1
0
mirror of https://github.com/MariaDB/server.git synced 2025-10-24 07:13:33 +03:00
Commit Graph

1115 Commits

Author SHA1 Message Date
Venkata Sidagam
ff06148679 Bug #17760379 COLLATIONS WITH CONTRACTIONS BUFFER-OVERFLOW THEMSELVES IN THE FOOT
Description: A typo in create_tailoring() causes the "contraction_flags" to be written
into cs->contractions in the wrong place. This causes two problems:
(1) Anyone relying on `contraction_flags` to decide "could this character be
part of a contraction" is 100% broken.
(2) Anyone relying on `contractions` to determine the weight of a contraction
is mostly broken

Analysis: When we are preparing the contraction in create_tailoring(), we are corrupting the 
cs->contractions memory location which is supposed to store the weights(8k) + contraction information(256 bytes). We started storing the contraction information after the 4k location. This is because of logic flaw in the code.

Fix: When we create the contractions, we need to calculate the contraction with (char*) (cs->contractions + 0x40*0x40) from ((char*) cs->contractions) + 0x40*0x40. This makes the "cs->contractions" to move to 8k bytes and stores the contraction information from there. Similarly when we are calculating it for like range queries we need to calculate it from the 8k bytes onwards, this can be done by changing the logic to (const char*) (cs->contractions + 0x40*0x40). And for ucs2 charsets we need to modify the my_cs_can_be_contraction_head() and my_cs_can_be_contraction_tail() to point to 8k+ locations.
2014-01-11 14:48:29 +05:30
Murthy Narkedimilli
496abd0814 Updated/added copyright headers 2014-01-06 10:52:35 +05:30
mithun
8934a80b6d Bug #14057034 : WASTED CPU CYCLES IN MY_UTF8_UNI WHERE
RESULTING MY_WC_T RESULT IS NOT USED
Issue         : handler functions my_ismbchar_utf8,
              my_well_formed_len_mb for charset utf8
              is calling unicode converion function
              to validate and to find the character
              length. Because of this, instructions
              which will convert the utf8 to unicode
              are executed for no use.
              A similar issue exist with charset utf8mb4
Solution      : reorganized the code such that character
              validation part of unicode conversion
              handler is extracted(duplicated) in to
              separate function. Hence
              my_ismbchar_utf8, my_well_formed_len_mb
              will call the new function which only
              validates and return the length of mb(utf8).
              A similar fix for charset utf8mb4.
2013-11-12 16:42:46 +05:30
Neeraj Bisht
97657db919 Bug#16691598 - ORDER BY LOWER(COLUMN) PRODUCES OUT-OF-ORDER RESULTS
Problem:-
We have created a table with UTF8_BIN collation.
In case, when in our query we have ORDER BY clause over a function 
call we are getting result in incorrect order.
Note:the bug is not there in 5.5.

Analysis:
In 5.5, for UTF16_BIN, we have min and max multi-byte length is 2 and 4 
respectively.In make_sortkey(),for 2 byte character character we are 
assuming that the resultant length will be 2 byte/character. But when we 
use my_strnxfrm_unicode_full_bin(), we store sorting weights using 3 bytes 
per character.This result in truncated result.

Same thing happen for UTF8MB4, where we have 1 byte min multi-byte and 
4 byte max multi-byte.We will accsume resultant data as 1 byte/character, 
which result in truncated result.

Solution:-
use strnxfrm(means use of MY_CS_STRNXFRM macro) is used for sort, in 
which the resultant length is not dependent on source length.
2013-11-07 16:46:24 +05:30
Sreedhar.S
faca34da04 Bug 13878021 - WINDOWS PACKAGE THAT INCLUDES .PDB FILES FOR INTERMEDIATE LIBRARIES USED 2013-10-09 11:10:46 +05:30
Tor Didriksen
16fa82fdd5 Bug#16765410 FTS: STACK AROUND THE VARIABLE 'MYSTR' WAS CORRUPTED IN INNOBASE_STRNXFRM
my_strnxfrm_win1250ch could write into dest[destlen]
i.e. write a byte to the past-the-end of dest.
2013-09-17 12:43:34 +02:00
Joao Gramacho
bec8595b68 Bug#16997513 MY_STRTOLL10 ACCEPTING OVERFLOWED UNSIGNED LONG LONG VALUES AS NORMAL ONES
Merge from mysql-5.1 into mysql-5.5
2013-07-31 17:59:06 +01:00
Joao Gramacho
be9dcdf960 Bug#16997513 MY_STRTOLL10 ACCEPTING OVERFLOWED UNSIGNED LONG LONG VALUES AS NORMAL ONES
Problem:
=======
It was detected an incorrect behavior of my_strtoll10 function when 
converting strings with numbers in the following format:
"184467440XXXXXXXXXYY"

Where XXXXXXXXX > 737095516 and YY <= 15

Samples of problematic numbers:
"18446744073709551915"
"18446744073709552001"

Instead of returning the larger unsigned long long value and setting overflow
in the returned error code, my_strtoll10 function returns the lower 64-bits 
of the evaluated number and did not set overflow in the returned error code.

Analysis:
========
Once trying to fix bug 16820156, I've found this bug in the overflow check of
my_strtoll10 function.

This function, once receiving a string with an integer number larger than
18446744073709551615 (the larger unsigned long long number) should return the
larger unsigned long long number and set overflow in the returned error code.

Because of a wrong overflow evaluation, the function didn't catch the
overflow cases where (i == cutoff) && (j > cutoff2) && (k <= cutoff3). When
the overflow evaluation fails, the function return the lower 64-bits of the
evaluated number and do not set overflow in the returned error code.

Fix:
===
Corrected the overflow evaluation in my_strtoll10.
2013-07-31 17:54:40 +01:00
Venkata Sidagam
18d34a47a4 Bug #16567381 DATETIME FIELD COMPARISONS DO NOT WORK PROPERLY
WITH UTF8_UNICODE_CI COLLATION
Problem Description:
When comparing datetime values with strings, the utf8_unicode_ci collation 
prevents correct comparisons. Consider the below set of queries, it is not 
showing any results on a table which has tuples that satisfies the query. 
But for collation utf8_general_ci it shows one tuple.
set names utf8 collate utf8_unicode_ci;;
select * from lang where dt='1979-12-09';

Analysis:
The comparison function is not chosen in case of collation utf8_unicode_ci.
In agg_item_set_converter() because the collation state is having 
"MY_CS_NONASCII" for collation type "utf8_unicode_ci". The conversion 
of the collation is happening for the date field. And because of that 
it is unable to pickup proper compare function(i.e CMP_DATE_WITH_STR).

Actually the bug is accidentally introduced by the WL#3759 in 5.5. 
And in 5.6 it is been fixed by the WL#3664.

Fix:
I have backported the changes from the file strings/ctype-uca.c which 
are related to "utf8" introduced by the WL#3664.
This change helps in choosing the correct comparison function for all 
the collations of utf8 charset.
2013-07-04 16:59:09 +05:30
Tor Didriksen
82d9c8e8d9 Bug#14834378 ADDRESSSANITIZER BUG IN FILENAME_TO_TABLENAME
Backport to 5.5
2013-06-14 16:38:27 +02:00
Chaithra Gopalareddy
d0367abaff Bug#11766191:INVALID MEMORY READ IN DO_DIV_MOD WITH DOUBLY ASSIGNED VARIABLES
Bug#12608543: CRASHES WITH DECIMALS AND STATEMENT NEEDS TO BE REPREPARED ERRORS

Backporting these two fixes to 5.1 
Added unittest to test my_decimal construtor and assignment operators
2013-05-22 14:36:43 +05:30
Murthy Narkedimilli
d978016d93 Fix for Bug 16395495 - OLD FSF ADDRESS IN GPL HEADER 2013-03-19 15:53:48 +01:00
Murthy Narkedimilli
d20a70fb55 Bug 16395495 - OLD FSF ADDRESS IN GPL HEADER 2013-03-19 13:29:12 +01:00
Murthy Narkedimilli
69d8812a61 Updated/added copyright headers. 2013-02-25 15:26:00 +01:00
Mattias Jonsson
f693203e80 Bug#14521864: MYSQL 5.1 TO 5.5 BUGS PARTITIONING
Due to an internal change in the server code in between 5.1 and 5.5
(wl#2649) the hash function used in KEY partitioning changed
for numeric and date/time columns (from binary hash calculation
to character based hash calculation).

Also enum/set changed from latin1 ci based hash calculation to
binary hash between 5.1 and 5.5. (bug#11759782).

These changes makes KEY [sub]partitioned tables on any of
the affected column types incompatible with 5.5 and above,
since the calculation of partition id differs.

Also since InnoDB asserts that a deleted row was previously
read (positioned), the server asserts on delete of a row that
is in the wrong partition.

The solution for this situation is:

1) The partitioning engine will check that delete/update will go to the
partition the row was read from and give an error otherwise, consisting
of the rows partitioning fields. This will avoid asserts in InnoDB and
also alert the user that there is a misplaced row. A detailed error
message will be given, including an entry to the error log consisting
of both table name, partition and row content (PK if exists, otherwise
all partitioning columns).


2) A new optional syntax for KEY () partitioning in 5.5 is allowed:
[SUB]PARTITION BY KEY [ALGORITHM = N] (list_of_cols)
Where N = 1 uses the same hashing as 5.1 (Numeric/date/time fields uses
binary hashing, ENUM/SET uses charset hashing) N = 2 uses the same
hashing as 5.5 (Numeric/date/time fields uses charset hashing,
ENUM/SET uses binary hashing). If not set on CREATE/ALTER it will
default to 2.

This new syntax should probably be ignored by NDB.


3) Since there is a demand for avoiding scanning through the full
table, during upgrade the ALTER TABLE t PARTITION BY ... command is
considered a no-op (only .frm change) if everything except ALGORITHM
is the same and ALGORITHM was not set before, which allows manually
upgrading such table by something like:
ALTER TABLE t PARTITION BY KEY ALGORITHM = 1 () or
ALTER TABLE t PARTITION BY KEY ALGORITHM = 2 ()


4) Enhanced partitioning with CHECK/REPAIR to also check for/repair
misplaced rows. (Also works for ALTER TABLE t CHECK/REPAIR PARTITION)

CHECK FOR UPGRADE:
If the .frm version is < 5.5.3
and uses KEY [sub]partitioning
and an affected column type
then it will fail with an message:
KEY () partitioning changed, please run:
ALTER TABLE `test`.`t1`  PARTITION BY KEY ALGORITHM = 1 (a)
PARTITIONS 12
(i.e. current partitioning clause, with the addition of
ALGORITHM = 1)

CHECK without FOR UPGRADE:
if MEDIUM (default) or EXTENDED options are given:
Scan all rows and verify that it is in the correct partition.
Fail for the first misplaced row.

REPAIR:
if default or EXTENDED (i.e. not QUICK/USE_FRM):
Scan all rows and every misplaced row is moved into its correct
partitions.


5) Updated mysqlcheck (called by mysql_upgrade) to handle the
new output from CHECK FOR UPGRADE, to run the ALTER statement
instead of running REPAIR.

This will allow mysql_upgrade (or CHECK TABLE t FOR UPGRADE) to upgrade
a KEY [sub]partitioned table that has any affected field type
and a .frm version < 5.5.3 to ALGORITHM = 1 without rebuild.


Also notice that if the .frm has a version of >= 5.5.3 and ALGORITHM
is not set, it is not possible to know if it consists of rows from
5.1 or 5.5! In these cases I suggest that the user does:
(optional)
LOCK TABLE t WRITE;
SHOW CREATE TABLE t;
(verify that it has no ALGORITHM = N, and to be safe, I would suggest
backing up the .frm file, to be used if one need to change to another
ALGORITHM = N, without needing to rebuild/repair)
ALTER TABLE t <old partitioning clause, but with ALGORITHM = N>;
which should set the ALGORITHM to N (if the table has rows from
5.1 I would suggest N = 1, otherwise N = 2)
CHECK TABLE t;
(here one could use the backed up .frm instead and change to a new N
and run CHECK again and see if it passes)
and if there are misplaced rows:
REPAIR TABLE t;
(optional)
UNLOCK TABLES;
2013-01-30 17:51:52 +01:00
Neeraj Bisht
1a951e716c BUG#14303860 - EXECUTING A SELECT QUERY WITH TOO
MANY WILDCARDS CAUSES A SEGFAULT
      Back port from 5.6 and trunk
2013-01-14 16:51:52 +05:30
Neeraj Bisht
78664f54a0 BUG#14303860 - EXECUTING A SELECT QUERY WITH TOO
MANY WILDCARDS CAUSES A SEGFAULT

Back port from 5.6 and trunk
2013-01-14 14:59:48 +05:30
Tor Didriksen
8dc7c505a3 Bug#15960005 VALGRIND WARNINGS IN PROCESS_ARGS
Both <width> and <precision> can be specified as numbers or '*'.
  If an asterisk is used, an argument of type int is consumed.
2012-12-10 09:55:08 +01:00
Tor Didriksen
b125abecb7 Bug#11754279 SIGNIFICANT INACCURACY IN DECIMAL MULTIPLICATION CALCULATIONS
frac is the number of decimal digits after the point
For each multiplication in the expression, decimal_mul() does this:
  to->frac= from1->frac + from2->frac;              /* store size in digits */
which will eventually overflow.
The code for handling the overflow, will truncate the two digits in "1.75" to "1"

Solution:
Truncate to 31 significant fractional digits, when doing decimal multiplication.
2012-11-29 17:21:36 +01:00
Georgi Kodinov
42644a0746 Bug #13889741: HANDLE_FATAL_SIGNAL IN _DB_ENTER_ |
HANDLE_FATAL_SIGNAL IN STRNLEN

Fixed the following bounds checking problems :
1. in check_if_legal_filename() make sure the null terminated
string is long enough before accessing the bytes in it.
Prevents pottential read-past-buffer-end
2. in my_wc_mb_filename() of the filename charset check
for the end of the destination buffer before sending single
byte characters into it.
Prevents write-past-end-of-buffer (and garbaling stack in
the cases reported here) errors.

Added test cases.
2012-07-05 13:41:16 +03:00
Georgi Kodinov
8b75496856 merge 2012-07-05 14:41:04 +03:00
Tor Didriksen
18fec1e9c1 Bug#14039955 RPAD FUNCTION LEADS TO UNINITIALIZED VALUES WARNING IN MY_STRTOD
Rewrite the "parser" in my_strtod_int() to avoid
reading past the end of the input string.
2012-05-18 12:57:38 +02:00
MySQL Build Team
5734bae576 Updated/added copyright headers 2012-02-16 10:48:16 +01:00
Kent Boortz
79535de206 Updated/added copyright headers 2012-02-15 17:21:38 +01:00
MySQL Build Team
91a5be2cab Updated/added copyright headers 2012-02-15 17:13:47 +01:00
Tor Didriksen
56a2ff8330 Bug#13359121 LARGE NUMBERS, /STRINGS/DTOA.C:662
Bug#12985021 SIMPLE QUERY WITH DECIMAL NUMBERS TAKE AN

When parsing the fractional part of a string which
is to be converted to double, we can stop after a few digits:
the extra digits will not contribute to the actual result anyways.
2012-01-25 16:11:03 +01:00
Alexander Barkov
d29e871b68 Merging Bug#11752408 from mysql-5.1 2012-01-23 13:23:50 +04:00
Alexander Barkov
e56caa38f1 Bug#11752408 - 43593: DUMP/BACKUP/RESTORE/UPGRADE TOOLS FAILS BECAUSE OF UTF8_GENERAL_CI
Introducing new collations:
utf8_general_mysql500_ci and ucs2_general_mysql500_ci,
to reproduce behaviour of utf8_general_ci and ucs2_general_ci
from mysql-5.1.23 (and earlier).

The collations are added to simplify upgrade from mysql-5.1.23 and earlier.

Note: The patch does not make new server start over old data automatically.
Some manual upgrade procedures are assumed.

Paul: please get in touch with me to discuss upgrade procedures
when documenting this bug.

modified:
  include/m_ctype.h
  mysql-test/r/ctype_utf8.result
  mysql-test/t/ctype_utf8.test
  mysys/charset-def.c
  strings/ctype-ucs2.c
  strings/ctype-utf8.c
2012-01-23 13:07:10 +04:00
Tor Didriksen
add59cfbaf merge 5.1-security => 5.5-security 2011-10-14 11:14:44 +02:00
Tor Didriksen
cf66b6511f merge 5.0-security => 5.1 security 2011-10-14 10:44:27 +02:00
Tor Didriksen
ea2cd838be Bug#12563865 ROUNDED,TMP_BUF,DECIMAL_VALUE STACK CORRUPTION IN ALL VERSIONS >=5.0
Buffer over-run on all platforms, crash on windows, wrong result on other platforms,
when rounding numbers which start with 999999999 and have
precision = 9 or 18 or 27 or 36 ...
2011-10-14 10:09:53 +02:00
Daniel Fischer
9e4117ba61 merge 2011-09-23 12:18:15 +02:00
Tor Didriksen
8d1c4bba67 Bug#12985030 SIMPLE QUERY WITH DECIMAL NUMBERS LEAKS MEMORY
Extra fix: 'if (p5 < p5_a + P5A_MAX)' is not portable.
p5 starts out pointing to a static array, then may point
to a buffer on the stack, then may point to malloc()ed memory.
2011-09-21 13:46:49 +02:00
Daniel Fischer
fe1b205d02 merge from 5.5.16 2011-09-21 12:40:41 +02:00
Tor Didriksen
929c97db61 Bug#12985030 SIMPLE QUERY WITH DECIMAL NUMBERS LEAKS MEMORY 2011-09-20 10:59:48 +02:00
Tor Didriksen
afba17f1db merge 5.1 => 5.5 2011-08-29 11:34:48 +02:00
Tor Didriksen
4bcf506530 BUG#12911710 - VALGRIND FAILURE IN ROW-DEBUG:PERFSCHEMA.SOCKET_SUMMARY_BY_INSTANCE_FUNC
Converting the number zero to binary and back yielded the number zero,
but with no digits, i.e. zero precision.
This made the multiply algorithm go haywire in various ways.
2011-08-29 11:24:36 +02:00
Ramil Kalimullin
dab1c8c4d0 Manual merge from mysql-5.5. 2011-08-09 12:03:29 +04:00
Georgi Kodinov
1a9b512d02 Bug #12319710: INVALID MEMORY READ AND/OR CRASH IN MY_UCA_CHARCMP
WITH UTF32

The 5.5 version of the UTF32 collation was not enforcing the BMP range that 
it currently supports when comparing with LIKE. 
Fixed by backporting the checks for the BMP from trunk.
Added a named constant for the maximum character that can have a weight
in the weight table.
2011-07-22 15:54:47 +03:00
Tor Didriksen
7fddcd06d2 Bug#12537160 ASSERTION FAILED: STOP0 <= &TO->BUF[TO->LEN] WITH LARGE NUMBER.
Turns out the DBUG_ASSERT added by fix for Bug#11792200 was overly pessimistic:
'stop0' is used in the main loop of do_div_mod, but we only dereference 'buf0'
for div operations, not for mod.
2011-07-18 09:47:39 +02:00
Kent Boortz
b6e6097c95 Updated/added copyright headers 2011-07-03 17:47:37 +02:00
Kent Boortz
1400d7a2cc Updated/added copyright headers 2011-06-30 17:37:13 +02:00
Kent Boortz
e5ce023f57 Updated/added copyright headers 2011-06-30 17:31:31 +02:00
Kent Boortz
9da00ebec9 Updated/added copyright headers 2011-06-30 17:46:53 +02:00
Tatjana Azundris Nuernberg
79c1c8e586 auto-merge 2011-05-12 05:32:06 +01:00
Tatjana Azundris Nuernberg
a0f300a6d3 auto-merge Bug#11762799/Bug#55436 2011-05-12 04:05:12 +01:00
Tatjana Azundris Nuernberg
2683078d28 auto-merge Bug#11762799/Bug#55436 2011-05-12 03:41:51 +01:00
Tatiana Azundris Nurnberg
4e9e69e5f8 auto-merge conservative fix for Bug#55436/Bug#11762799 2011-05-05 06:39:38 +01:00
Tor Didriksen
4148b03910 Bug #11792200 - DIVIDING LARGE NUMBERS CAUSES STACK CORRUPTIONS
This was a buffer overrun in do_div_mod(), overwriting the internal buffer
of auto variable 'tmp' in Item_func_int_div::val_int.
Result on windows: 'this' is set to zero, and crash.
Ran fine on other platforms (no valgrind warnings),
but this is undefined behaviour on any platform of course.
2011-03-03 15:25:41 +01:00
Alexander Barkov
e7ff0df0ea Merging from mysql-5.1 2011-03-01 17:42:37 +03:00