group ; cur_group= cur_group->next, key_part_info++) { Field *field=(*cur_group->item)->get_tmp_table_field(); + DBUG_ASSERT(field->table == table); bool maybe_null=(*cur_group->item)->maybe_null; key_part_info->null_bit=0; key_part_info->field= field; @@ -15015,32 +15023,7 @@ bool JOIN::rollup_init() { item->maybe_null= 1; found_in_group= 1; - if (item->const_item()) - { - /* - For ROLLUP queries each constant item referenced in GROUP BY list - is wrapped up into an Item_func object yielding the same value - as the constant item. The objects of the wrapper class are never - considered as constant items and besides they inherit all - properties of the Item_result_field class. - This wrapping allows us to ensure writing constant items - into temporary tables whenever the result of the ROLLUP - operation has to be written into a temporary table, e.g. when - ROLLUP is used together with DISTINCT in the SELECT list. - Usually when creating temporary tables for a intermidiate - result we do not include fields for constant expressions. - */ - Item* new_item= new Item_func_rollup_const(item); - if (!new_item) - return 1; - new_item->fix_fields(thd, (Item **) 0); - thd->change_item_tree(it.ref(), new_item); - for (ORDER *tmp= group_tmp; tmp; tmp= tmp->next) - { - if (*tmp->item == item) - thd->change_item_tree(tmp->item, new_item); - } - } + break; } } if (item->type() == Item::FUNC_ITEM && !found_in_group) @@ -15059,6 +15042,59 @@ bool JOIN::rollup_init() } return 0; } + +/** + Wrap all constant Items in GROUP BY list. + + For ROLLUP queries each constant item referenced in GROUP BY list + is wrapped up into an Item_func object yielding the same value + as the constant item. The objects of the wrapper class are never + considered as constant items and besides they inherit all + properties of the Item_result_field class. + This wrapping allows us to ensure writing constant items + into temporary tables whenever the result of the ROLLUP + operation has to be written into a temporary table, e.g. when + ROLLUP is used together with DISTINCT in the SELECT list. + Usually when creating temporary tables for a intermidiate + result we do not include fields for constant expressions. + + @retval + 0 if ok + @retval + 1 on error +*/ + +bool JOIN::rollup_process_const_fields() +{ + ORDER *group_tmp; + Item *item; + List_iterator it(all_fields); + + for (group_tmp= group_list; group_tmp; group_tmp= group_tmp->next) + { + if (!(*group_tmp->item)->const_item()) + continue; + while ((item= it++)) + { + if (*group_tmp->item == item) + { + Item* new_item= new Item_func_rollup_const(item); + if (!new_item) + return 1; + new_item->fix_fields(thd, (Item **) 0); + thd->change_item_tree(it.ref(), new_item); + for (ORDER *tmp= group_tmp; tmp; tmp= tmp->next) + { + if (*tmp->item == item) + thd->change_item_tree(tmp->item, new_item); + } + break; + } + } + it.rewind(); + } + return 0; +} /* diff --git a/sql/sql_select.h b/sql/sql_select.h index c328737c1c6..a217d199a30 100644 --- a/sql/sql_select.h +++ b/sql/sql_select.h @@ -452,6 +452,7 @@ public: } bool rollup_init(); + bool rollup_process_const_fields(); bool rollup_make_fields(List &all_fields, List &fields, Item_sum ***func); int rollup_send_data(uint idx); From 4baf459644e38af145c1c4a834d369b67a8dc698 Mon Sep 17 00:00:00 2001 From: MySQL Build Team Date: Wed, 3 Feb 2010 16:31:14 +0100 Subject: [PATCH 08/21] Backport into build-201002030816-5.0.87sp1 > ------------------------------------------------------------ > revno: 2818.1.18 > revision-id: li-bing.song@sun.com-20091103090041-zj7nedx6ok5jgges > parent: davi.arnaut@sun.com-20091102201021-1brn7cjb1kvqg9gr > committer: > branch nick: mysql-5.0-bugteam > timestamp: Tue 2009-11-03 17:00:41 +0800 > message: > BUG#48216 Replication fails on all slaves after upgrade to 5.0.86 on master > > When a sessione is closed, all temporary tables of the session are automatically > dropped and are binlogged. But it will be binlogged with wrong database names when > the length of the temporary tables' database names are greater than the > length of the current database name or the current database is not set. > > Query_log_event's db_len is forgot to set when Query_log_event's db is set. > This patch wrote code to set db_len immediately after db has set. --- mysql-test/r/drop_temp_table.result | 1 + mysql-test/t/drop_temp_table.test | 11 +++++++++++ sql/sql_base.cc | 1 + 3 files changed, 13 insertions(+) diff --git a/mysql-test/r/drop_temp_table.result b/mysql-test/r/drop_temp_table.result index ff200d09de4..6a566aa646e 100644 --- a/mysql-test/r/drop_temp_table.result +++ b/mysql-test/r/drop_temp_table.result @@ -8,6 +8,7 @@ create temporary table shortn2 (a int); select get_lock("a",10); get_lock("a",10) 1 +USE test; select get_lock("a",10); get_lock("a",10) 1 diff --git a/mysql-test/t/drop_temp_table.test b/mysql-test/t/drop_temp_table.test index b456e75576b..6c99d566d77 100644 --- a/mysql-test/t/drop_temp_table.test +++ b/mysql-test/t/drop_temp_table.test @@ -14,6 +14,17 @@ create temporary table shortn1 (a int); create temporary table `table:name` (a int); create temporary table shortn2 (a int); select get_lock("a",10); + +# +# BUG48216 Replication fails on all slaves after upgrade to 5.0.86 on master +# +# When the session is closed, any temporary tables of the session are dropped +# and are binlogged. But it will be binlogged with a wrong database name when +# the length of the database name('drop-temp-table-test') is greater than the +# current database name('test'). +# +USE test; + disconnect con1; connection con2; diff --git a/sql/sql_base.cc b/sql/sql_base.cc index db4ab29d6de..178c3e12e23 100644 --- a/sql/sql_base.cc +++ b/sql/sql_base.cc @@ -798,6 +798,7 @@ void close_temporary_tables(THD *thd) s_query.length() - 1 /* to remove trailing ',' */, 0, FALSE, THD::NOT_KILLED); qinfo.db= db.ptr(); + qinfo.db_len= db.length(); thd->variables.character_set_client= cs_save; DBUG_ASSERT(qinfo.error_code == 0); mysql_bin_log.write(&qinfo); From fe1d197a5b583f6587edf069931dfe1f06d0059e Mon Sep 17 00:00:00 2001 From: MySQL Build Team Date: Wed, 3 Feb 2010 16:32:15 +0100 Subject: [PATCH 09/21] Backport into build-201002030816-5.0.87sp1 > ------------------------------------------------------------ > revno: 2818.1.19 > revision-id: kostja@sun.com-20091103165854-7di545xruez8w207 > parent: li-bing.song@sun.com-20091103090041-zj7nedx6ok5jgges > committer: Konstantin Osipov > branch nick: 5.0-41756 > timestamp: Tue 2009-11-03 19:58:54 +0300 > message: > A fix and a test case for > Bug#41756 "Strange error messages about locks from InnoDB". > > In JT_EQ_REF (join_read_key()) access method, > don't try to unlock rows in the handler, unless certain that > a) they were locked > b) they are not used. > > Unlocking of rows is done by the logic of the nested join loop, > and is unaware of the possible caching that the access method may > have. This could lead to double unlocking, when a row > was unlocked first after reading into the cache, and then > when taken from cache, as well as to unlocking of rows which > were actually used (but taken from cache). > > Delegate part of the unlocking logic to the access method, > and in JT_EQ_REF count how many times a record was actually > used in the join. Unlock it only if it's usage count is 0. > > Implemented review comments. --- sql/item_subselect.cc | 1 + sql/records.cc | 2 ++ sql/sql_select.cc | 61 +++++++++++++++++++++++++++++++++++++++++-- sql/sql_select.h | 8 +++++- sql/structs.h | 14 +++++++--- 5 files changed, 79 insertions(+), 7 deletions(-) diff --git a/sql/item_subselect.cc b/sql/item_subselect.cc index 805669b3cfa..80fbc2c74d3 100644 --- a/sql/item_subselect.cc +++ b/sql/item_subselect.cc @@ -1869,6 +1869,7 @@ int subselect_single_select_engine::exec() tab->read_record.record= tab->table->record[0]; tab->read_record.thd= join->thd; tab->read_record.ref_length= tab->table->file->ref_length; + tab->read_record.unlock_row= rr_unlock_row; *(last_changed_tab++)= tab; break; } diff --git a/sql/records.cc b/sql/records.cc index d5c3a421cd9..e0219fac06e 100644 --- a/sql/records.cc +++ b/sql/records.cc @@ -60,6 +60,7 @@ void init_read_record_idx(READ_RECORD *info, THD *thd, TABLE *table, info->file= table->file; info->record= table->record[0]; info->print_error= print_error; + info->unlock_row= rr_unlock_row; table->status=0; /* And it's always found */ if (!table->file->inited) @@ -134,6 +135,7 @@ void init_read_record(READ_RECORD *info,THD *thd, TABLE *table, } info->select=select; info->print_error=print_error; + info->unlock_row= rr_unlock_row; info->ignore_not_found_rows= 0; table->status=0; /* And it's always found */ diff --git a/sql/sql_select.cc b/sql/sql_select.cc index ca7f20f5b21..c3cd1f41a41 100644 --- a/sql/sql_select.cc +++ b/sql/sql_select.cc @@ -140,6 +140,7 @@ static int join_read_const_table(JOIN_TAB *tab, POSITION *pos); static int join_read_system(JOIN_TAB *tab); static int join_read_const(JOIN_TAB *tab); static int join_read_key(JOIN_TAB *tab); +static void join_read_key_unlock_row(st_join_table *tab); static int join_read_always_key(JOIN_TAB *tab); static int join_read_last_key(JOIN_TAB *tab); static int join_no_more_records(READ_RECORD *info); @@ -5376,7 +5377,9 @@ static bool create_ref_for_key(JOIN *join, JOIN_TAB *j, KEYUSE *org_keyuse, } j->ref.key_buff2=j->ref.key_buff+ALIGN_SIZE(length); j->ref.key_err=1; + j->ref.has_record= FALSE; j->ref.null_rejecting= 0; + j->ref.use_count= 0; keyuse=org_keyuse; store_key **ref_key= j->ref.key_copy; @@ -6176,6 +6179,20 @@ make_join_select(JOIN *join,SQL_SELECT *select,COND *cond) DBUG_RETURN(0); } + +/** + The default implementation of unlock-row method of READ_RECORD, + used in all access methods. +*/ + +void rr_unlock_row(st_join_table *tab) +{ + READ_RECORD *info= &tab->read_record; + info->file->unlock_row(); +} + + + static void make_join_readinfo(JOIN *join, ulonglong options) { @@ -6191,6 +6208,7 @@ make_join_readinfo(JOIN *join, ulonglong options) TABLE *table=tab->table; tab->read_record.table= table; tab->read_record.file=table->file; + tab->read_record.unlock_row= rr_unlock_row; tab->next_select=sub_select; /* normal select */ /* @@ -6234,6 +6252,7 @@ make_join_readinfo(JOIN *join, ulonglong options) delete tab->quick; tab->quick=0; tab->read_first_record= join_read_key; + tab->read_record.unlock_row= join_read_key_unlock_row; tab->read_record.read_record= join_no_more_records; if (table->used_keys.is_set(tab->ref.key) && !table->no_keyread) @@ -10933,7 +10952,7 @@ evaluate_join_record(JOIN *join, JOIN_TAB *join_tab, return NESTED_LOOP_NO_MORE_ROWS; } else - join_tab->read_record.file->unlock_row(); + join_tab->read_record.unlock_row(join_tab); } else { @@ -10943,7 +10962,7 @@ evaluate_join_record(JOIN *join, JOIN_TAB *join_tab, */ join->examined_rows++; join->thd->row_count++; - join_tab->read_record.file->unlock_row(); + join_tab->read_record.unlock_row(join_tab); } return NESTED_LOOP_OK; } @@ -11296,17 +11315,55 @@ join_read_key(JOIN_TAB *tab) table->status=STATUS_NOT_FOUND; return -1; } + /* + Moving away from the current record. Unlock the row + in the handler if it did not match the partial WHERE. + */ + if (tab->ref.has_record && tab->ref.use_count == 0) + { + tab->read_record.file->unlock_row(); + tab->ref.has_record= FALSE; + } + error=table->file->index_read(table->record[0], tab->ref.key_buff, tab->ref.key_length,HA_READ_KEY_EXACT); if (error && error != HA_ERR_KEY_NOT_FOUND) return report_error(table, error); + + if (! error) + { + tab->ref.has_record= TRUE; + tab->ref.use_count= 1; + } + } + else if (table->status == 0) + { + DBUG_ASSERT(tab->ref.has_record); + tab->ref.use_count++; } table->null_row=0; return table->status ? -1 : 0; } +/** + Since join_read_key may buffer a record, do not unlock + it if it was not used in this invocation of join_read_key(). + Only count locks, thus remembering if the record was left unused, + and unlock already when pruning the current value of + TABLE_REF buffer. + @sa join_read_key() +*/ + +static void +join_read_key_unlock_row(st_join_table *tab) +{ + DBUG_ASSERT(tab->ref.use_count); + if (tab->ref.use_count) + tab->ref.use_count--; +} + /* ref access method implementation: "read_first" function diff --git a/sql/sql_select.h b/sql/sql_select.h index a217d199a30..346d98aae58 100644 --- a/sql/sql_select.h +++ b/sql/sql_select.h @@ -53,6 +53,8 @@ class store_key; typedef struct st_table_ref { bool key_err; + /** True if something was read into buffer in join_read_key. */ + bool has_record; uint key_parts; // num of ... uint key_length; // length of key_buff int key; // key no @@ -79,7 +81,11 @@ typedef struct st_table_ref key_part_map null_rejecting; table_map depend_map; // Table depends on these tables. byte *null_ref_key; // null byte position in the key_buf. - // used for REF_OR_NULL optimization. + /* + The number of times the record associated with this key was used + in the join. + */ + ha_rows use_count; } TABLE_REF; /* diff --git a/sql/structs.h b/sql/structs.h index be55527eaa0..3a7b2f49b2a 100644 --- a/sql/structs.h +++ b/sql/structs.h @@ -117,16 +117,22 @@ typedef struct st_reginfo { /* Extra info about reg */ } REGINFO; -struct st_read_record; /* For referense later */ class SQL_SELECT; class THD; class handler; +struct st_join_table; -typedef struct st_read_record { /* Parameter to read_record */ +void rr_unlock_row(st_join_table *tab); + +struct READ_RECORD { /* Parameter to read_record */ + typedef int (*Read_func)(READ_RECORD*); + typedef void (*Unlock_row_func)(st_join_table *); struct st_table *table; /* Head-form */ handler *file; struct st_table **forms; /* head and ref forms */ - int (*read_record)(struct st_read_record *); + + Read_func read_record; + Unlock_row_func unlock_row; THD *thd; SQL_SELECT *select; uint cache_records; @@ -138,7 +144,7 @@ typedef struct st_read_record { /* Parameter to read_record */ byte *cache,*cache_pos,*cache_end,*read_positions; IO_CACHE *io_cache; bool print_error, ignore_not_found_rows; -} READ_RECORD; +}; /* From a800d18bca6154a9a3abce0e6bd89b1a554d6467 Mon Sep 17 00:00:00 2001 From: MySQL Build Team Date: Wed, 3 Feb 2010 16:33:14 +0100 Subject: [PATCH 10/21] Backport into build-201002030816-5.0.87sp1 > ------------------------------------------------------------ > revno: 2818.1.26 > revision-id: joro@sun.com-20091109140946-07wao5od7l1vn4x1 > parent: joro@sun.com-20091110082141-ldr8p6s1joczve2j > committer: Georgi Kodinov > branch nick: B48458-5.0-bugteam > timestamp: Mon 2009-11-09 16:09:46 +0200 > message: > Bug #48458: simple query tries to allocate enormous amount of > memory > > The server was doing a bad class typecast causing setting of > wrong value for the maximum number of items in an internal > structure used in equality propagation. > Fixed by not doing the wrong typecast and asserting the type > of the Item where it should be done. --- mysql-test/r/select.result | 14 ++++++++++++++ mysql-test/t/select.test | 13 +++++++++++++ sql/sql_select.cc | 10 +++++----- 3 files changed, 32 insertions(+), 5 deletions(-) diff --git a/mysql-test/r/select.result b/mysql-test/r/select.result index 5d07c97149f..ff59eadab0c 100644 --- a/mysql-test/r/select.result +++ b/mysql-test/r/select.result @@ -4442,4 +4442,18 @@ ROW(a,a) <=> ROW((SELECT 1 FROM t1 WHERE 1=2),(SELECT 1 FROM t1)) INTO @var0; ERROR 21000: Subquery returns more than 1 row DROP TABLE t1; +# +# Bug #48458: simple query tries to allocate enormous amount of +# memory +# +CREATE TABLE t1(a INT NOT NULL, b YEAR); +INSERT INTO t1 VALUES (); +Warnings: +Warning 1364 Field 'a' doesn't have a default value +CREATE TABLE t2(c INT); +# Should not err out because of out-of-memory +SELECT 1 FROM t2 JOIN t1 ON 1=1 +WHERE a != '1' AND NOT a >= b OR NOT ROW(b,a )<> ROW(a,a); +1 +DROP TABLE t1,t2; End of 5.0 tests diff --git a/mysql-test/t/select.test b/mysql-test/t/select.test index ceb67215614..a4d3056b66e 100644 --- a/mysql-test/t/select.test +++ b/mysql-test/t/select.test @@ -3783,5 +3783,18 @@ INTO @var0; DROP TABLE t1; +--echo # +--echo # Bug #48458: simple query tries to allocate enormous amount of +--echo # memory +--echo # + +CREATE TABLE t1(a INT NOT NULL, b YEAR); +INSERT INTO t1 VALUES (); +CREATE TABLE t2(c INT); +--echo # Should not err out because of out-of-memory +SELECT 1 FROM t2 JOIN t1 ON 1=1 + WHERE a != '1' AND NOT a >= b OR NOT ROW(b,a )<> ROW(a,a); +DROP TABLE t1,t2; + --echo End of 5.0 tests diff --git a/sql/sql_select.cc b/sql/sql_select.cc index c3cd1f41a41..0b4b88ba3df 100644 --- a/sql/sql_select.cc +++ b/sql/sql_select.cc @@ -7517,12 +7517,12 @@ static COND *build_equal_items_for_cond(THD *thd, COND *cond, { item_equal->fix_length_and_dec(); item_equal->update_used_tables(); + set_if_bigger(thd->lex->current_select->max_equal_elems, + item_equal->members()); + return item_equal; } - else - item_equal= (Item_equal *) eq_list.pop(); - set_if_bigger(thd->lex->current_select->max_equal_elems, - item_equal->members()); - return item_equal; + + return eq_list.pop(); } else { From f5110c0f7342943c087bd77935f748a7b47a49c5 Mon Sep 17 00:00:00 2001 From: MySQL Build Team Date: Wed, 3 Feb 2010 16:34:46 +0100 Subject: [PATCH 11/21] Backport into build-201002030816-5.0.87sp1 > ------------------------------------------------------------ > revno: 2818.1.29 > revision-id: joro@sun.com-20091118152410-j4tv22vf9xkb6sdz > parent: kent.boortz@sun.com-20091117164924-rscth12t9a2qog1b > committer: Georgi Kodinov > branch nick: test-5.0-bugteam > timestamp: Wed 2009-11-18 17:24:10 +0200 > message: > Bug#48864: MySQL fails to compile on 64 bit Fedora 12 > > Fixed 2 errors in comp_err executable : > 1. Wrong (off by 1) length passed to my_checksum() > 2. strmov() was used on overlapping strings. This is > not legal according to the docs in stpcpy(). Used > the overlap safe memmove() instead. --- extra/comp_err.c | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/extra/comp_err.c b/extra/comp_err.c index 8814a045f36..342085b64d6 100644 --- a/extra/comp_err.c +++ b/extra/comp_err.c @@ -660,7 +660,7 @@ static ha_checksum checksum_format_specifier(const char* msg) case 'u': case 'x': case 's': - chksum= my_checksum(chksum, start, (uint) (p - start)); + chksum= my_checksum(chksum, start, (uint) (p + 1 - start)); start= 0; /* Not in format specifier anymore */ break; @@ -1030,8 +1030,10 @@ static char *parse_text_line(char *pos) { int i, nr; char *row= pos; + size_t len; DBUG_ENTER("parse_text_line"); + len= strlen (pos); while (*pos) { if (*pos == '\\') @@ -1039,11 +1041,11 @@ static char *parse_text_line(char *pos) switch (*++pos) { case '\\': case '"': - VOID(strmov(pos - 1, pos)); + VOID(memmove (pos - 1, pos, len - (row - pos))); break; case 'n': pos[-1]= '\n'; - VOID(strmov(pos, pos + 1)); + VOID(memmove (pos, pos + 1, len - (row - pos))); break; default: if (*pos >= '0' && *pos < '8') @@ -1053,10 +1055,10 @@ static char *parse_text_line(char *pos) nr= nr * 8 + (*(pos++) - '0'); pos -= i; pos[-1]= nr; - VOID(strmov(pos, pos + i)); + VOID(memmove (pos, pos + i, len - (row - pos))); } else if (*pos) - VOID(strmov(pos - 1, pos)); /* Remove '\' */ + VOID(memmove (pos - 1, pos, len - (row - pos))); /* Remove '\' */ } } else From 9978defd2540d4f0e4127679714efa927b54fbbf Mon Sep 17 00:00:00 2001 From: MySQL Build Team Date: Wed, 3 Feb 2010 16:36:20 +0100 Subject: [PATCH 12/21] Backport into build-201002030816-5.0.87sp1 > ------------------------------------------------------------ > revno: 2818.1.35 > revision-id: joro@sun.com-20091127095944-autr58itccge4z9l > parent: satya.bn@sun.com-20091125095925-871384fcnwwa2yqt > committer: Georgi Kodinov > branch nick: B48872-5.0-bugteam > timestamp: Fri 2009-11-27 11:59:44 +0200 > message: > Bug #48872 : Privileges for stored functions ignored if function name > is mixed case > > Transcode the procedure name to lowercase when searching for it in the > hash. This is the missing part of the fix for bug #41049. --- mysql-test/r/sp-security.result | 61 +++++++++++++++++++++++++++++++++ mysql-test/t/sp-security.test | 57 ++++++++++++++++++++++++++++++ sql/sql_acl.cc | 13 ++++--- 3 files changed, 126 insertions(+), 5 deletions(-) diff --git a/mysql-test/r/sp-security.result b/mysql-test/r/sp-security.result index 106d08c8c12..17758218e35 100644 --- a/mysql-test/r/sp-security.result +++ b/mysql-test/r/sp-security.result @@ -519,4 +519,65 @@ DROP USER mysqltest_u1@localhost; DROP PROCEDURE p_suid; DROP FUNCTION f_suid; DROP TABLE t1; +# +# Bug #48872 : Privileges for stored functions ignored if function name +# is mixed case +# +CREATE DATABASE B48872; +USE B48872; +CREATE TABLE `TestTab` (id INT); +INSERT INTO `TestTab` VALUES (1),(2); +CREATE FUNCTION `f_Test`() RETURNS INT RETURN 123; +CREATE FUNCTION `f_Test_denied`() RETURNS INT RETURN 123; +CREATE USER 'tester'; +CREATE USER 'Tester'; +GRANT SELECT ON TABLE `TestTab` TO 'tester'; +GRANT EXECUTE ON FUNCTION `f_Test` TO 'tester'; +GRANT EXECUTE ON FUNCTION `f_Test_denied` TO 'Tester'; +SELECT f_Test(); +f_Test() +123 +SELECT * FROM TestTab; +id +1 +2 +SELECT * FROM TestTab; +id +1 +2 +SELECT `f_Test`(); +`f_Test`() +123 +SELECT `F_TEST`(); +`F_TEST`() +123 +SELECT f_Test(); +f_Test() +123 +SELECT F_TEST(); +F_TEST() +123 +SELECT * FROM TestTab; +ERROR 42000: SELECT command denied to user 'Tester'@'localhost' for table 'TestTab' +SELECT `f_Test`(); +ERROR 42000: execute command denied to user 'Tester'@'%' for routine 'B48872.f_Test' +SELECT `F_TEST`(); +ERROR 42000: execute command denied to user 'Tester'@'%' for routine 'B48872.f_Test' +SELECT f_Test(); +ERROR 42000: execute command denied to user 'Tester'@'%' for routine 'B48872.f_Test' +SELECT F_TEST(); +ERROR 42000: execute command denied to user 'Tester'@'%' for routine 'B48872.f_Test' +SELECT `f_Test_denied`(); +`f_Test_denied`() +123 +SELECT `F_TEST_DENIED`(); +`F_TEST_DENIED`() +123 +DROP TABLE `TestTab`; +DROP FUNCTION `f_Test`; +DROP FUNCTION `f_Test_denied`; +USE test; +DROP USER 'tester'; +DROP USER 'Tester'; +DROP DATABASE B48872; End of 5.0 tests. diff --git a/mysql-test/t/sp-security.test b/mysql-test/t/sp-security.test index b8181fcb89b..42c8ecd85ec 100644 --- a/mysql-test/t/sp-security.test +++ b/mysql-test/t/sp-security.test @@ -889,6 +889,63 @@ DROP PROCEDURE p_suid; DROP FUNCTION f_suid; DROP TABLE t1; +--echo # +--echo # Bug #48872 : Privileges for stored functions ignored if function name +--echo # is mixed case +--echo # + +CREATE DATABASE B48872; +USE B48872; +CREATE TABLE `TestTab` (id INT); +INSERT INTO `TestTab` VALUES (1),(2); +CREATE FUNCTION `f_Test`() RETURNS INT RETURN 123; +CREATE FUNCTION `f_Test_denied`() RETURNS INT RETURN 123; +CREATE USER 'tester'; +CREATE USER 'Tester'; +GRANT SELECT ON TABLE `TestTab` TO 'tester'; +GRANT EXECUTE ON FUNCTION `f_Test` TO 'tester'; +GRANT EXECUTE ON FUNCTION `f_Test_denied` TO 'Tester'; + +SELECT f_Test(); +SELECT * FROM TestTab; + +CONNECT (con_tester,localhost,tester,,B48872); +CONNECT (con_tester_denied,localhost,Tester,,B48872); +CONNECTION con_tester; + +SELECT * FROM TestTab; +SELECT `f_Test`(); +SELECT `F_TEST`(); +SELECT f_Test(); +SELECT F_TEST(); + +CONNECTION con_tester_denied; + +--error ER_TABLEACCESS_DENIED_ERROR +SELECT * FROM TestTab; +--error ER_PROCACCESS_DENIED_ERROR +SELECT `f_Test`(); +--error ER_PROCACCESS_DENIED_ERROR +SELECT `F_TEST`(); +--error ER_PROCACCESS_DENIED_ERROR +SELECT f_Test(); +--error ER_PROCACCESS_DENIED_ERROR +SELECT F_TEST(); +SELECT `f_Test_denied`(); +SELECT `F_TEST_DENIED`(); + +CONNECTION default; +DISCONNECT con_tester; +DISCONNECT con_tester_denied; +DROP TABLE `TestTab`; +DROP FUNCTION `f_Test`; +DROP FUNCTION `f_Test_denied`; + +USE test; +DROP USER 'tester'; +DROP USER 'Tester'; +DROP DATABASE B48872; + --echo End of 5.0 tests. # Wait till all disconnects are completed diff --git a/sql/sql_acl.cc b/sql/sql_acl.cc index ea17a4227ef..29ea7c80d74 100644 --- a/sql/sql_acl.cc +++ b/sql/sql_acl.cc @@ -2265,14 +2265,17 @@ static GRANT_NAME *name_hash_search(HASH *name_hash, const char *host,const char* ip, const char *db, const char *user, const char *tname, - bool exact) + bool exact, bool name_tolower) { - char helping [NAME_LEN*2+USERNAME_LENGTH+3]; + char helping [NAME_LEN*2+USERNAME_LENGTH+3], *name_ptr; uint len; GRANT_NAME *grant_name,*found=0; HASH_SEARCH_STATE state; - len = (uint) (strmov(strmov(strmov(helping,user)+1,db)+1,tname)-helping)+ 1; + name_ptr= strmov(strmov(helping, user) + 1, db) + 1; + len = (uint) (strmov(name_ptr, tname) - helping) + 1; + if (name_tolower) + my_casedn_str(files_charset_info, name_ptr); for (grant_name= (GRANT_NAME*) hash_first(name_hash, (byte*) helping, len, &state); grant_name ; @@ -2305,7 +2308,7 @@ routine_hash_search(const char *host, const char *ip, const char *db, { return (GRANT_TABLE*) name_hash_search(proc ? &proc_priv_hash : &func_priv_hash, - host, ip, db, user, tname, exact); + host, ip, db, user, tname, exact, TRUE); } @@ -2314,7 +2317,7 @@ table_hash_search(const char *host, const char *ip, const char *db, const char *user, const char *tname, bool exact) { return (GRANT_TABLE*) name_hash_search(&column_priv_hash, host, ip, db, - user, tname, exact); + user, tname, exact, FALSE); } From 1bd8b8676a00e88fe60d007ecc67020e38ece307 Mon Sep 17 00:00:00 2001 From: MySQL Build Team Date: Wed, 3 Feb 2010 16:37:47 +0100 Subject: [PATCH 13/21] Backport into build-201002030816-5.0.87sp1 > ------------------------------------------------------------ > revno: 2818.1.38 > revision-id: joro@sun.com-20091127160731-6h2fahbh4409i841 > parent: joro@sun.com-20091127143622-bqfsmhhr2pqodsm2 > committer: Georgi Kodinov > branch nick: fix-5.0-bugteam > timestamp: Fri 2009-11-27 18:07:31 +0200 > message: > Addendum to bug #48872: disable output in the test case because errors are > dependent on the case mode --- mysql-test/r/sp-security.result | 5 ----- mysql-test/t/sp-security.test | 2 ++ 2 files changed, 2 insertions(+), 5 deletions(-) diff --git a/mysql-test/r/sp-security.result b/mysql-test/r/sp-security.result index 17758218e35..1451f8e88fd 100644 --- a/mysql-test/r/sp-security.result +++ b/mysql-test/r/sp-security.result @@ -558,15 +558,10 @@ SELECT F_TEST(); F_TEST() 123 SELECT * FROM TestTab; -ERROR 42000: SELECT command denied to user 'Tester'@'localhost' for table 'TestTab' SELECT `f_Test`(); -ERROR 42000: execute command denied to user 'Tester'@'%' for routine 'B48872.f_Test' SELECT `F_TEST`(); -ERROR 42000: execute command denied to user 'Tester'@'%' for routine 'B48872.f_Test' SELECT f_Test(); -ERROR 42000: execute command denied to user 'Tester'@'%' for routine 'B48872.f_Test' SELECT F_TEST(); -ERROR 42000: execute command denied to user 'Tester'@'%' for routine 'B48872.f_Test' SELECT `f_Test_denied`(); `f_Test_denied`() 123 diff --git a/mysql-test/t/sp-security.test b/mysql-test/t/sp-security.test index 42c8ecd85ec..3d41d90404d 100644 --- a/mysql-test/t/sp-security.test +++ b/mysql-test/t/sp-security.test @@ -921,6 +921,7 @@ SELECT F_TEST(); CONNECTION con_tester_denied; +--disable_result_log --error ER_TABLEACCESS_DENIED_ERROR SELECT * FROM TestTab; --error ER_PROCACCESS_DENIED_ERROR @@ -931,6 +932,7 @@ SELECT `F_TEST`(); SELECT f_Test(); --error ER_PROCACCESS_DENIED_ERROR SELECT F_TEST(); +--enable_result_log SELECT `f_Test_denied`(); SELECT `F_TEST_DENIED`(); From 6ed87929ab7492376e0b331b83803e15f4fd4e36 Mon Sep 17 00:00:00 2001 From: MySQL Build Team Date: Wed, 3 Feb 2010 16:38:46 +0100 Subject: [PATCH 14/21] Backport into build-201002030816-5.0.87sp1 > ------------------------------------------------------------ > revno: 2818.1.39 > revision-id: gshchepa@mysql.com-20091201102444-yw166t3audrojo9s > parent: joro@sun.com-20091127160731-6h2fahbh4409i841 > committer: Gleb Shchepa > branch nick: mysql-5.0-bugteam > timestamp: Tue 2009-12-01 14:24:44 +0400 > message: > Bug #38883 (reopened): thd_security_context is not thread safe, crashes? > > The bug 38816 changed the lock that protects THD::query from > LOCK_thread_count to LOCK_thd_data, but didn't update the associated > InnoDB functions. > > 1. The innobase_mysql_prepare_print_arbitrary_thd and the > innobase_mysql_end_print_arbitrary_thd InnoDB functions have been > removed, since now we have a per-thread mutex: now we don't need to wrap > several inter-thread access tries to THD::query with a single global > LOCK_thread_count lock, so we can simplify the code. > > 2. The innobase_mysql_print_thd function has been modified to lock > LOCK_thd_data in direct way. --- innobase/include/trx0trx.h | 4 +--- innobase/lock/lock0lock.c | 33 -------------------------------- innobase/trx/trx0trx.c | 4 +--- sql/ha_innodb.cc | 39 ++++++++------------------------------ 4 files changed, 10 insertions(+), 70 deletions(-) diff --git a/innobase/include/trx0trx.h b/innobase/include/trx0trx.h index cf9d1788ad8..5ed9f0b8c97 100644 --- a/innobase/include/trx0trx.h +++ b/innobase/include/trx0trx.h @@ -348,9 +348,7 @@ trx_commit_step( /************************************************************************** Prints info about a transaction to the given file. The caller must own the -kernel mutex and must have called -innobase_mysql_prepare_print_arbitrary_thd(), unless he knows that MySQL -or InnoDB cannot meanwhile change the info printed here. */ +kernel mutex. */ void trx_print( diff --git a/innobase/lock/lock0lock.c b/innobase/lock/lock0lock.c index e0f3f58f737..acf76a08f16 100644 --- a/innobase/lock/lock0lock.c +++ b/innobase/lock/lock0lock.c @@ -18,31 +18,6 @@ Created 5/7/1996 Heikki Tuuri #include "trx0sys.h" -/* 2 function prototypes copied from ha_innodb.cc: */ - -/***************************************************************** -If you want to print a thd that is not associated with the current thread, -you must call this function before reserving the InnoDB kernel_mutex, to -protect MySQL from setting thd->query NULL. If you print a thd of the current -thread, we know that MySQL cannot modify thd->query, and it is not necessary -to call this. Call innobase_mysql_end_print_arbitrary_thd() after you release -the kernel_mutex. -NOTE that /mysql/innobase/lock/lock0lock.c must contain the prototype for this -function! */ - -void -innobase_mysql_prepare_print_arbitrary_thd(void); -/*============================================*/ - -/***************************************************************** -Relases the mutex reserved by innobase_mysql_prepare_print_arbitrary_thd(). -NOTE that /mysql/innobase/lock/lock0lock.c must contain the prototype for this -function! */ - -void -innobase_mysql_end_print_arbitrary_thd(void); -/*========================================*/ - /* Restricts the length of search we will do in the waits-for graph of transactions */ #define LOCK_MAX_N_STEPS_IN_DEADLOCK_CHECK 1000000 @@ -4231,11 +4206,6 @@ lock_print_info_summary( /*====================*/ FILE* file) /* in: file where to print */ { - /* We must protect the MySQL thd->query field with a MySQL mutex, and - because the MySQL mutex must be reserved before the kernel_mutex of - InnoDB, we call innobase_mysql_prepare_print_arbitrary_thd() here. */ - - innobase_mysql_prepare_print_arbitrary_thd(); lock_mutex_enter_kernel(); if (lock_deadlock_found) { @@ -4322,7 +4292,6 @@ loop: if (trx == NULL) { lock_mutex_exit_kernel(); - innobase_mysql_end_print_arbitrary_thd(); ut_ad(lock_validate()); @@ -4387,7 +4356,6 @@ loop: if (load_page_first) { lock_mutex_exit_kernel(); - innobase_mysql_end_print_arbitrary_thd(); mtr_start(&mtr); @@ -4397,7 +4365,6 @@ loop: load_page_first = FALSE; - innobase_mysql_prepare_print_arbitrary_thd(); lock_mutex_enter_kernel(); goto loop; diff --git a/innobase/trx/trx0trx.c b/innobase/trx/trx0trx.c index 70fd73f2488..d0e64b84eeb 100644 --- a/innobase/trx/trx0trx.c +++ b/innobase/trx/trx0trx.c @@ -1701,9 +1701,7 @@ trx_mark_sql_stat_end( /************************************************************************** Prints info about a transaction to the given file. The caller must own the -kernel mutex and must have called -innobase_mysql_prepare_print_arbitrary_thd(), unless he knows that MySQL -or InnoDB cannot meanwhile change the info printed here. */ +kernel mutex. */ void trx_print( diff --git a/sql/ha_innodb.cc b/sql/ha_innodb.cc index 4bd54805a95..1b614629288 100644 --- a/sql/ha_innodb.cc +++ b/sql/ha_innodb.cc @@ -536,35 +536,6 @@ convert_error_code_to_mysql( } } -/***************************************************************** -If you want to print a thd that is not associated with the current thread, -you must call this function before reserving the InnoDB kernel_mutex, to -protect MySQL from setting thd->query NULL. If you print a thd of the current -thread, we know that MySQL cannot modify thd->query, and it is not necessary -to call this. Call innobase_mysql_end_print_arbitrary_thd() after you release -the kernel_mutex. -NOTE that /mysql/innobase/lock/lock0lock.c must contain the prototype for this -function! */ -extern "C" -void -innobase_mysql_prepare_print_arbitrary_thd(void) -/*============================================*/ -{ - VOID(pthread_mutex_lock(&LOCK_thread_count)); -} - -/***************************************************************** -Releases the mutex reserved by innobase_mysql_prepare_print_arbitrary_thd(). -NOTE that /mysql/innobase/lock/lock0lock.c must contain the prototype for this -function! */ -extern "C" -void -innobase_mysql_end_print_arbitrary_thd(void) -/*========================================*/ -{ - VOID(pthread_mutex_unlock(&LOCK_thread_count)); -} - /***************************************************************** Prints info of a THD object (== user session thread) to the given file. NOTE that /mysql/innobase/trx/trx0trx.c must contain the prototype for @@ -578,11 +549,11 @@ innobase_mysql_print_thd( uint max_query_len) /* in: max query length to print, or 0 to use the default max length */ { - const THD* thd; + THD* thd; const Security_context *sctx; const char* s; - thd = (const THD*) input_thd; + thd = (THD*) input_thd; /* We probably want to have original user as part of debug output. */ sctx = &thd->main_security_ctx; @@ -609,6 +580,10 @@ innobase_mysql_print_thd( fputs(s, f); } + /* We have to quarantine an access to thd->query and + thd->query_length with thd->LOCK_thd_data mutex. */ + VOID(pthread_mutex_lock(&thd->LOCK_thd_data)); + if ((s = thd->query)) { /* 3100 is chosen because currently 3000 is the maximum max_query_len we ever give this. */ @@ -653,6 +628,8 @@ innobase_mysql_print_thd( } } + VOID(pthread_mutex_unlock(&thd->LOCK_thd_data)); + putc('\n', f); } From 5eebf7a951a6ac5a247392fff8869dd36d9c130c Mon Sep 17 00:00:00 2001 From: MySQL Build Team Date: Wed, 3 Feb 2010 16:40:24 +0100 Subject: [PATCH 15/21] Backport into build-201002030816-5.0.87sp1 > ------------------------------------------------------------ > revno: 2818.1.40 [merge] > revision-id: epotemkin@mysql.com-20091202134712-4muwnr152xqkcwm7 > parent: gshchepa@mysql.com-20091201102444-yw166t3audrojo9s > parent: epotemkin@mysql.com-20091201182845-aw0uawt6c6gwi98c > committer: Evgeny Potemkin > branch nick: mysql-5.0-bugteam > timestamp: Wed 2009-12-02 16:47:12 +0300 > message: > Auto-merged fix for the bug#48508. > ------------------------------------------------------------ > Use --include-merges or -n0 to see merged revisions. --- mysql-test/r/ps.result | 23 +++++++++++++++++++++++ mysql-test/t/ps.test | 21 +++++++++++++++++++++ sql/item_cmpfunc.cc | 2 +- sql/sql_base.cc | 3 ++- sql/sql_class.h | 2 ++ 5 files changed, 49 insertions(+), 2 deletions(-) diff --git a/mysql-test/r/ps.result b/mysql-test/r/ps.result index 43c50998e20..e7894388494 100644 --- a/mysql-test/r/ps.result +++ b/mysql-test/r/ps.result @@ -1891,4 +1891,27 @@ execute stmt using @arg; ? -12345.5432100000 deallocate prepare stmt; +# +# Bug#48508: Crash on prepared statement re-execution. +# +create table t1(b int); +insert into t1 values (0); +create view v1 AS select 1 as a from t1 where b; +prepare stmt from "select * from v1 where a"; +execute stmt; +a +execute stmt; +a +drop table t1; +drop view v1; +create table t1(a bigint); +create table t2(b tinyint); +insert into t2 values (null); +prepare stmt from "select 1 from t1 join t2 on a xor b where b > 1 and a =1"; +execute stmt; +1 +execute stmt; +1 +drop table t1,t2; +# End of 5.0 tests. diff --git a/mysql-test/t/ps.test b/mysql-test/t/ps.test index d9e593fd76f..6134efb5c5c 100644 --- a/mysql-test/t/ps.test +++ b/mysql-test/t/ps.test @@ -1973,4 +1973,25 @@ select @arg; execute stmt using @arg; deallocate prepare stmt; +--echo # +--echo # Bug#48508: Crash on prepared statement re-execution. +--echo # +create table t1(b int); +insert into t1 values (0); +create view v1 AS select 1 as a from t1 where b; +prepare stmt from "select * from v1 where a"; +execute stmt; +execute stmt; +drop table t1; +drop view v1; + +create table t1(a bigint); +create table t2(b tinyint); +insert into t2 values (null); +prepare stmt from "select 1 from t1 join t2 on a xor b where b > 1 and a =1"; +execute stmt; +execute stmt; +drop table t1,t2; +--echo # + --echo End of 5.0 tests. diff --git a/sql/item_cmpfunc.cc b/sql/item_cmpfunc.cc index 8c655cdc369..d03c68b3560 100644 --- a/sql/item_cmpfunc.cc +++ b/sql/item_cmpfunc.cc @@ -3907,7 +3907,7 @@ Item *Item_cond::compile(Item_analyzer analyzer, byte **arg_p, byte *arg_v= *arg_p; Item *new_item= item->compile(analyzer, &arg_v, transformer, arg_t); if (new_item && new_item != item) - li.replace(new_item); + current_thd->change_item_tree(li.ref(), new_item); } return Item_func::transform(transformer, arg_t); } diff --git a/sql/sql_base.cc b/sql/sql_base.cc index 178c3e12e23..88d1e8879d1 100644 --- a/sql/sql_base.cc +++ b/sql/sql_base.cc @@ -3481,7 +3481,8 @@ find_field_in_view(THD *thd, TABLE_LIST *table_list, if (!my_strcasecmp(system_charset_info, field_it.name(), name)) { // in PS use own arena or data will be freed after prepare - if (register_tree_change && thd->stmt_arena->is_stmt_prepare_or_first_sp_execute()) + if (register_tree_change && + thd->stmt_arena->is_stmt_prepare_or_first_stmt_execute()) arena= thd->activate_stmt_arena_if_needed(&backup); /* create_item() may, or may not create a new Item, depending on diff --git a/sql/sql_class.h b/sql/sql_class.h index 7c747e459a4..45d345d0ced 100644 --- a/sql/sql_class.h +++ b/sql/sql_class.h @@ -757,6 +757,8 @@ public: { return state == INITIALIZED_FOR_SP; } inline bool is_stmt_prepare_or_first_sp_execute() const { return (int)state < (int)PREPARED; } + inline bool is_stmt_prepare_or_first_stmt_execute() const + { return (int)state <= (int)PREPARED; } inline bool is_first_stmt_execute() const { return state == PREPARED; } inline bool is_stmt_execute() const { return state == PREPARED || state == EXECUTED; } From 318e49ab267207f45fd235ea0debebc124404096 Mon Sep 17 00:00:00 2001 From: MySQL Build Team Date: Wed, 3 Feb 2010 16:41:24 +0100 Subject: [PATCH 16/21] Backport into build-201002030816-5.0.87sp1 > ------------------------------------------------------------ > revno: 2818.1.41 [merge] > revision-id: epotemkin@mysql.com-20091203132153-k8xwk3nh02n8npg4 > parent: epotemkin@mysql.com-20091202134712-4muwnr152xqkcwm7 > parent: epotemkin@mysql.com-20091203131520-93uiop1a81o9z8mb > committer: Evgeny Potemkin > branch nick: mysql-5.0-bugteam > timestamp: Thu 2009-12-03 16:21:53 +0300 > message: > Auto-merged. > ------------------------------------------------------------ > Use --include-merges or -n0 to see merged revisions. --- mysql-test/r/ps.result | 2 ++ mysql-test/t/ps.test | 2 ++ 2 files changed, 4 insertions(+) diff --git a/mysql-test/r/ps.result b/mysql-test/r/ps.result index e7894388494..8a19b9b17e1 100644 --- a/mysql-test/r/ps.result +++ b/mysql-test/r/ps.result @@ -1902,6 +1902,7 @@ execute stmt; a execute stmt; a +deallocate prepare stmt; drop table t1; drop view v1; create table t1(a bigint); @@ -1912,6 +1913,7 @@ execute stmt; 1 execute stmt; 1 +deallocate prepare stmt; drop table t1,t2; # End of 5.0 tests. diff --git a/mysql-test/t/ps.test b/mysql-test/t/ps.test index 6134efb5c5c..8f8e943913f 100644 --- a/mysql-test/t/ps.test +++ b/mysql-test/t/ps.test @@ -1982,6 +1982,7 @@ create view v1 AS select 1 as a from t1 where b; prepare stmt from "select * from v1 where a"; execute stmt; execute stmt; +deallocate prepare stmt; drop table t1; drop view v1; @@ -1991,6 +1992,7 @@ insert into t2 values (null); prepare stmt from "select 1 from t1 join t2 on a xor b where b > 1 and a =1"; execute stmt; execute stmt; +deallocate prepare stmt; drop table t1,t2; --echo # From ce730c3d334a291dbb5fda3925678da6e674a453 Mon Sep 17 00:00:00 2001 From: MySQL Build Team Date: Wed, 3 Feb 2010 16:42:25 +0100 Subject: [PATCH 17/21] Backport into build-201002030816-5.0.87sp1 > ------------------------------------------------------------ > revno: 2818.1.48 > revision-id: joro@sun.com-20091210092838-zbz9ugqay1tn7rxm > parent: joro@sun.com-20091207143856-ojmmqr0bm1haxvca > committer: Georgi Kodinov > branch nick: B49250-5.0-bugteaam > timestamp: Thu 2009-12-10 11:28:38 +0200 > message: > Bug #49250 : spatial btree index corruption and crash > > SPATIAL and FULLTEXT indexes don't support algorithm > selection. > Disabled by creating a special grammar rule for these > in the parser. > Added some encasulation of duplicate parser code. --- mysql-test/r/fulltext.result | 14 +++++ mysql-test/r/gis.result | 13 +++++ mysql-test/t/fulltext.test | 17 ++++++ mysql-test/t/gis.test | 15 +++++ sql/sql_yacc.yy | 110 +++++++++++++++++++++-------------- 5 files changed, 126 insertions(+), 43 deletions(-) diff --git a/mysql-test/r/fulltext.result b/mysql-test/r/fulltext.result index b0197e0aec2..c27915811d6 100644 --- a/mysql-test/r/fulltext.result +++ b/mysql-test/r/fulltext.result @@ -518,3 +518,17 @@ EXECUTE s; MATCH (col) AGAINST('findme') DEALLOCATE PREPARE s; DROP TABLE t1; +# +# Bug #49250 : spatial btree index corruption and crash +# Part two : fulltext syntax check +# +CREATE TABLE t1(col1 TEXT, +FULLTEXT INDEX USING BTREE (col1)); +ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'USING BTREE (col1))' at line 2 +CREATE TABLE t2(col1 TEXT); +CREATE FULLTEXT INDEX USING BTREE ON t2(col); +ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'USING BTREE ON t2(col)' at line 1 +ALTER TABLE t2 ADD FULLTEXT INDEX USING BTREE (col1); +ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'USING BTREE (col1)' at line 1 +DROP TABLE t2; +End of 5.0 tests diff --git a/mysql-test/r/gis.result b/mysql-test/r/gis.result index 140c133d75f..158fdb69c10 100644 --- a/mysql-test/r/gis.result +++ b/mysql-test/r/gis.result @@ -983,4 +983,17 @@ GEOMFROMTEXT( SELECT 1 FROM t1 WHERE a <> (SELECT GEOMETRYCOLLECTIONFROMWKB(b) FROM t1); 1 DROP TABLE t1; +# +# Bug #49250 : spatial btree index corruption and crash +# Part one : spatial syntax check +# +CREATE TABLE t1(col1 MULTIPOLYGON NOT NULL, +SPATIAL INDEX USING BTREE (col1)); +ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'USING BTREE (col1))' at line 2 +CREATE TABLE t2(col1 MULTIPOLYGON NOT NULL); +CREATE SPATIAL INDEX USING BTREE ON t2(col); +ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'USING BTREE ON t2(col)' at line 1 +ALTER TABLE t2 ADD SPATIAL INDEX USING BTREE (col1); +ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'USING BTREE (col1)' at line 1 +DROP TABLE t2; End of 5.0 tests diff --git a/mysql-test/t/fulltext.test b/mysql-test/t/fulltext.test index 9551c98f143..bcd27e51f24 100644 --- a/mysql-test/t/fulltext.test +++ b/mysql-test/t/fulltext.test @@ -455,3 +455,20 @@ EXECUTE s; DEALLOCATE PREPARE s; DROP TABLE t1; +--echo # +--echo # Bug #49250 : spatial btree index corruption and crash +--echo # Part two : fulltext syntax check +--echo # + +--error ER_PARSE_ERROR +CREATE TABLE t1(col1 TEXT, + FULLTEXT INDEX USING BTREE (col1)); +CREATE TABLE t2(col1 TEXT); +--error ER_PARSE_ERROR +CREATE FULLTEXT INDEX USING BTREE ON t2(col); +--error ER_PARSE_ERROR +ALTER TABLE t2 ADD FULLTEXT INDEX USING BTREE (col1); + +DROP TABLE t2; + +--echo End of 5.0 tests diff --git a/mysql-test/t/gis.test b/mysql-test/t/gis.test index 701a6cef6be..d2bfe7d90d4 100644 --- a/mysql-test/t/gis.test +++ b/mysql-test/t/gis.test @@ -669,5 +669,20 @@ SELECT 1 FROM t1 WHERE a <> (SELECT GEOMETRYCOLLECTIONFROMWKB(b) FROM t1); DROP TABLE t1; +--echo # +--echo # Bug #49250 : spatial btree index corruption and crash +--echo # Part one : spatial syntax check +--echo # + +--error ER_PARSE_ERROR +CREATE TABLE t1(col1 MULTIPOLYGON NOT NULL, + SPATIAL INDEX USING BTREE (col1)); +CREATE TABLE t2(col1 MULTIPOLYGON NOT NULL); +--error ER_PARSE_ERROR +CREATE SPATIAL INDEX USING BTREE ON t2(col); +--error ER_PARSE_ERROR +ALTER TABLE t2 ADD SPATIAL INDEX USING BTREE (col1); + +DROP TABLE t2; --echo End of 5.0 tests diff --git a/sql/sql_yacc.yy b/sql/sql_yacc.yy index 2fc85b4bda7..3cd61605033 100644 --- a/sql/sql_yacc.yy +++ b/sql/sql_yacc.yy @@ -418,6 +418,34 @@ Item* handle_sql2003_note184_exception(THD *thd, Item* left, bool equal, DBUG_RETURN(result); } + +static bool add_create_index_prepare (LEX *lex, Table_ident *table) +{ + lex->sql_command= SQLCOM_CREATE_INDEX; + if (!lex->current_select->add_table_to_list(lex->thd, table, NULL, + TL_OPTION_UPDATING)) + return TRUE; + lex->alter_info.reset(); + lex->alter_info.flags= ALTER_ADD_INDEX; + lex->col_list.empty(); + lex->change= NullS; + return FALSE; +} + + +static bool add_create_index (LEX *lex, + Key::Keytype type, const char *name, enum ha_key_alg key_alg, + bool generated= 0) +{ + Key *key= new Key(type, name, key_alg, generated, lex->col_list); + if (key == NULL) + return TRUE; + + lex->alter_info.key_list.push_back(key); + lex->col_list.empty(); + return FALSE; +} + %} %union { int num; @@ -1110,7 +1138,8 @@ bool my_yyoverflow(short **a, YYSTYPE **b, ulong *yystacksize); option_type opt_var_type opt_var_ident_type %type - key_type opt_unique_or_fulltext constraint_key_type + key_type opt_unique fulltext_or_spatial constraint_key_type + key_type_fulltext_or_spatial %type key_alg opt_btree_or_rtree @@ -1543,27 +1572,25 @@ create: } create2 { Lex->current_select= &Lex->select_lex; } - | CREATE opt_unique_or_fulltext INDEX_SYM ident key_alg ON table_ident + | CREATE opt_unique INDEX_SYM ident key_alg ON table_ident { - LEX *lex=Lex; - lex->sql_command= SQLCOM_CREATE_INDEX; - if (!lex->current_select->add_table_to_list(lex->thd, $7, NULL, - TL_OPTION_UPDATING)) - MYSQL_YYABORT; - lex->alter_info.reset(); - lex->alter_info.flags= ALTER_ADD_INDEX; - lex->col_list.empty(); - lex->change=NullS; - } - '(' key_list ')' - { - LEX *lex=Lex; - Key *key= new Key($2, $4.str, $5, 0, lex->col_list); - if (key == NULL) + if (add_create_index_prepare (Lex, $7)) + MYSQL_YYABORT; + } + '(' key_list ')' + { + if (add_create_index (Lex, $2, $4.str, $5)) + MYSQL_YYABORT; + } + | CREATE fulltext_or_spatial INDEX_SYM ident ON table_ident + { + if (add_create_index_prepare (Lex, $6)) + MYSQL_YYABORT; + } + '(' key_list ')' + { + if (add_create_index (Lex, $2, $4.str, HA_KEY_ALG_UNDEF)) MYSQL_YYABORT; - - lex->alter_info.key_list.push_back(key); - lex->col_list.empty(); } | CREATE DATABASE opt_if_not_exists ident { @@ -3133,23 +3160,18 @@ column_def: key_def: key_type opt_ident key_alg '(' key_list ')' key_alg { - LEX *lex=Lex; - Key *key= new Key($1, $2, $7 ? $7 : $3, 0, lex->col_list); - if (key == NULL) + if (add_create_index (Lex, $1, $2, $7 ? $7 : $3)) + MYSQL_YYABORT; + } + | key_type_fulltext_or_spatial opt_ident '(' key_list ')' + { + if (add_create_index (Lex, $1, $2, HA_KEY_ALG_UNDEF)) MYSQL_YYABORT; - lex->alter_info.key_list.push_back(key); - - lex->col_list.empty(); /* Alloced by sql_alloc */ } | opt_constraint constraint_key_type opt_ident key_alg '(' key_list ')' key_alg { - LEX *lex=Lex; - const char *key_name= $3 ? $3:$1; - Key *key= new Key($2, key_name, $4, 0, lex->col_list); - if (key == NULL) + if (add_create_index (Lex, $2, $3 ? $3:$1, $4)) MYSQL_YYABORT; - lex->alter_info.key_list.push_back(key); - lex->col_list.empty(); /* Alloced by sql_alloc */ } | opt_constraint FOREIGN KEY_SYM opt_ident '(' key_list ')' references { @@ -3164,13 +3186,9 @@ key_def: if (key == NULL) MYSQL_YYABORT; lex->alter_info.key_list.push_back(key); - key= new Key(Key::MULTIPLE, key_name, - HA_KEY_ALG_UNDEF, 1, - lex->col_list); - if (key == NULL) + if (add_create_index (lex, Key::MULTIPLE, key_name, + HA_KEY_ALG_UNDEF, 1)) MYSQL_YYABORT; - lex->alter_info.key_list.push_back(key); - lex->col_list.empty(); /* Alloced by sql_alloc */ } | constraint opt_check_constraint { @@ -3630,7 +3648,10 @@ delete_option: key_type: key_or_index { $$= Key::MULTIPLE; } - | FULLTEXT_SYM opt_key_or_index { $$= Key::FULLTEXT; } + ; + +key_type_fulltext_or_spatial: + FULLTEXT_SYM opt_key_or_index { $$= Key::FULLTEXT; } | SPATIAL_SYM opt_key_or_index { #ifdef HAVE_SPATIAL @@ -3660,10 +3681,8 @@ keys_or_index: | INDEX_SYM {} | INDEXES {}; -opt_unique_or_fulltext: - /* empty */ { $$= Key::MULTIPLE; } - | UNIQUE_SYM { $$= Key::UNIQUE; } - | FULLTEXT_SYM { $$= Key::FULLTEXT;} +fulltext_or_spatial: + FULLTEXT_SYM { $$= Key::FULLTEXT;} | SPATIAL_SYM { #ifdef HAVE_SPATIAL @@ -3676,6 +3695,11 @@ opt_unique_or_fulltext: } ; +opt_unique: + /* empty */ { $$= Key::MULTIPLE; } + | UNIQUE_SYM { $$= Key::UNIQUE; } + ; + key_alg: /* empty */ { $$= HA_KEY_ALG_UNDEF; } | USING opt_btree_or_rtree { $$= $2; } From dcd563786c7df6d69bf2569ae9b51ca1cbcc3ec0 Mon Sep 17 00:00:00 2001 From: MySQL Build Team Date: Wed, 3 Feb 2010 16:43:18 +0100 Subject: [PATCH 18/21] Backport into build-201002030816-5.0.87sp1 > ------------------------------------------------------------ > revno: 2840 [merge] > revision-id: ramil@mysql.com-20100113101142-pda4phrsyh1rjp85 > parent: joerg@mysql.com-20100112114118-zfpofgcu0j49j839 > parent: ramil@mysql.com-20100113052045-een35iazzk8023w2 > committer: Ramil Kalimullin > branch nick: mysql-5.0-bugteam > timestamp: Wed 2010-01-13 14:11:42 +0400 > message: > Auto-merge. > ------------------------------------------------------------ > Use --include-merges or -n0 to see merged revisions. --- extra/yassl/taocrypt/include/asn.hpp | 1 + extra/yassl/taocrypt/src/asn.cpp | 123 +++++++++++++++------------ 2 files changed, 69 insertions(+), 55 deletions(-) diff --git a/extra/yassl/taocrypt/include/asn.hpp b/extra/yassl/taocrypt/include/asn.hpp index 1c1850cb47e..168b8a8c755 100644 --- a/extra/yassl/taocrypt/include/asn.hpp +++ b/extra/yassl/taocrypt/include/asn.hpp @@ -305,6 +305,7 @@ private: bool ValidateSignature(SignerList*); bool ConfirmSignature(Source&); void GetKey(); + char* AddTag(char*, const char*, const char*, word32, word32); void GetName(NameType); void GetValidity(); void GetDate(DateType); diff --git a/extra/yassl/taocrypt/src/asn.cpp b/extra/yassl/taocrypt/src/asn.cpp index 78200841bda..f87b466502e 100644 --- a/extra/yassl/taocrypt/src/asn.cpp +++ b/extra/yassl/taocrypt/src/asn.cpp @@ -652,6 +652,23 @@ word32 CertDecoder::GetDigest() } +char *CertDecoder::AddTag(char *ptr, const char *buf_end, + const char *tag_name, word32 tag_name_length, + word32 tag_value_length) +{ + if (ptr + tag_name_length + tag_value_length > buf_end) + return 0; + + memcpy(ptr, tag_name, tag_name_length); + ptr+= tag_name_length; + + memcpy(ptr, source_.get_current(), tag_value_length); + ptr+= tag_value_length; + + return ptr; +} + + // process NAME, either issuer or subject void CertDecoder::GetName(NameType nt) { @@ -659,11 +676,21 @@ void CertDecoder::GetName(NameType nt) SHA sha; word32 length = GetSequence(); // length of all distinguished names - assert (length < ASN_NAME_MAX); + + if (length >= ASN_NAME_MAX) + goto err; length += source_.get_index(); - char* ptr = (nt == ISSUER) ? issuer_ : subject_; - word32 idx = 0; + char *ptr, *buf_end; + + if (nt == ISSUER) { + ptr= issuer_; + buf_end= ptr + sizeof(issuer_) - 1; // 1 byte for trailing 0 + } + else { + ptr= subject_; + buf_end= ptr + sizeof(subject_) - 1; // 1 byte for trailing 0 + } while (source_.get_index() < length) { GetSet(); @@ -685,47 +712,36 @@ void CertDecoder::GetName(NameType nt) byte id = source_.next(); b = source_.next(); // strType word32 strLen = GetLength(source_); - bool copy = false; - if (id == COMMON_NAME) { - memcpy(&ptr[idx], "/CN=", 4); - idx += 4; - copy = true; - } - else if (id == SUR_NAME) { - memcpy(&ptr[idx], "/SN=", 4); - idx += 4; - copy = true; - } - else if (id == COUNTRY_NAME) { - memcpy(&ptr[idx], "/C=", 3); - idx += 3; - copy = true; - } - else if (id == LOCALITY_NAME) { - memcpy(&ptr[idx], "/L=", 3); - idx += 3; - copy = true; - } - else if (id == STATE_NAME) { - memcpy(&ptr[idx], "/ST=", 4); - idx += 4; - copy = true; - } - else if (id == ORG_NAME) { - memcpy(&ptr[idx], "/O=", 3); - idx += 3; - copy = true; - } - else if (id == ORGUNIT_NAME) { - memcpy(&ptr[idx], "/OU=", 4); - idx += 4; - copy = true; - } - - if (copy) { - memcpy(&ptr[idx], source_.get_current(), strLen); - idx += strLen; + switch (id) { + case COMMON_NAME: + if (!(ptr= AddTag(ptr, buf_end, "/CN=", 4, strLen))) + goto err; + break; + case SUR_NAME: + if (!(ptr= AddTag(ptr, buf_end, "/SN=", 4, strLen))) + goto err; + break; + case COUNTRY_NAME: + if (!(ptr= AddTag(ptr, buf_end, "/C=", 3, strLen))) + goto err; + break; + case LOCALITY_NAME: + if (!(ptr= AddTag(ptr, buf_end, "/L=", 3, strLen))) + goto err; + break; + case STATE_NAME: + if (!(ptr= AddTag(ptr, buf_end, "/ST=", 4, strLen))) + goto err; + break; + case ORG_NAME: + if (!(ptr= AddTag(ptr, buf_end, "/O=", 3, strLen))) + goto err; + break; + case ORGUNIT_NAME: + if (!(ptr= AddTag(ptr, buf_end, "/OU=", 4, strLen))) + goto err; + break; } sha.Update(source_.get_current(), strLen); @@ -739,23 +755,20 @@ void CertDecoder::GetName(NameType nt) source_.advance(oidSz + 1); word32 length = GetLength(source_); - if (email) { - memcpy(&ptr[idx], "/emailAddress=", 14); - idx += 14; - - memcpy(&ptr[idx], source_.get_current(), length); - idx += length; - } + if (email && !(ptr= AddTag(ptr, buf_end, "/emailAddress=", 14, length))) + goto err; source_.advance(length); } } - ptr[idx++] = 0; + *ptr= 0; - if (nt == ISSUER) - sha.Final(issuerHash_); - else - sha.Final(subjectHash_); + sha.Final(nt == ISSUER ? issuerHash_ : subjectHash_); + + return; + +err: + source_.SetError(CONTENT_E); } From 53e8dc26ef90f4170d5fd8b6c2ec30022d1b7c1a Mon Sep 17 00:00:00 2001 From: Christopher Powers Date: Thu, 25 Feb 2010 09:49:09 -0600 Subject: [PATCH 19/21] Bug #48739 MySQL crashes on specific INTERVAL in select query Fixed crash caused by x64 int/long incompatibility introduced in Bug #29125. sql/item_timefunc.cc: Fixed crash caused by int/long incompatibility on x64 systems. Changed two "uint" casts and a "long" declartion to "int" in order to ensure that the integer sign is preserved. See Bug #48739 for details. --- sql/item_timefunc.cc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sql/item_timefunc.cc b/sql/item_timefunc.cc index de76f821795..d582f26d46c 100644 --- a/sql/item_timefunc.cc +++ b/sql/item_timefunc.cc @@ -379,7 +379,7 @@ static bool extract_date_time(DATE_TIME_FORMAT *format, if (tmp - val > 6) tmp= (char*) val + 6; l_time->second_part= (int) my_strtoll10(val, &tmp, &error); - frac_part= 6 - (uint) (tmp - val); + frac_part= 6 - (int) (tmp - val); if (frac_part > 0) l_time->second_part*= (ulong) log_10_int[frac_part]; val= tmp; @@ -870,7 +870,7 @@ static bool get_interval_info(const char *str,uint length,CHARSET_INFO *cs, value= value*LL(10) + (longlong) (*str - '0'); if (transform_msec && i == count - 1) // microseconds always last { - long msec_length= 6 - (uint) (str - start); + long msec_length= 6 - (int) (str - start); if (msec_length > 0) value*= (long) log_10_int[msec_length]; } From 54639a15970c69db1f4a7ed7ad35a0d7b34ae48c Mon Sep 17 00:00:00 2001 From: Georgi Kodinov Date: Fri, 26 Feb 2010 14:49:13 +0200 Subject: [PATCH 20/21] Bug #51468: mysqld_multi is broken in 5.1.44 Fixed a syntax error in mysqld_multi.sh --- scripts/mysqld_multi.sh | 1 - 1 file changed, 1 deletion(-) diff --git a/scripts/mysqld_multi.sh b/scripts/mysqld_multi.sh index 528a1ca2e98..3d3853bcb22 100644 --- a/scripts/mysqld_multi.sh +++ b/scripts/mysqld_multi.sh @@ -71,7 +71,6 @@ sub main print "WARNING: --config-file is deprecated and will be removed\n"; print "in MySQL 5.6. Please use --defaults-extra-file instead\n"; } - } } foreach (@defaults_options) From ebaa611a49711f9232166f7d685ad7d7dc8ae059 Mon Sep 17 00:00:00 2001 From: Georgi Kodinov Date: Mon, 1 Mar 2010 10:35:14 +0200 Subject: [PATCH 21/21] tree version change --- .bzr-mysql/default.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.bzr-mysql/default.conf b/.bzr-mysql/default.conf index 557df1b1ffe..f79c1cd6319 100644 --- a/.bzr-mysql/default.conf +++ b/.bzr-mysql/default.conf @@ -1,4 +1,4 @@ [MYSQL] post_commit_to = "commits@lists.mysql.com" post_push_to = "commits@lists.mysql.com" -tree_name = "mysql-5.0-bugteam" +tree_name = "mysql-5.0"