1berry/MariaDB-server
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

fixes/cleanups according to Coverity report

Browse Source
This commit is contained in:
unknown 2005-01-24 15:48:25 +01:00
parent 3671fe1f72
commit 8bdb500105
29 changed files with 156 additions and 162 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
client/mysql.cc
View File

@ -1430,12 +1430,6 @@ static void build_completion_hash(bool rehash, bool write_info)
if (status.batch || quick || !current_db)
DBUG_VOID_RETURN; // We don't need completion in batches
if (tables)
{
mysql_free_result(tables);
tables=0;
}
/* hash SQL commands */
while (cmd->name) {
add_word(&ht,(char*) cmd->name);
@ -1681,8 +1675,8 @@ static int com_server_help(String *buffer __attribute__((unused)),
else if (num_fields >= 2 && num_rows)
{
init_pager();
char last_char;
char last_char= 0;
int num_name= 0, num_cat= 0;
LINT_INIT(num_name);
LINT_INIT(num_cat);
@ -1693,7 +1687,6 @@ static int com_server_help(String *buffer __attribute__((unused)),
put_info("To make a more specific request, please type 'help <item>',\nwhere <item> is one of the following", INFO_INFO);
num_name= 0;
num_cat= 1;
last_char= '_';
}
else if ((cur= mysql_fetch_row(result)))
{
@ -1703,7 +1696,7 @@ static int com_server_help(String *buffer __attribute__((unused)),
num_cat= 2;
print_help_item(&cur,1,2,&last_char);
}
while ((cur= mysql_fetch_row(result)))
print_help_item(&cur,num_name,num_cat,&last_char);
tee_fprintf(PAGER, "\n");

6
client/mysqlbinlog.cc
View File

@ -717,11 +717,7 @@ static int check_master_version(MYSQL* mysql)
if (mysql_query(mysql, "SELECT VERSION()") ||
!(res = mysql_store_result(mysql)))
{
mysql_close(mysql);
die("Error checking master version: %s",
mysql_error(mysql));
}
die("Error checking master version: %s", mysql_error(mysql));
if (!(row = mysql_fetch_row(res)))
{
mysql_free_result(res);

5
client/mysqldump.c
View File

@ -2328,14 +2328,13 @@ static const char *check_if_ignore_table(const char *table_name)
fprintf(stderr,
"Error: Couldn't read status information for table %s (%s)\n",
table_name, mysql_error(sock));
if (res)
mysql_free_result(res);
mysql_free_result(res);
return 0; /* assume table is ok */
}
if (strcmp(row[1], (result= "MRG_MyISAM")) &&
strcmp(row[1], (result= "MRG_ISAM")))
result= 0;
mysql_free_result(res);
mysql_free_result(res);
return result;
}

5
client/mysqltest.c
View File

@ -715,9 +715,10 @@ VAR* var_get(const char* var_name, const char** var_name_end, my_bool raw,
die("Empty variable");
}
length= (uint) (var_name - save_var_name);
if (length >= MAX_VAR_NAME)
die("Too long variable name: %s", save_var_name);
if (!(v = (VAR*) hash_search(&var_hash, save_var_name, length)) &&
length < MAX_VAR_NAME)
if (!(v = (VAR*) hash_search(&var_hash, save_var_name, length)))
{
char buff[MAX_VAR_NAME+1];
strmake(buff, save_var_name, length);

3
isam/sort.c
View File

@ -122,7 +122,10 @@ uint sortbuff_size;
MYF(0))))
break;
else
{
my_free((gptr) sort_keys,MYF(0));
sort_keys= 0;
}
}
old_memavl=memavl;
if ((memavl=memavl/4*3) < MIN_SORT_MEMORY && old_memavl > MIN_SORT_MEMORY)

7
myisam/mi_packrec.c
View File

@ -182,21 +182,14 @@ my_bool _mi_read_pack_info(MI_INFO *info, pbool fix_keys)
my_malloc((length+OFFSET_TABLE_SIZE)*sizeof(uint16)+
(uint) (share->pack.header_length+7),
MYF(MY_WME | MY_ZEROFILL))))
{
my_free((gptr) share->decode_trees,MYF(0));
goto err1;
}
tmp_buff=share->decode_tables+length;
disk_cache=(byte*) (tmp_buff+OFFSET_TABLE_SIZE);
if (my_read(file,disk_cache,
(uint) (share->pack.header_length-sizeof(header)),
MYF(MY_NABP)))
{
my_free((gptr) share->decode_trees,MYF(0));
my_free((gptr) share->decode_tables,MYF(0));
goto err2;
}
huff_tree_bits=max_bit(trees ? trees-1 : 0);
init_bit_buffer(&bit_buff, (uchar*) disk_cache,

7
myisam/rt_index.c
View File

@ -948,15 +948,14 @@ int rtree_delete(MI_INFO *info, uint keynr, uchar *key, uint key_length)
/* check for redundant root (not leaf, 1 child) and eliminate */
if ((old_root = info->s->state.key_root[keynr]) == HA_OFFSET_ERROR)
goto err1;
if (!_mi_fetch_keypage(info, keyinfo, old_root, DFLT_INIT_HITS,
if (!_mi_fetch_keypage(info, keyinfo, old_root, DFLT_INIT_HITS,
info->buff, 0))
goto err1;
nod_flag = mi_test_if_nod(info->buff);
page_size = mi_getint(info->buff);
if (nod_flag && (page_size == 2 + key_length +
(nod_flag ? nod_flag : info->s->base.rec_reflength)))
if (nod_flag && (page_size == 2 + key_length + nod_flag))
{
my_off_t new_root = _mi_kpos(nod_flag,
my_off_t new_root = _mi_kpos(nod_flag,
rt_PAGE_FIRST_KEY(info->buff, nod_flag));
if (_mi_dispose(info, keyinfo, old_root, DFLT_INIT_HITS))
goto err1;

3
myisam/sort.c
View File

@ -162,7 +162,10 @@ int _create_index_by_sort(MI_SORT_PARAM *info,my_bool no_messages,
{
if (my_init_dynamic_array(&buffpek, sizeof(BUFFPEK), maxbuffer,
maxbuffer/2))
{
my_free((gptr) sort_keys,MYF(0));
sort_keys= 0;
}
else
break;
}

1
mysys/mf_keycache.c
View File

@ -352,6 +352,7 @@ int init_key_cache(KEY_CACHE *keycache, uint key_cache_block_size,
MYF(0))))
break;
my_free_lock(keycache->block_mem, MYF(0));
keycache->block_mem= 0;
}
if (blocks < 8)
{

2
mysys/thr_alarm.c
View File

@ -248,7 +248,7 @@ void thr_end_alarm(thr_alarm_t *alarmed)
if (alarm_data->malloced)
my_free((gptr) alarm_data,MYF(0));
found++;
#ifndef DBUG_OFF
#ifdef DBUG_OFF
break;
#endif
}

24
sql/item.cc
View File

@ -1444,7 +1444,7 @@ bool Item_field::fix_fields(THD *thd, TABLE_LIST *tables, Item **ref)
&not_used)) !=
(Item **) not_found_item)
{
if (*refer && (*refer)->fixed) // Avoid crash in case of error
if (refer && (*refer)->fixed) // Avoid crash in case of error
{
prev_subselect_item->used_tables_cache|= (*refer)->used_tables();
prev_subselect_item->const_item_cache&= (*refer)->const_item();
@ -2057,7 +2057,6 @@ bool Item_ref::fix_fields(THD *thd,TABLE_LIST *tables, Item **reference)
if (!ref)
{
TABLE_LIST *where= 0, *table_list;
bool upward_lookup= 0;
SELECT_LEX_UNIT *prev_unit= thd->lex->current_select->master_unit();
SELECT_LEX *sl= prev_unit->outer_select();
/*
@ -2078,7 +2077,6 @@ bool Item_ref::fix_fields(THD *thd,TABLE_LIST *tables, Item **reference)
{
Field *tmp= (Field*) not_found_field;
SELECT_LEX *last= 0;
upward_lookup= 1;
/*
We can't find table field in select list of current select,
consequently we have to find it in outer subselect(s).
@ -2098,7 +2096,7 @@ bool Item_ref::fix_fields(THD *thd,TABLE_LIST *tables, Item **reference)
&not_used)) !=
(Item **)not_found_item)
{
if (*ref && (*ref)->fixed) // Avoid crash in case of error
if (ref && (*ref)->fixed) // Avoid crash in case of error
{
prev_subselect_item->used_tables_cache|= (*ref)->used_tables();
prev_subselect_item->const_item_cache&= (*ref)->const_item();
@ -2142,20 +2140,10 @@ bool Item_ref::fix_fields(THD *thd,TABLE_LIST *tables, Item **reference)
return -1;
if (ref == (Item **)not_found_item && tmp == not_found_field)
{
if (upward_lookup)
{
// We can't say exactly what absend (table or field)
my_printf_error(ER_BAD_FIELD_ERROR, ER(ER_BAD_FIELD_ERROR), MYF(0),
full_name(), thd->where);
}
else
{
// Call to report error
find_item_in_list(this,
*(thd->lex->current_select->get_item_list()),
&counter, REPORT_ALL_ERRORS, &not_used);
}
ref= 0; // Safety
// We can't say exactly what absend (table or field)
my_printf_error(ER_BAD_FIELD_ERROR, ER(ER_BAD_FIELD_ERROR), MYF(0),
full_name(), thd->where);
ref= 0; // Safety
return 1;
}
if (tmp != not_found_field)

13
sql/item_create.cc
View File

@ -365,22 +365,19 @@ Item *create_func_sin(Item* a)
Item *create_func_sha(Item* a)
{
return new Item_func_sha(a);
return new Item_func_sha(a);
}
Item *create_func_space(Item *a)
{
CHARSET_INFO *cs= current_thd->variables.collation_connection;
Item *sp;
if (cs->mbminlen > 1)
{
uint dummy_errors;
sp= new Item_string("",0,cs);
if (sp)
{
uint dummy_errors;
sp->str_value.copy(" ", 1, &my_charset_latin1, cs, &dummy_errors);
}
sp->str_value.copy(" ", 1, &my_charset_latin1, cs, &dummy_errors);
}
else
{

3
sql/item_strfunc.cc
View File

@ -2489,6 +2489,9 @@ String* Item_func_export_set::val_str(String* str)
case 3:
sep_buf.set(",", 1, default_charset());
sep = &sep_buf;
break;
default:
DBUG_ASSERT(0); // cannot happen
}
null_value=0;

23
sql/item_timefunc.cc
View File

@ -2112,20 +2112,25 @@ void Item_char_typecast::print(String *str)
String *Item_char_typecast::val_str(String *str)
{
DBUG_ASSERT(fixed == 1);
String *res, *res1;
String *res;
uint32 length;
if (!charset_conversion && !(res= args[0]->val_str(str)))
#if 0
if (!charset_conversion)
{
null_value= 1;
return 0;
if (!(res= args[0]->val_str(str)))
{
null_value= 1;
return 0;
}
}
else
#endif
{
// Convert character set if differ
uint dummy_errors;
if (!(res1= args[0]->val_str(&tmp_value)) ||
str->copy(res1->ptr(), res1->length(), res1->charset(),
if (!(res= args[0]->val_str(&tmp_value)) ||
str->copy(res->ptr(), res->length(), res->charset(),
cast_cs, &dummy_errors))
{
null_value= 1;
@ -2135,13 +2140,13 @@ String *Item_char_typecast::val_str(String *str)
}
res->set_charset(cast_cs);
/*
Cut the tail if cast with length
and the result is longer than cast length, e.g.
CAST('string' AS CHAR(1))
*/
if (cast_length >= 0 &&
if (cast_length >= 0 &&
(res->length() > (length= (uint32) res->charpos(cast_length))))
{ // Safe even if const arg
if (!res->alloced_length())
@ -2150,7 +2155,7 @@ String *Item_char_typecast::val_str(String *str)
res= &str_value;
}
res->length((uint) length);
}
}
null_value= 0;
return res;
}

4
sql/set_var.cc
View File

@ -2912,8 +2912,8 @@ int set_var_password::check(THD *thd)
if (!user->host.str)
user->host.str= (char*) thd->host_or_ip;
/* Returns 1 as the function sends error to client */
return check_change_password(thd, user->host.str, user->user.str, password) ?
1 : 0;
return check_change_password(thd, user->host.str, user->user.str,
password, strlen(password)) ? 1 : 0;
#else
return 0;
#endif

11
sql/slave.cc
View File

@ -2422,18 +2422,19 @@ int st_relay_log_info::wait_for_pos(THD* thd, String* log_name,
init_abort_pos_wait= abort_pos_wait;
/*
We'll need to
We'll need to
handle all possible log names comparisons (e.g. 999 vs 1000).
We use ulong for string->number conversion ; this is no
We use ulong for string->number conversion ; this is no
stronger limitation than in find_uniq_filename in sql/log.cc
*/
ulong log_name_extension;
char log_name_tmp[FN_REFLEN]; //make a char[] from String
char *end= strmake(log_name_tmp, log_name->ptr(), min(log_name->length(),
FN_REFLEN-1));
strmake(log_name_tmp, log_name->ptr(), min(log_name->length(), FN_REFLEN-1));
char *p= fn_ext(log_name_tmp);
char *p_end;
if (!*p || log_pos<0)
if (!*p || log_pos<0)
{
error= -2; //means improper arguments
goto err;

14
sql/sql_acl.cc
View File

@ -438,7 +438,7 @@ void acl_free(bool end)
SYNOPSIS
acl_reload()
thd Thread handle
thd Thread handle (can be NULL)
*/
void acl_reload(THD *thd)
@ -1128,6 +1128,10 @@ bool acl_check_host(const char *host, const char *ip)
thd THD
host hostname for the user
user user name
new_password new password
NOTE:
new_password cannot be NULL
RETURN VALUE
0 OK
@ -1135,7 +1139,7 @@ bool acl_check_host(const char *host, const char *ip)
*/
bool check_change_password(THD *thd, const char *host, const char *user,
char *new_password)
char *new_password, uint new_password_len)
{
if (!initialized)
{
@ -1186,12 +1190,13 @@ bool check_change_password(THD *thd, const char *host, const char *user,
bool change_password(THD *thd, const char *host, const char *user,
char *new_password)
{
uint new_password_len= strlen(new_password);
DBUG_ENTER("change_password");
DBUG_PRINT("enter",("host: '%s' user: '%s' new_password: '%s'",
host,user,new_password));
DBUG_ASSERT(host != 0); // Ensured by parent
if (check_change_password(thd, host, user, new_password))
if (check_change_password(thd, host, user, new_password, new_password_len))
DBUG_RETURN(1);
VOID(pthread_mutex_lock(&acl_cache->lock));
@ -1203,7 +1208,6 @@ bool change_password(THD *thd, const char *host, const char *user,
DBUG_RETURN(1);
}
/* update loaded acl entry: */
uint new_password_len= new_password ? strlen(new_password) : 0;
set_user_salt(acl_user, new_password, new_password_len);
if (update_user_table(thd,
@ -2697,7 +2701,7 @@ end:
SYNOPSIS
grant_reload()
thd Thread handler
thd Thread handler (can be NULL)
NOTES
Locked tables are checked by acl_init and doesn't have to be checked here

2
sql/sql_acl.h
View File

@ -143,7 +143,7 @@ int acl_getroot(THD *thd, USER_RESOURCES *mqh, const char *passwd,
uint passwd_len);
bool acl_check_host(const char *host, const char *ip);
bool check_change_password(THD *thd, const char *host, const char *user,
char *password);
char *password, uint password_len);
bool change_password(THD *thd, const char *host, const char *user,
char *password);
int mysql_grant(THD *thd, const char *db, List <LEX_USER> &user_list,

59
sql/sql_analyse.cc
View File

@ -70,6 +70,9 @@ proc_analyse_init(THD *thd, ORDER *param, select_result *result,
field_info **f_info;
DBUG_ENTER("proc_analyse_init");
if (!pc)
DBUG_RETURN(0);
if (!(param = param->next))
{
pc->max_tree_elements = MAX_TREE_ELEMENTS;
@ -81,33 +84,30 @@ proc_analyse_init(THD *thd, ORDER *param, select_result *result,
if ((*param->item)->type() != Item::INT_ITEM ||
(*param->item)->val() < 0)
{
delete pc;
my_error(ER_WRONG_PARAMETERS_TO_PROCEDURE, MYF(0), proc_name);
DBUG_RETURN(0);
goto err;
}
pc->max_tree_elements = (uint) (*param->item)->val_int();
param = param->next;
if (param->next) // no third parameter possible
{
my_error(ER_WRONG_PARAMCOUNT_TO_PROCEDURE, MYF(0), proc_name);
DBUG_RETURN(0);
goto err;
}
// second parameter
if ((*param->item)->type() != Item::INT_ITEM ||
(*param->item)->val() < 0)
{
delete pc;
my_error(ER_WRONG_PARAMETERS_TO_PROCEDURE, MYF(0), proc_name);
DBUG_RETURN(0);
goto err;
}
pc->max_treemem = (uint) (*param->item)->val_int();
}
else if ((*param->item)->type() != Item::INT_ITEM ||
(*param->item)->val() < 0)
{
delete pc;
my_error(ER_WRONG_PARAMETERS_TO_PROCEDURE, MYF(0), proc_name);
DBUG_RETURN(0);
goto err;
}
// if only one parameter was given, it will be the value of max_tree_elements
else
@ -116,34 +116,39 @@ proc_analyse_init(THD *thd, ORDER *param, select_result *result,
pc->max_treemem = MAX_TREEMEM;
}
if (!pc || !(pc->f_info = (field_info**)
sql_alloc(sizeof(field_info*)*field_list.elements)))
DBUG_RETURN(0);
if (!(pc->f_info=
(field_info**)sql_alloc(sizeof(field_info*)*field_list.elements)))
goto err;
pc->f_end = pc->f_info + field_list.elements;
pc->fields = field_list;
List_iterator_fast<Item> it(pc->fields);
f_info = pc->f_info;
Item *item;
while ((item = it++))
{
if (item->result_type() == INT_RESULT)
List_iterator_fast<Item> it(pc->fields);
f_info = pc->f_info;
Item *item;
while ((item = it++))
{
// Check if fieldtype is ulonglong
if (item->type() == Item::FIELD_ITEM &&
((Item_field*) item)->field->type() == FIELD_TYPE_LONGLONG &&
((Field_longlong*) ((Item_field*) item)->field)->unsigned_flag)
*f_info++ = new field_ulonglong(item, pc);
else
*f_info++ = new field_longlong(item, pc);
if (item->result_type() == INT_RESULT)
{
// Check if fieldtype is ulonglong
if (item->type() == Item::FIELD_ITEM &&
((Item_field*) item)->field->type() == FIELD_TYPE_LONGLONG &&
((Field_longlong*) ((Item_field*) item)->field)->unsigned_flag)
*f_info++ = new field_ulonglong(item, pc);
else
*f_info++ = new field_longlong(item, pc);
}
if (item->result_type() == REAL_RESULT)
*f_info++ = new field_real(item, pc);
if (item->result_type() == STRING_RESULT)
*f_info++ = new field_str(item, pc);
}
if (item->result_type() == REAL_RESULT)
*f_info++ = new field_real(item, pc);
if (item->result_type() == STRING_RESULT)
*f_info++ = new field_str(item, pc);
}
DBUG_RETURN(pc);
err:
delete pc;
DBUG_RETURN(0);
}

18
sql/sql_base.cc
View File

@ -251,13 +251,19 @@ void free_io_cache(TABLE *table)
DBUG_VOID_RETURN;
}
/* Close all tables which aren't in use by any thread */
/*
Close all tables which aren't in use by any thread
THD can be NULL, but then if_wait_for_refresh must be FALSE
and tables must be NULL.
*/
bool close_cached_tables(THD *thd, bool if_wait_for_refresh,
TABLE_LIST *tables)
{
bool result=0;
DBUG_ENTER("close_cached_tables");
DBUG_ASSERT(thd || (!if_wait_for_refresh && !tables));
VOID(pthread_mutex_lock(&LOCK_open));
if (!tables)
@ -333,7 +339,6 @@ bool close_cached_tables(THD *thd, bool if_wait_for_refresh,
VOID(pthread_mutex_unlock(&LOCK_open));
if (if_wait_for_refresh)
{
THD *thd=current_thd;
pthread_mutex_lock(&thd->mysys_var->mutex);
thd->mysys_var->current_mutex= 0;
thd->mysys_var->current_cond= 0;
@ -2068,13 +2073,8 @@ find_field_in_tables(THD *thd, Item_ident *item, TABLE_LIST *tables,
strxnmov(buff,sizeof(buff)-1,db,".",table_name,NullS);
table_name=buff;
}
if (report_error)
{
my_printf_error(ER_UNKNOWN_TABLE, ER(ER_UNKNOWN_TABLE), MYF(0),
table_name, thd->where);
}
else
return (Field*) not_found_field;
my_printf_error(ER_UNKNOWN_TABLE, ER(ER_UNKNOWN_TABLE), MYF(0),
table_name, thd->where);
}
else
if (report_error)

10
sql/sql_cache.cc
View File

@ -1157,12 +1157,12 @@ void Query_cache::invalidate(THD *thd, TABLE_LIST *tables_used,
DBUG_ASSERT(!using_transactions || tables_used->table!=0);
if (tables_used->derived)
continue;
if (using_transactions &&
(tables_used->table->file->table_cache_type() ==
if (using_transactions &&
(tables_used->table->file->table_cache_type() ==
HA_CACHE_TBL_TRANSACT))
/*
/*
Tables_used->table can't be 0 in transaction.
Only 'drop' invalidate not opened table, but 'drop'
Only 'drop' invalidate not opened table, but 'drop'
force transaction finish.
*/
thd->add_changed_table(tables_used->table);
@ -1210,7 +1210,7 @@ void Query_cache::invalidate(CHANGED_TABLE_LIST *tables_used)
*/
void Query_cache::invalidate_locked_for_write(TABLE_LIST *tables_used)
{
DBUG_ENTER("Query_cache::invalidate (changed table list)");
DBUG_ENTER("Query_cache::invalidate_locked_for_write");
if (query_cache_size > 0 && tables_used)
{
STRUCT_LOCK(&structure_guard_mutex);

22
sql/sql_db.cc
View File

@ -225,7 +225,7 @@ void del_dbopt(const char *path)
}
/*
/*
Create database options file:
DESCRIPTION
@ -244,10 +244,10 @@ static bool write_db_opt(THD *thd, const char *path, HA_CREATE_INFO *create)
if (!create->default_table_charset)
create->default_table_charset= thd->variables.collation_server;
if (put_dbopt(path, create))
return 1;
if ((file=my_create(path, CREATE_MODE,O_RDWR | O_TRUNC,MYF(MY_WME))) >= 0)
{
ulong length;
@ -523,14 +523,14 @@ int mysql_alter_db(THD *thd, const char *db, HA_CREATE_INFO *create_info)
if ((error=write_db_opt(thd, path, create_info)))
goto exit;
/*
/*
Change options if current database is being altered
TODO: Delete this code
*/
if (thd->db && !strcmp(thd->db,db))
{
thd->db_charset= (create_info && create_info->default_table_charset) ?
create_info->default_table_charset :
thd->db_charset= create_info->default_table_charset ?
create_info->default_table_charset :
thd->variables.collation_server;
thd->variables.collation_database= thd->db_charset;
}
@ -538,7 +538,7 @@ int mysql_alter_db(THD *thd, const char *db, HA_CREATE_INFO *create_info)
mysql_update_log.write(thd,thd->query, thd->query_length);
if (mysql_bin_log.is_open())
{
Query_log_event qinfo(thd, thd->query, thd->query_length, 0,
Query_log_event qinfo(thd, thd->query, thd->query_length, 0,
/* suppress_use */ TRUE);
/*
@ -620,12 +620,12 @@ int mysql_rm_db(THD *thd,char *db,bool if_exists, bool silent)
pthread_mutex_lock(&LOCK_open);
remove_db_from_cache(db);
pthread_mutex_unlock(&LOCK_open);
error= -1;
if ((deleted= mysql_rm_known_files(thd, dirp, db, path, 0)) >= 0)
{
ha_drop_database(path);
query_cache_invalidate1(db);
query_cache_invalidate1(db);
error = 0;
}
}
@ -636,7 +636,7 @@ int mysql_rm_db(THD *thd,char *db,bool if_exists, bool silent)
my_casedn_str(files_charset_info, tmp_db);
db= tmp_db;
}
if (!silent && deleted>=0 && thd)
if (!silent && deleted>=0)
{
const char *query;
ulong query_length;
@ -686,7 +686,7 @@ exit:
have 'if (data_buf) free(data_buf)' data_buf is !=0 so this makes a
DOUBLE free().
Side effects of this double free() are, randomly (depends on the machine),
when the slave is replicating a DROP DATABASE:
when the slave is replicating a DROP DATABASE:
- garbage characters in the error message:
"Error 'Can't drop database 'test2'; database doesn't exist' on query
'h4zI<EFBFBD>©'"

3
sql/sql_lex.cc
View File

@ -1685,9 +1685,6 @@ void st_select_lex::print_order(String *str, ORDER *order)
void st_select_lex::print_limit(THD *thd, String *str)
{
if (!thd)
thd= current_thd;
if (explicit_limit)
{
str->append(" limit ", 7);

29
sql/sql_parse.cc
View File

@ -866,14 +866,16 @@ static int check_connection(THD *thd)
char *user= end;
char *passwd= strend(user)+1;
char *db= passwd;
char db_buff[NAME_LEN+1]; // buffer to store db in utf8
char db_buff[NAME_LEN+1]; // buffer to store db in utf8
char user_buff[USERNAME_LENGTH+1]; // buffer to store user in utf8
/*
uint dummy_errors;
/*
Old clients send null-terminated string as password; new clients send
the size (1 byte) + string (not null-terminated). Hence in case of empty
password both send '\0'.
*/
uint passwd_len= thd->client_capabilities & CLIENT_SECURE_CONNECTION ?
uint passwd_len= thd->client_capabilities & CLIENT_SECURE_CONNECTION ?
*passwd++ : strlen(passwd);
db= thd->client_capabilities & CLIENT_CONNECT_WITH_DB ?
db + passwd_len + 1 : 0;
@ -881,7 +883,6 @@ static int check_connection(THD *thd)
/* Since 4.1 all database names are stored in utf8 */
if (db)
{
uint dummy_errors;
db_buff[copy_and_convert(db_buff, sizeof(db_buff)-1,
system_charset_info,
db, strlen(db),
@ -889,14 +890,10 @@ static int check_connection(THD *thd)
db= db_buff;
}
if (user)
{
uint dummy_errors;
user_buff[copy_and_convert(user_buff, sizeof(user_buff)-1,
system_charset_info, user, strlen(user),
thd->charset(), &dummy_errors)]= '\0';
user= user_buff;
}
user_buff[copy_and_convert(user_buff, sizeof(user_buff)-1,
system_charset_info, user, strlen(user),
thd->charset(), &dummy_errors)]= '\0';
user= user_buff;
if (thd->user)
x_free(thd->user);
@ -3217,12 +3214,12 @@ purposes internal to the MySQL server", MYF(0));
/*
If in a slave thread :
ALTER DATABASE DB may not be preceded by USE DB.
For that reason, maybe db_ok() in sql/slave.cc did not check the
For that reason, maybe db_ok() in sql/slave.cc did not check the
do_db/ignore_db. And as this query involves no tables, tables_ok()
above was not called. So we have to check rules again here.
*/
#ifdef HAVE_REPLICATION
if (thd->slave_thread &&
if (thd->slave_thread &&
(!db_ok(db, replicate_do_db, replicate_ignore_db) ||
!db_ok_with_wild_table(db)))
{
@ -3309,9 +3306,9 @@ purposes internal to the MySQL server", MYF(0));
case SQLCOM_GRANT:
{
if (check_access(thd, lex->grant | lex->grant_tot_col | GRANT_ACL,
tables && tables->db ? tables->db : select_lex->db,
tables ? tables->db : select_lex->db,
tables ? &tables->grant.privilege : 0,
tables ? 0 : 1,0))
tables ? 0 : 1, 0))
goto error;
/*

4
sql/sql_table.cc
View File

@ -1897,9 +1897,9 @@ static int mysql_admin_table(THD* thd, TABLE_LIST* tables,
for (table = tables; table; table = table->next)
{
char table_name[NAME_LEN*2+2];
char* db = (table->db) ? table->db : thd->db;
char* db = table->db;
bool fatal_error=0;
strxmov(table_name,db ? db : "",".",table->real_name,NullS);
strxmov(table_name, db, ".", table->real_name, NullS);
thd->open_options|= extra_open_options;
table->table = open_ltable(thd, table, lock_type);

9
sql/sql_update.cc
View File

@ -61,7 +61,7 @@ int mysql_update(THD *thd,
bool safe_update= thd->options & OPTION_SAFE_UPDATES;
bool used_key_is_modified, transactional_table, log_delayed;
int error=0;
uint used_index;
uint used_index= MAX_KEY;
#ifndef NO_EMBEDDED_ACCESS_CHECKS
uint want_privilege;
#endif
@ -75,7 +75,6 @@ int mysql_update(THD *thd,
thd->lex->select_lex.table_list.first);
DBUG_ENTER("mysql_update");
LINT_INIT(used_index);
LINT_INIT(timestamp_query_id);
if ((open_and_lock_tables(thd, table_list)))
@ -175,7 +174,7 @@ int mysql_update(THD *thd,
matching rows before updating the table!
*/
table->file->extra(HA_EXTRA_RETRIEVE_ALL_COLS);
if (old_used_keys.is_set(used_index))
if (used_index < MAX_KEY && old_used_keys.is_set(used_index))
{
table->key_read=1;
table->file->extra(HA_EXTRA_KEYREAD);
@ -542,8 +541,8 @@ int mysql_multi_update(THD *thd,
/* Unlock the tables in preparation for relocking */
if (!using_lock_tables)
{
mysql_unlock_tables(thd, thd->lock);
{
mysql_unlock_tables(thd, thd->lock);
thd->lock= 0;
}

10
sql/table.cc
View File

@ -99,11 +99,11 @@ int openfrm(const char *name, const char *alias, uint db_stat, uint prgflag,
*root_ptr= &outparam->mem_root;
outparam->real_name=strdup_root(&outparam->mem_root,
name+dirname_length(name));
*fn_ext(outparam->real_name)='\0'; // Remove extension
name+dirname_length(name));
outparam->table_name=my_strdup(alias,MYF(MY_WME));
if (!outparam->real_name || !outparam->table_name)
goto err_end;
*fn_ext(outparam->real_name)='\0'; // Remove extension
if ((file=my_open(fn_format(index_file,name,"",reg_ext,MY_UNPACK_FILENAME),
O_RDONLY | O_SHARE,
@ -305,12 +305,14 @@ int openfrm(const char *name, const char *alias, uint db_stat, uint prgflag,
VOID(my_seek(file,pos,MY_SEEK_SET,MYF(0)));
if (my_read(file,(byte*) head,288,MYF(MY_NABP))) goto err_not_open;
#ifdef HAVE_CRYPTED_FRM
if (crypted)
{
crypted->decode((char*) head+256,288-256);
if (sint2korr(head+284) != 0) // Should be 0
goto err_not_open; // Wrong password
}
#endif
outparam->fields= uint2korr(head+258);
pos=uint2korr(head+260); /* Length of all screens */
@ -339,12 +341,14 @@ int openfrm(const char *name, const char *alias, uint db_stat, uint prgflag,
pos+ (uint) (n_length+int_length+com_length));
if (read_string(file,(gptr*) &disk_buff,read_length))
goto err_not_open; /* purecov: inspected */
#ifdef HAVE_CRYPTED_FRM
if (crypted)
{
crypted->decode((char*) disk_buff,read_length);
delete crypted;
crypted=0;
}
#endif
strpos= disk_buff+pos;
outparam->intervals= (TYPELIB*) (field_ptr+outparam->fields+1);
@ -1453,7 +1457,7 @@ bool check_column_name(const char *name)
{
const char *start= name;
bool last_char_is_space= TRUE;
while (*name)
{
#if defined(USE_MB) && defined(USE_MB_IDENT)

2
sql/tztime.cc
View File

@ -1825,7 +1825,7 @@ tz_load_from_open_tables(const String *tz_name, TABLE_LIST *tz_tables)
{
ttid= (uint)table->field[1]->val_int();
if (ttid > TZ_MAX_TYPES)
if (ttid >= TZ_MAX_TYPES)
{
sql_print_error("Error while loading time zone description from "
"mysql.time_zone_transition_type table: too big "

6
tests/client_test.c
View File

@ -10778,6 +10778,12 @@ static void test_bug5194()
if (bind == 0 || query == 0 || param_str == 0)
{
fprintf(stderr, "Can't allocate enough memory for query structs\n");
if (bind)
free(bind);
if (query)
free(query);
if (param_str)
free(param_str);
return;
}