InnoDB cleanup: fixing buffer overflows and quoting of quotes

innobase/dict/dict0crea.c:
  Remove unneeded prototypes for static functions
  Remove unused parameters from some functions
  Replace some assertions with compile-time checks
  dict_create_add_foreigns_to_dictionary():
  allocate space dynamically for the SQL, and quote quotes
innobase/dict/dict0dict.c:
  Remove unnecessary prototypes for static functions
  dict_tables_have_same_db(): Remove length limitation
  dict_remove_db_name(): Use strchr()
  dict_get_db_name_len(): Use strchr()
  Replace mem_heap_alloc()+strlen()+memcpy() with mem_heap_strdup()
  Remove unnecessary strlen() calls
  Allocate space dynamically for generated strings
  dict_scan_id(): allow quotes within quoted strings
innobase/dict/dict0load.c:
  Remove unnecessary strlen() calls
  Replace mem_heap_alloc()+strlen()+memcpy() with mem_heap_strdup()
innobase/dict/dict0mem.c:
  Replace mem_heap_alloc()+strlen()+memcpy() with mem_heap_strdup()
innobase/eval/eval0eval.c:
  Make TO_CHAR() work with any machine word width
innobase/fil/fil0fil.c:
  Replace mem_alloc()+strlen()+strcpy() with mem_strdup()
innobase/ibuf/ibuf0ibuf.c:
  Make some global variables static
  Add #ifdef UNIV_IBUF_DEBUG around debug statements
innobase/include/data0data.h:
  Add #ifdef UNIV_DEBUG around dtuple_validate()
innobase/include/data0data.ic:
  Replace = with == in ut_ad(tuple->magic_n == DATA_TUPLE_MAGIC_N)
innobase/include/dict0dict.h:
  Add const qualifiers
innobase/include/lock0lock.h:
  Add UL suffixes to unsigned long masks
innobase/include/log0log.h:
  Remove unused parameter "type" of log_group_write_buf()
innobase/include/mem0mem.h:
  Add mem_strdup(), mem_strdupl(), mem_strdupq(), mem_heap_strdup(),
  and mem_heap_strdupl()
innobase/include/mem0mem.ic:
  Add mem_strdup(), mem_strdupl(), mem_strdupq(), mem_heap_strdup(),
  and mem_heap_strdupl()
innobase/include/row0uins.h:
  Remove unused parameter "thr" of row_undo_ins()
innobase/include/row0undo.h:
  Remvoe unused parameter "thr" of row_undo_search_clust_to_pcur()
innobase/include/ut0byte.h:
  Add const qualifier to ut_cpy_in_lower_case()
  Remove parameter "len" of ut_cmp_in_lower_case()
innobase/include/ut0mem.h:
  Add ut_strlenq(), ut_strcpyq() and ut_memcpyq()
innobase/include/ut0mem.ic:
  Add ut_strlenq()
innobase/include/ut0ut.h:
  Declare ut_sprintf() as a printf-style function
innobase/lock/lock0lock.c:
  lock_clust_rec_modify_check_and_lock(): Remove unused variable "trx"
innobase/log/log0log.c:
  Remove unused parameters
innobase/log/log0recv.c:
  Remove parameter "type" from log_group_write_buf()
innobase/mem/mem0mem.c:
  Simplify the initialization of block->init_block
innobase/mtr/mtr0log.c:
  Add a debug assertion to mlog_parse_initial_log_record()
innobase/page/page0cur.c:
  Add debug assertion to page_cur_insert_rec_write_log()
  Remove hard-coded buffer size in page_cur_parse_insert_rec()
innobase/page/page0page.c:
  Remove unneeded variable rec
innobase/pars/pars0opt.c:
  Correct a potential buffer overflow
innobase/pars/pars0pars.c:
  Replace mem_heap_alloc()+strlen()+memcpy() with mem_heap_strdup()
innobase/row/row0ins.c:
  Replace parameter "thr" with "trx" in row_ins_foreign_report_add_err()
  Remove unnecessary strlen() call
  Use strchr()
innobase/row/row0mysql.c:
  Add row_mysql_is_recovered_tmp_table()
  Add row_mysql_is_system_table()
  Compare reserved table names with exact match
  Use strstr() and strchr() and mem_strdupl()
  Compute space needed for generated SQL, and allocate it dynamically
innobase/row/row0purge.c:
  Remove unused parameters "thr"
innobase/row/row0row.c:
  Simplify row_get_clust_rec()
innobase/row/row0uins.c:
  Remove unused parameters "thr"
innobase/row/row0umod.c:
  Remove unused variable "index"
  row_undo_mod_del_unmark_sec_and_undo_update():
   Remove parameter "node" and variable "rec"
  Remove unused parameters "thr"
innobase/row/row0undo.c:
  Remove unused parameters "thr"
innobase/srv/srv0srv.c:
  Replace UT_NOT_USED() with __attribute__((unused))
innobase/srv/srv0start.c:
  Remove unnecessary strlen() calls
  Remove unused parameter "create_new_db" of open_or_create_log_file()
innobase/trx/trx0roll.c:
  Replace mem_alloc()+strlen()+memcpy() with mem_strdup()
innobase/trx/trx0sys.c:
  Remove unnecessary strlen() call
innobase/ut/ut0byte.c:
  Add const qualifier to ut_cpy_in_lower_case()
  Remove parameter "len" of ut_cmp_in_lower_case()
innobase/ut/ut0mem.c:
  Add ut_strlenq() and ut_memcpyq()
sql/ha_innodb.cc:
  Remove parameter "len" of ut_cmp_in_lower_case()

1 files changed, 49 insertions, 8 deletions

diff --git a/innobase/eval/eval0eval.c b/innobase/eval/eval0eval.c
index 157d4e4f98d..4e16c36b056 100644
--- a/innobase/eval/eval0eval.c
+++ b/innobase/eval/eval0eval.c
@@ -667,7 +667,6 @@ eval_predefined(
 {
 	que_node_t*	arg1;
 	lint		int_val;
-	byte*		str1;
 	byte*		data;
 	int		func;
 
@@ -681,21 +680,63 @@ eval_predefined(
 
 	} else if (func == PARS_TO_CHAR_TOKEN) {
 
+		/* Convert number to character string as a
+		signed decimal integer. */
+
+		ulint	uint_val;
+		int	int_len;
+
 		int_val = eval_node_get_int_val(arg1);
-				
-		data = eval_node_ensure_val_buf(func_node, 11);
 
-		sprintf((char*)data, "%10li", int_val);
+		/* Determine the length of the string. */
+
+		if (int_val == 0) {
+			int_len = 1; /* the number 0 occupies 1 byte */
+		} else {
+			int_len = 0;
+			if (int_val < 0) {
+				uint_val = ((ulint) -int_val - 1) + 1;
+				int_len++; /* reserve space for minus sign */
+			} else {
+				uint_val = (ulint) int_val;
+			}
+			for (; uint_val > 0; int_len++) {
+				uint_val /= 10;
+			}
+		}
+
+		/* allocate the string */
+		data = eval_node_ensure_val_buf(func_node, int_len + 1);
 
-		dfield_set_len(que_node_get_val(func_node), 10);
+		/* add terminating NUL character */
+		data[int_len] = 0;
+
+		/* convert the number */
+
+		if (int_val == 0) {
+			data[0] = '0';
+		} else {
+			int tmp;
+			if (int_val < 0) {
+				data[0] = '-'; /* preceding minus sign */
+				uint_val = ((ulint) -int_val - 1) + 1;
+			} else {
+				uint_val = (ulint) int_val;
+			}
+			for (tmp = int_len; uint_val > 0; uint_val /= 10) {
+				data[--tmp] = '0' + (uint_val % 10);
+			}
+		}
+
+		dfield_set_len((dfield_t*) que_node_get_val(func_node),
+			int_len);
 
 		return;
 
 	} else if (func == PARS_TO_NUMBER_TOKEN) {
 
-		str1 = dfield_get_data(que_node_get_val(arg1));
-
-		int_val = atoi((char*)str1);
+		int_val = atoi((char*)
+			dfield_get_data(que_node_get_val(arg1)));
 
 	} else if (func == PARS_SYSDATE_TOKEN) {
 		int_val = (lint)ut_time();