From e0baab2eb0f0de4c26bb0568b3afcabb40b36ac9 Mon Sep 17 00:00:00 2001 From: unknown Date: Mon, 25 Nov 2002 13:14:38 +0100 Subject: mysql.server.sh: - reverted some incompatible/non-portable modifications support-files/mysql.server.sh: - reverted non-portable change ("echo -n" does not work on all platforms) - reverted incompatible change (better fix the docs than break existing installations) --- support-files/mysql.server.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/support-files/mysql.server.sh b/support-files/mysql.server.sh index 91821fd09e5..1b050bad627 100644 --- a/support-files/mysql.server.sh +++ b/support-files/mysql.server.sh @@ -79,7 +79,7 @@ parse_arguments() { done } -# Get arguments from the my.cnf file, groups [mysqld] and [mysql.server] +# Get arguments from the my.cnf file, groups [mysqld] and [mysql_server] if test -x ./bin/my_print_defaults then print_defaults="./bin/my_print_defaults" @@ -117,7 +117,7 @@ else test -z "$print_defaults" && print_defaults="my_print_defaults" fi -parse_arguments `$print_defaults $defaults mysqld mysql.server` +parse_arguments `$print_defaults $defaults mysqld mysql_server` # Safeguard (relative paths, core dumps..) cd $basedir @@ -154,7 +154,7 @@ case "$mode" in sleep 1 while [ -s $pid_file -a "$flags" != aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa ] do - [ -z "$flags" ] && echo -n "Wait for mysqld to exit" || echo -n "." + [ -z "$flags" ] && echo "Wait for mysqld to exit\c" || echo ".\c" flags=a$flags sleep 1 done -- cgit v1.2.1 From 562fc5dfccc9bed7dbe952bbc41586500427154a Mon Sep 17 00:00:00 2001 From: unknown Date: Mon, 25 Nov 2002 13:30:56 +0100 Subject: - fixed tabbing --- support-files/mysql.server.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/support-files/mysql.server.sh b/support-files/mysql.server.sh index 1b050bad627..6c3fa9f1127 100644 --- a/support-files/mysql.server.sh +++ b/support-files/mysql.server.sh @@ -154,7 +154,7 @@ case "$mode" in sleep 1 while [ -s $pid_file -a "$flags" != aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa ] do - [ -z "$flags" ] && echo "Wait for mysqld to exit\c" || echo ".\c" + [ -z "$flags" ] && echo "Wait for mysqld to exit\c" || echo ".\c" flags=a$flags sleep 1 done -- cgit v1.2.1 From 09a621897616ecdf0217db082a0b52c26b4c4adc Mon Sep 17 00:00:00 2001 From: unknown Date: Wed, 27 Nov 2002 10:05:49 -0400 Subject: Fix for shutdown on several instances servers started as standalone --- sql/mysqld.cc | 25 +++++++++++++------------ 1 file changed, 13 insertions(+), 12 deletions(-) diff --git a/sql/mysqld.cc b/sql/mysqld.cc index b02d7179ae4..583d9e9debd 100644 --- a/sql/mysqld.cc +++ b/sql/mysqld.cc @@ -383,7 +383,7 @@ enum db_type default_table_type=DB_TYPE_MYISAM; #undef getpid #include HANDLE hEventShutdown; -static char *event_name; +static char shutdown_event_name[40]; #include "nt_servc.h" static NTService Service; // Service object for WinNT #endif @@ -640,10 +640,6 @@ void kill_mysql(void) { DBUG_PRINT("error",("Got error: %ld from SetEvent",GetLastError())); } - // or: - // HANDLE hEvent=OpenEvent(0, FALSE, "MySqlShutdown"); - // SetEvent(hEventShutdown); - // CloseHandle(hEvent); } #elif defined(OS2) pthread_cond_signal( &eventShutdown); // post semaphore @@ -1993,7 +1989,7 @@ The server will not act as a slave."); (void) thr_setconcurrency(concurrency); // 10 by default #ifdef __WIN__ //IRENA { - hEventShutdown=CreateEvent(0, FALSE, FALSE, "MySqlShutdown"); + hEventShutdown=CreateEvent(0, FALSE, FALSE, shutdown_event_name); pthread_t hThread; if (pthread_create(&hThread,&connection_attrib,handle_shutdown,0)) sql_print_error("Warning: Can't create thread to handle shutdown requests"); @@ -2182,6 +2178,14 @@ bool default_service_handling(char **argv, int main(int argc, char **argv) { + + /* When several instances are running on the same machine, we + need to have an unique named hEventShudown through the + application PID e.g.: MySQLShutdown1890; MySQLShutdown2342 + */ + int2str((int) GetCurrentProcessId(),strmov(shutdown_event_name, + "MySQLShutdown"), 10); + if (Service.GetOS()) /* true NT family */ { char file_path[FN_REFLEN]; @@ -2196,10 +2200,9 @@ int main(int argc, char **argv) if (Service.IsService(argv[1])) { /* start an optional service */ - event_name= argv[1]; - load_default_groups[0]= argv[1]; + load_default_groups[0]= argv[1]; start_mode= 1; - Service.Init(event_name, mysql_service); + Service.Init(argv[1], mysql_service); return 0; } } @@ -2218,9 +2221,8 @@ int main(int argc, char **argv) use_opt_args=1; opt_argc=argc; opt_argv=argv; - event_name= argv[2]; start_mode= 1; - Service.Init(event_name, mysql_service); + Service.Init(argv[2], mysql_service); return 0; } } @@ -2240,7 +2242,6 @@ int main(int argc, char **argv) { /* start the default service */ start_mode= 1; - event_name= "MySqlShutdown"; Service.Init(MYSQL_SERVICENAME, mysql_service); return 0; } -- cgit v1.2.1 From bbb0f7788457a43821e2ae29bbd1599ea044b9dc Mon Sep 17 00:00:00 2001 From: unknown Date: Wed, 27 Nov 2002 18:05:41 +0200 Subject: fix for SHOW VARS for IA64 and other 64 bit systems --- sql/sql_show.cc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sql/sql_show.cc b/sql/sql_show.cc index 9829f7f0b78..1d737f0bf62 100644 --- a/sql/sql_show.cc +++ b/sql/sql_show.cc @@ -1145,7 +1145,7 @@ int mysqld_show(THD *thd, const char *wild, show_var_st *variables) switch (variables[i].type){ case SHOW_LONG: case SHOW_LONG_CONST: - net_store_data(&packet2,(uint32) *(ulong*) variables[i].value); + net_store_data(&packet2,(long long) *(ulong*) variables[i].value); break; case SHOW_BOOL: net_store_data(&packet2,(ulong) *(bool*) variables[i].value ? -- cgit v1.2.1 From 7dc2b70f4960b201e0edfb8b92a565d71053acf4 Mon Sep 17 00:00:00 2001 From: unknown Date: Thu, 28 Nov 2002 16:37:58 +0200 Subject: Better fix for 64 bit CPU .. --- sql/sql_show.cc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sql/sql_show.cc b/sql/sql_show.cc index 1d737f0bf62..028d6b055ff 100644 --- a/sql/sql_show.cc +++ b/sql/sql_show.cc @@ -1145,7 +1145,7 @@ int mysqld_show(THD *thd, const char *wild, show_var_st *variables) switch (variables[i].type){ case SHOW_LONG: case SHOW_LONG_CONST: - net_store_data(&packet2,(long long) *(ulong*) variables[i].value); + net_store_data(&packet2,(longlong) *(ulong*) variables[i].value); break; case SHOW_BOOL: net_store_data(&packet2,(ulong) *(bool*) variables[i].value ? -- cgit v1.2.1 From 522d022e1de97eebd97dcfcc0370e6116b9feb15 Mon Sep 17 00:00:00 2001 From: unknown Date: Thu, 28 Nov 2002 19:38:01 +0100 Subject: chroot() need chdir("/") afterwards to work --- sql/mysqld.cc | 1 + 1 file changed, 1 insertion(+) diff --git a/sql/mysqld.cc b/sql/mysqld.cc index 71b832f24f4..73c44b49709 100644 --- a/sql/mysqld.cc +++ b/sql/mysqld.cc @@ -886,6 +886,7 @@ static void set_root(const char *path) sql_perror("chroot"); unireg_abort(1); } + my_setwd("/", MYF(0)); #endif } -- cgit v1.2.1 From 50e61c5175846ebcc72e15444b20995234270ee3 Mon Sep 17 00:00:00 2001 From: unknown Date: Sat, 30 Nov 2002 18:38:44 +0200 Subject: a fix for a bug with HAVING sum_func IN (...) --- mysql-test/r/group_by.result | 7 +++++++ mysql-test/t/group_by.test | 1 + sql/item_cmpfunc.cc | 8 ++++++++ sql/item_cmpfunc.h | 2 ++ 4 files changed, 18 insertions(+) diff --git a/mysql-test/r/group_by.result b/mysql-test/r/group_by.result index 200cbc29b08..b557d90f312 100644 --- a/mysql-test/r/group_by.result +++ b/mysql-test/r/group_by.result @@ -30,6 +30,13 @@ Documentation 0 Host communication 0 kkkkkkkkkkk lllllllllll 3 Test Procedures 0 +value description COUNT(bug_id) +BBBBBBBBBBBBB - conversion 2 +BBBBBBBBBBBBB - eeeeeeeee 0 +BBBBBBBBBBBBB - generic 2 +Documentation 0 +Host communication 0 +Test Procedures 0 1+1 a count(*) 2 a 0 1+1 a count(*) diff --git a/mysql-test/t/group_by.test b/mysql-test/t/group_by.test index dfbb2f325a9..e4b7d659a8e 100644 --- a/mysql-test/t/group_by.test +++ b/mysql-test/t/group_by.test @@ -206,6 +206,7 @@ INSERT INTO t2 VALUES ('Web Interface','AAAAAAAA-AAA','id0001','',''); INSERT INTO t2 VALUES ('Host communication','AAAAA','id0001','',''); select value,description,bug_id from t2 left join t1 on t2.program=t1.product and t2.value=t1.component where program="AAAAA"; select value,description,COUNT(bug_id) from t2 left join t1 on t2.program=t1.product and t2.value=t1.component where program="AAAAA" group by value; +select value,description,COUNT(bug_id) from t2 left join t1 on t2.program=t1.product and t2.value=t1.component where program="AAAAA" group by value having COUNT(bug_id) IN (0,2); drop table t1,t2; diff --git a/sql/item_cmpfunc.cc b/sql/item_cmpfunc.cc index 36ecde337a7..4ef77d0c509 100644 --- a/sql/item_cmpfunc.cc +++ b/sql/item_cmpfunc.cc @@ -1029,6 +1029,14 @@ void Item_func_in::update_used_tables() used_tables_cache|=item->used_tables(); const_item_cache&=item->const_item(); } +void Item_func_in::split_sum_func(List &fields) +{ + if (item->used_tables() || item->type() == SUM_FUNC_ITEM) + { + fields.push_front(item); + item=new Item_ref((Item**) fields.head_ref(),0,item->name); + } +} longlong Item_func_bit_or::val_int() diff --git a/sql/item_cmpfunc.h b/sql/item_cmpfunc.h index e7c598808e8..72d4e06e39c 100644 --- a/sql/item_cmpfunc.h +++ b/sql/item_cmpfunc.h @@ -410,6 +410,7 @@ class Item_func_in :public Item_int_func longlong val_int(); bool fix_fields(THD *thd,struct st_table_list *tlist) { + with_sum_func= with_sum_func || item->with_sum_func; return (item->fix_fields(thd,tlist) || Item_func::fix_fields(thd,tlist)); } void fix_length_and_dec(); @@ -421,6 +422,7 @@ class Item_func_in :public Item_int_func enum Functype functype() const { return IN_FUNC; } const char *func_name() const { return " IN "; } void update_used_tables(); + void split_sum_func(List &fields); }; -- cgit v1.2.1 From a3f9f721bca6d7d2dcd414fa295812995219ca86 Mon Sep 17 00:00:00 2001 From: unknown Date: Mon, 2 Dec 2002 10:47:15 +0200 Subject: Fixed bug in <=> NULL handling --- sql/opt_range.cc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sql/opt_range.cc b/sql/opt_range.cc index 0645fe15df3..b2128c3eb4a 100644 --- a/sql/opt_range.cc +++ b/sql/opt_range.cc @@ -1030,7 +1030,7 @@ get_mm_leaf(Field *field,KEY_PART *key_part, { /* convert column_name <=> NULL -> column_name IS NULL */ char *str= (char*) sql_alloc(1); // Get local copy of key - if (!*str) + if (!str) DBUG_RETURN(0); *str = 1; DBUG_RETURN(new SEL_ARG(field,str,str)); -- cgit v1.2.1 From e3cecfd10c8006c6a9dabbb149225adbf5ce4deb Mon Sep 17 00:00:00 2001 From: unknown Date: Mon, 2 Dec 2002 13:41:08 +0200 Subject: Fixed bug in MAX() optimization when used with JOIN and ON expressions (Patch from 4.0.5) mysql-test/r/group_by.result: Updated results mysql-test/t/group_by.test: Test for bug sql/item_cmpfunc.cc: Fixed bug in MAX() optimization when used with JOIN and ON expressions sql/item_cmpfunc.h: Fixed bug in MAX() optimization when used with JOIN and ON expressions sql/opt_sum.cc: Fixed bug in MAX() optimization when used with JOIN and ON expressions --- mysql-test/r/group_by.result | 6 ++++++ mysql-test/t/group_by.test | 41 ++++++++++++++++++++++++++++++++++++++++- sql/item_cmpfunc.cc | 39 +++++++++++++++++++++++++++++++++++++++ sql/item_cmpfunc.h | 2 ++ sql/opt_sum.cc | 13 +++++++++++++ 5 files changed, 100 insertions(+), 1 deletion(-) diff --git a/mysql-test/r/group_by.result b/mysql-test/r/group_by.result index 200cbc29b08..df67f19d957 100644 --- a/mysql-test/r/group_by.result +++ b/mysql-test/r/group_by.result @@ -84,3 +84,9 @@ xID xID1 Level 2 2 ** 3 134 *** 4 185 **** +pid c1id c2id value id active id active +1 1 NULL 1 1 Yes NULL NULL +1 NULL 3 3 NULL NULL 3 Yes +1 4 NULL 4 4 Yes NULL NULL +max(value) +4 diff --git a/mysql-test/t/group_by.test b/mysql-test/t/group_by.test index dfbb2f325a9..fa32f2a6fa0 100644 --- a/mysql-test/t/group_by.test +++ b/mysql-test/t/group_by.test @@ -2,7 +2,7 @@ # Test of group (Failed for Lars Hoss ) # -drop table if exists t1,t2; +drop table if exists t1,t2,t3; CREATE TABLE t1 ( spID int(10) unsigned, userID int(10) unsigned, @@ -270,3 +270,42 @@ insert into t1 values (1,244,NULL),(2,243,NULL),(134,223,NULL),(185,186,NULL); select S.ID as xID, S.ID1 as xID1 from t1 as S left join t1 as yS on S.ID1 between yS.ID1 and yS.ID2; select S.ID as xID, S.ID1 as xID1, repeat('*',count(distinct yS.ID)) as Level from t1 as S left join t1 as yS on S.ID1 between yS.ID1 and yS.ID2 group by xID order by xID1; drop table t1; + +# +# Problem with MAX and LEFT JOIN +# + +CREATE TABLE t1 ( + pid int(11) unsigned NOT NULL default '0', + c1id int(11) unsigned default NULL, + c2id int(11) unsigned default NULL, + value int(11) unsigned NOT NULL default '0', + UNIQUE KEY pid2 (pid,c1id,c2id), + UNIQUE KEY pid (pid,value) +) TYPE=MyISAM; + +INSERT INTO t1 VALUES (1, 1, NULL, 1),(1, 2, NULL, 2),(1, NULL, 3, 3),(1, 4, NULL, 4),(1, 5, NULL, 5); + +CREATE TABLE t2 ( + id int(11) unsigned NOT NULL default '0', + active enum('Yes','No') NOT NULL default 'Yes', + PRIMARY KEY (id) +) TYPE=MyISAM; + +INSERT INTO t2 VALUES (1, 'Yes'),(2, 'No'),(4, 'Yes'),(5, 'No'); + +CREATE TABLE t3 ( + id int(11) unsigned NOT NULL default '0', + active enum('Yes','No') NOT NULL default 'Yes', + PRIMARY KEY (id) +); +INSERT INTO t3 VALUES (3, 'Yes'); + +select * from t1 AS m LEFT JOIN t2 AS c1 ON m.c1id = +c1.id AND c1.active = 'Yes' LEFT JOIN t3 AS c2 ON m.c2id = c2.id AND +c2.active = 'Yes' WHERE m.pid=1 AND (c1.id IS NOT NULL OR c2.id IS NOT NULL); +select max(value) from t1 AS m LEFT JOIN t2 AS c1 ON +m.c1id = c1.id AND c1.active = 'Yes' LEFT JOIN t3 AS c2 ON m.c2id = +c2.id AND c2.active = 'Yes' WHERE m.pid=1 AND (c1.id IS NOT NULL OR c2.id IS +NOT NULL); +drop table t1,t2,t3; diff --git a/sql/item_cmpfunc.cc b/sql/item_cmpfunc.cc index 36ecde337a7..c50a1bc088f 100644 --- a/sql/item_cmpfunc.cc +++ b/sql/item_cmpfunc.cc @@ -1207,6 +1207,45 @@ longlong Item_cond_or::val_int() return 0; } +/* + Create an AND expression from two expressions + + SYNOPSIS + and_expressions() + a expression or NULL + b expression. + org_item Don't modify a if a == *org_item + If a == NULL, org_item is set to point at b, + to ensure that future calls will not modify b. + + NOTES + This will not modify item pointed to by org_item or b + The idea is that one can call this in a loop and create and + 'and' over all items without modifying any of the original items. + + RETURN + NULL Error + Item +*/ + +Item *and_expressions(Item *a, Item *b, Item **org_item) +{ + if (!a) + return (*org_item= (Item*) b); + if (a == *org_item) + { + Item_cond *res; + if ((res= new Item_cond_and(a, (Item*) b))) + res->used_tables_cache= a->used_tables() | b->used_tables(); + return res; + } + if (((Item_cond_and*) a)->add((Item*) b)) + return 0; + ((Item_cond_and*) a)->used_tables_cache|= b->used_tables(); + return a; +} + + longlong Item_func_isnull::val_int() { /* diff --git a/sql/item_cmpfunc.h b/sql/item_cmpfunc.h index e7c598808e8..061376a7e2d 100644 --- a/sql/item_cmpfunc.h +++ b/sql/item_cmpfunc.h @@ -573,3 +573,5 @@ inline Item *and_conds(Item *a,Item *b) cond->update_used_tables(); return cond; } + +Item *and_expressions(Item *a, Item *b, Item **org_item); diff --git a/sql/opt_sum.cc b/sql/opt_sum.cc index df49d52d54a..b88cfb4e073 100644 --- a/sql/opt_sum.cc +++ b/sql/opt_sum.cc @@ -37,6 +37,19 @@ int opt_sum_query(TABLE_LIST *tables, List &all_fields,COND *conds) bool recalc_const_item=0; table_map removed_tables=0; Item *item; + COND *org_conds= conds; + + /* Add all ON conditions to WHERE condition */ + for (TABLE_LIST *tl=tables; tl ; tl= tl->next) + { + if (tl->on_expr) + conds= and_expressions(conds, tl->on_expr, &org_conds); + } + + /* + Iterate through item is select part and replace COUNT(), MIN() and MAX() + with constants (if possible) + */ while ((item= it++)) { -- cgit v1.2.1 From 3e5d156223e50f003928f01d96e2f6c75b1240f4 Mon Sep 17 00:00:00 2001 From: unknown Date: Mon, 2 Dec 2002 14:16:02 +0200 Subject: Fix for sum_func IN (..) --- mysql-test/r/group_by.result | 5 +++++ mysql-test/t/group_by.test | 2 ++ sql/item_cmpfunc.cc | 6 +++++- sql/item_cmpfunc.h | 3 ++- 4 files changed, 14 insertions(+), 2 deletions(-) diff --git a/mysql-test/r/group_by.result b/mysql-test/r/group_by.result index b557d90f312..7b104996769 100644 --- a/mysql-test/r/group_by.result +++ b/mysql-test/r/group_by.result @@ -47,6 +47,11 @@ userid count(*) 3 3 2 1 1 2 +userid count(*) +3 3 +1 2 +userid count(*) +3 3 table type possible_keys key key_len ref rows Extra t1 range spID spID 5 NULL 2 where used; Using index; Using temporary table type possible_keys key key_len ref rows Extra diff --git a/mysql-test/t/group_by.test b/mysql-test/t/group_by.test index e4b7d659a8e..c3e4f34b0fa 100644 --- a/mysql-test/t/group_by.test +++ b/mysql-test/t/group_by.test @@ -235,6 +235,8 @@ CREATE TABLE t1 ( INSERT INTO t1 VALUES (1,1,1),(2,2,2),(2,1,1),(3,3,3),(4,3,3),(5,3,3); explain select userid,count(*) from t1 group by userid desc; select userid,count(*) from t1 group by userid desc; +select userid,count(*) from t1 group by userid desc having (count(*)+1) IN (4,3); +select userid,count(*) from t1 group by userid desc having 3 IN (1,COUNT(*)); explain select spid,count(*) from t1 where spid between 1 and 2 group by spid desc; explain select spid,count(*) from t1 where spid between 1 and 2 group by spid; select spid,count(*) from t1 where spid between 1 and 2 group by spid; diff --git a/sql/item_cmpfunc.cc b/sql/item_cmpfunc.cc index 4ef77d0c509..b53d596da08 100644 --- a/sql/item_cmpfunc.cc +++ b/sql/item_cmpfunc.cc @@ -1029,13 +1029,17 @@ void Item_func_in::update_used_tables() used_tables_cache|=item->used_tables(); const_item_cache&=item->const_item(); } + void Item_func_in::split_sum_func(List &fields) { - if (item->used_tables() || item->type() == SUM_FUNC_ITEM) + if (item->with_sum_func && item->type() != SUM_FUNC_ITEM) + item->split_sum_func(fields); + else if (item->used_tables() || item->type() == SUM_FUNC_ITEM) { fields.push_front(item); item=new Item_ref((Item**) fields.head_ref(),0,item->name); } + Item_func::split_sum_func(fields); } diff --git a/sql/item_cmpfunc.h b/sql/item_cmpfunc.h index 72d4e06e39c..7827cf9a78b 100644 --- a/sql/item_cmpfunc.h +++ b/sql/item_cmpfunc.h @@ -410,8 +410,9 @@ class Item_func_in :public Item_int_func longlong val_int(); bool fix_fields(THD *thd,struct st_table_list *tlist) { + bool res= (item->fix_fields(thd,tlist) || Item_func::fix_fields(thd,tlist)); with_sum_func= with_sum_func || item->with_sum_func; - return (item->fix_fields(thd,tlist) || Item_func::fix_fields(thd,tlist)); + return res; } void fix_length_and_dec(); ~Item_func_in() { delete item; delete array; delete in_item; } -- cgit v1.2.1 From e753fa4d8d30976b0c4a7ca68bd81b3a11bba06b Mon Sep 17 00:00:00 2001 From: unknown Date: Wed, 4 Dec 2002 00:27:09 +0100 Subject: Security bug: password length check should be in check_user, not check_connections(), otherwise COM_CHANGE_USER is unprotected and can be used for both privilege escalation and buffer overrun --- sql/sql_parse.cc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sql/sql_parse.cc b/sql/sql_parse.cc index 1803568f880..fe7e98c7028 100644 --- a/sql/sql_parse.cc +++ b/sql/sql_parse.cc @@ -109,6 +109,8 @@ static bool check_user(THD *thd,enum_server_command command, const char *user, NET *net= &thd->net; thd->db=0; + if (passwd[0] && strlen(passwd) != SCRAMBLE_LENGTH) + return 1; if (!(thd->user = my_strdup(user, MYF(0)))) { send_error(net,ER_OUT_OF_RESOURCES); @@ -458,8 +460,6 @@ check_connections(THD *thd) char *user= (char*) net->read_pos+5; char *passwd= strend(user)+1; char *db=0; - if (passwd[0] && strlen(passwd) != SCRAMBLE_LENGTH) - return ER_HANDSHAKE_ERROR; if (thd->client_capabilities & CLIENT_CONNECT_WITH_DB) db=strend(passwd)+1; if (thd->client_capabilities & CLIENT_INTERACTIVE) -- cgit v1.2.1 From a31d258ba7c36c0ed27a5bed576dc430bc7219a6 Mon Sep 17 00:00:00 2001 From: unknown Date: Wed, 4 Dec 2002 01:26:32 +0100 Subject: protect from [heap] buffer overrrun by malicious server --- libmysql/libmysql.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/libmysql/libmysql.c b/libmysql/libmysql.c index bab6d304094..3c1353e0088 100644 --- a/libmysql/libmysql.c +++ b/libmysql/libmysql.c @@ -307,7 +307,7 @@ net_safe_read(MYSQL *mysql) DBUG_PRINT("error",("Wrong connection or packet. fd: %s len: %d", vio_description(net->vio),len)); end_server(mysql); - net->last_errno=(net->last_errno == ER_NET_PACKET_TOO_LARGE ? + net->last_errno=(net->last_errno == ER_NET_PACKET_TOO_LARGE ? CR_NET_PACKET_TOO_LARGE: CR_SERVER_LOST); strmov(net->last_error,ER(net->last_errno)); @@ -891,7 +891,7 @@ static MYSQL_DATA *read_rows(MYSQL *mysql,MYSQL_FIELD *mysql_fields, uint field,pkt_len; ulong len; uchar *cp; - char *to; + char *to, *end_to; MYSQL_DATA *result; MYSQL_ROWS **prev_ptr,*cur; NET *net = &mysql->net; @@ -929,6 +929,7 @@ static MYSQL_DATA *read_rows(MYSQL *mysql,MYSQL_FIELD *mysql_fields, *prev_ptr=cur; prev_ptr= &cur->next; to= (char*) (cur->data+fields+1); + end_to=to+pkt_len-1; for (field=0 ; field < fields ; field++) { if ((len=(ulong) net_field_length(&cp)) == NULL_LENGTH) @@ -938,6 +939,13 @@ static MYSQL_DATA *read_rows(MYSQL *mysql,MYSQL_FIELD *mysql_fields, else { cur->data[field] = to; + if (to+len > end_to) + { + free_rows(result); + net->last_errno=CR_UNKNOWN_ERROR; + strmov(net->last_error,ER(net->last_errno)); + DBUG_RETURN(0); + } memcpy(to,(char*) cp,len); to[len]=0; to+=len+1; cp+=len; -- cgit v1.2.1 From faefac308f722b9669bec622c34c269c9341e675 Mon Sep 17 00:00:00 2001 From: unknown Date: Wed, 4 Dec 2002 09:54:58 +0100 Subject: proper casting in COM_TABLE_DUMP (backported from 4.0) --- sql/sql_parse.cc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sql/sql_parse.cc b/sql/sql_parse.cc index fe7e98c7028..ddbc34b2c7e 100644 --- a/sql/sql_parse.cc +++ b/sql/sql_parse.cc @@ -768,8 +768,8 @@ bool do_command(THD *thd) thread_safe_increment(com_other,&LOCK_thread_count); slow_command = TRUE; char* data = packet + 1; - uint db_len = *data; - uint tbl_len = *(data + db_len + 1); + uint db_len = *(uchar *)data; + uint tbl_len = *(uchar *)(data + db_len + 1); char* db = sql_alloc(db_len + tbl_len + 2); memcpy(db, data + 1, db_len); char* tbl_name = db + db_len; -- cgit v1.2.1 From 2d2e834ce1be474b3b09dd60a1c4a9f2f67fc6e0 Mon Sep 17 00:00:00 2001 From: unknown Date: Wed, 4 Dec 2002 10:47:51 +0100 Subject: post-merge fix myisam/mi_rnext_same.c: cleanup --- myisam/mi_rnext_same.c | 5 ++--- mysql-test/r/group_by.result | 15 +++++++++++++++ 2 files changed, 17 insertions(+), 3 deletions(-) diff --git a/myisam/mi_rnext_same.c b/myisam/mi_rnext_same.c index 662bdb154b3..a9d1953323c 100644 --- a/myisam/mi_rnext_same.c +++ b/myisam/mi_rnext_same.c @@ -27,14 +27,13 @@ int mi_rnext_same(MI_INFO *info, byte *buf) { int error; - uint inx,flag,not_used; + uint inx,not_used; MI_KEYDEF *keyinfo; DBUG_ENTER("mi_rnext_same"); if ((int) (inx=info->lastinx) < 0 || info->lastpos == HA_OFFSET_ERROR) DBUG_RETURN(my_errno=HA_ERR_WRONG_INDEX); keyinfo=info->s->keyinfo+inx; - flag=SEARCH_BIGGER; /* Read next */ if (fast_mi_readinfo(info)) DBUG_RETURN(my_errno); @@ -44,7 +43,7 @@ int mi_rnext_same(MI_INFO *info, byte *buf) for (;;) { if ((error=_mi_search_next(info,keyinfo,info->lastkey, - info->lastkey_length,flag, + info->lastkey_length,SEARCH_BIGGER, info->s->state.key_root[inx]))) break; if (_mi_key_cmp(keyinfo->seg,info->lastkey2,info->lastkey, diff --git a/mysql-test/r/group_by.result b/mysql-test/r/group_by.result index 0e8c6520d5c..ddddb3fa07d 100644 --- a/mysql-test/r/group_by.result +++ b/mysql-test/r/group_by.result @@ -205,6 +205,14 @@ Documentation 0 Host communication 0 kkkkkkkkkkk lllllllllll 3 Test Procedures 0 +select value,description,COUNT(bug_id) from t2 left join t1 on t2.program=t1.product and t2.value=t1.component where program="AAAAA" group by value having COUNT(bug_id) IN (0,2); +value description COUNT(bug_id) +BBBBBBBBBBBBB - conversion 2 +BBBBBBBBBBBBB - eeeeeeeee 0 +BBBBBBBBBBBBB - generic 2 +Documentation 0 +Host communication 0 +Test Procedures 0 drop table t1,t2; create table t1 (foo int); insert into t1 values (1); @@ -232,6 +240,13 @@ userid count(*) 3 3 2 1 1 2 +select userid,count(*) from t1 group by userid desc having (count(*)+1) IN (4,3); +userid count(*) +3 3 +1 2 +select userid,count(*) from t1 group by userid desc having 3 IN (1,COUNT(*)); +userid count(*) +3 3 explain select spid,count(*) from t1 where spid between 1 and 2 group by spid desc; table type possible_keys key key_len ref rows Extra t1 range spID spID 5 NULL 2 Using where; Using index -- cgit v1.2.1