protocol
One could send a malformed packet that caused the server to SEGV. In
recent versions of the password protocol, the client tells the server
what length the ciphertext is (almost always 20). If that length was
large enough to overflow a signed char, then the number would jump to
very large after being casted to unsigned int.
Instead, cast the *passwd char to uchar.
when logging is enabled.
Currently the partition engine doesn't allow log tables to
be partitioned. But this was not checked and the server crashed.
Fixed by adding a check in ALTER TABLE to disable partitioning the
log tables.
While working on the cause of the problem improved the way the log
thread structures are initialized before opening the log tables.
Changed SHOW ENGINES to work in the same way as I_S.ENGINES.
For this: removed the functions mysqld_show_storage_engines and show_handlerton, and
made SHOW ENGINES work via the common function iter_schema_engines.
There in no test case because an engine (except of MyISAM) may be not compiled or disabled
which may affect the test result.
When constructing the path to the original .frm file ALTER .. RENAME
was unnecessary (and incorrectly) lowercasing the whole path when not
on a case-insensitive filesystem.
This path should not be modified because of lower_case_table_names
as it is already in the correct case according to that setting.
Fixed by removing the lowercasing.
Unfortunately testing this would require running the tests on a case
sensitive filesystem in a directory that has uppercase letters.
This cannot be guaranteed in all setups so no test case added.
In case of database level grant the database name may be a pattern,
in case of table|column level grant the database name can not be a pattern.
We use 'dont_check_global_grants' as a flag to determine
if it's database level grant command
(see SQLCOM_GRANT case, mysql_execute_command() function) and
set db_is_pattern according to 'dont_check_global_grants' value.
ORDER BY and LIMIT 1.
The bug was introduced by the patch for bug 21727. The patch
erroneously skipped initialization of the array of headers
for sorted records for non-first evaluations of the subquery.
To fix the problem a new parameter has been added to the
function make_char_array that performs the initialization.
Now this function is called for any invocation of the
filesort procedure. Yet it allocates the buffer for sorted
records only if this parameter is NULL.
This bug was introduced by the fix for the bug#27300. In this fix a section
of code was added to the Item::tmp_table_field_from_field_type method.
This section intended to create Field_geom fields for the Item_geometry_func
class and its descendants. In order to get the geometry type of the current
item it casted "this" to the Item_geometry_func* type. But the
Item::tmp_table_field_from_field_type method is also used for creation of
fields for UNION and in this case this method is called for an object of the
Item_type_holder class and the cast to the Item_geometry_func* type causes
a server crash.
Now the Item::tmp_table_field_from_field_type method correctly works when it's
called for both the Item_type_holder and the Item_geometry_func classes.
The new geometry_type variable is added to the Item_type_holder class.
The new method called get_geometry_type is added to the Item_field
and the Field classes. It returns geometry type from the field for the
Item_field and the Field_geom classes and fails an assert for other Field
descendants.
Problem: getting an autoincrement value for a partition table in the ::info() method we call
the get_auto_increment() for all partitions. That may cause a problem for at least MyISAM
tables that rely on some table state (in this particular case table->naxt_nuber_field is
set to 0 in the mysql_insert() and we get a crash).
Moreover, calling get_auto_increment() is superfluous there.
Fix: use ::info(HA_STATUS_AUTO) calls to get autoincrement values for partitions instead of
get_auto_increment() ones in the ha_partition::info().
If we have lower_case_table_names == 2 (usually on case insensitive file
systems) we sometimes make 'homedir' part of the path sent to the
handler into lowercase. So in this case HEAP engine couldn't properly
find and remove HP_SHARE, what caused the bug.
Problem: "SELECT INTO OUTFILE" created incorrect dumps for BLOBs,
so "LOAD DATA" later incorrectly interpreted 0x5C as the second
byte of a multi-byte sequence, instead of escape character.
Fix: adding escaping of multi-byte heads.
a temporary table has grown out of heap memory reserved for it and
the remaining disk space is not big enough to store the table as
a MyISAM table.
The crash happens because the function create_myisam_from_heap
does not handle safely the mem_root structure associated
with the converted table in the case when an error has occurred.
wrong result for DML
When making key reference buffers over CHAR fields whitespace (0x20)
must be used to fill in the remaining space in the field's buffer.
This is what Field_string::store() does.
Fixed Field_string::get_key_image() to do the same.
flag is set.
When the CLIENT_FOUND_ROWS flag is set then the server should return
found number of rows independently whether they were updated or not.
But this wasn't the case for the INSERT statement which always returned
number of rows that were actually changed thus providing wrong info to
the user.
Now the select_insert::send_eof method and the mysql_insert function
are sending the number of touched rows if the CLIENT_FOUND_ROWS flag is set.
The patch for WL 1563 added a new duplicate key error message so that the
key name could be provided instead of the key number. But the error code
for the new message was used even though that did not need to change.
This could cause unnecessary problems for applications that used the old
ER_DUP_ENTRY error code to detect duplicate key errors.
SHOW CREATE TABLE fails
Underlying table names, that merge engine fails to open were not
reported.
With this fix CHECK TABLE issued against merge table reports all
underlying table names that it fails to open. Other statements
are unaffected, that is underlying table names are not included
into error message.
This fix doesn't solve SHOW CREATE TABLE issue.
integer constants.
This bug is introduced by the fix for bug#16377. Before the fix the
Item_func_between::fix_length_and_dec method converted the second and third
arguments to the type of the first argument if they were constant and the first
argument is of the DATE/DATETIME type. That approach worked well for integer
constants and sometimes produced bad result for string constants. The fix for
the bug#16377 wrongly removed that code at all and as a result of this the
comparison of a DATETIME field and an integer constant was carried out in a
wrong way and sometimes led to wrong result sets.
Now the Item_func_between::fix_length_and_dec method converts the second and
third arguments to the type of the first argument if they are constant, the
first argument is of the DATE/DATETIME type and the DATETIME comparator isn't
applicable.
