[Commits] Rev 3188: Merge MariaDB 5.1->5.2. in http://bazaar.launchpad.net/~maria-captains/maria/5.2

knielsen at knielsen-hq.org knielsen at knielsen-hq.org
Tue Nov 20 14:40:17 EET 2012


At http://bazaar.launchpad.net/~maria-captains/maria/5.2

------------------------------------------------------------
revno: 3188 [merge]
revision-id: knielsen at knielsen-hq.org-20121120124013-qnivsxzem6453tma
parent: igor at askmonty.org-20121110075151-zmcv3mmvmir6vlxs
parent: knielsen at knielsen-hq.org-20121120122853-z8ohgttcq24d18r5
committer: knielsen at knielsen-hq.org
branch nick: mariadb-5.2
timestamp: Tue 2012-11-20 13:40:13 +0100
message:
  Merge MariaDB 5.1->5.2.
modified:
  mysql-test/r/information_schema.result sp1f-information_schema.r-20041113105544-waoxa2fjjsicturpothmjmi6jc3yrovn
  mysql-test/t/information_schema.test sp1f-information_schema.t-20041113105545-lgutyhqnhpfgiswiwj2ykmjnolmsfq5h
  mysys/mf_pack.c                sp1f-mf_pack.c-19700101030959-u7bzjnr4w3idabvny244w5gzcf33butm
  plugin/feedback/url_http.cc    url_http.cc-20111001192155-ovlxw2bsz88kc0sq-8
  sql/log.cc                     sp1f-log.cc-19700101030959-r3hdfovek4kl6nd64ovoaknmirota6bq
  sql/log.h                      sp1f-log.h-20051222053446-ggv6hdi5fnxggnjemezvv7n2bcbkx45e
  sql/sql_acl.cc                 sp1f-sql_acl.cc-19700101030959-c4hku3uqxzujthqnndeprbrhamqy6a4i
=== modified file 'mysql-test/r/information_schema.result'
--- a/mysql-test/r/information_schema.result	2012-11-08 13:24:35 +0000
+++ b/mysql-test/r/information_schema.result	2012-11-20 12:40:13 +0000
@@ -1686,4 +1686,10 @@ SELECT length(CAST(b AS CHAR)) FROM ubig
 length(CAST(b AS CHAR))
 20
 DROP TABLE ubig;
+select 1 from information_schema.tables where table_schema=repeat('a', 2000);
+1
+grant usage on *.* to mysqltest_1 at localhost;
+select 1 from information_schema.tables where table_schema=repeat('a', 2000);
+1
+drop user mysqltest_1 at localhost;
 End of 5.1 tests.

=== modified file 'mysql-test/t/information_schema.test'
--- a/mysql-test/t/information_schema.test	2010-08-27 14:12:44 +0000
+++ b/mysql-test/t/information_schema.test	2012-11-12 18:56:51 +0000
@@ -1438,6 +1438,17 @@ SELECT length(CAST(b AS CHAR)) FROM ubig
 
 DROP TABLE ubig;
 
+#
+# Bug #13889741: HANDLE_FATAL_SIGNAL IN _DB_ENTER_ | HANDLE_FATAL_SIGNAL IN STRNLEN
+#
+select 1 from information_schema.tables where table_schema=repeat('a', 2000);
+grant usage on *.* to mysqltest_1 at localhost;
+connect (con1, localhost, mysqltest_1,,);
+connection con1;
+select 1 from information_schema.tables where table_schema=repeat('a', 2000);
+connection default;
+disconnect con1;
+drop user mysqltest_1 at localhost;
 
 --echo End of 5.1 tests.
 

=== modified file 'mysys/mf_pack.c'
--- a/mysys/mf_pack.c	2011-11-21 17:13:14 +0000
+++ b/mysys/mf_pack.c	2012-11-10 19:36:18 +0000
@@ -35,7 +35,7 @@ void pack_dirname(char * to, const char
   int cwd_err;
   size_t d_length,length,UNINIT_VAR(buff_length);
   char * start;
-  char buff[FN_REFLEN];
+  char buff[FN_REFLEN + 1];
   DBUG_ENTER("pack_dirname");
 
   (void) intern_filename(to,from);              /* Change to intern name */
@@ -132,7 +132,7 @@ size_t cleanup_dirname(register char *to
   reg3 char * from_ptr;
   reg4 char * start;
   char parent[5],                               /* for "FN_PARENTDIR" */
-       buff[FN_REFLEN+1],*end_parentdir;
+       buff[FN_REFLEN + 1],*end_parentdir;
 #ifdef BACKSLASH_MBTAIL
   CHARSET_INFO *fs= fs_character_set();
 #endif
@@ -245,7 +245,7 @@ my_bool my_use_symdir=0;	/* Set this if
 #ifdef USE_SYMDIR
 void symdirget(char *dir)
 {
-  char buff[FN_REFLEN+1];
+  char buff[FN_REFLEN + 1];
   char *pos=strend(dir);
   if (dir[0] && pos[-1] != FN_DEVCHAR && my_access(dir, F_OK))
   {
@@ -295,7 +295,7 @@ void symdirget(char *dir)
 size_t normalize_dirname(char *to, const char *from)
 {
   size_t length;
-  char buff[FN_REFLEN];
+  char buff[FN_REFLEN + 1];
   DBUG_ENTER("normalize_dirname");
 
   /*
@@ -423,7 +423,7 @@ static char * NEAR_F expand_tilde(char *
 size_t unpack_filename(char * to, const char *from)
 {
   size_t length, n_length, buff_length;
-  char buff[FN_REFLEN];
+  char buff[FN_REFLEN + 1];
   DBUG_ENTER("unpack_filename");
 
   length=dirname_part(buff, from, &buff_length);/* copy & convert dirname */
@@ -459,7 +459,7 @@ size_t system_filename(char * to, const
   int libchar_found;
   size_t length;
   char * to_pos,from_pos,pos;
-  char buff[FN_REFLEN];
+  char buff[FN_REFLEN + 1];
   DBUG_ENTER("system_filename");
 
   libchar_found=0;
@@ -516,7 +516,7 @@ size_t system_filename(char * to, const
 char *intern_filename(char *to, const char *from)
 {
   size_t length, to_length;
-  char buff[FN_REFLEN];
+  char buff[FN_REFLEN + 1];
   if (from == to)
   {                                             /* Dirname may destroy from */
     strmov(buff,from);

=== modified file 'plugin/feedback/url_http.cc'
--- a/plugin/feedback/url_http.cc	2011-11-13 12:28:35 +0000
+++ b/plugin/feedback/url_http.cc	2012-11-19 10:18:40 +0000
@@ -258,18 +258,21 @@ int Url_http::send(const char* data, siz
       Extract the first string between <h1>...</h1> tags
       and put it as a server reply into the error log.
     */
+    len= 0;
     for (;;)
     {
-      size_t i= vio_read(vio, (uchar*)buf + len, sizeof(buf) - len - 1);
+      size_t i= sizeof(buf) - len - 1;
+      if (i)
+        i= vio_read(vio, (uchar*)buf + len, i);
       if ((int)i <= 0)
         break;
       len+= i;
     }
-    if (len && len < sizeof(buf))
+    if (len)
     {
       char *from;
 
-      buf[len+1]= 0; // safety
+      buf[len]= 0; // safety
 
       if ((from= strstr(buf, "<h1>")))
       {

=== modified file 'sql/log.cc'
--- a/sql/log.cc	2012-08-24 13:37:39 +0000
+++ b/sql/log.cc	2012-11-20 12:40:13 +0000
@@ -5623,8 +5623,9 @@ int TC_LOG_MMAP::open(const char *opt_na
 
   syncing= 0;
   active=pages;
+  DBUG_ASSERT(npages >= 2);
   pool=pages+1;
-  pool_last=pages+npages-1;
+  pool_last_ptr= &((pages+npages-1)->next);
 
   return 0;
 
@@ -5655,8 +5656,8 @@ void TC_LOG_MMAP::get_active_from_pool()
   do
   {
     best_p= p= &pool;
-    if ((*p)->waiters == 0) // can the first page be used ?
-      break;                // yes - take it.
+    if ((*p)->waiters == 0 && (*p)->free > 0) // can the first page be used ?
+      break;                                  // yes - take it.
 
     best_free=0;            // no - trying second strategy
     for (p=&(*p)->next; *p; p=&(*p)->next)
@@ -5673,10 +5674,10 @@ void TC_LOG_MMAP::get_active_from_pool()
   safe_mutex_assert_owner(&LOCK_active);
   active=*best_p;
 
-  if ((*best_p)->next)              // unlink the page from the pool
-    *best_p=(*best_p)->next;
-  else
-    pool_last=*best_p;
+  /* Unlink the page from the pool. */
+  if (!(*best_p)->next)
+    pool_last_ptr= best_p;
+  *best_p=(*best_p)->next;
   pthread_mutex_unlock(&LOCK_pool);
 
   pthread_mutex_lock(&active->lock);
@@ -5783,12 +5784,9 @@ int TC_LOG_MMAP::log_xid(THD *thd, my_xi
     pthread_mutex_unlock(&LOCK_active);
     pthread_mutex_lock(&p->lock);
     p->waiters++;
-    for (;;)
+    while (p->state == DIRTY && syncing)
     {
-      int not_dirty = p->state != DIRTY;
       pthread_mutex_unlock(&p->lock);
-      if (not_dirty || !syncing)
-        break;
       pthread_cond_wait(&p->cond, &LOCK_sync);
       pthread_mutex_lock(&p->lock);
     }
@@ -5840,8 +5838,8 @@ int TC_LOG_MMAP::sync()
 
   /* page is synced. let's move it to the pool */
   pthread_mutex_lock(&LOCK_pool);
-  pool_last->next=syncing;
-  pool_last=syncing;
+  (*pool_last_ptr)=syncing;
+  pool_last_ptr=&(syncing->next);
   syncing->next=0;
   syncing->state= err ? ERROR : POOL;
   pthread_cond_signal(&COND_pool);           // in case somebody's waiting

=== modified file 'sql/log.h'
--- a/sql/log.h	2012-08-22 14:13:54 +0000
+++ b/sql/log.h	2012-11-20 12:40:13 +0000
@@ -81,7 +81,7 @@ class TC_LOG_MMAP: public TC_LOG
   my_off_t file_length;
   uint npages, inited;
   uchar *data;
-  struct st_page *pages, *syncing, *active, *pool, *pool_last;
+  struct st_page *pages, *syncing, *active, *pool, **pool_last_ptr;
   /*
     note that, e.g. LOCK_active is only used to protect
     'active' pointer, to protect the content of the active page

=== modified file 'sql/sql_acl.cc'
--- a/sql/sql_acl.cc	2012-04-18 18:04:50 +0000
+++ b/sql/sql_acl.cc	2012-11-20 12:40:13 +0000
@@ -1352,14 +1352,20 @@ ulong acl_get(const char *host, const ch
   acl_entry *entry;
   DBUG_ENTER("acl_get");
 
-  VOID(pthread_mutex_lock(&acl_cache->lock));
-  end=strmov((tmp_db=strmov(strmov(key, ip ? ip : "")+1,user)+1),db);
+  tmp_db= strmov(strmov(key, ip ? ip : "") + 1, user) + 1;
+  end= strnmov(tmp_db, db, key + sizeof(key) - tmp_db);
+
+  if (end >= key + sizeof(key)) // db name was truncated
+    DBUG_RETURN(0);             // no privileges for an invalid db name
+
   if (lower_case_table_names)
   {
     my_casedn_str(files_charset_info, tmp_db);
     db=tmp_db;
   }
   key_length= (size_t) (end-key);
+
+  VOID(pthread_mutex_lock(&acl_cache->lock));
   if (!db_is_pattern && (entry=(acl_entry*) acl_cache->search((uchar*) key,
                                                               key_length)))
   {
@@ -4364,11 +4370,17 @@ static bool check_grant_db_routine(THD *
 bool check_grant_db(THD *thd,const char *db)
 {
   Security_context *sctx= thd->security_ctx;
-  char helping [SAFE_NAME_LEN + USERNAME_LENGTH+2];
+  char helping [SAFE_NAME_LEN + USERNAME_LENGTH+2], *end;
   uint len;
   bool error= TRUE;
 
-  len= (uint) (strmov(strmov(helping, sctx->priv_user) + 1, db) - helping) + 1;
+  end= strmov(helping, sctx->priv_user) + 1;
+  end= strnmov(end, db, helping + sizeof(helping) - end);
+
+  if (end >= helping + sizeof(helping)) // db name was truncated
+    return 1;                           // no privileges for an invalid db name
+
+  len= (uint) (end - helping) + 1;
 
   rw_rdlock(&LOCK_grant);
 



More information about the commits mailing list