context.
Routine arguments were evaluated in the security context of the routine
itself, not in the caller's context.
The bug is fixed the following way:
- Item_func_sp::find_and_check_access() has been split into two
functions: Item_func_sp::find_and_check_access() itself only
finds the function and check that the caller have EXECUTE privilege
on it. New function set_routine_security_ctx() changes security
context for SUID routines and checks that definer have EXECUTE
privilege too.
- new function sp_head::execute_trigger() is called from
Table_triggers_list::process_triggers() instead of
sp_head::execute_function(), and is effectively just as the
sp_head::execute_function() is, with all non-trigger related code
removed, and added trigger-specific security context switch.
- call to Item_func_sp::find_and_check_access() stays outside
of sp_head::execute_function(), and there is a code in
sql_parse.cc before the call to sp_head::execute_procedure() that
checks that the caller have EXECUTE privilege, but both
sp_head::execute_function() and sp_head::execute_procedure() call
set_routine_security_ctx() after evaluating their parameters,
and restore the context after the body is executed.
mysql-test/r/sp-security.result:
Add test case for bug#18630: Arguments of suid routine calculated
in wrong security context.
mysql-test/t/sp-security.test:
Add result for bug#18630: Arguments of suid routine calculated
in wrong security context.
sql/item_func.cc:
Do not change security context before executing the function, as it
will be changed after argument evaluation.
Do not change security context in Item_func_sp::find_and_check_access().
sql/item_func.h:
Change prototype for Item_func_sp::find_and_check_access().
sql/sp_head.cc:
Add set_routine_security_ctx() function.
Add sp_head::execute_trigger() method.
Change security context in sp_head::execute_trigger(), and in
sp_head::execute_function() and sp_head::execute_procedure()
after argument evaluation.
Move pop_all_cursors() call to sp_head::execute().
sql/sp_head.h:
Add declaration for sp_head::execute_trigger() and
set_routine_security_ctx().
sql/sql_parse.cc:
Do not change security context before executing the procedure, as it
will be changed after argument evaluation.
sql/sql_trigger.cc:
Call new sp_head::execute_trigger() instead of
sp_head::execute_function(), which is responsible to switch
security context.
do not look for client-specific commands while inside a multi-line comment.
we will allow multi-comments pretty much anywhere within SQL-statements,
but client-specific commands (help, use, print, ...) must be the first token
in the input.
client/mysql.cc:
Bug#20432: mysql client interprets commands in comments
mysql-test/r/mysql_client.result:
Bug#20432: mysql client interprets commands in comments
test client-side parsing of comments and client-specific commands
mysql-test/t/mysql_client.test:
Bug#20432: mysql client interprets commands in comments
test client-side parsing of comments and client-specific commands
The Federated storage engine used Field methods that had arbitrary limits on
the amount of data they could process, which caused problems with data
over that limit (4K). By removing those Field methods and just using
features of the String class, we can avoid this problem.
mysql-test/r/federated.result:
Add new results
mysql-test/t/federated.test:
Add new regression test
sql/field.cc:
Remove unnecessary methods
sql/field.h:
Remove unnecessary methods
sql/ha_federated.cc:
Remove use of quote_data, use String::print() to get escaping of strings,
and don't bother with needs_quotes, just always quote values.
The character set was not being properly initialized in CAST() with
a type like "CHAR(2) BINARY", which resulted in incorrect results or
even a crash.
mysql-test/r/cast.result:
Add new results
mysql-test/t/cast.test:
Add new regression test
sql/sql_yacc.yy:
Make sure Lex->charset is set to NULL when nothing follows BINARY
in type declaration.
The instance manager was not actually checking whether an instance
was actually running before trying to stop it. Now it checks first.
mysql-test/r/im_life_cycle.result:
Add new results
mysql-test/t/im_life_cycle.imtest:
Add new regression test
server-tools/instance-manager/instance.cc:
Fix Instance::stop() to report ER_INSTANCE_IS_NOT_STARTED when that is
the case. Also removed unnecessary goto.
server-tools/instance-manager/messages.cc:
Fix messages with missing spaces
into dl145k.mysql.com:/data0/mkindahl/bk/mysql-5.0-rpl
ndb/include/kernel/GlobalSignalNumbers.h:
Auto merged
ndb/src/kernel/blocks/dbdict/Dbdict.cpp:
Auto merged
ndb/src/kernel/blocks/dbdict/Dbdict.hpp:
Auto merged
ndb/src/kernel/blocks/dbdih/DbdihMain.cpp:
Auto merged
ndb/src/ndbapi/ndberror.c:
Auto merged
sql/ha_ndbcluster.cc:
Auto merged
sql/handler.h:
Auto merged
sql/sql_base.cc:
Auto merged
sql/sql_insert.cc:
Auto merged
* don't use join cache when the incoming data set is already ordered
for ORDER BY
This choice must be made because join cache will effectively
reverse the join order and the results will be sorted by the index
of the table that uses join cache.
mysql-test/r/innodb_mysql.result:
Bug #17212 results not sorted correctly by ORDER BY when using index
* Test suite for the bug
mysql-test/t/innodb_mysql.test:
Bug #17212 results not sorted correctly by ORDER BY when using index
* Test suite for the bug
sql/sql_select.cc:
Bug #17212 results not sorted correctly by ORDER BY when using index
* don't use join cache when the incoming data set is already sorted
mysql-test/r/date_formats.result:
Fix for bug #19370: DateTime datatype in MySQL has two bugs in it
- results adjusted
mysql-test/r/strict.result:
Fix for bug #19370: DateTime datatype in MySQL has two bugs in it
- results adjusted
mysql-test/r/type_datetime.result:
Fix for bug #19370: DateTime datatype in MySQL has two bugs in it
- results adjusted
mysql-test/t/strict.test:
Fix for bug #19370: DateTime datatype in MySQL has two bugs in it
- tests adjusted
sql-common/my_time.c:
Fix for bug #19370: DateTime datatype in MySQL has two bugs in it
- Regardless of the title of the bug the only real bug is that it
doesn't make sense to have only some invalid parts in a date.
E.g. a valid day among invalid years or months is totally ambiguous
and we should refuse to guess what it means.
To fix it, we add a check that both the year is zero and either day
or month are zero (year and (day or month)), and if they are then we
reject such dates. Doing so should adequately fix the reported problem.
Changed the error reporting (and a crash) when inserting data into a
MERGE table that has no underlying tables or no INSERT_METHOD specified
by reporting that it is read-only.
include/my_base.h:
Add new handler error
mysql-test/r/merge.result:
Update results
mysql-test/t/merge.test:
Add new regression test
sql/ha_myisammrg.cc:
When trying to insert into a MERGE table with no underlying tables
or no INSERT_METHOD, report that it is read-only.
sql/handler.cc:
Handle new error message
may return a wrong result.
An Item_sum_hybrid object has the was_values flag which indicates whether any
values were added to the sum function. By default it is set to true and reset
to false on any no_rows_in_result() call. This method is called only in
return_zero_rows() function. An ALL/ANY subquery can be optimized by MIN/MAX
optimization. The was_values flag is used to indicate whether the subquery
has returned at least one row. This bug occurs because return_zero_rows() is
called only when we know that the select will return zero rows before
starting any scans but often such information is not known.
In the reported case the return_zero_rows() function is not called and
the was_values flag is not reset to false and yet the subquery return no rows
Item_func_not_all and Item_func_nop_all functions return a wrong
comparison result.
The end_send_group() function now calls no_rows_in_result() for each item
in the fields_list if there is no rows were found for the (sub)query.
mysql-test/t/subselect.test:
Added test case for bug#18503: Queries with a quantified subquery returning empty set may return a wrong result.
mysql-test/r/subselect.result:
Added test case for bug#18503: Queries with a quantified subquery returning empty set may return a wrong result.
sql/sql_select.cc:
Fixed bug#18503: Queries with a quantified subquery returning empty set may return a wrong result.
The end_send_group() function now calls no_rows_in_result() for each item
in the fields_list if there is no matching rows were found.
when dropping/creating tables"
mysql-test/r/ps.result:
A post-merge fix.
mysql-test/t/ps.test:
A post-merge fix: all 5.0 tests should go after 4.1 tests.
sql/sql_lex.cc:
auxilliary -> auxiliary
sql/sql_prepare.cc:
auxilliary -> auxiliary
sql/table.cc:
Update st_table_list::reinit_before_use in 5.0 to include 5.0-specific
cleanups.
sql/table.h:
st_table_list::reinit_before_use is public.
The problem is that the author used the wrong function to send a warning to the
user about truncation of data. push_warning() takes a constant string and
push_warning_printf() takes a format and variable arguments to fill it.
Since the string we were complaining about contains percent characters, the
printf() code interprets the "%Y" et c. that the user sends. That's wrong, and
often causes a crash, especially if the date mentions seconds, "%s".
A alternate fix would be to use push_warning_printf(..., "%s", warn_buff) .
mysql-test/r/date_formats.result:
Test that an invalid date doesn't crash the server. We should get a warning back
instead of a dead socket.
mysql-test/t/date_formats.test:
Test that an invalid date doesn't crash the server. We should get a warning back
instead of a dead socket.
sql/time.cc:
Don't try to use warn_buf as the start of a varible arguement list to send
to a warning-formatted my_vsnprintf() .
mysql-test/r/csv.result:
update result file
mysql-test/t/csv.test:
add a test for the bug
sql/examples/ha_tina.cc:
move open() call before my_hash_insert, so that we don't insert invalid
share to the hash. To avoid other possible problems also add
hash_delete(), so that the share is removed from hash before it is freed.
into bodhi.local:/opt/local/work/mysql-5.0-runtime-merge-41
sql/opt_range.cc:
Auto merged
support-files/mysql.spec.sh:
Auto merged
mysql-test/Makefile.am:
Manual merge.
The UNCOMPRESS() function was not marked as maybe_null, even though
it returns NULL on invalid data. This confused the optimizer.
mysql-test/r/func_compress.result:
Add new results
mysql-test/t/func_compress.test:
Add new regression test
sql/item_strfunc.h:
Set maybe_null within Item_func_uncompress::fix_length_and_dec()
the server's binlog file, might be set to a different directory. This adds a new
"vardir" parameter, which takes the name of the directory as a value, so that the
test_bug17667() test can find the binlog.
mysql-test/mysql-test-run.pl:
Add the "vardir" to the options passed to "mysql_test_client", so we know
where to find the binlog file.
tests/mysql_client_test.c:
Receive a new option, "vardir".
Use the vardir option to find the binlog file in test_bug17667() .
The ALL/ANY subqueries are the subject of MIN/MAX optimization. The matter
of this optimization is to embed MIN() or MAX() function into the subquery
in order to get only one row by which we can tell whether the expression
with ALL/ANY subquery is true or false.
But when it is applied to a subquery like 'select a_constant' the reported bug
occurs. As no tables are specified in the subquery the do_select() function
isn't called for the optimized subquery and thus no values have been added
to a MIN()/MAX() function and it returns NULL instead of a_constant.
This leads to a wrong query result.
For the subquery like 'select a_constant' there is no reason to apply
MIN/MAX optimization because the subquery anyway will return at most one row.
Thus the Item_maxmin_subselect class is more appropriate for handling such
subqueries.
The Item_in_subselect::single_value_transformer() function now checks
whether tables are specified for the subquery. If no then this subselect is
handled like a UNION using an Item_maxmin_subselect object.
mysql-test/t/subselect.test:
Added test case for bug#16302: Quantified subquery without any tables gives wrong results
mysql-test/r/subselect.result:
Added test case for bug#16302: Quantified subquery without any tables gives wrong results
sql/item_subselect.cc:
Fixed bug#16302: Quantified subquery without any tables gives wrong results
The Item_in_subselect::single_value_transformer() function now checks
whether tables are specified for the subquery. If no then this subselect is
handled like a UNION using an Item_maxmin_subselect object.
into macbook.gmz:/Users/kgeorge/mysql/work/B14553-5.0-opt
mysql-test/r/odbc.result:
Auto merged
sql/sql_select.cc:
Auto merged
mysql-test/r/rpl_insert_id.result:
merge the test at the end of 4.1 test
mysql-test/t/rpl_insert_id.test:
merge the test at the end of 4.1 test
sql/sql_class.cc:
merged
sql/sql_class.h:
merged
To make MySQL compatible with some ODBC applications, you can find
the AUTO_INCREMENT value for the last inserted row with the following query:
SELECT * FROM tbl_name WHERE auto_col IS NULL.
This is done with a special code that replaces 'auto_col IS NULL' with
'auto_col = LAST_INSERT_ID'.
However this also resets the LAST_INSERT_ID to 0 as it uses it for a flag
so as to ensure that only the first SELECT ... WHERE auto_col IS NULL
after an INSERT has this special behaviour.
In order to avoid resetting the LAST_INSERT_ID a special flag is introduced
in the THD class. This flag is used to restrict the second and subsequent
SELECTs instead of LAST_INSERT_ID.
mysql-test/r/odbc.result:
test suite for the bug
mysql-test/r/rpl_insert_id.result:
test for the fix in replication
mysql-test/t/odbc.test:
test suite for the bug
mysql-test/t/rpl_insert_id.test:
test for the fix in replication
sql/sql_class.cc:
initialize the flag
sql/sql_class.h:
flag's declaration and set code when setting the last_insert_id
sql/sql_select.cc:
the special flag is used instead of last_insert_id
mysql-test/r/myisam.result:
Fix test results.
mysql-test/t/myisam.test:
In 5.0 show create table also outputs data directory.
For the test for Bug#8706 it's MYSQLTEST_VARDIR, and there is no way
to replace it with anything else in test output.
into bodhi.local:/opt/local/work/mysql-5.0-runtime-merge-41
myisam/mi_create.c:
Auto merged
mysql-test/r/myisam.result:
Auto merged
mysql-test/t/myisam.test:
Auto merged
sql/item_timefunc.cc:
Auto merged
sql/sql_class.cc:
Auto merged
sql/sql_insert.cc:
Auto merged
sql/sql_parse.cc:
Auto merged
sql/sql_trigger.cc:
Auto merged
support-files/mysql.spec.sh:
Auto merged
mysql-test/r/federated.result:
Manual merge.
mysql-test/t/federated.test:
Manual merge.
into bodhi.local:/opt/local/work/mysql-5.0-runtime-merge-41
BitKeeper/etc/ignore:
auto-union
libmysqld/Makefile.am:
Auto merged
myisam/mi_create.c:
Auto merged
mysql-test/r/date_formats.result:
Auto merged
mysql-test/t/date_formats.test:
Auto merged
sql/Makefile.am:
Auto merged
sql/item_timefunc.cc:
Auto merged
sql/mysql_priv.h:
Auto merged
sql/opt_range.cc:
Auto merged
sql/sql_class.h:
Auto merged
support-files/mysql.spec.sh:
Auto merged
mysql-test/r/myisam.result:
Manual merge.
mysql-test/t/myisam.test:
Manual merge.
sql/set_var.cc:
Manual merge.
sql/set_var.h:
Manual merge.
sql/sql_cache.cc:
Manual merge.
sql/sql_class.cc:
Manual merge.
BitKeeper/etc/ignore:
Modify ignore list to work with BitKeeper 4
mysql-test/t/mysqldump.test:
Fix the test for Bug#18462 to use MYSQLTEST_VARDIR instead of mysql-test/
directory for temporary files.
into bodhi.local:/opt/local/work/mysql-5.0-runtime
sql/ha_ndbcluster.cc:
Auto merged
sql/item.cc:
Auto merged
sql/mysql_priv.h:
Auto merged
sql/sql_parse.cc:
Auto merged
sql/sql_table.cc:
Auto merged
sql/sql_yacc.yy:
Auto merged
sql/sql_update.cc:
Manual merge.
Wrong criteria was used to distinguish the case when there was no
lookahead performed in the parser. Bug affected only statements
ending in one-character token without any optional tail, like CREATE
INDEX and CALL.
mysql-test/r/sp-code.result:
Add result for bug#19207: Final parenthesis omitted for CREATE INDEX
in Stored Procedure
mysql-test/t/sp-code.test:
Add test case for bug#19207: Final parenthesis omitted for CREATE INDEX
in Stored Procedure
sql/sql_yacc.yy:
Use (yychar == YYEMPTY) as the criteria of whether lookahead was not
performed.
Adding test case.
item_strfunc.cc:
bug#11728 string function LEFT, strange undocumented behaviour
Fixing LEFT and RIGHT return NULL if the second
argument is NULL.
sql/item_strfunc.cc:
bug#11728 string function LEFT, strange undocumented behaviour
Fixing LEFT and RIGHT return NULL if the second
argument is NULL.
mysql-test/t/func_str.test:
Adding test case.
mysql-test/r/func_str.result:
Adding test case.
Fix random failures in test 'wait_timeout' that depend on exact timing.
1. Force a reconnect initially if necessary, as otherwise slow startup
might have caused a connection timeout before the test can even start.
2. Explicitly disconnect the first connection to remove confusion about
which connection aborts from timeout, causing test failure.
mysql-test/r/wait_timeout.result:
Fix two races in test.
mysql-test/t/wait_timeout.test:
Fix two races in test.
