From af660df0ef0772ed48062880f94d68c53a2da8d7 Mon Sep 17 00:00:00 2001 From: "evgen@sunlight.local" <> Date: Mon, 13 Mar 2006 21:11:15 +0300 Subject: [PATCH 1/4] Fixed bug#17366: Unchecked Item_int results in server crash When there is conjunction of conds, the substitute_for_best_equal_field() will call the eliminate_item_equal() function in loop to build final expression. But if eliminate_item_equal() finds that some cond will always evaluate to 0, then that cond will be substituted by Item_int with value == 0. In this case on the next iteration eliminate_item_equal() will get that Item_int and treat it as Item_cond. This is leads to memory corruption and server crash on cleanup phase. To the eliminate_item_equal() function was added DBUG_ASSERT for checking that all items treaten as Item_cond are really Item_cond. The substitute_for_best_equal_field() now checks that if eliminate_item_equal() returns Item_int and it's value is 0 then this value is returned as the result of whole conjunction. --- mysql-test/r/subselect.result | 7 +++++++ mysql-test/t/subselect.test | 7 +++++++ sql/sql_select.cc | 8 ++++++++ 3 files changed, 22 insertions(+) diff --git a/mysql-test/r/subselect.result b/mysql-test/r/subselect.result index 33b12c05f98..52b6be063b8 100644 --- a/mysql-test/r/subselect.result +++ b/mysql-test/r/subselect.result @@ -3157,3 +3157,10 @@ id select_type table type possible_keys key key_len ref rows Extra 1 PRIMARY t1 ALL NULL NULL NULL NULL 9 Using where 2 DEPENDENT SUBQUERY t1 index NULL a 8 NULL 9 Using filesort DROP TABLE t1; +create table t1( f1 int,f2 int); +insert into t1 values (1,1),(2,2); +select tt.t from (select 'crash1' as t, f2 from t1) as tt left join t1 on tt.t = 'crash2' and tt.f2 = t1.f2 where tt.t = 'crash1'; +t +crash1 +crash1 +drop table t1; diff --git a/mysql-test/t/subselect.test b/mysql-test/t/subselect.test index 9e09b215951..0ab8c2892e4 100644 --- a/mysql-test/t/subselect.test +++ b/mysql-test/t/subselect.test @@ -2073,3 +2073,10 @@ SELECT * FROM t1 WHERE (a,b) = ANY (SELECT a, max(b) FROM t1 GROUP BY a); DROP TABLE t1; +# +# Bug#17366: Unchecked Item_int results in server crash +# +create table t1( f1 int,f2 int); +insert into t1 values (1,1),(2,2); +select tt.t from (select 'crash1' as t, f2 from t1) as tt left join t1 on tt.t = 'crash2' and tt.f2 = t1.f2 where tt.t = 'crash1'; +drop table t1; diff --git a/sql/sql_select.cc b/sql/sql_select.cc index 768ae7bf71f..24811b55b0b 100644 --- a/sql/sql_select.cc +++ b/sql/sql_select.cc @@ -7066,7 +7066,10 @@ static Item *eliminate_item_equal(COND *cond, COND_EQUAL *upper_levels, if (!cond) cond= new Item_cond_and(eq_list); else + { + DBUG_ASSERT(cond->type() == Item::COND_ITEM); ((Item_cond *) cond)->add_at_head(&eq_list); + } cond->quick_fix_field(); cond->update_used_tables(); @@ -7151,6 +7154,11 @@ static COND* substitute_for_best_equal_field(COND *cond, while ((item_equal= it++)) { cond= eliminate_item_equal(cond, cond_equal->upper_levels, item_equal); + // This occurs when eliminate_item_equal() founds that cond is + // always false and substitues it with Item_int 0. + // Due to this, value of item_equal will be 0, so just return it. + if (cond->type() != Item::ITEM_COND) + break; } } } From 42a3ff3f99c0e7851697420834edb2dc9e74a3ba Mon Sep 17 00:00:00 2001 From: "msvensson@shellback.(none)" <> Date: Tue, 14 Mar 2006 14:51:48 +0100 Subject: [PATCH 2/4] Bug#18195 MySQL on Windows not built with YaSSL correctly - Add HAVE_OPENSSL and HAVE_YASSL to config-win.h --- include/config-win.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/include/config-win.h b/include/config-win.h index cccd660efec..6dbfae1716e 100644 --- a/include/config-win.h +++ b/include/config-win.h @@ -413,8 +413,8 @@ inline double ulonglong2double(ulonglong value) #define HAVE_SPATIAL 1 #define HAVE_RTREE_KEYS 1 -/* #undef HAVE_OPENSSL */ -/* #undef HAVE_YASSL */ +#define HAVE_OPENSSL 1 +#define HAVE_YASSL 1 /* Define charsets you want */ /* #undef HAVE_CHARSET_armscii8 */ From a152cac2e7d783f759698133e39bdf2c0707e93e Mon Sep 17 00:00:00 2001 From: "evgen@sunlight.local" <> Date: Tue, 14 Mar 2006 18:49:37 +0300 Subject: [PATCH 3/4] sql_select.cc: Afterfix for bug#17366: Unchecked Item_int results in server crash --- sql/sql_select.cc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sql/sql_select.cc b/sql/sql_select.cc index 24811b55b0b..6e530b58d74 100644 --- a/sql/sql_select.cc +++ b/sql/sql_select.cc @@ -7157,7 +7157,7 @@ static COND* substitute_for_best_equal_field(COND *cond, // This occurs when eliminate_item_equal() founds that cond is // always false and substitues it with Item_int 0. // Due to this, value of item_equal will be 0, so just return it. - if (cond->type() != Item::ITEM_COND) + if (cond->type() != Item::COND_ITEM) break; } } From 63fb6609daf619ca437cd80a614d1bf9024a86a9 Mon Sep 17 00:00:00 2001 From: "acurtis@xiphis.org" <> Date: Thu, 16 Mar 2006 00:15:23 -0800 Subject: [PATCH 4/4] =?UTF-8?q?Bug#14575=20=20=20=C2=A8MySQL=20server=20cr?= =?UTF-8?q?ashes=20if=20you=20try=20to=20access=20to=20InnoDB=20table?= =?UTF-8?q?=C2=A8=20=20=20crash=20caused=20by=20schizophrenic=20mysqld=20-?= =?UTF-8?q?=202=20memory=20locations=20for=20logically=20same=20function?= =?UTF-8?q?=20=20=20with=20conflicting=20values.=20=20=20Fixed=20by=20back?= =?UTF-8?q?porting=20from=205.1=20changes=20to=20have=5Fxyz=5Fdb=20declara?= =?UTF-8?q?tions.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- sql/mysql_priv.h | 49 ++++++++++++++++++++++++++++++++++++++++++++++-- sql/mysqld.cc | 29 ++++++++++++++++++++++++---- 2 files changed, 72 insertions(+), 6 deletions(-) diff --git a/sql/mysql_priv.h b/sql/mysql_priv.h index 68679cf79dc..32262b3afb2 100644 --- a/sql/mysql_priv.h +++ b/sql/mysql_priv.h @@ -1243,11 +1243,56 @@ extern const LEX_STRING view_type; /* optional things, have_* variables */ -extern SHOW_COMP_OPTION have_isam, have_innodb, have_berkeley_db; -extern SHOW_COMP_OPTION have_example_db, have_archive_db, have_csv_db; +#ifdef HAVE_INNOBASE_DB +extern handlerton innobase_hton; +#define have_innodb innobase_hton.state +#else +extern SHOW_COMP_OPTION have_innodb; +#endif +#ifdef HAVE_BERKELEY_DB +extern handlerton berkeley_hton; +#define have_berkeley_db berkeley_hton.state +#else +extern SHOW_COMP_OPTION have_berkeley_db; +#endif +#ifdef HAVE_EXAMPLE_DB +extern handlerton example_hton; +#define have_example_db example_hton.state +#else +extern SHOW_COMP_OPTION have_example_db; +#endif +#ifdef HAVE_ARCHIVE_DB +extern handlerton archive_hton; +#define have_archive_db archive_hton.state +#else +extern SHOW_COMP_OPTION have_archive_db; +#endif +#ifdef HAVE_CSV_DB +extern handlerton tina_hton; +#define have_csv_db tina_hton.state +#else +extern SHOW_COMP_OPTION have_csv_db; +#endif +#ifdef HAVE_FEDERATED_DB +extern handlerton federated_hton; +#define have_federated_db federated_hton.state +#else extern SHOW_COMP_OPTION have_federated_db; +#endif +#ifdef HAVE_BLACKHOLE_DB +extern handlerton blackhole_hton; +#define have_blackhole_db blackhole_hton.state +#else extern SHOW_COMP_OPTION have_blackhole_db; +#endif +#ifdef HAVE_NDBCLUSTER_DB +extern handlerton ndbcluster_hton; +#define have_ndbcluster ndbcluster_hton.state +#else extern SHOW_COMP_OPTION have_ndbcluster; +#endif + +extern SHOW_COMP_OPTION have_isam; extern SHOW_COMP_OPTION have_raid, have_openssl, have_symlink; extern SHOW_COMP_OPTION have_query_cache; extern SHOW_COMP_OPTION have_geometry, have_rtree_keys; diff --git a/sql/mysqld.cc b/sql/mysqld.cc index a6304d4a30e..e9ff220a6a1 100644 --- a/sql/mysqld.cc +++ b/sql/mysqld.cc @@ -472,13 +472,10 @@ CHARSET_INFO *system_charset_info, *files_charset_info ; CHARSET_INFO *national_charset_info, *table_alias_charset; CHARSET_INFO *character_set_filesystem; -SHOW_COMP_OPTION have_berkeley_db, have_innodb, have_isam, have_ndbcluster, - have_example_db, have_archive_db, have_csv_db; -SHOW_COMP_OPTION have_federated_db; +SHOW_COMP_OPTION have_isam; SHOW_COMP_OPTION have_raid, have_openssl, have_symlink, have_query_cache; SHOW_COMP_OPTION have_geometry, have_rtree_keys; SHOW_COMP_OPTION have_crypt, have_compress; -SHOW_COMP_OPTION have_blackhole_db; /* Thread specific variables */ @@ -7396,6 +7393,30 @@ static void create_pid_file() } +/***************************************************************************** + Instantiate have_xyx for missing storage engines +*****************************************************************************/ +#undef have_berkeley_db +#undef have_innodb +#undef have_ndbcluster +#undef have_example_db +#undef have_archive_db +#undef have_csv_db +#undef have_federated_db +#undef have_partition_db +#undef have_blackhole_db + +SHOW_COMP_OPTION have_berkeley_db= SHOW_OPTION_NO; +SHOW_COMP_OPTION have_innodb= SHOW_OPTION_NO; +SHOW_COMP_OPTION have_ndbcluster= SHOW_OPTION_NO; +SHOW_COMP_OPTION have_example_db= SHOW_OPTION_NO; +SHOW_COMP_OPTION have_archive_db= SHOW_OPTION_NO; +SHOW_COMP_OPTION have_csv_db= SHOW_OPTION_NO; +SHOW_COMP_OPTION have_federated_db= SHOW_OPTION_NO; +SHOW_COMP_OPTION have_partition_db= SHOW_OPTION_NO; +SHOW_COMP_OPTION have_blackhole_db= SHOW_OPTION_NO; + + /***************************************************************************** Instantiate templates *****************************************************************************/