From 4c02004da9ca0037731338c0fdd3fae8853de459 Mon Sep 17 00:00:00 2001
From: "igor@olga.mysql.com" <>
Date: Wed, 4 Jul 2007 21:12:07 -0700
Subject: [PATCH 1/3] Fixed bug #29392. This bug may manifest itself for select
 queries over a multi-table view that includes an ORDER BY clause in its
 definition. If the select list of the query contains references to the same
 view column with different aliases the names of the columns in the result
 output will be nevertheless the same, coinciding with one of the alias.

The bug happened because the method Item_ref::get_tmp_table_item that
was inherited by the class Item_direct_view_ref ignored the fact that
the name of the view column reference must be inherited by the fields
of the temporary table that was created in order to get the result rows
sorted.
---
 mysql-test/r/view.result | 47 ++++++++++++++++++++++++++++++++++
 mysql-test/t/view.test   | 55 ++++++++++++++++++++++++++++++++++++++++
 sql/item.h               |  6 +++++
 3 files changed, 108 insertions(+)

diff --git a/mysql-test/r/view.result b/mysql-test/r/view.result
index 9adb3f96142..c51a4c30960 100644
--- a/mysql-test/r/view.result
+++ b/mysql-test/r/view.result
@@ -3500,4 +3500,51 @@ id	select_type	table	type	possible_keys	key	key_len	ref	rows	Extra
 1	SIMPLE	t1	ALL	NULL	NULL	NULL	NULL	4	Using where
 DROP VIEW v1;
 DROP TABLE t1;
+CREATE TABLE t1 (
+person_id int NOT NULL PRIMARY KEY,
+username varchar(40) default NULL,
+status_flg char(1) NOT NULL default 'A'
+);
+CREATE TABLE t2 (
+person_role_id int NOT NULL auto_increment PRIMARY KEY,
+role_id int NOT NULL,
+person_id int NOT NULL,
+INDEX idx_person_id (person_id),
+INDEX idx_role_id (role_id)
+);
+CREATE TABLE t3 (
+role_id int NOT NULL auto_increment PRIMARY KEY,
+role_name varchar(100) default NULL,
+app_name varchar(40) NOT NULL,
+INDEX idx_app_name(app_name)
+);
+CREATE VIEW v1 AS 
+SELECT profile.person_id AS person_id
+FROM t1 profile, t2 userrole, t3 role
+WHERE userrole.person_id = profile.person_id AND
+role.role_id = userrole.role_id AND
+profile.status_flg = 'A'
+  ORDER BY profile.person_id,role.app_name,role.role_name;
+INSERT INTO  t1 VALUES
+(6,'Sw','A'), (-1136332546,'ols','e'), (0,'    *\n','0'),
+(-717462680,'ENTS Ta','0'), (-904346964,'ndard SQL\n','0');
+INSERT INTO t2 VALUES
+(1,3,6),(2,4,7),(3,5,8),(4,6,9),(5,1,6),(6,1,7),(7,1,8),(8,1,9),(9,1,10);
+INSERT INTO t3 VALUES 
+(1,'NUCANS_APP_USER','NUCANSAPP'),(2,'NUCANS_TRGAPP_USER','NUCANSAPP'),
+(3,'IA_INTAKE_COORDINATOR','IACANS'),(4,'IA_SCREENER','IACANS'),
+(5,'IA_SUPERVISOR','IACANS'),(6,'IA_READONLY','IACANS'),
+(7,'SOC_USER','SOCCANS'),(8,'CAYIT_USER','CAYITCANS'),
+(9,'RTOS_DCFSPOS_SUPERVISOR','RTOS');
+EXPLAIN SELECT t.person_id AS a, t.person_id AS b FROM v1 t WHERE t.person_id=6;
+id	select_type	table	type	possible_keys	key	key_len	ref	rows	Extra
+1	SIMPLE	profile	const	PRIMARY	PRIMARY	4	const	1	Using temporary; Using filesort
+1	SIMPLE	userrole	ref	idx_person_id,idx_role_id	idx_person_id	4	const	2	
+1	SIMPLE	role	eq_ref	PRIMARY	PRIMARY	4	test.userrole.role_id	1	
+SELECT t.person_id AS a, t.person_id AS b FROM v1 t WHERE t.person_id=6;
+a	b
+6	6
+6	6
+DROP VIEW v1;
+DROP TABLE t1,t2,t3;
 End of 5.0 tests.
diff --git a/mysql-test/t/view.test b/mysql-test/t/view.test
index f670ac8a49d..c7f722a18a5 100644
--- a/mysql-test/t/view.test
+++ b/mysql-test/t/view.test
@@ -3348,4 +3348,59 @@ EXPLAIN SELECT a, SUM(b) FROM v1 WHERE a=1 GROUP BY a;
 DROP VIEW v1;
 DROP TABLE t1;
 
+#
+# Bug #29392: SELECT over a multi-table view with ORDER BY  
+#             selecting the same view column with two different aliases  
+#
+
+CREATE TABLE t1 (
+  person_id int NOT NULL PRIMARY KEY,
+  username varchar(40) default NULL,
+  status_flg char(1) NOT NULL default 'A'
+);
+
+CREATE TABLE t2 (
+  person_role_id int NOT NULL auto_increment PRIMARY KEY,
+  role_id int NOT NULL,
+  person_id int NOT NULL,
+  INDEX idx_person_id (person_id),
+  INDEX idx_role_id (role_id)
+);
+
+CREATE TABLE t3 (
+  role_id int NOT NULL auto_increment PRIMARY KEY,
+  role_name varchar(100) default NULL,
+  app_name varchar(40) NOT NULL,
+  INDEX idx_app_name(app_name)
+);
+
+CREATE VIEW v1 AS 
+SELECT profile.person_id AS person_id
+  FROM t1 profile, t2 userrole, t3 role
+    WHERE userrole.person_id = profile.person_id AND
+          role.role_id = userrole.role_id AND
+          profile.status_flg = 'A'
+  ORDER BY profile.person_id,role.app_name,role.role_name;
+
+INSERT INTO  t1 VALUES
+ (6,'Sw','A'), (-1136332546,'ols','e'), (0,'    *\n','0'),
+ (-717462680,'ENTS Ta','0'), (-904346964,'ndard SQL\n','0');
+
+INSERT INTO t2 VALUES
+  (1,3,6),(2,4,7),(3,5,8),(4,6,9),(5,1,6),(6,1,7),(7,1,8),(8,1,9),(9,1,10);
+
+INSERT INTO t3 VALUES 
+  (1,'NUCANS_APP_USER','NUCANSAPP'),(2,'NUCANS_TRGAPP_USER','NUCANSAPP'),
+  (3,'IA_INTAKE_COORDINATOR','IACANS'),(4,'IA_SCREENER','IACANS'),
+  (5,'IA_SUPERVISOR','IACANS'),(6,'IA_READONLY','IACANS'),
+  (7,'SOC_USER','SOCCANS'),(8,'CAYIT_USER','CAYITCANS'),
+  (9,'RTOS_DCFSPOS_SUPERVISOR','RTOS');
+ 
+EXPLAIN SELECT t.person_id AS a, t.person_id AS b FROM v1 t WHERE t.person_id=6;
+SELECT t.person_id AS a, t.person_id AS b FROM v1 t WHERE t.person_id=6;
+
+DROP VIEW v1;
+DROP TABLE t1,t2,t3;
+
 --echo End of 5.0 tests.
+
diff --git a/sql/item.h b/sql/item.h
index 3478095351a..a880f86f601 100644
--- a/sql/item.h
+++ b/sql/item.h
@@ -1983,6 +1983,12 @@ public:
 
   bool fix_fields(THD *, Item **);
   bool eq(const Item *item, bool binary_cmp) const;
+  Item *get_tmp_table_item(THD *thd)
+  {
+    Item *item= Item_ref::get_tmp_table_item(thd);
+    item->name= name;
+    return item;
+  }
   virtual Ref_Type ref_type() { return VIEW_REF; }
 };
 

From 1532452a00e49a71880707f4ae279d19aab14724 Mon Sep 17 00:00:00 2001
From: "gkodinov/kgeorge@magare.gmz" <>
Date: Thu, 5 Jul 2007 18:24:48 +0300
Subject: [PATCH 2/3] Bug #29166: AsText() needs to know the maximum number of
 characters a IEEE double precision value can occupy to make sure there's
 enough buffer space. The number was too small to hold all possible values and
 this caused buffer overruns. Fixed by correcting the calculation of the
 maximum digits in a string representation of an IEEE double precision value
 as printed by String::qs_append(double).

---
 mysql-test/r/gis.result |  3 +++
 mysql-test/t/gis.test   | 20 ++++++++++++++++++++
 sql/spatial.cc          | 23 ++++++++++++++++++++++-
 3 files changed, 45 insertions(+), 1 deletion(-)

diff --git a/mysql-test/r/gis.result b/mysql-test/r/gis.result
index d1f292cda0c..edf017f24d4 100644
--- a/mysql-test/r/gis.result
+++ b/mysql-test/r/gis.result
@@ -885,4 +885,7 @@ AsText(a)
 POINT(1 1)
 LINESTRING(0 0,1 1,2 2)
 drop table t1, t2;
+SELECT 1;
+1
+1
 End of 5.0 tests
diff --git a/mysql-test/t/gis.test b/mysql-test/t/gis.test
index 95ccc6272e2..79743a0b8f4 100644
--- a/mysql-test/t/gis.test
+++ b/mysql-test/t/gis.test
@@ -570,4 +570,24 @@ create table t2 as select f2 as a from t1 union select f3 from t1;
 desc t2;
 select AsText(a) from t2; 
 drop table t1, t2;
+
+#
+# Bug #29166: MYsql crash when query is run
+#
+
+# The test query itself is not logged : too large output.
+# The real test is the second query : see if the first hasn't crashed the
+# server
+--disable_query_log
+--disable_result_log
+SELECT AsText(GeometryFromText(CONCAT(
+  'MULTIPOLYGON(((',
+  REPEAT ('-0.00000000001234567890123456789012 -0.123456789012345678,', 1000),
+  '-0.00000000001234567890123456789012 -0.123456789012345678',
+  ')))'
+))) AS a;
+--enable_result_log
+--enable_query_log
+SELECT 1;
+
 --echo End of 5.0 tests
diff --git a/sql/spatial.cc b/sql/spatial.cc
index 939e7d2a3b4..69d0c15748a 100644
--- a/sql/spatial.cc
+++ b/sql/spatial.cc
@@ -17,7 +17,28 @@
 
 #ifdef HAVE_SPATIAL
 
-#define MAX_DIGITS_IN_DOUBLE 16
+/* 
+  exponential notation :
+  1   sign
+  1   number before the decimal point
+  1   decimal point
+  14  number of significant digits (see String::qs_append(double))
+  1   'e' sign
+  1   exponent sign
+  3   exponent digits
+  ==
+  22
+
+  "f" notation :
+  1   optional 0
+  1   sign
+  14  number significant digits (see String::qs_append(double) )
+  1   decimal point
+  ==
+  17
+*/
+
+#define MAX_DIGITS_IN_DOUBLE 22
 
 /***************************** Gis_class_info *******************************/
 

From c33f4d3d85fdbedd21e9b9830341b7e3e3434151 Mon Sep 17 00:00:00 2001
From: "gshchepa/uchum@gleb.loc" <>
Date: Fri, 6 Jul 2007 03:43:23 +0500
Subject: [PATCH 3/3] Fixed bug #29442. The SELECT INTO OUTFILE FIELDS ENCLOSED
 BY digit or minus sign, followed by the same LOAD DATA INFILE statement, used
 wrond encoding of non-string fields contained the enclosed character in their
 text representation.

Example:
  SELECT 15, 9 INTO OUTFILE 'text' FIELDS ENCLOSED BY '5';

Old encoded result in the text file:
  5155 595
         ^ was decoded as the 1st enclosing character of the 2nd field;
        ^ was skipped as garbage;
  ^    ^ was decoded as a pair of englosing characters of the 1st field;
      ^   was decoded as traling space of the first field;
    ^^ was decoded as a doubled enclosed character.

New encoded result in the text file:
  51\55 595
  ^   ^ pair of enclosing characters of the 1st field;
    ^^ escaped enclosed character.
---
 mysql-test/r/loaddata.result | 14 ++++++++++++++
 mysql-test/t/loaddata.test   | 25 +++++++++++++++++++++++++
 sql/sql_class.cc             |  4 +++-
 sql/sql_class.h              | 12 ++++++++++++
 4 files changed, 54 insertions(+), 1 deletion(-)

diff --git a/mysql-test/r/loaddata.result b/mysql-test/r/loaddata.result
index 031aa5c700c..7fff2700779 100644
--- a/mysql-test/r/loaddata.result
+++ b/mysql-test/r/loaddata.result
@@ -238,3 +238,17 @@ f1
 1
 2
 drop table t1,t2;
+CREATE TABLE t1 (c1 INT, c2 TIMESTAMP, c3 REAL, c4 DOUBLE);
+INSERT INTO t1 (c1, c2, c3, c4) VALUES (10, '1970-02-01 01:02:03', 1.1E-100, 1.1E+100);
+SELECT * FROM t1;
+c1	c2	c3	c4
+10	1970-02-01 01:02:03	1.1e-100	1.1e+100
+SELECT * INTO OUTFILE 'MYSQLTEST_VARDIR/tmp/t1' FIELDS ENCLOSED BY '-' FROM t1;
+-10-	-1970\-02\-01 01:02:03-	-1.1e\-100-	-1.1e+100-
+EOF
+TRUNCATE t1;
+LOAD DATA INFILE 'MYSQLTEST_VARDIR/tmp/t1' INTO TABLE t1 FIELDS ENCLOSED BY '-';
+SELECT * FROM t1;
+c1	c2	c3	c4
+10	1970-02-01 01:02:03	1.1e-100	1.1e+100
+DROP TABLE t1;
diff --git a/mysql-test/t/loaddata.test b/mysql-test/t/loaddata.test
index cdd3bb80b6e..260e760e7b3 100644
--- a/mysql-test/t/loaddata.test
+++ b/mysql-test/t/loaddata.test
@@ -213,4 +213,29 @@ select f1 from t1 where f2 <> '0000-00-00 00:00:00' order by f1;
 --exec rm $MYSQLTEST_VARDIR/tmp/t2
 drop table t1,t2;
 
+#
+# Bug#29442: SELECT INTO OUTFILE FIELDS ENCLOSED BY digit, minus sign etc
+#            corrupts non-string fields containing this character.
+#
+
+CREATE TABLE t1 (c1 INT, c2 TIMESTAMP, c3 REAL, c4 DOUBLE);
+
+INSERT INTO t1 (c1, c2, c3, c4) VALUES (10, '1970-02-01 01:02:03', 1.1E-100, 1.1E+100);
+SELECT * FROM t1;
+
+--exec rm -f $MYSQLTEST_VARDIR/tmp/t1
+--replace_result $MYSQLTEST_VARDIR MYSQLTEST_VARDIR
+eval SELECT * INTO OUTFILE '$MYSQLTEST_VARDIR/tmp/t1' FIELDS ENCLOSED BY '-' FROM t1;
+--exec cat $MYSQLTEST_VARDIR/tmp/t1
+--exec echo EOF
+
+TRUNCATE t1;
+
+--replace_result $MYSQLTEST_VARDIR MYSQLTEST_VARDIR
+eval LOAD DATA INFILE '$MYSQLTEST_VARDIR/tmp/t1' INTO TABLE t1 FIELDS ENCLOSED BY '-';
+SELECT * FROM t1;
+
+--exec rm $MYSQLTEST_VARDIR/tmp/t1
+DROP TABLE t1;
+
 # End of 5.0 tests
diff --git a/sql/sql_class.cc b/sql/sql_class.cc
index 117c20352ce..036ba217a9b 100644
--- a/sql/sql_class.cc
+++ b/sql/sql_class.cc
@@ -1210,6 +1210,7 @@ select_export::prepare(List<Item> &list, SELECT_LEX_UNIT *u)
 		   field_term_length ? (*exchange->field_term)[0] : INT_MAX);
   escape_char=	(exchange->escaped->length() ? (*exchange->escaped)[0] : -1);
   is_ambiguous_field_sep= test(strchr(ESCAPE_CHARS, field_sep_char));
+  is_unsafe_field_sep= test(strchr(NUMERIC_CHARS, field_sep_char));
   line_sep_char= (exchange->line_term->length() ?
 		  (*exchange->line_term)[0] : INT_MAX);
   if (!field_term_length)
@@ -1284,7 +1285,8 @@ bool select_export::send_data(List<Item> &items)
 	used_length=min(res->length(),item->max_length);
       else
 	used_length=res->length();
-      if (result_type == STRING_RESULT && escape_char != -1)
+      if ((result_type == STRING_RESULT || is_unsafe_field_sep) &&
+           escape_char != -1)
       {
         char *pos, *start, *end;
         CHARSET_INFO *res_charset= res->charset();
diff --git a/sql/sql_class.h b/sql/sql_class.h
index 23c499aea07..a5cbc21684f 100644
--- a/sql/sql_class.h
+++ b/sql/sql_class.h
@@ -1929,6 +1929,12 @@ public:
 #define ESCAPE_CHARS "ntrb0ZN" // keep synchronous with READ_INFO::unescape
 
 
+/*
+ List of all possible characters of a numeric value text representation.
+*/
+#define NUMERIC_CHARS ".0123456789e+-"
+
+
 class select_export :public select_to_file {
   uint field_term_length;
   int field_sep_char,escape_char,line_sep_char;
@@ -1938,6 +1944,12 @@ class select_export :public select_to_file {
     (see the READ_INFO::unescape method and the ESCAPE_CHARS constant value).
   */
   bool is_ambiguous_field_sep;
+  /*
+    The is_unsafe_field_sep field is true if a value of the field_sep_char
+    field is one of the '0'..'9', '+', '-', '.' and 'e' characters
+    (see the NUMERIC_CHARS constant value).
+  */
+  bool is_unsafe_field_sep;
   bool fixed_row_size;
 public:
   select_export(sql_exchange *ex) :select_to_file(ex) {}