From f48e47ea5084668dfb0e6b3bbe231e279ccf169d Mon Sep 17 00:00:00 2001 From: "bo.thorsen" Date: Fri, 9 Apr 2010 11:05:23 +0200 Subject: [PATCH 1/6] Fix Windows compile --- sql/mysqld.cc | 5 ++++- storage/maria/ma_loghandler.c | 3 ++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/sql/mysqld.cc b/sql/mysqld.cc index 55a889b55af..645b7498042 100644 --- a/sql/mysqld.cc +++ b/sql/mysqld.cc @@ -2664,8 +2664,11 @@ bugs.\n"); end: #ifndef __WIN__ - /* On Windows, do not terminate, but pass control to exception filter */ + /* Terminate */ exit(1); +#else + /* On Windows, do not terminate, but pass control to exception filter */ + ; #endif } diff --git a/storage/maria/ma_loghandler.c b/storage/maria/ma_loghandler.c index 8ffaf22d1b0..be86740d822 100644 --- a/storage/maria/ma_loghandler.c +++ b/storage/maria/ma_loghandler.c @@ -1397,8 +1397,9 @@ LSN translog_get_file_max_lsn_stored(uint32 file) { LOGHANDLER_FILE_INFO info; + File fd; LINT_INIT_STRUCT(info); - File fd= open_logfile_by_number_no_cache(file); + fd= open_logfile_by_number_no_cache(file); if ((fd < 0) || (translog_read_file_header(&info, fd) | my_close(fd, MYF(MY_WME)))) { From 006afc49080cd1df13316bce7b7643cd2d63735c Mon Sep 17 00:00:00 2001 From: "bo.thorsen" Date: Fri, 9 Apr 2010 12:39:27 +0200 Subject: [PATCH 2/6] Remove unnecessary redefinition of TAILQ_EMPTY --- extra/libevent/event-internal.h | 1 - 1 file changed, 1 deletion(-) diff --git a/extra/libevent/event-internal.h b/extra/libevent/event-internal.h index 9dd0c4d7632..c24c784d866 100644 --- a/extra/libevent/event-internal.h +++ b/extra/libevent/event-internal.h @@ -74,7 +74,6 @@ struct event_base { Copyright (c) 1991, 1993, The Regents of the University of California. All rights reserved. */ -#define TAILQ_EMPTY(head) ((head)->tqh_first == NULL) #define TAILQ_FIRST(head) ((head)->tqh_first) #define TAILQ_END(head) NULL #define TAILQ_NEXT(elm, field) ((elm)->field.tqe_next) From e432151e9cf6a7a5ccf84fc137975ccf38fd0798 Mon Sep 17 00:00:00 2001 From: Bo Thorsen Date: Wed, 21 Apr 2010 02:25:59 +0200 Subject: [PATCH 3/6] Fix a bunch of Windows warnings --- extra/yassl/taocrypt/src/algebra.cpp | 1 - sql/hash_filo.cc | 5 +++++ sql/mf_iocache.cc | 6 ++++++ sql/repl_failsafe.cc | 5 +++++ sql/sql_repl.cc | 5 +++++ storage/pbxt/src/locklist_xt.cc | 5 +++++ storage/pbxt/src/pbms_enabled.cc | 5 +++++ storage/xtradb/include/univ.i | 2 +- storage/xtradb/sync/sync0sync.c | 3 +++ 9 files changed, 35 insertions(+), 2 deletions(-) diff --git a/extra/yassl/taocrypt/src/algebra.cpp b/extra/yassl/taocrypt/src/algebra.cpp index c221ce3d6cb..6e402da0117 100644 --- a/extra/yassl/taocrypt/src/algebra.cpp +++ b/extra/yassl/taocrypt/src/algebra.cpp @@ -18,7 +18,6 @@ /* based on Wei Dai's algebra.cpp from CryptoPP */ #undef NDEBUG -#define DEBUG // GCC 4.0 bug if NDEBUG and Optimize > 1 #include "runtime.hpp" #include "algebra.hpp" diff --git a/sql/hash_filo.cc b/sql/hash_filo.cc index 9303120e18a..fcc610fe776 100644 --- a/sql/hash_filo.cc +++ b/sql/hash_filo.cc @@ -25,3 +25,8 @@ #include "mysql_priv.h" #include "hash_filo.h" + +#ifdef __WIN__ +// Remove linker warning 4221 about empty file +namespace { char dummy; }; +#endif // __WIN__ diff --git a/sql/mf_iocache.cc b/sql/mf_iocache.cc index 8c2d16c40b0..ce1d5973d5d 100644 --- a/sql/mf_iocache.cc +++ b/sql/mf_iocache.cc @@ -85,6 +85,12 @@ int _my_b_net_read(register IO_CACHE *info, uchar *Buffer, } } /* extern "C" */ + +#elif defined(__WIN__) + +// Remove linker warning 4221 about empty file +namespace { char dummy; }; + #endif /* HAVE_REPLICATION */ diff --git a/sql/repl_failsafe.cc b/sql/repl_failsafe.cc index c6a05e93bf4..0fa13949aba 100644 --- a/sql/repl_failsafe.cc +++ b/sql/repl_failsafe.cc @@ -1036,5 +1036,10 @@ err: return error; } +#elif defined(__WIN__) + +// Remove linker warning 4221 about empty file +namespace { char dummy; }; + #endif /* HAVE_REPLICATION */ diff --git a/sql/sql_repl.cc b/sql/sql_repl.cc index ae995ea5ed3..b3d90028532 100644 --- a/sql/sql_repl.cc +++ b/sql/sql_repl.cc @@ -1835,6 +1835,11 @@ int init_replication_sys_vars() return 0; } +#elif defined(__WIN__) + +// Remove linker warning 4221 about empty file +namespace { char dummy; }; + #endif /* HAVE_REPLICATION */ diff --git a/storage/pbxt/src/locklist_xt.cc b/storage/pbxt/src/locklist_xt.cc index 9a4aeb8f501..cbb004a70ca 100644 --- a/storage/pbxt/src/locklist_xt.cc +++ b/storage/pbxt/src/locklist_xt.cc @@ -186,5 +186,10 @@ void xt_trace_thread_locks(XTThread *self) } } +#elif defined(__WIN__) + +// Remove linker warning 4221 about empty file +namespace { char dummy; }; + #endif diff --git a/storage/pbxt/src/pbms_enabled.cc b/storage/pbxt/src/pbms_enabled.cc index cea6b231fdf..7a67d89a4bb 100644 --- a/storage/pbxt/src/pbms_enabled.cc +++ b/storage/pbxt/src/pbms_enabled.cc @@ -241,4 +241,9 @@ void pbms_completed(TABLE *table, bool ok) return ; } +#elif defined(__WIN__) + +// Remove linker warning 4221 about empty file +namespace { char dummy; }; + #endif // PBMS_ENABLED diff --git a/storage/xtradb/include/univ.i b/storage/xtradb/include/univ.i index 26097941c5f..b702c96a85c 100644 --- a/storage/xtradb/include/univ.i +++ b/storage/xtradb/include/univ.i @@ -290,7 +290,7 @@ management to ensure correct alignment for doubles etc. */ /* The 2-logarithm of UNIV_PAGE_SIZE: */ #define UNIV_PAGE_SIZE_SHIFT 14 /* The universal page size of the database */ -#define UNIV_PAGE_SIZE (1 << UNIV_PAGE_SIZE_SHIFT) +#define UNIV_PAGE_SIZE (1u << UNIV_PAGE_SIZE_SHIFT) /* Maximum number of parallel threads in a parallelized operation */ #define UNIV_MAX_PARALLELISM 32 diff --git a/storage/xtradb/sync/sync0sync.c b/storage/xtradb/sync/sync0sync.c index 272492cb3e4..c0e543f284d 100644 --- a/storage/xtradb/sync/sync0sync.c +++ b/storage/xtradb/sync/sync0sync.c @@ -423,8 +423,11 @@ mutex_set_waiters( mutex_t* mutex, /*!< in: mutex */ ulint n) /*!< in: value to set */ { +#ifndef INNODB_RW_LOCKS_USE_ATOMICS volatile ulint* ptr; /* declared volatile to ensure that the value is stored to memory */ +#endif + ut_ad(mutex); #ifdef INNODB_RW_LOCKS_USE_ATOMICS From 1f683a7270e63abfadce20c6f51370621ff065e1 Mon Sep 17 00:00:00 2001 From: Kristian Nielsen Date: Wed, 28 Apr 2010 07:48:03 +0200 Subject: [PATCH 4/6] Fix buffer overflow in COM_FIELD_LIST. sql/sql_base.cc: Replace strmov() with strnmov() to remove the possibility for buffer overflow. sql/sql_parse.cc: Reject COM_FIELD_LIST with too-big table or wildcard argument. (libmysqlclient doesn't allow sending too long arguments anyway, but we need this to protect against buffer overflow exploits). --- sql/sql_base.cc | 8 ++++++-- sql/sql_parse.cc | 30 ++++++++++++++++++++---------- 2 files changed, 26 insertions(+), 12 deletions(-) diff --git a/sql/sql_base.cc b/sql/sql_base.cc index 1da17c216f2..4416ebbc45c 100644 --- a/sql/sql_base.cc +++ b/sql/sql_base.cc @@ -233,8 +233,12 @@ static void check_unused(void) uint create_table_def_key(THD *thd, char *key, TABLE_LIST *table_list, bool tmp_table) { - uint key_length= (uint) (strmov(strmov(key, table_list->db)+1, - table_list->table_name)-key)+1; + char *db_end= strnmov(key, table_list->db, MAX_DBKEY_LENGTH - 2); + *db_end++= '\0'; + char *table_end= strnmov(db_end, table_list->table_name, + key + MAX_DBKEY_LENGTH - 1 - db_end); + *table_end++= '\0'; + uint key_length= (uint) (table_end-key); if (tmp_table) { int4store(key + key_length, thd->server_id); diff --git a/sql/sql_parse.cc b/sql/sql_parse.cc index 9503e8a5d81..2eb6a190e63 100644 --- a/sql/sql_parse.cc +++ b/sql/sql_parse.cc @@ -1304,10 +1304,12 @@ bool dispatch_command(enum enum_server_command command, THD *thd, break; #else { - char *fields, *packet_end= packet + packet_length, *arg_end; + char *fields, *packet_end= packet + packet_length, *wildcard; /* Locked closure of all tables */ TABLE_LIST table_list; - LEX_STRING conv_name; + char db_buff[NAME_LEN+1]; + uint32 db_length; + uint dummy_errors; /* used as fields initializator */ lex_start(thd); @@ -1319,11 +1321,22 @@ bool dispatch_command(enum enum_server_command command, THD *thd, /* We have name + wildcard in packet, separated by endzero */ - arg_end= strend(packet); - thd->convert_string(&conv_name, system_charset_info, - packet, (uint) (arg_end - packet), thd->charset()); - table_list.alias= table_list.table_name= conv_name.str; - packet= arg_end + 1; + wildcard= strend(packet); + db_length= wildcard - packet; + wildcard++; + uint query_length= (uint) (packet_end - wildcard); // Don't count end \0 + if (db_length > NAME_LEN || query_length > NAME_LEN) + { + my_message(ER_UNKNOWN_COM_ERROR, ER(ER_UNKNOWN_COM_ERROR), MYF(0)); + break; + } + db_length= copy_and_convert(db_buff, sizeof(db_buff)-1, + system_charset_info, packet, db_length, + thd->charset(), &dummy_errors); + db_buff[db_length]= '\0'; + table_list.alias= table_list.table_name= db_buff; + if (!(fields= (char *) thd->memdup(wildcard, query_length + 1))) + break; if (is_schema_db(table_list.db, table_list.db_length)) { @@ -1332,9 +1345,6 @@ bool dispatch_command(enum enum_server_command command, THD *thd, table_list.schema_table= schema_table; } - uint query_length= (uint) (packet_end - packet); // Don't count end \0 - if (!(fields= (char *) thd->memdup(packet, query_length + 1))) - break; thd->set_query(fields, query_length); general_log_print(thd, command, "%s %s", table_list.table_name, fields); if (lower_case_table_names) From 5a0af835ccaef1125478a2895b1ce5bc12626759 Mon Sep 17 00:00:00 2001 From: unknown Date: Thu, 29 Apr 2010 09:29:04 +0200 Subject: [PATCH 5/6] Fix missing bounds check in string conversion. Bump version number for security fix release. --- configure.in | 2 +- strings/ctype-utf8.c | 4 ++++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/configure.in b/configure.in index 47682c34fea..45952dbeceb 100644 --- a/configure.in +++ b/configure.in @@ -7,7 +7,7 @@ AC_PREREQ(2.59) # Remember to also update version.c in ndb. # When changing major version number please also check switch statement # in mysqlbinlog::check_master_version(). -AC_INIT([MariaDB Server], [5.1.44-MariaDB], [], [mysql]) +AC_INIT([MariaDB Server], [5.1.44a-MariaDB], [], [mysql]) AC_CONFIG_SRCDIR([sql/mysqld.cc]) AC_CANONICAL_SYSTEM # USTAR format gives us the possibility to store longer path names in diff --git a/strings/ctype-utf8.c b/strings/ctype-utf8.c index f99c34ec39a..9cfee43fa36 100644 --- a/strings/ctype-utf8.c +++ b/strings/ctype-utf8.c @@ -4116,6 +4116,10 @@ my_wc_mb_filename(CHARSET_INFO *cs __attribute__((unused)), { int code; char hex[]= "0123456789abcdef"; + + if (s >= e) + return MY_CS_TOOSMALL; + if (wc < 128 && filename_safe_char[wc]) { *s= (uchar) wc; From 1f6a936ddc46f9bf035277124ea6be0774038ca4 Mon Sep 17 00:00:00 2001 From: unknown Date: Wed, 5 May 2010 14:58:26 +0200 Subject: [PATCH 6/6] Change commit mails to go to commits@mariadb.org --- .bzr-mysql/default.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.bzr-mysql/default.conf b/.bzr-mysql/default.conf index 85d29bd70f2..84dab2dc819 100644 --- a/.bzr-mysql/default.conf +++ b/.bzr-mysql/default.conf @@ -1,6 +1,6 @@ [MYSQL] tree_location = lp:maria -post_commit_to = maria-developers@lists.launchpad.net +post_commit_to = commits@mariadb.org post_commit_url = lp:maria tree_name = maria project_name = "MariaDB 5.1, with Maria 1.5"