InnoDB cleanup: fixing buffer overflows and quoting of quotes

innobase/dict/dict0crea.c:
  Remove unneeded prototypes for static functions
  Remove unused parameters from some functions
  Replace some assertions with compile-time checks
  dict_create_add_foreigns_to_dictionary():
  allocate space dynamically for the SQL, and quote quotes
innobase/dict/dict0dict.c:
  Remove unnecessary prototypes for static functions
  dict_tables_have_same_db(): Remove length limitation
  dict_remove_db_name(): Use strchr()
  dict_get_db_name_len(): Use strchr()
  Replace mem_heap_alloc()+strlen()+memcpy() with mem_heap_strdup()
  Remove unnecessary strlen() calls
  Allocate space dynamically for generated strings
  dict_scan_id(): allow quotes within quoted strings
innobase/dict/dict0load.c:
  Remove unnecessary strlen() calls
  Replace mem_heap_alloc()+strlen()+memcpy() with mem_heap_strdup()
innobase/dict/dict0mem.c:
  Replace mem_heap_alloc()+strlen()+memcpy() with mem_heap_strdup()
innobase/eval/eval0eval.c:
  Make TO_CHAR() work with any machine word width
innobase/fil/fil0fil.c:
  Replace mem_alloc()+strlen()+strcpy() with mem_strdup()
innobase/ibuf/ibuf0ibuf.c:
  Make some global variables static
  Add #ifdef UNIV_IBUF_DEBUG around debug statements
innobase/include/data0data.h:
  Add #ifdef UNIV_DEBUG around dtuple_validate()
innobase/include/data0data.ic:
  Replace = with == in ut_ad(tuple->magic_n == DATA_TUPLE_MAGIC_N)
innobase/include/dict0dict.h:
  Add const qualifiers
innobase/include/lock0lock.h:
  Add UL suffixes to unsigned long masks
innobase/include/log0log.h:
  Remove unused parameter "type" of log_group_write_buf()
innobase/include/mem0mem.h:
  Add mem_strdup(), mem_strdupl(), mem_strdupq(), mem_heap_strdup(),
  and mem_heap_strdupl()
innobase/include/mem0mem.ic:
  Add mem_strdup(), mem_strdupl(), mem_strdupq(), mem_heap_strdup(),
  and mem_heap_strdupl()
innobase/include/row0uins.h:
  Remove unused parameter "thr" of row_undo_ins()
innobase/include/row0undo.h:
  Remvoe unused parameter "thr" of row_undo_search_clust_to_pcur()
innobase/include/ut0byte.h:
  Add const qualifier to ut_cpy_in_lower_case()
  Remove parameter "len" of ut_cmp_in_lower_case()
innobase/include/ut0mem.h:
  Add ut_strlenq(), ut_strcpyq() and ut_memcpyq()
innobase/include/ut0mem.ic:
  Add ut_strlenq()
innobase/include/ut0ut.h:
  Declare ut_sprintf() as a printf-style function
innobase/lock/lock0lock.c:
  lock_clust_rec_modify_check_and_lock(): Remove unused variable "trx"
innobase/log/log0log.c:
  Remove unused parameters
innobase/log/log0recv.c:
  Remove parameter "type" from log_group_write_buf()
innobase/mem/mem0mem.c:
  Simplify the initialization of block->init_block
innobase/mtr/mtr0log.c:
  Add a debug assertion to mlog_parse_initial_log_record()
innobase/page/page0cur.c:
  Add debug assertion to page_cur_insert_rec_write_log()
  Remove hard-coded buffer size in page_cur_parse_insert_rec()
innobase/page/page0page.c:
  Remove unneeded variable rec
innobase/pars/pars0opt.c:
  Correct a potential buffer overflow
innobase/pars/pars0pars.c:
  Replace mem_heap_alloc()+strlen()+memcpy() with mem_heap_strdup()
innobase/row/row0ins.c:
  Replace parameter "thr" with "trx" in row_ins_foreign_report_add_err()
  Remove unnecessary strlen() call
  Use strchr()
innobase/row/row0mysql.c:
  Add row_mysql_is_recovered_tmp_table()
  Add row_mysql_is_system_table()
  Compare reserved table names with exact match
  Use strstr() and strchr() and mem_strdupl()
  Compute space needed for generated SQL, and allocate it dynamically
innobase/row/row0purge.c:
  Remove unused parameters "thr"
innobase/row/row0row.c:
  Simplify row_get_clust_rec()
innobase/row/row0uins.c:
  Remove unused parameters "thr"
innobase/row/row0umod.c:
  Remove unused variable "index"
  row_undo_mod_del_unmark_sec_and_undo_update():
   Remove parameter "node" and variable "rec"
  Remove unused parameters "thr"
innobase/row/row0undo.c:
  Remove unused parameters "thr"
innobase/srv/srv0srv.c:
  Replace UT_NOT_USED() with __attribute__((unused))
innobase/srv/srv0start.c:
  Remove unnecessary strlen() calls
  Remove unused parameter "create_new_db" of open_or_create_log_file()
innobase/trx/trx0roll.c:
  Replace mem_alloc()+strlen()+memcpy() with mem_strdup()
innobase/trx/trx0sys.c:
  Remove unnecessary strlen() call
innobase/ut/ut0byte.c:
  Add const qualifier to ut_cpy_in_lower_case()
  Remove parameter "len" of ut_cmp_in_lower_case()
innobase/ut/ut0mem.c:
  Add ut_strlenq() and ut_memcpyq()
sql/ha_innodb.cc:
  Remove parameter "len" of ut_cmp_in_lower_case()

2 files changed, 69 insertions, 24 deletions

diff --git a/innobase/ut/ut0byte.c b/innobase/ut/ut0byte.c
index 02bdf2065ee..4ec7e0f405e 100644
--- a/innobase/ut/ut0byte.c
+++ b/innobase/ut/ut0byte.c
@@ -36,9 +36,9 @@ Copies a string to a memory location, setting characters to lower case. */
 void
 ut_cpy_in_lower_case(
 /*=================*/
-        char*   dest,  /* in: destination */
-	char*   source,/* in: source */
-        ulint   len)   /* in: string length */
+	char*		dest,	/* in: destination */
+	const char*	source,	/* in: source */
+	ulint		len)	/* in: string length */
 {
         ulint i;
 
@@ -53,23 +53,27 @@ Compares two strings when converted to lower case. */
 int
 ut_cmp_in_lower_case(
 /*=================*/
-		       /* out: -1, 0, 1 if str1 < str2, str1 == str2,
-		       str1 > str2, respectively */
-       char*   str1,   /* in: string1 */
-       char*   str2,   /* in: string2 */
-       ulint   len)    /* in: length of both strings */
+				/* out: -1, 0, 1 if str1 < str2, str1 == str2,
+				str1 > str2, respectively */
+	const char*	str1,	/* in: string1 */
+	const char*	str2)	/* in: string2 */
 {
-       ulint i;
-
-       for (i = 0; i < len; i++) {
-	       if (tolower(str1[i]) < tolower(str2[i])) {
-		       return(-1);
-	       }
-
-	       if (tolower(str1[i]) > tolower(str2[i])) {
-	               return(1);
-	       }
-       }
+	for (;;) {
+		int c1, c2;
+		if (!*str1) {
+			return(*str2 ? -1 : 0);
+		} else if (!*str2) {
+			return 1;
+		}
+		c1 = tolower(*str1++);
+		c2 = tolower(*str2++);
+		if (c1 < c2) {
+			return(-1);
+		}
+		if (c1 > c2) {
+			return(1);
+		}
+	}
 
-       return(0);
+	return(0);
 }
diff --git a/innobase/ut/ut0mem.c b/innobase/ut/ut0mem.c
index f5d207d8bba..1fcaf9febbe 100644
--- a/innobase/ut/ut0mem.c
+++ b/innobase/ut/ut0mem.c
@@ -106,7 +106,7 @@ ut_malloc_low(
 
 		/* Make an intentional seg fault so that we get a stack
 		trace */
-		printf("%lu\n", *ut_mem_null_ptr);	
+		if (*ut_mem_null_ptr) ut_mem_null_ptr = 0;
 	}		
 
 	if (set_to_zero) {
@@ -195,6 +195,49 @@ ut_free_all_mem(void)
 }
 
 /**************************************************************************
+Make a quoted copy of a string. */
+
+char*
+ut_strcpyq(
+/*=======*/
+				/* out: pointer to end of dest */
+	char*		dest,	/* in: output buffer */
+	char		q,	/* in: the quote character */
+	const char*	src)	/* in: null-terminated string */
+{
+	while (*src) {
+		if ((*dest++ = *src++) == q) {
+			*dest++ = q;
+		}
+	}
+
+	return(dest);
+}
+
+/**************************************************************************
+Make a quoted copy of a fixed-length string. */
+
+char*
+ut_memcpyq(
+/*=======*/
+				/* out: pointer to end of dest */
+	char*		dest,	/* in: output buffer */
+	char		q,	/* in: the quote character */
+	const char*	src,	/* in: string to be quoted */
+	ulint		len)	/* in: length of src */
+{
+	const char*	srcend = src + len;
+
+	while (src < srcend) {
+		if ((*dest++ = *src++) == q) {
+			*dest++ = q;
+		}
+	}
+
+	return(dest);
+}
+
+/**************************************************************************
 Catenates two strings into newly allocated memory. The memory must be freed
 using mem_free. */
 
@@ -215,9 +258,7 @@ ut_str_catenate(
 	str = mem_alloc(len1 + len2 + 1);
 
 	ut_memcpy(str, str1, len1);
-	ut_memcpy(str + len1, str2, len2);
-
-	str[len1 + len2] = '\0';
+	ut_memcpy(str + len1, str2, len2 + 1);
 
 	return(str);
 }