INVOKER-security view access check wrong".
When privilege checks were done for tables used from an
INVOKER-security view which in its turn was used from
a DEFINER-security view connection's active security
context was incorrectly used instead of security context
with privileges of the second view's creator.
This meant that users which had enough rights to access
the DEFINER-security view and as result were supposed to
be able successfully access it were unable to do so in
cases when they didn't have privileges on underlying tables
of the INVOKER-security view.
This problem was caused by the fact that for INVOKER-security
views TABLE_LIST::security_ctx member for underlying tables
were set to 0 even in cases when particular view was used from
another DEFINER-security view. This meant that when checks of
privileges on these underlying tables was done in
setup_tables_and_check_access() active connection security
context was used instead of context corresponding to the
creator of caller view.
This fix addresses the problem by ensuring that underlying
tables of an INVOKER-security view inherit security context
from the view and thus correct security context is used for
privilege checks on underlying tables in cases when such view
is used from another view with DEFINER-security.
mysql-test/r/view_grant.result:
Added coverage for various combinations of DEFINER and
INVOKER-security views, including test for bug #58499
"DEFINER-security view selecting from INVOKER-security
view access check wrong".
mysql-test/t/view_grant.test:
Added coverage for various combinations of DEFINER and
INVOKER-security views, including test for bug #58499
"DEFINER-security view selecting from INVOKER-security
view access check wrong".
sql/sql_view.cc:
When opening a non-suid view ensure that its underlying
tables will get the same security context as use for
checking privileges on the view, i.e. security context
of view invoker. This context can be different from the
security context which is currently active for connection
in cases when this non-suid view is used from a view with
suid security. Inheriting security context in such situation
allows correctly apply privileges of creator of suid view
in checks for tables of non-suid view (since in this
situation creator/definer of suid view serves as invoker
for non-suid view).
Item_func_spatial_collection::fix_length_and_dec didn't call parent's method, so
the maybe_null was set to '0' after it. But in this case the result was
just NULL, that caused wrong behaviour.
per-file comments:
mysql-test/r/gis.result
Bug #57321 crashes and valgrind errors from spatial types
test result updated.
mysql-test/t/gis.test
Bug #57321 crashes and valgrind errors from spatial types
test case added.
sql/item_geofunc.h
Bug #57321 crashes and valgrind errors from spatial types
Item_func_geometry::fix_length_and_dec() called in
Item_func_spatial_collection::fix_length_and_dec().
TIMESTAMP.
Item_cache::get_cache wasn't treating TIMESTAMP as a DATETIME value thus
returning string cache for items with TIMESTAMP type. This led to incorrect
TIMESTAMP -> INT conversion and to a wrong query result.
Fixed by using Item::is_datetime function to check for DATETIME type group.
mysql-test/r/type_timestamp.result:
Added a test case for the bug#59330.
mysql-test/t/type_timestamp.test:
Added a test case for the bug#59330.
sql/item.cc:
Bug#59330: Incorrect result when comparing an aggregate function with
TIMESTAMP.
Item_cache::get_cache now uses is_datetime member function to detect DATETIME
type group.
If the ::single_value_transformer() find an existing HAVING condition it used
to do the transformation:
1) HAVING cond -> (HAVING Cond) AND (cond_guard (Item_ref_null_helper(...))
As the AND condition in 1) is Mc'Carty evaluated, the
right side of the AND cond should be executed only if the
original 'HAVING evaluated' to true.
However, as we failed to set 'top_level' for the tranformed HAVING condition,
'abort_on_null' was FALSE after transformation. An
UNKNOWN having condition will then not terminate evaluation of the
transformed having condition, and we incorrectly continued
into the Item_ref_null_helper() part.
get_year_value() contains code to convert 2-digits year to
4-digits. The fix for Bug#49910 added a check on the size of
the underlying field so that this conversion is not done for
YEAR(4) values. (Since otherwise one would convert invalid
YEAR(4) values to valid ones.)
The existing check does not work when Item_cache is used, since
it is not detected when the cache is based on a Field. The
reported change in behavior is due to Bug#58030 which added
extra cached items in min/max computations.
The elegant solution would be to implement
Item_cache::real_item() to return the underlying Item.
However, some side effects are observed (change in explain
output) that indicates that such a change is not straight-
forward, and definitely not appropriate for an MRU.
Instead, a Item_cache::field() method has been added in order
to get access to the underlying field. (This field() method
eliminates the need for Item_cache::eq_def() used in
test_if_ref(), but in order to limit the scope of this fix,
that code has been left as is.)
mysql-test/r/type_year.result:
Added test case for Bug#59211.
mysql-test/t/type_year.test:
Added test case for Bug#59211.
sql/item.h:
Added function Item_cache::field() to get access to the
underlying Field of a cached field Value.
sql/item_cmpfunc.cc:
Also check underlying fields of Item_cache, not just Item_Field,
when checking whether the value is of type YEAR(4) or not.
tmptable needed
The function DEFAULT() works by modifying the the data buffer pointers (often
referred to as 'record' or 'table record') of its argument. This modification
is done during name resolution (fix_fields().) Unfortunately, the same
modification is done when creating a temporary table, because default values
need to propagate to the new table.
Fixed by skipping the pointer modification for fields that are arguments to
the DEFAULT function.
The retrieval of a charset by number was not
doing bounds checking before accessing the internal
character sets array.
Added checks for valid charset number.
Added asserts for valid charset number to some of
the internal functions.
Removed one superfluous check for charset_number 0
(since the all_charsets_array[0] is set to 0 anyway) for
uniformity.
Test suite added.
Starting mysqld with defaults file without
extension cause segmentation fault
Bug occurs because fn_expand calls fn_format
with NULL as ext.
This is a backport of the patch from 5.6.
Patch solve this problem by using an empty
string as extension, and adding assertions
to fn_format that correct arguments are passed.
It also add a test tests several variations of
using non-existing defaults files.
multiple columns in the partition key
ndb crash if duplicate columns in the partitioning key.
Backport from mysql-5.1-telco-7.0, see bug#53354.
Changed from case sensitive field name comparision
to non case sensitive too.
mysql-test/r/partition_error.result:
updated result
mysql-test/t/partition_error.test:
Added test for the error in non-ndb partitioned table.
sql/sql_partition.cc:
Added check for duplicated field names in the
partitioning key.
OPTIMIZE TABLE
OPTIMIZE TABLE for InnoDB tables is handled as recreate + analyze.
The triggered assert checked that an error had been reported if either
recreate or analyze failed. However the assert failed to take into
account that they could have failed because OPTIMIZE TABLE had been
victim of KILL QUERY, KILL CONNECTION or server shutdown.
This patch adjusts the assert to take this possibility into account.
The problem was only noticeable on debug versions of the server.
Test case added to innodb_mysql_sync.test.
and Order By
When having a UNION statement in a subquery, with no
referenced tables (or only a reference to the virtual
table 'dual'), the UNION did not allow an ORDER BY clause.
i.e:
SELECT(SELECT 1 AS a UNION
SELECT 0 AS a
ORDER BY a) AS b or
SELECT(SELECT 1 AS a FROM dual UNION
SELECT 0 as a
ORDER BY a) AS b
In addition, an ORDER BY / LIMIT clause was not accepted
in subqueries even for single SELECT statements with no
referenced tables (or with 'dual' as table reference)
i.e:
SELECT(SELECT 1 AS a ORDER BY a) AS b or
SELECT(SELECT 1 AS a FROM dual ORDER BY a) AS b
The fix was to allow an optional ORDER BY/LIMIT clause to
the grammar for these cases.
See also: Bug#57986
if embedded in a SELECT
An ORDER BY clause was bound to the incorrect
(sub-)statement when used in a UNION context.
In a query like:
SELECT * FROM a UNION SELECT * FROM b ORDER BY c
the result of SELECT * FROM b is sorted, and then
combined with a. The correct behaviour is that
the ORDER BY clause should be applied on the
final set. Similar behaviour was seen on LIMIT
clauses as well.
In a UNION statement, there will be a select_lex
object for each of the two selects, and a
select_lex_unit object that describes the UNION
itself. Similarly, the same behaviour was also
seen on derived tables.
The bug was caused by using a grammar rule for
ORDER BY and LIMIT that bound these elements
to thd->lex->current_select, which points to the
last of the two selects, instead of to the
fake_select_lex member of the master select_lex_unit
object.
sql/sql_yacc.yy:
Need to use (opt_)union_order_or_limit to
bind to the correct select_lex object.
- remove the superfluous file
- add an preemptive removal of the outfile before the
SELECT ... INTO OUTFILE ...
2. Remove an already disabled subtest
It's functionality is covered by tests in the suite funcs_1.
3. Adjust the formatting within some sub testcase to the formatting used
in all other sub testcases
This assert could be triggered if -1 was inserted into
an auto increment column by a statement writing more than
one row.
Unless explicitly given, an interval of auto increment values
is generated when a statement first needs an auto increment
value. The triggered assert checks that the auto increment
counter is equal to or higher than the lower bound of this
interval.
Generally, the auto increment counter starts at 1 and is
incremented by 1 each time it is used. However, inserting an
explicit value into the auto increment column, sets the auto
increment counter to this value + 1 if this value is higher
than the current value of the auto increment counter.
This bug was triggered if the explicit value was -1. Since the
value was converted to unsigned before any comparisons were made,
it was found to be higher than the current vale of the auto
increment counter and the counter was set to -1 + 1. This value
was below the reserved interval and caused the assert to be
triggered the next time the statement tried to write a row.
With the patch for Bug#39828, this bug is no longer repeatable.
Now, -1 + 1 is detected as an "overflow" which causes the auto
increment counter to be set to ULONGLONG_MAX. This avoids hitting
the assert for the next insert and causes a new interval of
auto increment values to be generated. This resolves the issue.
This patch therefore only contains a regression test and no code
changes. Test case added to auto_increment.test.
Enabled test snippet for bug 4374, tested on Mac OS X 10.6 as well as Solaris.
Moved test snippet to a different place in the file, in order to avoid having
to save and restore "SET NAMES" setting. New surroundings expect latin1, as is
used in the testsnippet.
An extra copy of the commented test snippet is removed, a comment is added,
SQL keywords are converted to uppercase, and engine name "heap" is updated to
"Memory".
Also added Copyright statement and a notice about the file's encoding(s).
command line clients.
Postfix covering other mysql standard clients like mysql_upgrade,
mysqlbinlog, mysqlcheck, mysqlimport, mysqlshow and mysqlslap.
client/client_priv.h:
Bug#58139 : default-auth option not recognized in MySQL standard
command line clients
Added an entry for 'default-auth' option.
client/mysql.cc:
Bug#58139 : default-auth option not recognized in MySQL standard
command line clients
Updated the id entry for default_auth option.
client/mysql_upgrade.c:
Bug#58139 : default-auth option not recognized in MySQL standard
command line clients.
Introduced two new variables to hold values from default-auth and
plugin-dir options and further pushed them to client's st_mysql
instance.
client/mysqladmin.cc:
Bug#58139 : default-auth option not recognized in MySQL standard
command line clients
Updated the id entry for default_auth option.
client/mysqlbinlog.cc:
Bug#58139 : default-auth option not recognized in MySQL standard
command line clients.
Introduced two new variables to hold values from default-auth and
plugin-dir options and further pushed them to client's st_mysql
instance.
client/mysqlcheck.c:
Bug#58139 : default-auth option not recognized in MySQL standard
command line clients.
Introduced two new variables to hold values from default-auth and
plugin-dir options and further pushed them to client's st_mysql
instance.
client/mysqldump.c:
Bug#58139 : default-auth option not recognized in MySQL standard
command line clients
Updated the id entry for default_auth option.
client/mysqlimport.c:
Bug#58139 : default-auth option not recognized in MySQL standard
command line clients.
Introduced two new variables to hold values from default-auth and
plugin-dir options and further pushed them to client's st_mysql
instance.
client/mysqlshow.c:
Bug#58139 : default-auth option not recognized in MySQL standard
command line clients.
Introduced two new variables to hold values from default-auth and
plugin-dir options and further pushed them to client's st_mysql
instance.
client/mysqlslap.c:
Bug#58139 : default-auth option not recognized in MySQL standard
command line clients.
Introduced two new variables to hold values from default-auth and
plugin-dir options and further pushed them to client's st_mysql
instance.
mysql-test/r/plugin_auth.result:
Added test case for Bug#58139 for mysql_upgrade.
mysql-test/t/plugin_auth.test:
Added test case for Bug#58139 for mysql_upgrade.
mysql-test/r/func_math.result:
New test case.
mysql-test/t/func_math.test:
New test case.
sql/item_func.cc:
Check for null before converting value to my_decimal.
Fix: copy my_decimal by value, to avoid dangling pointers.
mysql-test/r/func_math.result:
New test case.
mysql-test/t/func_math.test:
New test case.
sql/item_cmpfunc.cc:
No need to call fix_buffer_pointer() anymore.
sql/item_func.cc:
Copy my_decimal by value, to avoid dangling pointers.
sql/my_decimal.h:
Implement proper copy constructor and assignment operator for my_decimal.
sql/sql_analyse.cc:
No need to call fix_buffer_pointer() anymore.
strings/decimal.c:
Remove #line directive: it messes up TAGS and it confuses gdb when debugging.
Fixed incorrect checks in join_read_const_table() for when to
accept a non-existing, or empty const-row as a part of the const'ified
set of tables.
Intention of this test is to only accept NULL-rows if this table is outer joined
into the resultset. (In case of an inner-join we can conclude at this point that
resultset will be empty, end we want to return 'error' to signal this.)
Initially 'maybe_null' is set to the same value as 'outer_join' in
setup_table_map(), mysql_priv.h ~line 2424. Later simplify_joins() will
attemp to replace outer joins by inner join whenever possible. This
will cause 'outer_join' to be updated. However, 'maybe_null' is *not* updated
to reflect this rewrite as this field is used to currectly set the 'nullability'
property for the columns in the resultset.
We should therefore change join_read_const_table() to check the 'outer_join'
property instead of 'maybe_null', as this correctly reflect the nullability of
the *execution plan* (not *resultset*).
Item_equal::val_int() checked for NULL-values by checking Item::null_value
*before* the respective ::store_value() and ::cmp(Item*) metods where called.
As Item::null_value is set by these metods, the value of 'null_value'
is not valid until *after* ::store_value() or ::cmp() has
been called for the Item object.
Fix is to swap order of ::store_value()/::cmp() and checking of Item::null_value.
This pattern is widely used other places inside item_cmpfunc.cc .
