diff options
-rw-r--r-- | mysql-test/r/func_math.result | 43 | ||||
-rw-r--r-- | mysql-test/r/processlist.result | 3 | ||||
-rw-r--r-- | mysql-test/r/processlist_notembedded.result | 12 | ||||
-rw-r--r-- | mysql-test/r/subselect_sj.result | 26 | ||||
-rw-r--r-- | mysql-test/r/subselect_sj_jcl6.result | 26 | ||||
-rw-r--r-- | mysql-test/t/func_math.test | 25 | ||||
-rw-r--r-- | mysql-test/t/processlist.test | 4 | ||||
-rw-r--r-- | mysql-test/t/processlist_notembedded.test | 34 | ||||
-rw-r--r-- | mysql-test/t/subselect_sj.test | 26 | ||||
-rw-r--r-- | scripts/mysqlaccess.sh | 2 | ||||
-rw-r--r-- | sql/opt_subselect.cc | 12 | ||||
-rw-r--r-- | sql/sql_show.cc | 8 | ||||
-rw-r--r-- | strings/ctype-simple.c | 18 |
13 files changed, 227 insertions, 12 deletions
diff --git a/mysql-test/r/func_math.result b/mysql-test/r/func_math.result index 34b49f02659..66ee73de88e 100644 --- a/mysql-test/r/func_math.result +++ b/mysql-test/r/func_math.result @@ -875,6 +875,49 @@ t1 CREATE TABLE `t1` ( ) ENGINE=MyISAM DEFAULT CHARSET=latin1 DROP TABLE t1; # +# Bug #29723340: MYSQL SERVER CRASH AFTER SQL QUERY WITH DATA ?AST +# +create table t1(a int); +insert ignore t1 values("1e-214748364"); +Warnings: +Warning 1265 Data truncated for column 'a' at row 1 +insert ignore t1 values("1e-2147483648"); +Warnings: +Warning 1265 Data truncated for column 'a' at row 1 +insert ignore t1 values("1e-21474836480"); +Warnings: +Warning 1265 Data truncated for column 'a' at row 1 +insert ignore t1 values("1e+214748364"); +Warnings: +Warning 1264 Out of range value for column 'a' at row 1 +insert ignore t1 values("1e+2147483647"); +Warnings: +Warning 1264 Out of range value for column 'a' at row 1 +insert ignore t1 values("1e+21474836470"); +Warnings: +Warning 1264 Out of range value for column 'a' at row 1 +set global max_allowed_packet= cast(2*1024*1024*1024+1024 as unsigned); +Warnings: +Warning 1292 Truncated incorrect max_allowed_packet value: '2147484672' +connect foo,localhost,root; +set @a=2147483647; +insert ignore t1 values (concat('1', repeat('0', @a+18), 'e-', @a-1, '0')); +Warnings: +Warning 1301 Result of repeat() was larger than max_allowed_packet (1073741824) - truncated +disconnect foo; +connection default; +set global max_allowed_packet=default; +select * from t1; +a +0 +0 +0 +2147483647 +2147483647 +2147483647 +NULL +drop table t1; +# # End of 5.5 tests # # diff --git a/mysql-test/r/processlist.result b/mysql-test/r/processlist.result index 4be643c1790..2d3228a6d91 100644 --- a/mysql-test/r/processlist.result +++ b/mysql-test/r/processlist.result @@ -23,8 +23,9 @@ select command, time < 5 from information_schema.processlist where id != connect command time < 5 Sleep 1 disconnect con1; -set debug_sync='reset'; connection default; +set debug_sync='reset'; +End of 5.5 tests # # 10.1 tests # diff --git a/mysql-test/r/processlist_notembedded.result b/mysql-test/r/processlist_notembedded.result new file mode 100644 index 00000000000..67eeb5ae2ff --- /dev/null +++ b/mysql-test/r/processlist_notembedded.result @@ -0,0 +1,12 @@ +# +# MDEV-20466: SHOW PROCESSLIST truncates query text on \0 bytes +# +connect con1,localhost,root,,; +connection con1; +SET DEBUG_SYNC= 'before_join_optimize SIGNAL in_sync'; +connection default; +SET DEBUG_SYNC= 'now WAIT_FOR in_sync'; +FOUND 1 /sleep \(30\)/ in MDEV-20466.text +disconnect con1; +SET DEBUG_SYNC = 'RESET'; +End of 5.5 tests diff --git a/mysql-test/r/subselect_sj.result b/mysql-test/r/subselect_sj.result index 262b4acdc89..28570223400 100644 --- a/mysql-test/r/subselect_sj.result +++ b/mysql-test/r/subselect_sj.result @@ -3199,5 +3199,31 @@ create table t1 (a1 varchar(25)); create table t2 (a2 varchar(25)) ; insert into t1 select 'xxx' from dual where 'xxx' in (select a2 from t2); drop table t1,t2; +# +# MDEV-13172: Wrong result / SELECT ... WHERE EXISTS ... (with UNIQUE Key) +# +CREATE TABLE `t1` ( +`Id` int(11) NOT NULL, +PRIMARY KEY (`Id`) +); +INSERT INTO `t1` (`Id`) VALUES (1); +CREATE TABLE `t2` ( +`t1_Id` int(11) NOT NULL DEFAULT 0, +`col1` int(11) DEFAULT NULL, +UNIQUE KEY `col1` (`col1`) +); +INSERT INTO `t2` (`t1_Id`, `col1`) VALUES (1, NULL), (1, NULL); +SELECT Id FROM t1 WHERE Id in (SELECT t1_Id FROM t2 WHERE t2.col1 IS NULL); +Id +1 +explain extended +SELECT Id FROM t1 WHERE Id in (SELECT t1_Id FROM t2 WHERE t2.col1 IS NULL); +id select_type table type possible_keys key key_len ref rows filtered Extra +1 PRIMARY t1 system PRIMARY NULL NULL NULL 1 100.00 +1 PRIMARY <subquery2> eq_ref distinct_key distinct_key 4 func 1 100.00 +2 MATERIALIZED t2 ref col1 col1 5 const 1 100.00 Using index condition; Using where +Warnings: +Note 1003 select 1 AS `Id` from (`test`.`t2`) where `test`.`t2`.`t1_Id` = 1 and `test`.`t2`.`col1` is null +DROP TABLE t1, t2; # End of 5.5 test set optimizer_switch=@subselect_sj_tmp; diff --git a/mysql-test/r/subselect_sj_jcl6.result b/mysql-test/r/subselect_sj_jcl6.result index 3c52dc515f3..0484beddcbc 100644 --- a/mysql-test/r/subselect_sj_jcl6.result +++ b/mysql-test/r/subselect_sj_jcl6.result @@ -3211,6 +3211,32 @@ create table t1 (a1 varchar(25)); create table t2 (a2 varchar(25)) ; insert into t1 select 'xxx' from dual where 'xxx' in (select a2 from t2); drop table t1,t2; +# +# MDEV-13172: Wrong result / SELECT ... WHERE EXISTS ... (with UNIQUE Key) +# +CREATE TABLE `t1` ( +`Id` int(11) NOT NULL, +PRIMARY KEY (`Id`) +); +INSERT INTO `t1` (`Id`) VALUES (1); +CREATE TABLE `t2` ( +`t1_Id` int(11) NOT NULL DEFAULT 0, +`col1` int(11) DEFAULT NULL, +UNIQUE KEY `col1` (`col1`) +); +INSERT INTO `t2` (`t1_Id`, `col1`) VALUES (1, NULL), (1, NULL); +SELECT Id FROM t1 WHERE Id in (SELECT t1_Id FROM t2 WHERE t2.col1 IS NULL); +Id +1 +explain extended +SELECT Id FROM t1 WHERE Id in (SELECT t1_Id FROM t2 WHERE t2.col1 IS NULL); +id select_type table type possible_keys key key_len ref rows filtered Extra +1 PRIMARY t1 system PRIMARY NULL NULL NULL 1 100.00 +1 PRIMARY <subquery2> eq_ref distinct_key distinct_key 4 func 1 100.00 +2 MATERIALIZED t2 ref col1 col1 5 const 1 100.00 Using index condition; Using where +Warnings: +Note 1003 select 1 AS `Id` from (`test`.`t2`) where `test`.`t2`.`t1_Id` = 1 and `test`.`t2`.`col1` is null +DROP TABLE t1, t2; # End of 5.5 test set optimizer_switch=@subselect_sj_tmp; # diff --git a/mysql-test/t/func_math.test b/mysql-test/t/func_math.test index 46b0a00233b..04fee6fb66b 100644 --- a/mysql-test/t/func_math.test +++ b/mysql-test/t/func_math.test @@ -628,6 +628,31 @@ DROP TABLE t1; --echo # +--echo # Bug #29723340: MYSQL SERVER CRASH AFTER SQL QUERY WITH DATA ?AST +--echo # + +create table t1(a int); +insert ignore t1 values("1e-214748364"); +insert ignore t1 values("1e-2147483648"); +insert ignore t1 values("1e-21474836480"); +insert ignore t1 values("1e+214748364"); +insert ignore t1 values("1e+2147483647"); +insert ignore t1 values("1e+21474836470"); + +# if max max_allowed_packet will ever be increased beyond 2GB, this could +# break again: +set global max_allowed_packet= cast(2*1024*1024*1024+1024 as unsigned); +connect foo,localhost,root; +set @a=2147483647; +insert ignore t1 values (concat('1', repeat('0', @a+18), 'e-', @a-1, '0')); +disconnect foo; +connection default; +set global max_allowed_packet=default; + +select * from t1; +drop table t1; + +--echo # --echo # End of 5.5 tests --echo # diff --git a/mysql-test/t/processlist.test b/mysql-test/t/processlist.test index 4734c75c8d3..8e98701459a 100644 --- a/mysql-test/t/processlist.test +++ b/mysql-test/t/processlist.test @@ -49,10 +49,10 @@ SET DEBUG_SYNC = 'now WAIT_FOR query_done'; select command, time < 5 from information_schema.processlist where id != connection_id(); disconnect con1; -set debug_sync='reset'; - connection default; +set debug_sync='reset'; +--echo End of 5.5 tests --echo # --echo # 10.1 tests diff --git a/mysql-test/t/processlist_notembedded.test b/mysql-test/t/processlist_notembedded.test new file mode 100644 index 00000000000..2dc6a0539ab --- /dev/null +++ b/mysql-test/t/processlist_notembedded.test @@ -0,0 +1,34 @@ +source include/have_debug.inc; +source include/have_debug_sync.inc; +source include/not_embedded.inc; + +--echo # +--echo # MDEV-20466: SHOW PROCESSLIST truncates query text on \0 bytes +--echo # + +connect (con1,localhost,root,,); + +connection con1; + +let $q= `select CONCAT("SELECT user FROM mysql.user WHERE user ='some", CHAR(0), "' or sleep (30)")`; + +SET DEBUG_SYNC= 'before_join_optimize SIGNAL in_sync'; +--disable_query_log +--send_eval $q; +--enable_query_log +connection default; + +SET DEBUG_SYNC= 'now WAIT_FOR in_sync'; + +exec $MYSQL test -e "SHOW PROCESSLIST" > $MYSQLTEST_VARDIR/tmp/MDEV-20466.text; + +let SEARCH_FILE=$MYSQLTEST_VARDIR/tmp/MDEV-20466.text; +let SEARCH_PATTERN=sleep \(30\); +source include/search_pattern_in_file.inc; +remove_file $MYSQLTEST_VARDIR/tmp/MDEV-20466.text; + +disconnect con1; + +SET DEBUG_SYNC = 'RESET'; + +--echo End of 5.5 tests diff --git a/mysql-test/t/subselect_sj.test b/mysql-test/t/subselect_sj.test index e619a5df52c..c6877db8281 100644 --- a/mysql-test/t/subselect_sj.test +++ b/mysql-test/t/subselect_sj.test @@ -2886,6 +2886,32 @@ insert into t1 select 'xxx' from dual where 'xxx' in (select a2 from t2); drop table t1,t2; + +--echo # +--echo # MDEV-13172: Wrong result / SELECT ... WHERE EXISTS ... (with UNIQUE Key) +--echo # + +CREATE TABLE `t1` ( + `Id` int(11) NOT NULL, + PRIMARY KEY (`Id`) +); + +INSERT INTO `t1` (`Id`) VALUES (1); + +CREATE TABLE `t2` ( + `t1_Id` int(11) NOT NULL DEFAULT 0, + `col1` int(11) DEFAULT NULL, + UNIQUE KEY `col1` (`col1`) +); + +INSERT INTO `t2` (`t1_Id`, `col1`) VALUES (1, NULL), (1, NULL); + +SELECT Id FROM t1 WHERE Id in (SELECT t1_Id FROM t2 WHERE t2.col1 IS NULL); +explain extended +SELECT Id FROM t1 WHERE Id in (SELECT t1_Id FROM t2 WHERE t2.col1 IS NULL); + +DROP TABLE t1, t2; + --echo # End of 5.5 test # The following command must be the last one the file diff --git a/scripts/mysqlaccess.sh b/scripts/mysqlaccess.sh index c599aa96c57..aaf711b0fb9 100644 --- a/scripts/mysqlaccess.sh +++ b/scripts/mysqlaccess.sh @@ -26,7 +26,7 @@ use Fcntl; BEGIN { # **************************** # static information... - $VERSION = "2.06, 20 Dec 2000"; + $VERSION = "2.10, 13 Sep 2019"; $0 =~ m%/([^/]+)$%o; $script = $1; $script = 'MySQLAccess' unless $script; diff --git a/sql/opt_subselect.cc b/sql/opt_subselect.cc index 1d3ebba4f4e..2fb5b88687f 100644 --- a/sql/opt_subselect.cc +++ b/sql/opt_subselect.cc @@ -2647,9 +2647,17 @@ bool find_eq_ref_candidate(TABLE *table, table_map sj_inner_tables) { do /* For all equalities on all key parts */ { - /* Check if this is "t.keypart = expr(outer_tables) */ + /* + Check if this is "t.keypart = expr(outer_tables) + + Don't allow variants that can produce duplicates: + - Dont allow "ref or null" + - the keyuse (that is, the operation) must be null-rejecting, + unless the other expression is non-NULLable. + */ if (!(keyuse->used_tables & sj_inner_tables) && - !(keyuse->optimize & KEY_OPTIMIZE_REF_OR_NULL)) + !(keyuse->optimize & KEY_OPTIMIZE_REF_OR_NULL) && + (keyuse->null_rejecting || !keyuse->val->maybe_null)) { bound_parts |= 1 << keyuse->keypart; } diff --git a/sql/sql_show.cc b/sql/sql_show.cc index 1099821fcb3..4bc9870f422 100644 --- a/sql/sql_show.cc +++ b/sql/sql_show.cc @@ -2734,8 +2734,12 @@ void mysqld_list_processes(THD *thd,const char *user, bool verbose) else protocol->store_null(); protocol->store(thd_info->state_info, system_charset_info); - protocol->store(thd_info->query_string.str(), - thd_info->query_string.charset()); + if (thd_info->query_string.length()) + protocol->store(thd_info->query_string.str(), + thd_info->query_string.length(), + thd_info->query_string.charset()); + else + protocol->store_null(); if (!thd->variables.old_mode && !(thd->variables.old_behavior & OLD_MODE_NO_PROGRESS_INFO)) protocol->store(thd_info->progress, 3, &store_buffer); diff --git a/strings/ctype-simple.c b/strings/ctype-simple.c index 9b13be5aaa2..1c382de5e28 100644 --- a/strings/ctype-simple.c +++ b/strings/ctype-simple.c @@ -1,5 +1,5 @@ /* Copyright (c) 2002, 2013, Oracle and/or its affiliates. - Copyright (c) 2009, 2014, SkySQL Ab. + Copyright (c) 2009, 2019, MariaDB Corporation. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -1726,10 +1726,20 @@ exp: /* [ E [ <sign> ] <unsigned integer> ] */ goto ret_sign; } } - for (exponent= 0 ; - str < end && (ch= (uchar) (*str - '0')) < 10; - str++) + if (shift > 0 && !negative_exp) + goto ret_too_big; + for (exponent= 0 ; str < end && (ch= (uchar) (*str - '0')) < 10; str++) { + if (negative_exp) + { + if (exponent - shift > DIGITS_IN_ULONGLONG) + goto ret_zero; + } + else + { + if (exponent + shift > DIGITS_IN_ULONGLONG) + goto ret_too_big; + } exponent= exponent * 10 + ch; } shift+= negative_exp ? -exponent : exponent; |