From c54271723c6f2f4e5b77cd8faf91e89412730209 Mon Sep 17 00:00:00 2001
From: Aditya A <aditya.a@oracle.com>
Date: Mon, 9 Jul 2018 17:25:49 +0530
Subject: Bug #26275510   BUNDLED ZLIB DOESN'T INCLUDE FIXES FOR SOME
 VULNERABILITIES

Upgrading the zlib lib to 1.2.11
---
 mysys/CMakeLists.txt | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'mysys')

diff --git a/mysys/CMakeLists.txt b/mysys/CMakeLists.txt
index 6969acd8d04..e0745957c20 100644
--- a/mysys/CMakeLists.txt
+++ b/mysys/CMakeLists.txt
@@ -1,4 +1,4 @@
-# Copyright (c) 2006, 2014, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2006, 2018, Oracle and/or its affiliates. All rights reserved.
 # 
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -13,7 +13,7 @@
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301 USA
 
-INCLUDE_DIRECTORIES(${ZLIB_INCLUDE_DIR} ${CMAKE_SOURCE_DIR}/include ${CMAKE_SOURCE_DIR}/mysys)
+INCLUDE_DIRECTORIES(${CMAKE_SOURCE_DIR}/include ${CMAKE_SOURCE_DIR}/mysys)
 
 SET(MYSYS_SOURCES  array.c charset-def.c charset.c checksum.c default.c
 				errors.c hash.c list.c md5.c mf_cache.c mf_dirname.c mf_fn_ext.c
-- 
cgit v1.2.1


From bac287c315b1792e7ae33f91add6a60292f9bae8 Mon Sep 17 00:00:00 2001
From: Marc Alff <marc.alff@oracle.com>
Date: Fri, 17 Aug 2018 14:20:25 +0200
Subject: Bug#27788907 SOME FILE OPERATIONS IN MF_IOCACHE2.C ARE NOT
 INSTRUMENTED

MySQL bug number 90264

Contribution by Yura Sorokin.

Problem:

File mysys/mf_iocache2.c contains non instrumented file io operations.
This causes inaccurate statistics in PERFORMANCE_SCHEMA.

Solution:

Use the instrumentation apis (mysql_file_tell instead of my_tell, etc).
---
 mysys/mf_iocache2.c | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

(limited to 'mysys')

diff --git a/mysys/mf_iocache2.c b/mysys/mf_iocache2.c
index 1b0375cb88e..8d7cb53041c 100644
--- a/mysys/mf_iocache2.c
+++ b/mysys/mf_iocache2.c
@@ -1,4 +1,4 @@
-/* Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved.
+/* Copyright (c) 2000, 2018, Oracle and/or its affiliates. All rights reserved.
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -102,14 +102,14 @@ my_off_t my_b_append_tell(IO_CACHE* info)
   */
   {
     volatile my_off_t save_pos;
-    save_pos = my_tell(info->file,MYF(0));
-    my_seek(info->file,(my_off_t)0,MY_SEEK_END,MYF(0));
+    save_pos = mysql_file_tell(info->file,MYF(0));
+    mysql_file_seek(info->file,(my_off_t)0,MY_SEEK_END,MYF(0));
     /*
       Save the value of my_tell in res so we can see it when studying coredump
     */
     DBUG_ASSERT(info->end_of_file - (info->append_read_pos-info->write_buffer)
-		== (res=my_tell(info->file,MYF(0))));
-    my_seek(info->file,save_pos,MY_SEEK_SET,MYF(0));
+		== (res=mysql_file_tell(info->file,MYF(0))));
+    mysql_file_seek(info->file,save_pos,MY_SEEK_SET,MYF(0));
   }
 #endif  
   res = info->end_of_file + (info->write_pos-info->append_read_pos);
@@ -203,7 +203,7 @@ size_t my_b_fill(IO_CACHE *info)
 
   if (info->seek_not_done)
   {					/* File touched, do seek */
-    if (my_seek(info->file,pos_in_file,MY_SEEK_SET,MYF(0)) ==
+    if (mysql_file_seek(info->file,pos_in_file,MY_SEEK_SET,MYF(0)) ==
 	MY_FILEPOS_ERROR)
     {
       info->error= 0;
@@ -223,7 +223,7 @@ size_t my_b_fill(IO_CACHE *info)
   }
   DBUG_EXECUTE_IF ("simulate_my_b_fill_error",
                    {DBUG_SET("+d,simulate_file_read_error");});
-  if ((length= my_read(info->file,info->buffer,max_length,
+  if ((length= mysql_file_read(info->file,info->buffer,max_length,
                        info->myflags)) == (size_t) -1)
   {
     info->error= -1;
@@ -287,7 +287,7 @@ my_off_t my_b_filelength(IO_CACHE *info)
     return my_b_tell(info);
 
   info->seek_not_done= 1;
-  return my_seek(info->file, 0L, MY_SEEK_END, MYF(0));
+  return mysql_file_seek(info->file, 0L, MY_SEEK_END, MYF(0));
 }
 
 
-- 
cgit v1.2.1


From 3c5f6aa21c54e2f93c96162a23f2e32772cf50bf Mon Sep 17 00:00:00 2001
From: Varun Gupta <varunraiko1803@gmail.com>
Date: Sun, 14 Oct 2018 10:30:23 -0700
Subject: MDEV-17020: Assertion `length > 0' failed in ptr_compare upon ORDER
 BY with bad conversion

This assert is hit when we do filesort using the priority queue and try to insert elements in
the queue. The compare function used for the priority queue should handle the case for zerolength
sortkey.
---
 mysys/ptr_cmp.c | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'mysys')

diff --git a/mysys/ptr_cmp.c b/mysys/ptr_cmp.c
index 6e373e98972..c9306dff14f 100644
--- a/mysys/ptr_cmp.c
+++ b/mysys/ptr_cmp.c
@@ -52,6 +52,11 @@ static int ptr_compare_0(size_t *compare_length, uchar **a, uchar **b);
 static int ptr_compare_1(size_t *compare_length, uchar **a, uchar **b);
 static int ptr_compare_2(size_t *compare_length, uchar **a, uchar **b);
 static int ptr_compare_3(size_t *compare_length, uchar **a, uchar **b);
+static int degenerate_compare_func(size_t *compare_length, uchar **a, uchar **b)
+{
+  DBUG_ASSERT(*compare_length == 0);
+  return 0;
+}
 #endif	/* __sun */
 
 	/* Get a pointer to a optimal byte-compare function for a given size */
@@ -64,6 +69,8 @@ qsort2_cmp get_ptr_compare (size_t size __attribute__((unused)))
 #else
 qsort2_cmp get_ptr_compare (size_t size)
 {
+  if (size == 0)
+    return (qsort2_cmp) degenerate_compare_func;
   if (size < 4)
     return (qsort2_cmp) ptr_compare;
   switch (size & 3) {
-- 
cgit v1.2.1


From 5b735e8f09c81a2533c30cdd62d60dffa8226cd4 Mon Sep 17 00:00:00 2001
From: Andrei Elkin <andrei.elkin@mariadb.com>
Date: Mon, 17 Sep 2018 21:40:23 +0300
Subject: MDEV-17133 dump thread reads from a past position

According to logs analysis the Dump thread attempted to read again data which
was already sent. The reason of regressed read turns out in an _my_b_cache_read()
early exit branch which missed to distinguish between total zero size read (e.g
ineffective read when Count argument is zero) from a case when the
requested amount of data is fully read out by sole accessing the cache's
file. In the latter case such then *effective* reading was not
reflected in the cache's state to screw the cache's state.

Fixed with a check introduced of whether the file reading was effective prior to
early exit. When this is the case conduct standard cache state change to
account the actual read size.

Notice the bug can show up also as an error to read binlog event e.g
through BINLOG_GTID_POS() (of MDEV-16886).
---
 mysys/mf_iocache.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

(limited to 'mysys')

diff --git a/mysys/mf_iocache.c b/mysys/mf_iocache.c
index 56b1ae3fc6e..79893d6f7c1 100644
--- a/mysys/mf_iocache.c
+++ b/mysys/mf_iocache.c
@@ -563,7 +563,7 @@ int _my_b_write(IO_CACHE *info, const uchar *Buffer, size_t Count)
 
 int _my_b_cache_read(IO_CACHE *info, uchar *Buffer, size_t Count)
 {
-  size_t length, diff_length, left_length= 0, max_length;
+  size_t length= 0, diff_length, left_length= 0, max_length;
   my_off_t pos_in_file;
   DBUG_ENTER("_my_b_cache_read");
 
@@ -668,7 +668,10 @@ int _my_b_cache_read(IO_CACHE *info, uchar *Buffer, size_t Count)
     else
     {
       info->error= 0;
-      DBUG_RETURN(0);                           /* EOF */
+      if (length == 0)                            /* nothing was read */
+        DBUG_RETURN(0);                           /* EOF */
+
+      length= 0;                       /* non-zero size read was done */
     }
   }
   else if ((length= mysql_file_read(info->file,info->buffer, max_length,
-- 
cgit v1.2.1


From 1c6b982e02eeaa75bb6c2f2a3c2b64491dd6d3c8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Vicen=C8=9Biu=20Ciorbaru?= <vicentiu@mariadb.org>
Date: Thu, 1 Nov 2018 08:55:16 +0200
Subject: MDEV-12779 Oracle/DB2 Compatibility Implicit Ordering for ROW_NUMBER
 OVER

Users expect window functions to produce a certain ordering of rows in
the final result set. Although the standard does not require this, we
already have the filesort result done for when we computed the window
function. If there is no ORDER BY attached to the query, just keep it
till the SELECT is completely evaluated and use that to print the
result.

Update test cases as many did not take care to guarantee a stable
result.
---
 mysys/mf_iocache.c | 9 +++++++++
 1 file changed, 9 insertions(+)

(limited to 'mysys')

diff --git a/mysys/mf_iocache.c b/mysys/mf_iocache.c
index aea41886f05..673f9762a86 100644
--- a/mysys/mf_iocache.c
+++ b/mysys/mf_iocache.c
@@ -353,6 +353,15 @@ int init_slave_io_cache(IO_CACHE *master, IO_CACHE *slave)
 
 void end_slave_io_cache(IO_CACHE *cache)
 {
+  /* Remove the cache from the next_file_user circular linked list. */
+  if (cache->next_file_user != cache)
+  {
+    IO_CACHE *p= cache->next_file_user;
+    while (p->next_file_user != cache)
+      p= p->next_file_user;
+    p->next_file_user= cache->next_file_user;
+
+  }
   my_free(cache->buffer);
 }
 
-- 
cgit v1.2.1