mysql-test/r/filesort_debug.result:
New test case.
mysql-test/t/filesort_debug.test:
New test case.
sql/filesort.cc:
thd->killed does not imply thd->is_error(), so test for that separately.
UPDATES THE TABLE ENTRIES (formerly 55385)
BUG#11764529: MULTI UPDATE+INNODB REPORTS ER_KEY_NOT_FOUND
IF A TABLE IS UPDATED TWICE (formerly 57373)
If multiple-table update updates a row through two aliases and
the first update physically moves the row, the second update will
fail to locate the row. This results in different errors
depending on storage engine:
* MyISAM: Got error 134 from storage engine
* InnoDB: Can't find record in 'tbl'
None of these errors accurately describe the problem.
Furthermore, since MyISAM is non-transactional, the update
executed first will be performed while the second will not.
In addition, for two equal multiple-table update statements,
one could succeed and the other fail based on whether or not
the record actually moved or not. This was inconsistent.
Two update operations may physically move a row:
1) Update of a column in a clustered primary key
2) Update of a column used to calculate which partition the
row belongs to
BUG#11764529 is about case 1) above, BUG#11762751 was about case 2).
The fix for these bugs is to return with an error if multiple-table
update is about to:
a) Update a table through multiple aliases, and
b) Perform an update that may physically more the row
in at least one of these aliases
This avoids
* partial updates as described for MyISAM above,
* provides the same error message that describes the actual problem
for all SEs
* inconsistent behavior where a statement fails or succeeds based on
e.g. the partitioning algorithm of the table.
mysql-test/r/multi_update.result:
Add test for bug#57373
mysql-test/r/multi_update_innodb.result:
Add test for bug#57373
mysql-test/r/partition.result:
Add test for bug#55385
mysql-test/t/multi_update.test:
Add test for bug#57373
mysql-test/t/multi_update_innodb.test:
Add test for bug#57373
mysql-test/t/partition.test:
Add test for bug#55385
sql/handler.cc:
Translate handler error HA_ERR_RECORD_DELETED to server error
sql/share/errmsg-utf8.txt:
New error message for multi-table update where the same table is updated multiple times.
sql/sql_update.cc:
Add function unsafe_key_update()
The problem was that doing ALTER TABLE on a table which had a key
on a TEXT/BLOB column with a prefix longer than the maximum number
of characteres in this column (as per the character set), by mistake,
caused an error (Error 1170 - ER_BLOB_KEY_WITHOUT_LENGTH).
This bug not repeatable in 5.5.
This patch adds a regression test to alter_table.test and
contains no code changes.
("-") IN DATABASE NAMES IN ALTER DATABASE.
mysqldump did not quote database name in 'ALTER DATABASE'
statements in its output. This can further cause a failure
while loading if database name contains a hyphen '-'.
This happened as, while printing the 'ALTER DATABASE'
statements, the database name was not quoted.
Fixed by quoting the database name.
client/mysqldump.c:
Bug#11766310 : 59398: MYSQLDUMP 5.1 CAN'T HANDLE A DASH
("-") IN DATABASE NAMES IN ALTER DATABASE.
Modified the print statement in order to print the quoted
database name for 'ALTER DATABASE' statements.
mysql-test/r/mysqldump.result:
Added a test case for bug#11766310.
mysql-test/t/mysqldump.test:
Added a test case for bug#11766310.
The loop that was looping over subqueries' references to outer field used a
local boolean variable to tell whether the field was grouped or not. But the
implementor failed to reset the variable after each iteration. Thus a field
that was not directly aggregated appeared to be.
Fixed by resetting the variable upon each new iteration.
MONTHNAME(0) claims that it is about to return NOT NULL
value, whereas it actually returns NULL.
As a result storage_engine variable (which cannot be NULL)
protection was bypassed and NULL value was accepted, causing
server crash.
Fixed MONTHNAME(0) to report valid NULL flag.
mysql-test/r/func_time.result:
A test case for BUG#11766720.
mysql-test/t/func_time.test:
A test case for BUG#11766720.
sql/item_timefunc.cc:
MONTHNAME(0) must report NULL, as opposed to base class
MONTH(0) which is NOT NULL.
Fixed Item_func_monthname to inherit from Item_str_func
instead of Item_func_month.
sql/item_timefunc.h:
MONTHNAME(0) must report NULL, as opposed to base class
MONTH(0) which is NOT NULL.
Fixed Item_func_monthname to inherit from Item_str_func
instead of Item_func_month.
Problem:
IF() did not copy collation derivation and repertoire from
an argument if the opposite argument was NULL:
IF(cond, res1, NULL)
IF(cond, NULL, res2)
only CHARSET_INFO pointer was copied.
This resulted in illegal mix of collations error.
Fix:
copy all collation parameters from the non-NULL argument:
CHARSET_INFO pointer, derivation, repertoire.
memory reference
There are two issues present here.
1) There is a possibility that we test a byte beyond the
allocated buffer
2) We compare a byte that might never have been
initalized to see if it's 0.
The first issue is not triggered by existing code, but an
ASSERT has been added to safe-guard against introducing
new code that triggers it.
The second issue is what triggers the Valgrind warnings
reported in the bug report. A buffer is allocated in
class String to hold the value. This buffer is populated
by the character data constituting the string, but is not
zero-terminated in most cases. Testing if it is indeed
zero-terminated means that we check a byte that has never
been explicitly set, thus causing Valgrind to trigger.
Note that issue 2 is not a serious problem. The variable
is read, and if it's not zero, we will set it to zero.
There are no further consequences.
Note that this patch does not fix the underlying problems
with issue 1, as it is deemed too risky to fix at this
point (as noted in the bug report). As discussed in
the report, the c_ptr() method should probably be
replaced, but this requires a thorough analysis of the
~200 calls to the method.
sql/set_var.cc:
These two cases have been reported to fail
with Valgrind.
Removes SHOW NEW MASTER statement and all related code.
Also removes the unused function update_slave_list from repl_failsafe.cc.
mysql-test/r/signal_code.result:
Updated result file.
The output of SHOW PROCEDURE CODE has changed, because the numerical values
of some SQLCOM_ commands have changes. This is not a problem, because
SHOW PROCEDURE CODE only exists in debug builds and the numerical values of
SQLCOM_ constants are not exposed elsewhere.
mysql-test/r/sp-code.result:
Updated result file.
The output of SHOW PROCEDURE CODE has changed, because the numerical values
of some SQLCOM_ commands have changes. This is not a problem, because
SHOW PROCEDURE CODE only exists in debug builds and the numerical values of
SQLCOM_ constants are not exposed elsewhere.
sql/mysqld.cc:
Remove SQLCOM_SHOW_NEW_MASTER.
sql/repl_failsafe.cc:
Remove show_new_master, which was only used by the removed SHOW NEW MASTER statement.
Remove translate_master, which was only used by show_new_master.
Remove find_slave_event, which was only used by translate_master.
Remove find_target_pos, which was only used by translate_master.
Remove cmp_master_pos, which was only used by translate_master.
Remove update_slave_list, which was not used at all.
sql/repl_failsafe.h:
Remove declarations of functions removed by this patch:
update_slave_list, show_new_master, translate_master, update_slave_list
Remove declarations of functions that did not exist before this patch:
handle_failsafe_rpl, load_master_data
Remove declaration of function that is static in slave.cc:
connect_to_master
sql/sp_head.cc:
Removed SQLCOM_SHOW_NEW_MASTER
sql/sql_lex.h:
Removed SQLCOM_SHOW_NEW_MASTER
sql/sql_parse.cc:
Removed SQLCOM_SHOW_NEW_MASTER
sql/sql_repl.cc:
Removed cmp_master_pos(char*,ulonglong,char*,ulonglong), which was
only used by cmp_master_pos*Slave_log_event* sev, LEX_MASTER_INFO* mi) in repl_failsafe.cc,
which has been removed.
sql/sql_repl.h:
removed cmp_master_pos
sql/sql_yacc.yy:
removed syntax SHOW NEW MASTER.
attempt to create spatial index on char > 31 bytes".
Attempt to create spatial index on char field with length
greater than 31 byte led to assertion failure on server
compiled with safemutex support.
The problem occurred in mi_create() function which was called
to create a new version of table being altered. This function
failed since it detected an attempt to create a spatial key
on non-binary column and tried to return an error.
On its error path it tried to unlock THR_LOCK_myisam mutex
which has not been not locked at this point. Indeed such an
incorrect behavior was caught by safemutex wrapper and caused
assertion failure.
This patch fixes the problem by ensuring that mi_create()
doesn't releases THR_LOCK_myisam mutex on error path if it was
not acquired.
mysql-test/r/gis.result:
Added test for bug @59888 "debug assertion when attempt to
create spatial index on char > 31 bytes".
mysql-test/t/gis.test:
Added test for bug @59888 "debug assertion when attempt to
create spatial index on char > 31 bytes".
storage/myisam/mi_create.c:
Changed mi_create() not to release THR_LOCK_myisam mutex on
error path if it was not acquired.
Assert in Diagnostics_area::set_ok_status() for XA COMMIT
This assert was triggered if XA COMMIT was issued when an XA transaction
already had encountered an error (e.g. a deadlock) which required
the XA transaction to be rolled back.
In general, the assert is triggered if a statement tries to send OK to
the client when an error has already been reported. It was triggered
in this case because the trans_xa_commit() function first reported an
error, then rolled back the transaction and finally returned FALSE,
indicating success. Since trans_xa_commit() reported success,
mysql_execute_command() tried to report OK, triggering the assert.
This patch fixes the problem by fixing trans_xa_commit() to return TRUE
if it encounters an error that requires rollback, even if the rollback
itself is successful.
Test case added to xa.test.
With this change, there will be new files "INFO_SRC"
and "INFO_BIN", which describe the source and the
binaries.
They will be contained in all packages:
- in "tar.gz" and derived packages, in "docs/",
- in RPMs, in "/usr/share/doc/packages/MySQL-server".
"INFO_SRC" is also part of a source tarball.
It gives the version as exact as possible, preferably
by calling "bzr version-info" on the source tree.
If that is not possible, it just contains the three
level version number.
"INFO_BIN" contains some info when and where the
binaries were built, the options given to the compiler,
and the flags controlling the included features.
The tests (test "mysql" in the main suite) are extended
to verify the existence of both "INFO_SRC" and "INFO_BIN",
as well as some of the expected contents.
CMakeLists.txt:
For the new files describing the source and the build
("INFO_SRC" and "INFO_BIN"), we need a new file
"cmake/info_macros.cmake.in" with the build rules.
1) This file must be configured with the current variables.
2) "INFO_SRC" can be created during the cmake phase,
but this should be repeated with each "make" to
protect against a developer doing only "make" after
a "bzr pull" (or "bzr commit").
So have it both as a cmake rule and as a custom target.
3) "INFO_BIN" must be created during the make phase
only, because it contains information from files
which will be written at the end of the cmake phase only.
Therefore, it must be a custom target which is included
in all "make" targets.
4) The resulting "INFO_*" files must be included in packages.
cmake/info_bin.cmake:
This is the file to create "INFO_BIN",
by calling the "CREATE_INFO_BIN()" macro.
It must be a separate file, so that the macro
definitions can be included in other cmake scripts
without that file inclusion causing a side effect,
the macro call.
That call would modify the source tree which should
be trated read-only.
cmake/info_macros.cmake.in:
This new file contains the macros to create the
"INFO_*" files during various steps of the build,
the calls will be at other places.
1) For source: If running from a BZR tree, always create
(update) "INFO_SRC" by running "bzr version-info".
Outside a BZR tree, try to take it from exported
sources, and create it only if missing, in that
case put the three level version number into it.
2) "INFO_BIN" contains
- date/time and host name of the build host,
- information about the platform,
- information about the C and CXX compiler
and the options given to them (Unix only),
- the feature flags as reported by "cmake -L".
cmake/info_src.cmake:
This is the file to create "INFO_SRC",
by calling the "CREATE_INFO_SRC()" macro.
It must be a separate file, so that the macro
definitions can be included in other cmake scripts
without that file inclusion causing a side effect,
the macro call.
That call would modify the source tree which should
be trated read-only.
cmake/make_dist.cmake.in:
Create a "VERSION_src" file during "make dist".
In case it already exists from a preceding "cmake" run
or tree export (which is quite likely), a new
"make dist" must not modify it.
mysql-test/r/file_contents.result:
Result of test for bug#42969.
mysql-test/t/file_contents.test:
Perl test scriptlet for bug#42969.
support-files/mysql.spec.sh:
Add "INFO_SRC" and "INFO_BIN" to the RPM contents.
Also fix bug#59110: Memory leak of QUICK_SELECT_I allocated memory.
Includes Jørgen Lølands review comments.
Root cause of these bugs are that test_if_skip_sort_order() decided to
revert the 'skip_sort_order' descision (and use filesort) after the
query plan has been updated to reflect a 'skip' of the sort order.
This might happen in 'check_reverse_order:' if we have a
select->quick which could not be made descending by appending
a QUICK_SELECT_DESC. ().
The original 'save_quick' was then restored after the QEP has been modified,
which caused:
- An incorrect 'precomputed_group_by= TRUE' may have been set,
and not reverted, as part of the already modifified QEP (Bug#59308)
- A 'select->quick' might have been created which we fail to delete (bug#59110).
This fix is a refactorication of test_if_skip_sort_order() where all logic
related to modification of QEP (controlled by argument 'bool no_changes'), is
moved to the end of test_if_skip_sort_order(), and done after *all* 'test_if_skip'
checks has been performed - including the 'check_reverse_order:' checks.
The refactorication above contains now intentional changes to the logic which
has been moved to the end of the function.
Furthermore, a smaller part of the fix address the handling of the
select->quick objects which may already exists when we call
'test_if_skip_sort_order()' (save_quick) -and
new select->quick's created during test_if_skip_sort_order():
- Before new select->quick may be created by calling ::test_quick_select(), we
set 'select->quick= 0' to avoid that ::test_quick_select() prematurely
delete the save_quick's. (After this call we may have both a 'save_quick'
and 'select->quick')
- All returns from ::test_if_skip_sort_order() where we may have both a
'save_quick' and a 'select->quick' has been changed to goto's to the
exit points 'skiped_sort_order:' or 'need_filesort:' where we
decide which of the QUICK_SELECT's to keep, and delete the other.
handling.
The problem was that parsing of nested regular expression involved
recursive calls. Such recursion didn't take into account the amount of
available stack space, which ended up leading to stack overflow crashes.
mysql-test/t/not_embedded_server.test:
Added test for bug#58026.
regex/my_regex.h:
added pointer to function as last argument of my_regex_init() for check
enough memory in stack.
regex/regcomp.c:
p_ere() was modified: added call to function for check enough memory
in stack. Function for check available stack space specified by
global variable my_regex_enough_mem_in_stack. This variable set to
NULL for embedded mysqld and to a pointer to function
check_enough_stack_size otherwise.
regex/reginit.c:
my_regex_init was modified: pass a pointer to a function for check
enough memory in stack space. Reset this pointer to NULL in my_regex_end.
sql/mysqld.cc:
Added function check_enough_stack_size() for check enough memory in stack.
Passed this function as second argument to my_regex_init. For embedded
mysqld passed NULL as second argument.
Bug #55755 : Date STD variable signness breaks server on FreeBSD and OpenBSD
* Added a check to configure on the size of time_t
* Created a macro to check for a valid time_t that is safe to use with datetime
functions and store in TIMESTAMP columns.
* Used the macro consistently instead of the ad-hoc checks introduced by 52315
* Fixed compliation warnings on platforms where the size of time_t is smaller than
the size of a long (e.g. OpenBSD 4.8 64 amd64).
Bug #52315: utc_date() crashes when system time > year 2037
* Added a correct check for the timestamp range instead of just variable size check to
SET TIMESTAMP.
* Added overflow checking before converting to time_t.
* Using a correct localized error message in this case instead of the generic error.
* Added a test suite.
* fixed the checks so that they check for unsigned time_t as well. Used the checks
consistently across the source code.
* fixed the original test case to expect the new error code.
primary_key_no == 0".
Attempt to create InnoDB table with non-nullable column of
geometry type having an unique key with length 12 on it and
with some other candidate key led to server crash due to
assertion failure in both non-debug and debug builds.
The problem was that such a non-candidate key could have
been sorted as the first key in table/.FRM, before any legit
candidate keys. This resulted in assertion failure in InnoDB
engine which assumes that primary key should either be the
first key in table/.FRM or should not exist at all.
The reason behind such an incorrect sorting was an wrong
value of Create_field::key_length member for geometry field
(which was set to its pack_length == 12) which confused code
in mysql_prepare_create_table(), so it would skip marking
such key as a key with partial segments.
This patch fixes the problem by ensuring that this member
gets the same value of Create_field::key_length member as
for other blob fields (from which geometry field class is
inherited), and as result unique keys on geometry fields
are correctly marked as having partial segments.
mysql-test/include/gis_keys.inc:
Added test case for bug #58650 "Failing assertion:
primary_key_no == -1 || primary_key_no == 0".
mysql-test/r/gis.result:
Added test case for bug #58650 "Failing assertion:
primary_key_no == -1 || primary_key_no == 0".
mysql-test/suite/innodb/r/innodb_gis.result:
Added test case for bug #58650 "Failing assertion:
primary_key_no == -1 || primary_key_no == 0".
mysql-test/suite/innodb_plugin/r/innodb_gis.result:
Added test case for bug #58650 "Failing assertion:
primary_key_no == -1 || primary_key_no == 0".
sql/field.cc:
Changed Create_field::create_length_to_internal_length() to
correctly set Create_field::key_length member for geometry
fields. Similar to the blob types key_length for such fields
should be the same as length and not field's packed length
(which is always 12 for geometry).
As result of this change code handling table creation now
always correctly identifies btree/unique keys on geometry
fields as partial keys, so such keys can't be erroneously
treated as candidate keys and sorted in keys array in .FRM
before legit candidate keys.
This fixes bug #58650 "Failing assertion: primary_key_no ==
-1 || primary_key_no == 0" in which incorrect candidate key
sorting led to assertion failure in InnoDB code.
Root cause for this bug is that the optimizer try to detect&
optimize the special case:
'<field> BETWEEN c1 AND c1' and handle this as the condition '<field> = c1'
This was implemented inside add_key_field(.. *field, *value[]...)
which assumed field to refer key Field, and value[] to refer a [low...high]
constant pair. value[0] and value[1] was then compared for equality.
In a 'normal' BETWEEN condition of the form '<field> BETWEEN val1 and val2' the
BETWEEN operation is represented with an argementlist containing the
values [<field>, val1, val2] - add_key_field() is then called with
parameters field=<field>, *value=val1.
However, if the BETWEEN predicate specified:
1) '<const1> BETWEEN<const2> AND<field>
the 'field' and 'value' arguments to add_key_field() had to be swapped.
This was implemented by trying to cheat add_key_field() to handle it like:
2) '<const1> GE<const2> AND<const1> LE<field>'
As we didn't really replace the BETWEEN operation with 'ge' and 'le',
add_key_field() still handled it as a 'BETWEEN' and compared the (swapped)
arguments<const1> and<const2> for equality. If they was equal, the
condition 1) was incorrectly 'optimized' to:
3) '<field> EQ <const1>'
This fix moves this optimization of '<field> BETWEEN c1 AND c1' into
add_key_fields() which then calls add_key_equal_fields() to collect
key equality / comparison for the key fields in the BETWEEN condition.
In SBR, if a statement does not fail, it is always written to the binary
log, regardless if rows are changed or not. If there is a failure, a
statement is only written to the binary log if a non-transactional (.e.g.
MyIsam) engine is updated.
INSERT ON DUPLICATE KEY UPDATE and INSERT IGNORE were not following the
rule above and were not written to the binary log, if then engine was
Innodb.
mysql-test/extra/rpl_tests/rpl_insert_duplicate.test:
Added test case.
mysql-test/extra/rpl_tests/rpl_insert_ignore.test:
Updated test case.
mysql-test/include/commit.inc:
Updated test case as the calls to the binary log have changed
for INSERT ON DUPLICATE and INSERT IGNORE.
mysql-test/r/commit_1innodb.result:
Updated result file.
mysql-test/suite/rpl/r/rpl_insert_duplicate.result:
Added test case.
mysql-test/suite/rpl/r/rpl_insert_ignore.result:
Updated result file.
mysql-test/suite/rpl/t/rpl_insert_duplicate.test:
Added test case.
mysql-test/suite/rpl/t/rpl_insert_ignore.test:
Improved test case.
ZERO
When dates are represented internally as strings, i.e. when a string constant
is compared to a date value, both values are converted to long integers,
ostensibly for fast comparisons. DATE typed integer values are converted to
DATETIME by multiplying by 1,000,000 (each digit pair representing hour,
minute and second, respectively). But the mechanism did not distuinguish
cached INTEGER values, already in correct format, from newly converted
strings.
Fixed by marking the INTEGER cache as being of DATETIME format.
Problem: the scanner function tested for strings "<![CDATA[" and
"-->" without checking input string boundaries, which led to valgrind's
"Conditional jump or move depends on uninitialised value(s)" error.
Fix: Adding boundary checking.
@ mysql-test/r/xml.result
@ mysql-test/t/xml.test
Adding test
@ strings/xml.c
Adding a helper function my_xml_parser_prefix_cmp(),
with input string boundary check.
Introduced by the fix for bug#44766.
Problem: it's not correct to use args[0]->str_value as a buffer,
because args[0] may need this buffer for its own purposes.
Fix: adding a new class member tmp_value to use as return value.
@ mysql-test/r/ctype_many.result
@ mysql-test/t/ctype_many.test
Adding tests
@ sql/item_strfunc.cc
Changing code into traditional style:
use "str" as a buffer for the argument and tmp_value for the result value.
@ sql/item_strfunc.h
Adding tmp_value
Problem: when processing a query like:
SELECT '' LIKE '1' ESCAPE COUNT(1);
escape_item->val_str() was never executed and the "escape" class member
stayed initialized, which led to valgrind uninitialized memory error.
Note, a query with some tables in "FROM" clause
returns ER_WRONG_ARGUMENTS in the same situation:
SELECT '' LIKE '1' ESCAPE COUNT(1) FROM t1;
ERROR 1210 (HY000): Incorrect arguments to ESCAPE
Fix: disallowing using aggregate functions in ESCAPE clause,
even if there are no tables used. There is no much use of that anyway.
When mysqldadmin is run with sleep and count options,
it goes into an infinite loop and keeps executing the
specified command.
This happened because the statement, responsible for
decrementing the count value, was missing.
Fixed by adding a statement which will decrement the
count value for each iteration.
client/mysqladmin.cc:
Bug#58221 : mysqladmin --sleep=x --count=x keeps looping
Added a condition to check and decrement the count
value stored in nr_iterations per iteration.
mysql-test/r/mysqladmin.result:
Added a testcase for Bug#58221.
mysql-test/t/mysqladmin.test:
Added a testcase for Bug#58221.
Backport to 5.0.
/*![:version:] Query Code */, where [:version:] is a sequence of 5
digits representing the mysql server version(e.g /*!50200 ... */),
is a special comment that the query in it can be executed on those
servers whose versions are larger than the version appearing in the
comment. It leads to a security issue when slave's version is larger
than master's. A malicious user can improve his privileges on slaves.
Because slave SQL thread is running with SUPER privileges, so it can
execute queries that he/she does not have privileges on master.
This bug is fixed with the logic below:
- To replace '!' with ' ' in the magic comments which are not applied on
master. So they become common comments and will not be applied on slave.
- Example:
'INSERT INTO t1 VALUES (1) /*!10000, (2)*/ /*!99999 ,(3)*/
will be binlogged as
'INSERT INTO t1 VALUES (1) /*!10000, (2)*/ /* 99999 ,(3)*/
When mysqldump tries to dump information in xml format,
the result does not contain field level comments.
In order to retrieve various informations for a field/column,
mysqldump currently uses 'show fields from <tab>' statement.
The attributes returned by the statement lacks the information
regarding field comments.
Fixed by changing the query to one that probes I_S to retrieve
required field informations, including the field comment.
client/mysqldump.c:
Bug#13618 : mysqldump --xml omits comment on table field.
Replaced the 'show fields' command by a statement that
queries I_S, in order to retrieve information on all the
attributes that 'show fields' returns along-with an additional
column_comment information.
mysql-test/r/client_xml.result:
Result modifications for bug#13618.
mysql-test/r/mysqldump.result:
Result modifications for bug#13618.
mysql-test/t/mysqldump.test:
Added a testcase for bug#13618.
other crashes
Some string manipulating SQL functions use a shared string object intended to
contain an immutable empty string. This object was used by the SQL function
SUBSTRING_INDEX() to return an empty string when one argument was of the wrong
datatype. If the string object was then modified by the sql function INSERT(),
undefined behavior ensued.
Fixed by instead modifying the string object representing the function's
result value whenever string manipulating SQL functions return an empty
string.
Relevant code has also been documented.
The test case fails with out of memory while updating a table
with several multi-megabytes sized rows. This can probably be too
exhausting for PB2 env.
The quick fix here is to reduce the size of the biggest
row (256MB) so that it becomes a little smaller (64MB).
INVOKER-security view access check wrong".
When privilege checks were done for tables used from an
INVOKER-security view which in its turn was used from
a DEFINER-security view connection's active security
context was incorrectly used instead of security context
with privileges of the second view's creator.
This meant that users which had enough rights to access
the DEFINER-security view and as result were supposed to
be able successfully access it were unable to do so in
cases when they didn't have privileges on underlying tables
of the INVOKER-security view.
This problem was caused by the fact that for INVOKER-security
views TABLE_LIST::security_ctx member for underlying tables
were set to 0 even in cases when particular view was used from
another DEFINER-security view. This meant that when checks of
privileges on these underlying tables was done in
setup_tables_and_check_access() active connection security
context was used instead of context corresponding to the
creator of caller view.
This fix addresses the problem by ensuring that underlying
tables of an INVOKER-security view inherit security context
from the view and thus correct security context is used for
privilege checks on underlying tables in cases when such view
is used from another view with DEFINER-security.
mysql-test/r/view_grant.result:
Added coverage for various combinations of DEFINER and
INVOKER-security views, including test for bug #58499
"DEFINER-security view selecting from INVOKER-security
view access check wrong".
mysql-test/t/view_grant.test:
Added coverage for various combinations of DEFINER and
INVOKER-security views, including test for bug #58499
"DEFINER-security view selecting from INVOKER-security
view access check wrong".
sql/sql_view.cc:
When opening a non-suid view ensure that its underlying
tables will get the same security context as use for
checking privileges on the view, i.e. security context
of view invoker. This context can be different from the
security context which is currently active for connection
in cases when this non-suid view is used from a view with
suid security. Inheriting security context in such situation
allows correctly apply privileges of creator of suid view
in checks for tables of non-suid view (since in this
situation creator/definer of suid view serves as invoker
for non-suid view).
