1berry/MariaDB-server
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge mysql-5.1-security to mysql-5.5-security.

Browse Source
This commit is contained in:
Marko Mäkelä 2011-08-10 15:03:33 +03:00
commit 7005a33071
10 changed files with 79 additions and 252 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
storage/innobase/btr/btr0pcur.c
View File

@ -1,6 +1,6 @@
/*****************************************************************************
Copyright (c) 1996, 2010, Innobase Oy. All Rights Reserved.
Copyright (c) 1996, 2011, Oracle and/or its affiliates. All Rights Reserved.
This program is free software; you can redistribute it and/or modify it under
the terms of the GNU General Public License as published by the Free Software
@ -356,33 +356,6 @@ btr_pcur_restore_position_func(
return(FALSE);
}
/**************************************************************//**
If the latch mode of the cursor is BTR_LEAF_SEARCH or BTR_LEAF_MODIFY,
releases the page latch and bufferfix reserved by the cursor.
NOTE! In the case of BTR_LEAF_MODIFY, there should not exist changes
made by the current mini-transaction to the data protected by the
cursor latch, as then the latch must not be released until mtr_commit. */
UNIV_INTERN
void
btr_pcur_release_leaf(
/*==================*/
btr_pcur_t* cursor, /*!< in: persistent cursor */
mtr_t* mtr) /*!< in: mtr */
{
buf_block_t* block;
ut_a(cursor->pos_state == BTR_PCUR_IS_POSITIONED);
ut_ad(cursor->latch_mode != BTR_NO_LATCHES);
block = btr_pcur_get_block(cursor);
btr_leaf_page_release(block, cursor->latch_mode, mtr);
cursor->latch_mode = BTR_NO_LATCHES;
cursor->pos_state = BTR_PCUR_WAS_POSITIONED;
}
/*********************************************************//**
Moves the persistent cursor to the first record on the next page. Releases the
latch on the current page, and bufferunfixes it. Note that there must not be

21
storage/innobase/handler/ha_innodb.cc
View File

@ -1,6 +1,6 @@
/*****************************************************************************
Copyright (c) 2000, 2011, MySQL AB & Innobase Oy. All Rights Reserved.
Copyright (c) 2000, 2011, Oracle and/or its affiliates. All Rights Reserved.
Copyright (c) 2008, 2009 Google Inc.
Copyright (c) 2009, Percona Inc.
@ -4037,25 +4037,6 @@ field_in_record_is_null(
return(0);
}
/**************************************************************//**
Sets a field in a record to SQL NULL. Uses the record format
information in table to track the null bit in record. */
static inline
void
set_field_in_record_to_null(
/*========================*/
TABLE* table, /*!< in: MySQL table object */
Field* field, /*!< in: MySQL field object */
char* record) /*!< in: a row in MySQL format */
{
int null_offset;
null_offset = (uint) ((char*) field->null_ptr
- (char*) table->record[0]);
record[null_offset] = record[null_offset] | field->null_bit;
}
/*************************************************************//**
InnoDB uses this function to compare two data fields for which the data type
is such that we must use MySQL code to compare them. NOTE that the prototype

21
storage/innobase/include/btr0pcur.h
View File

@ -1,6 +1,6 @@
/*****************************************************************************
Copyright (c) 1996, 2010, Innobase Oy. All Rights Reserved.
Copyright (c) 1996, 2011, Oracle and/or its affiliates. All Rights Reserved.
This program is free software; you can redistribute it and/or modify it under
the terms of the GNU General Public License as published by the Free Software
@ -244,18 +244,6 @@ btr_pcur_restore_position_func(
mtr_t* mtr); /*!< in: mtr */
#define btr_pcur_restore_position(l,cur,mtr) \
btr_pcur_restore_position_func(l,cur,__FILE__,__LINE__,mtr)
/**************************************************************//**
If the latch mode of the cursor is BTR_LEAF_SEARCH or BTR_LEAF_MODIFY,
releases the page latch and bufferfix reserved by the cursor.
NOTE! In the case of BTR_LEAF_MODIFY, there should not exist changes
made by the current mini-transaction to the data protected by the
cursor latch, as then the latch must not be released until mtr_commit. */
UNIV_INTERN
void
btr_pcur_release_leaf(
/*==================*/
btr_pcur_t* cursor, /*!< in: persistent cursor */
mtr_t* mtr); /*!< in: mtr */
/*********************************************************//**
Gets the rel_pos field for a cursor whose position has been stored.
@return BTR_PCUR_ON, ... */
@ -266,10 +254,9 @@ btr_pcur_get_rel_pos(
const btr_pcur_t* cursor);/*!< in: persistent cursor */
/**************************************************************//**
Commits the mtr and sets the pcur latch mode to BTR_NO_LATCHES,
that is, the cursor becomes detached. If there have been modifications
to the page where pcur is positioned, this can be used instead of
btr_pcur_release_leaf. Function btr_pcur_store_position should be used
before calling this, if restoration of cursor is wanted later. */
that is, the cursor becomes detached.
Function btr_pcur_store_position should be used before calling this,
if restoration of cursor is wanted later. */
UNIV_INLINE
void
btr_pcur_commit_specify_mtr(

9
storage/innobase/include/btr0pcur.ic
View File

@ -1,6 +1,6 @@
/*****************************************************************************
Copyright (c) 1996, 2010, Innobase Oy. All Rights Reserved.
Copyright (c) 1996, 2011, Oracle and/or its affiliates. All Rights Reserved.
This program is free software; you can redistribute it and/or modify it under
the terms of the GNU General Public License as published by the Free Software
@ -369,10 +369,9 @@ btr_pcur_move_to_next(
/**************************************************************//**
Commits the mtr and sets the pcur latch mode to BTR_NO_LATCHES,
that is, the cursor becomes detached. If there have been modifications
to the page where pcur is positioned, this can be used instead of
btr_pcur_release_leaf. Function btr_pcur_store_position should be used
before calling this, if restoration of cursor is wanted later. */
that is, the cursor becomes detached.
Function btr_pcur_store_position should be used before calling this,
if restoration of cursor is wanted later. */
UNIV_INLINE
void
btr_pcur_commit_specify_mtr(

12
storage/innobase/include/mtr0mtr.h
View File

@ -1,6 +1,6 @@
/*****************************************************************************
Copyright (c) 1995, 2009, Innobase Oy. All Rights Reserved.
Copyright (c) 1995, 2011, Oracle and/or its affiliates. All Rights Reserved.
This program is free software; you can redistribute it and/or modify it under
the terms of the GNU General Public License as published by the Free Software
@ -213,16 +213,6 @@ ulint
mtr_set_savepoint(
/*==============*/
mtr_t* mtr); /*!< in: mtr */
/**********************************************************//**
Releases the latches stored in an mtr memo down to a savepoint.
NOTE! The mtr must not have made changes to buffer pages after the
savepoint, as these can be handled only by mtr_commit. */
UNIV_INTERN
void
mtr_rollback_to_savepoint(
/*======================*/
mtr_t* mtr, /*!< in: mtr */
ulint savepoint); /*!< in: savepoint */
#ifndef UNIV_HOTBACKUP
/**********************************************************//**
Releases the (index tree) s-latch stored in an mtr memo after a

39
storage/innobase/include/ut0mem.h
View File

@ -1,6 +1,6 @@
/*****************************************************************************
Copyright (c) 1994, 2009, Innobase Oy. All Rights Reserved.
Copyright (c) 1994, 2011, Oracle and/or its affiliates. All Rights Reserved.
This program is free software; you can redistribute it and/or modify it under
the terms of the GNU General Public License as published by the Free Software
@ -209,43 +209,6 @@ ut_strlcpy_rev(
const char* src, /*!< in: source buffer */
ulint size); /*!< in: size of destination buffer */
/**********************************************************************//**
Compute strlen(ut_strcpyq(str, q)).
@return length of the string when quoted */
UNIV_INLINE
ulint
ut_strlenq(
/*=======*/
const char* str, /*!< in: null-terminated string */
char q); /*!< in: the quote character */
/**********************************************************************//**
Make a quoted copy of a NUL-terminated string. Leading and trailing
quotes will not be included; only embedded quotes will be escaped.
See also ut_strlenq() and ut_memcpyq().
@return pointer to end of dest */
UNIV_INTERN
char*
ut_strcpyq(
/*=======*/
char* dest, /*!< in: output buffer */
char q, /*!< in: the quote character */
const char* src); /*!< in: null-terminated string */
/**********************************************************************//**
Make a quoted copy of a fixed-length string. Leading and trailing
quotes will not be included; only embedded quotes will be escaped.
See also ut_strlenq() and ut_strcpyq().
@return pointer to end of dest */
UNIV_INTERN
char*
ut_memcpyq(
/*=======*/
char* dest, /*!< in: output buffer */
char q, /*!< in: the quote character */
const char* src, /*!< in: string to be quoted */
ulint len); /*!< in: length of src */
/**********************************************************************//**
Return the number of times s2 occurs in s1. Overlapping instances of s2
are only counted once.

23
storage/innobase/include/ut0mem.ic
View File

@ -1,6 +1,6 @@
/*****************************************************************************
Copyright (c) 1994, 2009, Innobase Oy. All Rights Reserved.
Copyright (c) 1994, 2011, Oracle and/or its affiliates. All Rights Reserved.
This program is free software; you can redistribute it and/or modify it under
the terms of the GNU General Public License as published by the Free Software
@ -98,27 +98,6 @@ ut_strcmp(const char* str1, const char* str2)
return(strcmp(str1, str2));
}
/**********************************************************************//**
Compute strlen(ut_strcpyq(str, q)).
@return length of the string when quoted */
UNIV_INLINE
ulint
ut_strlenq(
/*=======*/
const char* str, /*!< in: null-terminated string */
char q) /*!< in: the quote character */
{
ulint len;
for (len = 0; *str; len++, str++) {
if (*str == q) {
len++;
}
}
return(len);
}
/**********************************************************************//**
Converts a raw binary data to a NUL-terminated hex string. The output is
truncated if there is not enough space in "hex", make sure "hex_size" is at

40
storage/innobase/mtr/mtr0mtr.c
View File

@ -1,6 +1,6 @@
/*****************************************************************************
Copyright (c) 1995, 2009, Innobase Oy. All Rights Reserved.
Copyright (c) 1995, 2011, Oracle and/or its affiliates. All Rights Reserved.
This program is free software; you can redistribute it and/or modify it under
the terms of the GNU General Public License as published by the Free Software
@ -282,44 +282,6 @@ mtr_commit(
}
#ifndef UNIV_HOTBACKUP
/**********************************************************//**
Releases the latches stored in an mtr memo down to a savepoint.
NOTE! The mtr must not have made changes to buffer pages after the
savepoint, as these can be handled only by mtr_commit. */
UNIV_INTERN
void
mtr_rollback_to_savepoint(
/*======================*/
mtr_t* mtr, /*!< in: mtr */
ulint savepoint) /*!< in: savepoint */
{
mtr_memo_slot_t* slot;
dyn_array_t* memo;
ulint offset;
ut_ad(mtr);
ut_ad(mtr->magic_n == MTR_MAGIC_N);
ut_ad(mtr->state == MTR_ACTIVE);
memo = &(mtr->memo);
offset = dyn_array_get_data_size(memo);
ut_ad(offset >= savepoint);
while (offset > savepoint) {
offset -= sizeof(mtr_memo_slot_t);
slot = dyn_array_get_element(memo, offset);
ut_ad(slot->type != MTR_MEMO_MODIFY);
/* We do not call mtr_memo_slot_note_modification()
because there MUST be no changes made to the buffer
pages after the savepoint */
mtr_memo_slot_release(mtr, slot);
}
}
/***************************************************//**
Releases an object in the memo stack. */
UNIV_INTERN

88
storage/innobase/row/row0sel.c
View File

@ -2541,6 +2541,8 @@ row_sel_field_store_in_mysql_format(
ut_ad(len != UNIV_SQL_NULL);
UNIV_MEM_ASSERT_RW(data, len);
UNIV_MEM_ASSERT_W(dest, templ->mysql_col_len);
UNIV_MEM_INVALID(dest, templ->mysql_col_len);
switch (templ->type) {
const byte* field_end;
@ -2579,14 +2581,16 @@ row_sel_field_store_in_mysql_format(
dest = row_mysql_store_true_var_len(
dest, len, templ->mysql_length_bytes);
/* Copy the actual data. Leave the rest of the
buffer uninitialized. */
memcpy(dest, data, len);
break;
}
/* Copy the actual data */
ut_memcpy(dest, data, len);
/* Pad with trailing spaces. We pad with spaces also the
unused end of a >= 5.0.3 true VARCHAR column, just in case
MySQL expects its contents to be deterministic. */
/* Pad with trailing spaces. */
pad = dest + len;
@ -3112,6 +3116,39 @@ sel_restore_position_for_mysql(
return(TRUE);
}
/********************************************************************//**
Copies a cached field for MySQL from the fetch cache. */
static
void
row_sel_copy_cached_field_for_mysql(
/*================================*/
byte* buf, /*!< in/out: row buffer */
const byte* cache, /*!< in: cached row */
const mysql_row_templ_t*templ) /*!< in: column template */
{
ulint len;
buf += templ->mysql_col_offset;
cache += templ->mysql_col_offset;
UNIV_MEM_ASSERT_W(buf, templ->mysql_col_len);
if (templ->mysql_type == DATA_MYSQL_TRUE_VARCHAR
&& templ->type != DATA_INT) {
/* Check for != DATA_INT to make sure we do
not treat MySQL ENUM or SET as a true VARCHAR!
Find the actual length of the true VARCHAR field. */
row_mysql_read_true_varchar(
&len, cache, templ->mysql_length_bytes);
len += templ->mysql_length_bytes;
UNIV_MEM_INVALID(buf, templ->mysql_col_len);
} else {
len = templ->mysql_col_len;
}
ut_memcpy(buf, cache, len);
}
/********************************************************************//**
Pops a cached row for MySQL from the fetch cache. */
UNIV_INLINE
@ -3124,26 +3161,22 @@ row_sel_pop_cached_row_for_mysql(
{
ulint i;
const mysql_row_templ_t*templ;
byte* cached_rec;
const byte* cached_rec;
ut_ad(prebuilt->n_fetch_cached > 0);
ut_ad(prebuilt->mysql_prefix_len <= prebuilt->mysql_row_len);
UNIV_MEM_ASSERT_W(buf, prebuilt->mysql_row_len);
cached_rec = prebuilt->fetch_cache[prebuilt->fetch_cache_first];
if (UNIV_UNLIKELY(prebuilt->keep_other_fields_on_keyread)) {
/* Copy cache record field by field, don't touch fields that
are not covered by current key */
cached_rec = prebuilt->fetch_cache[
prebuilt->fetch_cache_first];
for (i = 0; i < prebuilt->n_template; i++) {
templ = prebuilt->mysql_template + i;
#if 0 /* Some of the cached_rec may legitimately be uninitialized. */
UNIV_MEM_ASSERT_RW(cached_rec
+ templ->mysql_col_offset,
templ->mysql_col_len);
#endif
ut_memcpy(buf + templ->mysql_col_offset,
cached_rec + templ->mysql_col_offset,
templ->mysql_col_len);
row_sel_copy_cached_field_for_mysql(
buf, cached_rec, templ);
/* Copy NULL bit of the current field from cached_rec
to buf */
if (templ->mysql_null_bit_mask) {
@ -3153,17 +3186,24 @@ row_sel_pop_cached_row_for_mysql(
& (byte)templ->mysql_null_bit_mask;
}
}
} else if (prebuilt->mysql_prefix_len > 63) {
/* The record is long. Copy it field by field, in case
there are some long VARCHAR column of which only a
small length is being used. */
UNIV_MEM_INVALID(buf, prebuilt->mysql_prefix_len);
/* First copy the NULL bits. */
ut_memcpy(buf, cached_rec, prebuilt->null_bitmap_len);
/* Then copy the requested fields. */
for (i = 0; i < prebuilt->n_template; i++) {
row_sel_copy_cached_field_for_mysql(
buf, cached_rec, prebuilt->mysql_template + i);
}
} else {
ut_memcpy(buf, cached_rec, prebuilt->mysql_prefix_len);
}
else {
#if 0 /* Some of the cached_rec may legitimately be uninitialized. */
UNIV_MEM_ASSERT_RW(prebuilt->fetch_cache
[prebuilt->fetch_cache_first],
prebuilt->mysql_prefix_len);
#endif
ut_memcpy(buf,
prebuilt->fetch_cache[prebuilt->fetch_cache_first],
prebuilt->mysql_prefix_len);
}
prebuilt->n_fetch_cached--;
prebuilt->fetch_cache_first++;

49
storage/innobase/ut/ut0mem.c
View File

@ -1,6 +1,6 @@
/*****************************************************************************
Copyright (c) 1994, 2009, Innobase Oy. All Rights Reserved.
Copyright (c) 1994, 2011, Oracle and/or its affiliates. All Rights Reserved.
This program is free software; you can redistribute it and/or modify it under
the terms of the GNU General Public License as published by the Free Software
@ -483,53 +483,6 @@ ut_strlcpy_rev(
return(src_size);
}
/**********************************************************************//**
Make a quoted copy of a NUL-terminated string. Leading and trailing
quotes will not be included; only embedded quotes will be escaped.
See also ut_strlenq() and ut_memcpyq().
@return pointer to end of dest */
UNIV_INTERN
char*
ut_strcpyq(
/*=======*/
char* dest, /*!< in: output buffer */
char q, /*!< in: the quote character */
const char* src) /*!< in: null-terminated string */
{
while (*src) {
if ((*dest++ = *src++) == q) {
*dest++ = q;
}
}
return(dest);
}
/**********************************************************************//**
Make a quoted copy of a fixed-length string. Leading and trailing
quotes will not be included; only embedded quotes will be escaped.
See also ut_strlenq() and ut_strcpyq().
@return pointer to end of dest */
UNIV_INTERN
char*
ut_memcpyq(
/*=======*/
char* dest, /*!< in: output buffer */
char q, /*!< in: the quote character */
const char* src, /*!< in: string to be quoted */
ulint len) /*!< in: length of src */
{
const char* srcend = src + len;
while (src < srcend) {
if ((*dest++ = *src++) == q) {
*dest++ = q;
}
}
return(dest);
}
#ifndef UNIV_HOTBACKUP
/**********************************************************************//**
Return the number of times s2 occurs in s1. Overlapping instances of s2