From 247efb9cf060f0cd8d8eb7e4ecd084b9a202a395 Mon Sep 17 00:00:00 2001 From: unknown Date: Wed, 13 Feb 2008 19:32:19 +0400 Subject: [PATCH 1/2] Fixed bug#33764: Wrong result with IN(), CONCAT() and implicit type conversion. Instead of copying of whole character string from a temporary buffer, the server copied a short-living pointer to that string into a long-living structure. That has been fixed. mysql-test/r/select.result: Added test case for bug#33764. mysql-test/t/select.test: Added test case for bug#33764. sql/item_cmpfunc.cc: Fixed bug#33764. Copying of a pointer has been replaced with an optional copying of a whole array to a newly allocated memory space in case of a functional source item. --- mysql-test/r/select.result | 6 ++++++ mysql-test/t/select.test | 11 +++++++++++ sql/item_cmpfunc.cc | 5 ++++- 3 files changed, 21 insertions(+), 1 deletion(-) diff --git a/mysql-test/r/select.result b/mysql-test/r/select.result index 3ca84bcf34b..180da5cd7d7 100644 --- a/mysql-test/r/select.result +++ b/mysql-test/r/select.result @@ -4328,4 +4328,10 @@ SELECT * FROM t1 WHERE c1 > NULL + 1; c1 DROP TABLE t1; +CREATE TABLE t1 (a VARCHAR(10) NOT NULL PRIMARY KEY); +INSERT INTO t1 (a) VALUES ('foo0'), ('bar0'), ('baz0'); +SELECT * FROM t1 WHERE a IN (CONCAT('foo', 0), 'bar'); +a +foo0 +DROP TABLE t1; End of 5.0 tests diff --git a/mysql-test/t/select.test b/mysql-test/t/select.test index c48f2771aa8..4b52dac680c 100644 --- a/mysql-test/t/select.test +++ b/mysql-test/t/select.test @@ -3672,4 +3672,15 @@ DROP TABLE t1; --echo +########################################################################### + +# +# Bug #33764: Wrong result with IN(), CONCAT() and implicit type conversion +# + +CREATE TABLE t1 (a VARCHAR(10) NOT NULL PRIMARY KEY); +INSERT INTO t1 (a) VALUES ('foo0'), ('bar0'), ('baz0'); +SELECT * FROM t1 WHERE a IN (CONCAT('foo', 0), 'bar'); +DROP TABLE t1; + --echo End of 5.0 tests diff --git a/sql/item_cmpfunc.cc b/sql/item_cmpfunc.cc index 98bcb256138..17345e76bba 100644 --- a/sql/item_cmpfunc.cc +++ b/sql/item_cmpfunc.cc @@ -2995,7 +2995,10 @@ void in_string::set(uint pos,Item *item) { if (res->uses_buffer_owned_by(str)) res->copy(); - *str= *res; + if (item->type() == Item::FUNC_ITEM) + str->copy(*res); + else + *str= *res; } if (!str->charset()) { From 7a290b55f7691b2518cb1d83da252e07376954f6 Mon Sep 17 00:00:00 2001 From: unknown Date: Wed, 13 Feb 2008 19:34:12 +0400 Subject: [PATCH 2/2] Fixed bug#31194: Privilege ordering does not order properly for wildcard values. The server ignored escape character before wildcards during the calculation of priority values for sorting of a privilege list. (Actually the server counted an escape character as an ordinary wildcard like % or _). I.e. the table name template with a wildcard character like 'tbl_1' had higher priority in a privilege list than concrete table name without wildcards like 'tbl\_1', and some privileges of 'tbl\_1' was hidden by privileges for 'tbl_1'. The get_sort function has been modified to ignore escaped wildcards as usual. mysql-test/r/grant3.result: Added test case for bug#31194. mysql-test/t/grant3.test: Added test case for bug#31194. sql/sql_acl.cc: Fixed bug#31194. The server used the wild_prefix escape character (usually \-character) like % and _ wildcards in the get_sort function for sorting weights calculation. The get_sort function has been modified to ignore escaped wildcards and alone escapes like in the wild_case_compare function. --- mysql-test/r/grant3.result | 17 +++++++++++++++++ mysql-test/t/grant3.test | 26 ++++++++++++++++++++++++++ sql/sql_acl.cc | 4 +++- 3 files changed, 46 insertions(+), 1 deletion(-) diff --git a/mysql-test/r/grant3.result b/mysql-test/r/grant3.result index cc7f46855b2..f38848111ad 100644 --- a/mysql-test/r/grant3.result +++ b/mysql-test/r/grant3.result @@ -138,3 +138,20 @@ SELECT user, host, db, select_priv FROM mysql.db where user = 'CUser2' order by user host db select_priv DROP USER CUser2@localhost; DROP USER CUser2@LOCALHOST; +CREATE DATABASE mysqltest_1; +CREATE TABLE mysqltest_1.t1 (a INT); +CREATE USER 'mysqltest1'@'%'; +GRANT SELECT, UPDATE ON `mysqltest_1`.* TO 'mysqltest1'@'%'; +REVOKE SELECT ON `mysqltest_1`.* FROM 'mysqltest1'@'%'; +GRANT SELECT, UPDATE ON `mysqltest\_1`.* TO 'mysqltest1'@'%'; +FLUSH PRIVILEGES; +SHOW GRANTS; +Grants for mysqltest1@% +GRANT USAGE ON *.* TO 'mysqltest1'@'%' +GRANT SELECT, UPDATE ON `mysqltest\_1`.* TO 'mysqltest1'@'%' +GRANT UPDATE ON `mysqltest_1`.* TO 'mysqltest1'@'%' +SELECT * FROM mysqltest_1.t1; +a +DROP USER 'mysqltest1'@'%'; +DROP DATABASE mysqltest_1; +End of 5.0 tests diff --git a/mysql-test/t/grant3.test b/mysql-test/t/grant3.test index fac577ef0ff..8eceb851c29 100644 --- a/mysql-test/t/grant3.test +++ b/mysql-test/t/grant3.test @@ -134,3 +134,29 @@ SELECT user, host, db, select_priv FROM mysql.db where user = 'CUser2' order by DROP USER CUser2@localhost; DROP USER CUser2@LOCALHOST; + + +# +# Bug#31194: Privilege ordering does not order properly for wildcard values +# + +CREATE DATABASE mysqltest_1; +CREATE TABLE mysqltest_1.t1 (a INT); +CREATE USER 'mysqltest1'@'%'; +GRANT SELECT, UPDATE ON `mysqltest_1`.* TO 'mysqltest1'@'%'; +REVOKE SELECT ON `mysqltest_1`.* FROM 'mysqltest1'@'%'; +GRANT SELECT, UPDATE ON `mysqltest\_1`.* TO 'mysqltest1'@'%'; +FLUSH PRIVILEGES; + +connect (conn1,localhost,mysqltest1,,); +connection conn1; +SHOW GRANTS; +SELECT * FROM mysqltest_1.t1; +disconnect conn1; + +connection default; +DROP USER 'mysqltest1'@'%'; +DROP DATABASE mysqltest_1; + + +--echo End of 5.0 tests diff --git a/sql/sql_acl.cc b/sql/sql_acl.cc index 134541368e9..851af35da32 100644 --- a/sql/sql_acl.cc +++ b/sql/sql_acl.cc @@ -668,7 +668,9 @@ static ulong get_sort(uint count,...) { for (; *str ; str++) { - if (*str == wild_many || *str == wild_one || *str == wild_prefix) + if (*str == wild_prefix && str[1]) + str++; + else if (*str == wild_many || *str == wild_one) { wild_pos= (uint) (str - start) + 1; break;