diff --git a/mysql-test/r/func_math.result b/mysql-test/r/func_math.result index 639ba54d308..008590aa5d8 100644 --- a/mysql-test/r/func_math.result +++ b/mysql-test/r/func_math.result @@ -854,6 +854,46 @@ t1 CREATE TABLE `t1` ( ) ENGINE=MyISAM DEFAULT CHARSET=latin1 DROP TABLE t1; # +# Bug #29723340: MYSQL SERVER CRASH AFTER SQL QUERY WITH DATA ?AST +# +create table t1(a int); +insert t1 values("1e-214748364"); +Warnings: +Warning 1265 Data truncated for column 'a' at row 1 +insert t1 values("1e-2147483648"); +Warnings: +Warning 1265 Data truncated for column 'a' at row 1 +insert t1 values("1e-21474836480"); +Warnings: +Warning 1265 Data truncated for column 'a' at row 1 +insert t1 values("1e+214748364"); +Warnings: +Warning 1264 Out of range value for column 'a' at row 1 +insert t1 values("1e+2147483647"); +Warnings: +Warning 1264 Out of range value for column 'a' at row 1 +insert t1 values("1e+21474836470"); +Warnings: +Warning 1264 Out of range value for column 'a' at row 1 +set global max_allowed_packet= cast(2*1024*1024*1024+1024 as unsigned); +Warnings: +Warning 1292 Truncated incorrect max_allowed_packet value: '2147484672' +set @a=2147483647; +insert t1 values (concat('1', repeat('0', @a+18), 'e-', @a-1, '0')); +Warnings: +Warning 1301 Result of repeat() was larger than max_allowed_packet (1073741824) - truncated +set global max_allowed_packet=default; +select * from t1; +a +0 +0 +0 +2147483647 +2147483647 +2147483647 +NULL +drop table t1; +# # End of 5.5 tests # # diff --git a/mysql-test/r/processlist.result b/mysql-test/r/processlist.result index ebec6175a5b..55f6ee52451 100644 --- a/mysql-test/r/processlist.result +++ b/mysql-test/r/processlist.result @@ -17,6 +17,7 @@ select command, time < 5 from information_schema.processlist where id != connect command time < 5 Sleep 1 set debug_sync='reset'; +End of 5.5 tests # # 10.1 tests # diff --git a/mysql-test/r/processlist_notembedded.result b/mysql-test/r/processlist_notembedded.result new file mode 100644 index 00000000000..e6b30f3ec70 --- /dev/null +++ b/mysql-test/r/processlist_notembedded.result @@ -0,0 +1,8 @@ +# +# MDEV-20466: SHOW PROCESSLIST truncates query text on \0 bytes +# +SET DEBUG_SYNC= 'before_join_optimize SIGNAL in_sync'; +SET DEBUG_SYNC= 'now WAIT_FOR in_sync'; +FOUND /sleep/ in MDEV-20466.text +SET DEBUG_SYNC = 'RESET'; +End of 5.5 tests diff --git a/mysql-test/r/subselect_sj.result b/mysql-test/r/subselect_sj.result index 87f76f84960..da40b67ad66 100644 --- a/mysql-test/r/subselect_sj.result +++ b/mysql-test/r/subselect_sj.result @@ -3194,5 +3194,31 @@ create table t1 (a1 varchar(25)); create table t2 (a2 varchar(25)) ; insert into t1 select 'xxx' from dual where 'xxx' in (select a2 from t2); drop table t1,t2; +# +# MDEV-13172: Wrong result / SELECT ... WHERE EXISTS ... (with UNIQUE Key) +# +CREATE TABLE `t1` ( +`Id` int(11) NOT NULL, +PRIMARY KEY (`Id`) +); +INSERT INTO `t1` (`Id`) VALUES (1); +CREATE TABLE `t2` ( +`t1_Id` int(11) NOT NULL DEFAULT 0, +`col1` int(11) DEFAULT NULL, +UNIQUE KEY `col1` (`col1`) +); +INSERT INTO `t2` (`t1_Id`, `col1`) VALUES (1, NULL), (1, NULL); +SELECT Id FROM t1 WHERE Id in (SELECT t1_Id FROM t2 WHERE t2.col1 IS NULL); +Id +1 +explain extended +SELECT Id FROM t1 WHERE Id in (SELECT t1_Id FROM t2 WHERE t2.col1 IS NULL); +id select_type table type possible_keys key key_len ref rows filtered Extra +1 PRIMARY t1 system PRIMARY NULL NULL NULL 1 100.00 +1 PRIMARY eq_ref distinct_key distinct_key 4 func 1 100.00 +2 MATERIALIZED t2 ref col1 col1 5 const 1 100.00 Using index condition; Using where +Warnings: +Note 1003 select 1 AS `Id` from (`test`.`t2`) where ((`test`.`t2`.`t1_Id` = 1) and isnull(`test`.`t2`.`col1`)) +DROP TABLE t1, t2; # End of 5.5 test set optimizer_switch=@subselect_sj_tmp; diff --git a/mysql-test/r/subselect_sj_jcl6.result b/mysql-test/r/subselect_sj_jcl6.result index fc1d2ef5201..0ba61bfec36 100644 --- a/mysql-test/r/subselect_sj_jcl6.result +++ b/mysql-test/r/subselect_sj_jcl6.result @@ -3208,6 +3208,32 @@ create table t1 (a1 varchar(25)); create table t2 (a2 varchar(25)) ; insert into t1 select 'xxx' from dual where 'xxx' in (select a2 from t2); drop table t1,t2; +# +# MDEV-13172: Wrong result / SELECT ... WHERE EXISTS ... (with UNIQUE Key) +# +CREATE TABLE `t1` ( +`Id` int(11) NOT NULL, +PRIMARY KEY (`Id`) +); +INSERT INTO `t1` (`Id`) VALUES (1); +CREATE TABLE `t2` ( +`t1_Id` int(11) NOT NULL DEFAULT 0, +`col1` int(11) DEFAULT NULL, +UNIQUE KEY `col1` (`col1`) +); +INSERT INTO `t2` (`t1_Id`, `col1`) VALUES (1, NULL), (1, NULL); +SELECT Id FROM t1 WHERE Id in (SELECT t1_Id FROM t2 WHERE t2.col1 IS NULL); +Id +1 +explain extended +SELECT Id FROM t1 WHERE Id in (SELECT t1_Id FROM t2 WHERE t2.col1 IS NULL); +id select_type table type possible_keys key key_len ref rows filtered Extra +1 PRIMARY t1 system PRIMARY NULL NULL NULL 1 100.00 +1 PRIMARY eq_ref distinct_key distinct_key 4 func 1 100.00 +2 MATERIALIZED t2 ref col1 col1 5 const 1 100.00 Using index condition; Using where +Warnings: +Note 1003 select 1 AS `Id` from (`test`.`t2`) where ((`test`.`t2`.`t1_Id` = 1) and isnull(`test`.`t2`.`col1`)) +DROP TABLE t1, t2; # End of 5.5 test set optimizer_switch=@subselect_sj_tmp; # diff --git a/mysql-test/t/func_math.test b/mysql-test/t/func_math.test index bb9e46c4378..ebce8a8480c 100644 --- a/mysql-test/t/func_math.test +++ b/mysql-test/t/func_math.test @@ -625,6 +625,31 @@ SHOW CREATE TABLE t1; DROP TABLE t1; +--echo # +--echo # Bug #29723340: MYSQL SERVER CRASH AFTER SQL QUERY WITH DATA ?AST +--echo # + +create table t1(a int); +insert t1 values("1e-214748364"); +insert t1 values("1e-2147483648"); +insert t1 values("1e-21474836480"); +insert t1 values("1e+214748364"); +insert t1 values("1e+2147483647"); +insert t1 values("1e+21474836470"); + +# if max max_allowed_packet will ever be increased beyond 2GB, this could +# break again: +set global max_allowed_packet= cast(2*1024*1024*1024+1024 as unsigned); +connect foo,localhost,root; +set @a=2147483647; +insert t1 values (concat('1', repeat('0', @a+18), 'e-', @a-1, '0')); +disconnect foo; +connection default; +set global max_allowed_packet=default; + +select * from t1; +drop table t1; + --echo # --echo # End of 5.5 tests --echo # diff --git a/mysql-test/t/processlist.test b/mysql-test/t/processlist.test index 4734c75c8d3..8e98701459a 100644 --- a/mysql-test/t/processlist.test +++ b/mysql-test/t/processlist.test @@ -49,10 +49,10 @@ SET DEBUG_SYNC = 'now WAIT_FOR query_done'; select command, time < 5 from information_schema.processlist where id != connection_id(); disconnect con1; +connection default; set debug_sync='reset'; -connection default; - +--echo End of 5.5 tests --echo # --echo # 10.1 tests diff --git a/mysql-test/t/processlist_notembedded.test b/mysql-test/t/processlist_notembedded.test new file mode 100644 index 00000000000..dc970cf5709 --- /dev/null +++ b/mysql-test/t/processlist_notembedded.test @@ -0,0 +1,34 @@ +source include/have_debug.inc; +source include/have_debug_sync.inc; +source include/not_embedded.inc; + +--echo # +--echo # MDEV-20466: SHOW PROCESSLIST truncates query text on \0 bytes +--echo # + +connect (con1,localhost,root,,); + +connection con1; + +let $q= `select CONCAT("SELECT user FROM mysql.user WHERE user ='some", CHAR(0), "' or sleep (30)")`; + +SET DEBUG_SYNC= 'before_join_optimize SIGNAL in_sync'; +--disable_query_log +--send_eval $q; +--enable_query_log +connection default; + +SET DEBUG_SYNC= 'now WAIT_FOR in_sync'; + +exec $MYSQL test -e "SHOW PROCESSLIST" > $MYSQLTEST_VARDIR/tmp/MDEV-20466.text; + +let SEARCH_FILE=$MYSQLTEST_VARDIR/tmp/MDEV-20466.text; +let SEARCH_PATTERN=sleep; +source include/search_pattern_in_file.inc; +remove_file $MYSQLTEST_VARDIR/tmp//MDEV-20466.text; + +disconnect con1; + +SET DEBUG_SYNC = 'RESET'; + +--echo End of 5.5 tests diff --git a/mysql-test/t/subselect_sj.test b/mysql-test/t/subselect_sj.test index 33ac85f9cf2..1de1052fba0 100644 --- a/mysql-test/t/subselect_sj.test +++ b/mysql-test/t/subselect_sj.test @@ -2885,6 +2885,32 @@ insert into t1 select 'xxx' from dual where 'xxx' in (select a2 from t2); drop table t1,t2; + +--echo # +--echo # MDEV-13172: Wrong result / SELECT ... WHERE EXISTS ... (with UNIQUE Key) +--echo # + +CREATE TABLE `t1` ( + `Id` int(11) NOT NULL, + PRIMARY KEY (`Id`) +); + +INSERT INTO `t1` (`Id`) VALUES (1); + +CREATE TABLE `t2` ( + `t1_Id` int(11) NOT NULL DEFAULT 0, + `col1` int(11) DEFAULT NULL, + UNIQUE KEY `col1` (`col1`) +); + +INSERT INTO `t2` (`t1_Id`, `col1`) VALUES (1, NULL), (1, NULL); + +SELECT Id FROM t1 WHERE Id in (SELECT t1_Id FROM t2 WHERE t2.col1 IS NULL); +explain extended +SELECT Id FROM t1 WHERE Id in (SELECT t1_Id FROM t2 WHERE t2.col1 IS NULL); + +DROP TABLE t1, t2; + --echo # End of 5.5 test # The following command must be the last one the file diff --git a/scripts/mysqlaccess.sh b/scripts/mysqlaccess.sh index 7d7883d29b4..6a38abccda1 100644 --- a/scripts/mysqlaccess.sh +++ b/scripts/mysqlaccess.sh @@ -26,7 +26,7 @@ use Fcntl; BEGIN { # **************************** # static information... - $VERSION = "2.06, 20 Dec 2000"; + $VERSION = "2.10, 13 Sep 2019"; $0 =~ m%/([^/]+)$%o; $script = $1; $script = 'MySQLAccess' unless $script; diff --git a/sql/opt_subselect.cc b/sql/opt_subselect.cc index 33ac3dd7cf1..d5a906d17f0 100644 --- a/sql/opt_subselect.cc +++ b/sql/opt_subselect.cc @@ -2657,9 +2657,17 @@ bool find_eq_ref_candidate(TABLE *table, table_map sj_inner_tables) { do /* For all equalities on all key parts */ { - /* Check if this is "t.keypart = expr(outer_tables) */ + /* + Check if this is "t.keypart = expr(outer_tables) + + Don't allow variants that can produce duplicates: + - Dont allow "ref or null" + - the keyuse (that is, the operation) must be null-rejecting, + unless the other expression is non-NULLable. + */ if (!(keyuse->used_tables & sj_inner_tables) && - !(keyuse->optimize & KEY_OPTIMIZE_REF_OR_NULL)) + !(keyuse->optimize & KEY_OPTIMIZE_REF_OR_NULL) && + (keyuse->null_rejecting || !keyuse->val->maybe_null)) { bound_parts |= 1 << keyuse->keypart; } diff --git a/sql/sql_show.cc b/sql/sql_show.cc index c154f5da472..d8f65c74448 100644 --- a/sql/sql_show.cc +++ b/sql/sql_show.cc @@ -2646,8 +2646,12 @@ void mysqld_list_processes(THD *thd,const char *user, bool verbose) else protocol->store_null(); protocol->store(thd_info->state_info, system_charset_info); - protocol->store(thd_info->query_string.str(), - thd_info->query_string.charset()); + if (thd_info->query_string.length()) + protocol->store(thd_info->query_string.str(), + thd_info->query_string.length(), + thd_info->query_string.charset()); + else + protocol->store_null(); if (!thd->variables.old_mode && !(thd->variables.old_behavior & OLD_MODE_NO_PROGRESS_INFO)) protocol->store(thd_info->progress, 3, &store_buffer); diff --git a/strings/ctype-simple.c b/strings/ctype-simple.c index 20c7f81dbf4..5cbf5da7990 100644 --- a/strings/ctype-simple.c +++ b/strings/ctype-simple.c @@ -1,5 +1,5 @@ /* Copyright (c) 2002, 2013, Oracle and/or its affiliates. - Copyright (c) 2009, 2014, SkySQL Ab. + Copyright (c) 2009, 2019, MariaDB Corporation. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -1622,10 +1622,20 @@ exp: /* [ E [ ] ] */ goto ret_sign; } } - for (exponent= 0 ; - str < end && (ch= (uchar) (*str - '0')) < 10; - str++) + if (shift > 0 && !negative_exp) + goto ret_too_big; + for (exponent= 0 ; str < end && (ch= (uchar) (*str - '0')) < 10; str++) { + if (negative_exp) + { + if (exponent - shift > DIGITS_IN_ULONGLONG) + goto ret_zero; + } + else + { + if (exponent + shift > DIGITS_IN_ULONGLONG) + goto ret_too_big; + } exponent= exponent * 10 + ch; } shift+= negative_exp ? -exponent : exponent;