11 files changed, 127 insertions, 127 deletions
diff --git a/client/mysqladmin.cc b/client/mysqladmin.cc
index e7c6410978d..1f0018edba1 100644
--- a/client/mysqladmin.cc
+++ b/client/mysqladmin.cc
@@ -1516,8 +1516,10 @@ static my_bool get_pidfile(MYSQL *mysql, char *pidfile)
 
   if (mysql_query(mysql, "SHOW VARIABLES LIKE 'pid_file'"))
   {
-    my_printf_error(0, "query failed; error: '%s'", error_flags,
-		    mysql_error(mysql));
+    my_printf_error(mysql_errno(mysql),
+                    "The query to get the server's pid file failed,"
+                    " error: '%s'. Continuing.", error_flags,
+                    mysql_error(mysql));
   }
   result = mysql_store_result(mysql);
   if (result)
diff --git a/mysql-test/r/loaddata.result b/mysql-test/r/loaddata.result
index ba5c763fbda..8ccc1a3da3d 100644
--- a/mysql-test/r/loaddata.result
+++ b/mysql-test/r/loaddata.result
@@ -507,7 +507,7 @@ DROP TABLE t1;
 # Bug#11765139  58069: LOAD DATA INFILE: VALGRIND REPORTS INVALID MEMORY READS AND WRITES WITH U
 #
 CREATE TABLE t1(f1 INT);
-SELECT 0xE1C330 INTO OUTFILE 't1.dat';
+SELECT 0xE1BB30 INTO OUTFILE 't1.dat';
 LOAD DATA INFILE 't1.dat' IGNORE INTO TABLE t1 CHARACTER SET utf8;
 DROP TABLE t1;
 #
@@ -532,27 +532,3 @@ FIELDS TERMINATED BY 't' LINES TERMINATED BY '';
 Got one of the listed errors
 SET @@sql_mode= @old_mode;
 DROP TABLE t1;
-
-#
-#  Bug#23080148 - Backport of Bug#20683959.
-#  Bug#20683959 LOAD DATA INFILE IGNORES A SPECIFIC ROW SILENTLY
-#               UNDER DB CHARSET IS UTF8.
-#
-CREATE DATABASE d1 CHARSET latin1;
-USE d1;
-CREATE TABLE t1 (val TEXT);
-LOAD DATA INFILE '../../std_data/bug20683959loaddata.txt' INTO TABLE t1;
-SELECT COUNT(*) FROM t1;
-COUNT(*)
-1
-SELECT HEX(val) FROM t1;
-HEX(val)
-C38322525420406E696F757A656368756E3A20E98198E2889AF58081AEE7B99DE4B88AE383A3E7B99DE69690F58087B3E7B9A7EFBDA8E7B99DEFBDB3E7B99DE78999E880B3E7B8BAEFBDAAE7B9A7E89699E296A1E7B8BAE4BBA3EFBD8CE7B8BAEFBDA9E7B8B2E2889AE38184E7B99DEFBDB3E7B99DE4B88AE383A3E7B99DE69690F58087B3E7B9A7EFBDA8E7B99DEFBDB3E7B99DE5B3A8EFBD84E8ABA0EFBDA8E89C89F580948EE599AAE7B8BAEFBDAAE7B8BAE9A198EFBDA9EFBDB1E7B9A7E581B5E289A0E7B8BAEFBDBEE7B9A7E9A194EFBDA9E882B4EFBDA5EFBDB5E980A7F5808B96E28693E99EABE38287E58F99E7B8BAE58AB1E28691E7B8BAF5808B9AE7828AE98095EFBDB1E7B8BAEFBDAFE7B8B2E288ABE6A89FE89EB3E6BA98F58081ADE88EA0EFBDBAE98095E6BA98F58081AEE89D93EFBDBAE8AD9BEFBDACE980A7F5808B96E28693E7B8BAF580918EE288AAE7B8BAE4B88AEFBC9EE7B8BAE4B99DE28691E7B8BAF5808B96EFBCA0E88DB3E6A68AEFBDB9EFBDB3E981B2E5B3A8E296A1E7B8BAE7A4BCE7828AE88DB3E6A68AEFBDB0EFBDBDE7B8BAA0E7B8BAE88B93EFBDBEE5B899EFBC9E
-CREATE DATABASE d2 CHARSET utf8;
-USE d2;
-CREATE TABLE t1 (val TEXT);
-LOAD DATA INFILE '../../std_data/bug20683959loaddata.txt' INTO TABLE t1;
-ERROR HY000: Invalid utf8 character string: '�"RT @niouzechun: \9058\221A'
-DROP TABLE d1.t1, d2.t1;
-DROP DATABASE d1;
-DROP DATABASE d2;
diff --git a/mysql-test/std_data/bug20683959loaddata.txt b/mysql-test/std_data/bug20683959loaddata.txt
deleted file mode 100644
index 1878cc78879..00000000000
--- a/mysql-test/std_data/bug20683959loaddata.txt
+++ /dev/null
@@ -1 +0,0 @@
-Ã"RT @niouzechun: 遘√����繝上ャ繝斐����繧ｨ繝ｳ繝牙耳縺ｪ繧薙□縺代ｌ縺ｩ縲√い繝ｳ繝上ャ繝斐����繧ｨ繝ｳ繝峨ｄ諠ｨ蜉����噪縺ｪ縺願ｩｱ繧偵≠縺ｾ繧顔ｩ肴･ｵ逧����↓鞫ょ叙縺励↑縺����炊逕ｱ縺ｯ縲∫樟螳溘����莠ｺ逕溘����蝓ｺ譛ｬ逧����↓縺����∪縺上＞縺九↑縺����＠荳榊ｹｳ遲峨□縺礼炊荳榊ｰｽ縺�縺苓ｾ帙＞
diff --git a/mysql-test/t/loaddata.test b/mysql-test/t/loaddata.test
index 7d0f3852b66..35243864c04 100644
--- a/mysql-test/t/loaddata.test
+++ b/mysql-test/t/loaddata.test
@@ -612,7 +612,7 @@ disconnect con1;
 --echo #
 
 CREATE TABLE t1(f1 INT);
-EVAL SELECT 0xE1C330 INTO OUTFILE 't1.dat';
+EVAL SELECT 0xE1BB30 INTO OUTFILE 't1.dat';
 --disable_warnings
 LOAD DATA INFILE 't1.dat' IGNORE INTO TABLE t1 CHARACTER SET utf8;
 --enable_warnings
@@ -658,26 +658,3 @@ SET @@sql_mode= @old_mode;
 --remove_file $MYSQLTEST_VARDIR/mysql
 DROP TABLE t1;
 
---echo
---echo #
---echo #  Bug#23080148 - Backport of Bug#20683959.
---echo #  Bug#20683959 LOAD DATA INFILE IGNORES A SPECIFIC ROW SILENTLY
---echo #               UNDER DB CHARSET IS UTF8.
---echo #
-
-CREATE DATABASE d1 CHARSET latin1;
-USE d1;
-CREATE TABLE t1 (val TEXT);
-LOAD DATA INFILE '../../std_data/bug20683959loaddata.txt' INTO TABLE t1;
-SELECT COUNT(*) FROM t1;
-SELECT HEX(val) FROM t1;
-
-CREATE DATABASE d2 CHARSET utf8;
-USE d2;
-CREATE TABLE t1 (val TEXT);
---error ER_INVALID_CHARACTER_STRING
-LOAD DATA INFILE '../../std_data/bug20683959loaddata.txt' INTO TABLE t1;
-
-DROP TABLE d1.t1, d2.t1;
-DROP DATABASE d1;
-DROP DATABASE d2;
diff --git a/sql/field.cc b/sql/field.cc
index 878e3d305af..716d522a196 100644
--- a/sql/field.cc
+++ b/sql/field.cc
@@ -1157,12 +1157,15 @@ void Field_num::prepend_zeros(String *value)
   int diff;
   if ((diff= (int) (field_length - value->length())) > 0)
   {
-    bmove_upp((uchar*) value->ptr()+field_length,
-              (uchar*) value->ptr()+value->length(),
-	      value->length());
-    bfill((uchar*) value->ptr(),diff,'0');
-    value->length(field_length);
-    (void) value->c_ptr_quick();		// Avoid warnings in purify
+    const bool error= value->realloc(field_length);
+    if (!error)
+    {
+      bmove_upp((uchar*) value->ptr()+field_length,
+                (uchar*) value->ptr()+value->length(),
+	        value->length());
+      bfill((uchar*) value->ptr(),diff,'0');
+      value->length(field_length);
+    }
   }
 }
 
diff --git a/sql/item_subselect.cc b/sql/item_subselect.cc
index dda9986f60f..5750de713e6 100644
--- a/sql/item_subselect.cc
+++ b/sql/item_subselect.cc
@@ -1,5 +1,5 @@
-/* Copyright (c) 2002, 2015, Oracle and/or its affiliates.
-   Copyright (c) 2010, 2015, MariaDB
+/* Copyright (c) 2002, 2016, Oracle and/or its affiliates.
+   Copyright (c) 2010, 2016, MariaDB
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -2969,8 +2969,12 @@ bool subselect_union_engine::is_executed() const
 
 bool subselect_union_engine::no_rows()
 {
+  bool rows_present= false;
+
   /* Check if we got any rows when reading UNION result from temp. table: */
-  return test(!unit->fake_select_lex->join->send_records);
+  if (unit->fake_select_lex->join)
+    rows_present= test(!unit->fake_select_lex->join->send_records);
+  return rows_present;
 }
 
 
@@ -6105,4 +6109,3 @@ end:
 void subselect_table_scan_engine::cleanup()
 {
 }
-
diff --git a/sql/mysqld.cc b/sql/mysqld.cc
index 11e9176861d..eb19e09d74e 100644
--- a/sql/mysqld.cc
+++ b/sql/mysqld.cc
@@ -3746,9 +3746,23 @@ static int init_common_variables()
   /* Set collactions that depends on the default collation */
   global_system_variables.collation_server=	 default_charset_info;
   global_system_variables.collation_database=	 default_charset_info;
-  global_system_variables.collation_connection=  default_charset_info;
-  global_system_variables.character_set_results= default_charset_info;
-  global_system_variables.character_set_client=  default_charset_info;
+
+  if (is_supported_parser_charset(default_charset_info))
+  {
+    global_system_variables.collation_connection= default_charset_info;
+    global_system_variables.character_set_results= default_charset_info;
+    global_system_variables.character_set_client= default_charset_info;
+  }
+  else
+  {
+    sql_print_information("'%s' can not be used as client character set. "
+                          "'%s' will be used as default client character set.",
+                          default_charset_info->csname,
+                          my_charset_latin1.csname);
+    global_system_variables.collation_connection= &my_charset_latin1;
+    global_system_variables.character_set_results= &my_charset_latin1;
+    global_system_variables.character_set_client= &my_charset_latin1;
+  }
 
   if (!(character_set_filesystem=
         get_charset_by_csname(character_set_filesystem_name,
@@ -8379,4 +8393,3 @@ template class I_List<i_string_pair>;
 template class I_List<Statement>;
 template class I_List_iterator<Statement>;
 #endif
-
diff --git a/sql/sql_load.cc b/sql/sql_load.cc
index 9f300f803de..4723c2b643d 100644
--- a/sql/sql_load.cc
+++ b/sql/sql_load.cc
@@ -1389,8 +1389,8 @@ READ_INFO::READ_INFO(File file_par, uint tot_length, CHARSET_INFO *cs,
   set_if_bigger(length,line_start.length());
   stack=stack_pos=(int*) sql_alloc(sizeof(int)*length);
 
-  if (!(buffer=(uchar*) my_malloc(buff_length+1,MYF(MY_WME))))
-    error= true; /* purecov: inspected */
+  if (!(buffer=(uchar*) my_malloc(buff_length+1,MYF(0))))
+    error=1; /* purecov: inspected */
   else
   {
     end_of_buff=buffer+buff_length;
@@ -1581,50 +1581,37 @@ int READ_INFO::read_field()
 	}
       }
 #ifdef USE_MB
-        uint ml= my_mbcharlen(read_charset, chr);
-        if (ml == 0)
-        {
-          *to= '\0';
-          my_error(ER_INVALID_CHARACTER_STRING, MYF(0),
-                   read_charset->csname, buffer);
-          error= true;
-          return 1;
-        }
+      if (my_mbcharlen(read_charset, chr) > 1 &&
+          to + my_mbcharlen(read_charset, chr) <= end_of_buff)
+      {
+        uchar* p= to;
+        int ml, i;
+        *to++ = chr;
 
-        if (ml > 1 &&
-            to + ml <= end_of_buff)
-        {
-          uchar* p= to;
-          *to++ = chr;
+        ml= my_mbcharlen(read_charset, chr);
 
-          for (uint i= 1; i < ml; i++)
+        for (i= 1; i < ml; i++)
+        {
+          chr= GET;
+          if (chr == my_b_EOF)
           {
-            chr= GET;
-            if (chr == my_b_EOF)
-            {
-              /*
-                Need to back up the bytes already ready from illformed
-                multi-byte char 
-              */
-              to-= i;
-              goto found_eof;
-            }
-            *to++ = chr;
+            /*
+             Need to back up the bytes already ready from illformed
+             multi-byte char
+            */
+            to-= i;
+            goto found_eof;
           }
-          if (my_ismbchar(read_charset,
+          *to++ = chr;
+        }
+        if (my_ismbchar(read_charset,
                         (const char *)p,
                         (const char *)to))
-            continue;
-          for (uint i= 0; i < ml; i++)
-            PUSH(*--to);
-          chr= GET;
-        }
-        else if (ml > 1)
-        {
-          // Buffer is too small, exit while loop, and reallocate.
-          PUSH(chr);
-          break;
-        }
+          continue;
+        for (i= 0; i < ml; i++)
+          PUSH(*--to);
+        chr= GET;
+      }
 #endif
       *to++ = (uchar) chr;
     }
@@ -1868,15 +1855,7 @@ int READ_INFO::read_value(int delim, String *val)
   for (chr= GET; my_tospace(chr) != delim && chr != my_b_EOF;)
   {
 #ifdef USE_MB
-    uint ml= my_mbcharlen(read_charset, chr);
-    if (ml == 0)
-    {
-      chr= my_b_EOF;
-      val->length(0);
-      return chr;
-    }
-
-    if (ml > 1)
+    if (my_mbcharlen(read_charset, chr) > 1)
     {
       DBUG_PRINT("read_xml",("multi byte"));
       int i, ml= my_mbcharlen(read_charset, chr);
diff --git a/sql/sql_select.cc b/sql/sql_select.cc
index 839665f3a9f..c406fab5a3a 100644
--- a/sql/sql_select.cc
+++ b/sql/sql_select.cc
@@ -11946,6 +11946,9 @@ static COND *build_equal_items_for_cond(THD *thd, COND *cond,
   COND_EQUAL cond_equal;
   cond_equal.upper_levels= inherited;
 
+  if (check_stack_overrun(thd, STACK_MIN_SIZE, NULL))
+    return cond;                          // Fatal error flag is set!
+
   if (cond->type() == Item::COND_ITEM)
   {
     List<Item> eq_list;
diff --git a/sql/sql_yacc.yy b/sql/sql_yacc.yy
index 50484e08b3f..7d981e03aea 100644
--- a/sql/sql_yacc.yy
+++ b/sql/sql_yacc.yy
@@ -4670,6 +4670,12 @@ part_name:
           {
             partition_info *part_info= Lex->part_info;
             partition_element *p_elem= part_info->curr_part_elem;
+            if (check_string_char_length(&$1, "", NAME_CHAR_LEN,
+                                         system_charset_info, true))
+            {
+              my_error(ER_TOO_LONG_IDENT, MYF(0), $1.str);
+              MYSQL_YYABORT;
+            }
             p_elem->partition_name= $1.str;
           }
         ;
@@ -4964,7 +4970,15 @@ sub_part_definition:
 
 sub_name:
           ident_or_text
-          { Lex->part_info->curr_part_elem->partition_name= $1.str; }
+          {
+            if (check_string_char_length(&$1, "", NAME_CHAR_LEN,
+                                         system_charset_info, true))
+            {
+              my_error(ER_TOO_LONG_IDENT, MYF(0), $1.str);
+              MYSQL_YYABORT;
+            }
+            Lex->part_info->curr_part_elem->partition_name= $1.str;
+          }
         ;
 
 opt_part_options:
diff --git a/storage/innobase/mach/mach0data.c b/storage/innobase/mach/mach0data.c
index 95b135b0954..9669516244d 100644
--- a/storage/innobase/mach/mach0data.c
+++ b/storage/innobase/mach/mach0data.c
@@ -1,6 +1,6 @@
 /*****************************************************************************
 
-Copyright (c) 1995, 2009, Innobase Oy. All Rights Reserved.
+Copyright (c) 1995, 2016, Oracle and/or its affiliates. All Rights Reserved.
 
 This program is free software; you can redistribute it and/or modify it under
 the terms of the GNU General Public License as published by the Free Software
@@ -55,8 +55,22 @@ mach_parse_compressed(
 	if (flag < 0x80UL) {
 		*val = flag;
 		return(ptr + 1);
+	}
+
+	/* Workaround GCC bug
+	https://gcc.gnu.org/bugzilla/show_bug.cgi?id=77673:
+	the compiler moves mach_read_from_4 right to the beginning of the
+	function, causing and out-of-bounds read if we are reading a short
+	integer close to the end of buffer. */
+#if defined(__GNUC__) && (__GNUC__ >= 5) && !defined(__clang__)
+#define DEPLOY_FENCE
+#endif
+
+#ifdef DEPLOY_FENCE
+	__atomic_thread_fence(__ATOMIC_ACQUIRE);
+#endif
 
-	} else if (flag < 0xC0UL) {
+	if (flag < 0xC0UL) {
 		if (end_ptr < ptr + 2) {
 			return(NULL);
 		}
@@ -64,8 +78,13 @@ mach_parse_compressed(
 		*val = mach_read_from_2(ptr) & 0x7FFFUL;
 
 		return(ptr + 2);
+	}
+
+#ifdef DEPLOY_FENCE
+	__atomic_thread_fence(__ATOMIC_ACQUIRE);
+#endif
 
-	} else if (flag < 0xE0UL) {
+	if (flag < 0xE0UL) {
 		if (end_ptr < ptr + 3) {
 			return(NULL);
 		}
@@ -73,7 +92,13 @@ mach_parse_compressed(
 		*val = mach_read_from_3(ptr) & 0x3FFFFFUL;
 
 		return(ptr + 3);
-	} else if (flag < 0xF0UL) {
+	}
+
+#ifdef DEPLOY_FENCE
+	__atomic_thread_fence(__ATOMIC_ACQUIRE);
+#endif
+
+	if (flag < 0xF0UL) {
 		if (end_ptr < ptr + 4) {
 			return(NULL);
 		}
@@ -81,14 +106,20 @@ mach_parse_compressed(
 		*val = mach_read_from_4(ptr) & 0x1FFFFFFFUL;
 
 		return(ptr + 4);
-	} else {
-		ut_ad(flag == 0xF0UL);
+	}
 
-		if (end_ptr < ptr + 5) {
-			return(NULL);
-		}
+#ifdef DEPLOY_FENCE
+	__atomic_thread_fence(__ATOMIC_ACQUIRE);
+#endif
+
+#undef DEPLOY_FENCE
+
+	ut_ad(flag == 0xF0UL);
 
-		*val = mach_read_from_4(ptr + 1);
-		return(ptr + 5);
+	if (end_ptr < ptr + 5) {
+		return(NULL);
 	}
+
+	*val = mach_read_from_4(ptr + 1);
+	return(ptr + 5);
 }