Merge remote-tracking branch 'mysql/5.5' into 5.5

We do not accept: 1. We did not have this problem (fixed earlier and better) d982e717aba67227ec40761a21a4211db91aa0e2 Bug#27510150: MYSQLDUMP FAILS FOR SPECIFIC --WHERE CLAUSES 2. We do not have such options (an DBUG_ASSERT put just in case) bbc2e37fe4e0ca3a7cfa1437a763dc43829e98e2 Bug#27759871: BACKRONYM ISSUE IS STILL IN MYSQL 5.7 3. Serg fixed it in other way in this release: e48d775c6f066add457fa8cfb2ebc4d5ff0c7613 Bug#27980823: HEAP OVERFLOW VULNERABILITIES IN MYSQL CLIENT LIBRARY
2018-07-29 13:10:29 +02:00 · 2018-07-29 13:10:29 +02:00 · fceda2dab6
commit fceda2dab6
parent bd0b368119 e48d775c6f
11 changed files with 123 additions and 47 deletions
--- a/include/sql_common.h
+++ b/include/sql_common.h
@ -1,6 +1,6 @@
 #ifndef SQL_COMMON_INCLUDED
 #define SQL_COMMON_INCLUDED
-/* Copyright (c) 2003, 2012, Oracle and/or its affiliates.
+/* Copyright (c) 2003, 2018, Oracle and/or its affiliates.
   Copyright (c) 2010, 2018, MariaDB
   This program is free software; you can redistribute it and/or modify
--- a/mysql-test/r/grant.result
+++ b/mysql-test/r/grant.result
@ -1688,6 +1688,7 @@ revoke create, insert on mysqltest.t6 from mysqltest@localhost;
 drop user mysqltest@localhost;
 drop database mysqltest;
 use test;
 call mtr.add_suppression("Can't open and lock privilege tables");
 FLUSH PRIVILEGES without procs_priv table.
 RENAME TABLE mysql.procs_priv TO mysql.procs_gone;
 FLUSH PRIVILEGES;
@ -1777,8 +1778,6 @@ BEGIN
 SET @x = 0;
 REPEAT SET @x = @x + 1; UNTIL @x > p1 END REPEAT;
 END ;||
 Warnings:
 Warning	1404	Failed to grant EXECUTE and ALTER ROUTINE privileges
 SHOW GRANTS FOR 'user1'@'localhost';
 Grants for user1@localhost
 GRANT USAGE ON *.* TO 'user1'@'localhost'
@ -1788,6 +1787,7 @@ SHOW GRANTS FOR 'user2';
 Grants for user2@%
 GRANT USAGE ON *.* TO 'user2'@'%'
 GRANT CREATE, CREATE ROUTINE ON `db1`.* TO 'user2'@'%'
 GRANT EXECUTE, ALTER ROUTINE ON PROCEDURE `db1`.`proc2` TO 'user2'@'%'
 DROP PROCEDURE db1.proc1;
 DROP PROCEDURE db1.proc2;
 REVOKE ALL ON db1.* FROM 'user1'@'localhost';
--- a/mysql-test/r/union.result
+++ b/mysql-test/r/union.result
@ -2032,4 +2032,20 @@ DROP VIEW v1;
 UNION
 (SELECT 2, 2);
 ERROR 42S02: Table 'test.v1' doesn't exist
 #
 # Bug#27197235 USER VARIABLE + UINON + DECIMAL COLUMN RETURNS
 #              WRONG VALUES
 #
 SET NAMES utf8;
 SET @advertAcctId = 1000003;
 select @advertAcctId as a from dual union all select 1.0 from dual;
 a
 1000003.0
 1.0
 SET NAMES latin1;
 SET @advertAcctId = 1000003;
 select @advertAcctId as a from dual union all select 1.0 from dual;
 a
 1000003.0
 1.0
 End of 5.5 tests
--- a/mysql-test/t/grant.test
+++ b/mysql-test/t/grant.test
@ -1659,6 +1659,9 @@ use test;
 #
 # Bug#16470 crash on grant if old grant tables
 #
 call mtr.add_suppression("Can't open and lock privilege tables");
 --echo FLUSH PRIVILEGES without procs_priv table.
 RENAME TABLE mysql.procs_priv TO mysql.procs_gone;
 --error ER_NO_SUCH_TABLE
--- a/mysql-test/t/union.test
+++ b/mysql-test/t/union.test
@ -1421,4 +1421,19 @@ DROP VIEW v1;
 UNION
 (SELECT 2, 2);
 --echo #
 --echo # Bug#27197235 USER VARIABLE + UINON + DECIMAL COLUMN RETURNS
 --echo #              WRONG VALUES
 --echo #
 let $old_charset= `SELECT @@character_set_client`;
 SET NAMES utf8;
 SET @advertAcctId = 1000003;
 select @advertAcctId as a from dual union all select 1.0 from dual;
 eval SET NAMES $old_charset;
 SET @advertAcctId = 1000003;
 select @advertAcctId as a from dual union all select 1.0 from dual;
 --echo End of 5.5 tests
--- a/sql-common/client.c
+++ b/sql-common/client.c
@ -1598,6 +1598,7 @@ MYSQL_DATA *cli_read_rows(MYSQL *mysql,MYSQL_FIELD *mysql_fields,
  if ((pkt_len= cli_safe_read(mysql)) == packet_error)
    DBUG_RETURN(0);
  if (pkt_len == 0) DBUG_RETURN(0);
  if (!(result=(MYSQL_DATA*) my_malloc(sizeof(MYSQL_DATA),
 				       MYF(MY_WME | MY_ZEROFILL))))
  {
@ -2602,6 +2603,9 @@ static int send_client_reply_packet(MCPVIO_EXT *mpvio,
    enum enum_ssl_init_error ssl_init_error;
    const char *cert_error;
    unsigned long ssl_error;
 #ifdef EMBEDDED_LIBRARY
    DBUG_ASSERT(0); // embedded should not do SSL connect
 #endif
    /*
      Send mysql->client_flag, max_packet_size - unencrypted otherwise
--- a/sql/item.cc
+++ b/sql/item.cc
@ -1,5 +1,5 @@
 /*
-   Copyright (c) 2000, 2016, Oracle and/or its affiliates.
+   Copyright (c) 2000, 2018, Oracle and/or its affiliates.
   Copyright (c) 2010, 2018, MariaDB Corporation
   This program is free software; you can redistribute it and/or modify
@ -9655,6 +9655,7 @@ bool Item_type_holder::join_types(THD *thd, Item *item)
  if (Field::result_merge_type(fld_type) == DECIMAL_RESULT)
  {
    collation.set_numeric();
    decimals= min(max(decimals, item->decimals), DECIMAL_MAX_SCALE);
    int item_int_part= item->decimal_int_part();
    int item_prec = max(prev_decimal_int_part, item_int_part) + decimals;
--- a/sql/sql_acl.cc
+++ b/sql/sql_acl.cc
@ -1,4 +1,4 @@
-/* Copyright (c) 2000, 2016, Oracle and/or its affiliates.
+/* Copyright (c) 2000, 2018, Oracle and/or its affiliates.
   Copyright (c) 2009, 2018, MariaDB
   This program is free software; you can redistribute it and/or modify
@ -4451,6 +4451,7 @@ end_index_init:
    exists.
  @param thd A pointer to the thread handler object.
  @param table A pointer to the table list.
  @see grant_reload
@ -4459,31 +4460,22 @@ end_index_init:
    @retval TRUE An error has occurred.
 */
-static my_bool grant_reload_procs_priv(THD *thd)
+static my_bool grant_reload_procs_priv(THD *thd, TABLE_LIST *table)
 {
  HASH old_proc_priv_hash, old_func_priv_hash;
  TABLE_LIST table;
  my_bool return_val= FALSE;
  DBUG_ENTER("grant_reload_procs_priv");
  table.init_one_table("mysql", 5, "procs_priv",
                       strlen("procs_priv"), "procs_priv",
                       TL_READ);
  table.open_type= OT_BASE_ONLY;
  if (open_and_lock_tables(thd, &table, FALSE, MYSQL_LOCK_IGNORE_TIMEOUT))
    DBUG_RETURN(TRUE);
  mysql_rwlock_wrlock(&LOCK_grant);
  /* Save a copy of the current hash if we need to undo the grant load */
  old_proc_priv_hash= proc_priv_hash;
  old_func_priv_hash= func_priv_hash;
-  if ((return_val= grant_load_procs_priv(table.table)))
+  if ((return_val= grant_load_procs_priv(table->table)))
  {
    /* Error; Reverting to old hash */
    DBUG_PRINT("error",("Reverting to old privileges"));
-    grant_free();
+    my_hash_free(&proc_priv_hash);
    my_hash_free(&func_priv_hash);
    proc_priv_hash= old_proc_priv_hash;
    func_priv_hash= old_func_priv_hash;
  }
@ -4492,9 +4484,7 @@ static my_bool grant_reload_procs_priv(THD *thd)
    my_hash_free(&old_proc_priv_hash);
    my_hash_free(&old_func_priv_hash);
  }
  mysql_rwlock_unlock(&LOCK_grant);
  close_mysql_tables(thd);
  DBUG_RETURN(return_val);
 }
@ -4516,7 +4506,7 @@ static my_bool grant_reload_procs_priv(THD *thd)
 my_bool grant_reload(THD *thd)
 {
-  TABLE_LIST tables[2];
+  TABLE_LIST tables[3];
  HASH old_column_priv_hash;
  MEM_ROOT old_mem;
  my_bool return_val= 1;
@ -4532,15 +4522,57 @@ my_bool grant_reload(THD *thd)
  tables[1].init_one_table(C_STRING_WITH_LEN("mysql"),
                           C_STRING_WITH_LEN("columns_priv"),
                           "columns_priv", TL_READ);
  tables[2].init_one_table(C_STRING_WITH_LEN("mysql"),
                           C_STRING_WITH_LEN("procs_priv"),
                           "procs_priv", TL_READ);
  tables[0].next_local= tables[0].next_global= tables+1;
-  tables[0].open_type= tables[1].open_type= OT_BASE_ONLY;
+  tables[1].next_local= tables[1].next_global= tables+2;
  tables[0].open_type= tables[1].open_type= tables[2].open_type= OT_BASE_ONLY;
  /*
    Reload will work in the following manner:-
                             proc_priv_hash structure
                              /                     \
                    not initialized                 initialized
                   /               \                     |
    mysql.procs_priv table        Server Startup         |
        is missing                      \                |
             |                         open_and_lock_tables()
    Assume we are working on           /success             \failure
    pre 4.1 system tables.        Normal Scenario.          An error is thrown.
    A warning is printed          Reload column privilege.  Retain the old hash.
    and continue with             Reload function and
    reloading the column          procedure privileges,
    privileges.                   if available.
  */
  if (!(my_hash_inited(&proc_priv_hash)))
    tables[2].open_strategy= TABLE_LIST::OPEN_IF_EXISTS;
  /*
    To avoid deadlocks we should obtain table locks before
    obtaining LOCK_grant rwlock.
  */
  if (open_and_lock_tables(thd, tables, FALSE, MYSQL_LOCK_IGNORE_TIMEOUT))
  {
    if (thd->stmt_da->is_error())
    {
      sql_print_error("Fatal error: Can't open and lock privilege tables: %s",
                      thd->stmt_da->message());
    }
    goto end;
  }
  if (tables[2].table == NULL)
  {
    sql_print_warning("Table 'mysql.procs_priv' does not exist. "
                      "Please run mysql_upgrade.");
    push_warning_printf(thd, MYSQL_ERROR::WARN_LEVEL_WARN, ER_NO_SUCH_TABLE,
                        ER(ER_NO_SUCH_TABLE), tables[2].db,
                        tables[2].table_name);
  }
  mysql_rwlock_wrlock(&LOCK_grant);
  old_column_priv_hash= column_priv_hash;
@ -4552,10 +4584,18 @@ my_bool grant_reload(THD *thd)
  old_mem= memex;
  init_sql_alloc(&memex, ACL_ALLOC_BLOCK_SIZE, 0);
-  if ((return_val= grant_load(thd, tables)))
+  /*
    tables[2].table i.e. procs_priv can be null if we are working with
    pre 4.1 privilage tables
  */
  if ((return_val= (grant_load(thd, tables) ||
                    (tables[2].table != NULL &&
                     grant_reload_procs_priv(thd, &tables[2])))
     ))
  {						// Error. Revert to old hash
    DBUG_PRINT("error",("Reverting to old privileges"));
-    grant_free();				/* purecov: deadcode */
+    my_hash_free(&column_priv_hash);
    free_root(&memex,MYF(0));
    column_priv_hash= old_column_priv_hash;	/* purecov: deadcode */
    memex= old_mem;				/* purecov: deadcode */
  }
@ -4563,22 +4603,12 @@ my_bool grant_reload(THD *thd)
  {
    my_hash_free(&old_column_priv_hash);
    free_root(&old_mem,MYF(0));
    grant_version++;
  }
  mysql_rwlock_unlock(&LOCK_grant);
  close_mysql_tables(thd);
  /*
    It is OK failing to load procs_priv table because we may be
    working with 4.1 privilege tables.
  */
  if (grant_reload_procs_priv(thd))
    return_val= 1;
  mysql_rwlock_wrlock(&LOCK_grant);
  grant_version++;
  mysql_rwlock_unlock(&LOCK_grant);
 end:
  close_mysql_tables(thd);
  DBUG_RETURN(return_val);
 }
@ -7155,17 +7185,12 @@ bool sp_grant_privileges(THD *thd, const char *sp_db, const char *sp_name,
  if (!(combo=(LEX_USER*) thd->alloc(sizeof(st_lex_user))))
    DBUG_RETURN(TRUE);
-  combo->user.str= sctx->user;
+  combo->user.str= (char *) sctx->priv_user;
  mysql_mutex_lock(&acl_cache->lock);
-  if ((au= find_acl_user(combo->host.str=(char*)sctx->host_or_ip,combo->user.str,FALSE)))
+ if ((au= find_acl_user(combo->host.str= (char *) sctx->priv_host,
-    goto found_acl;
+                        combo->user.str, FALSE)))
  if ((au= find_acl_user(combo->host.str=(char*)sctx->host, combo->user.str,FALSE)))
    goto found_acl;
  if ((au= find_acl_user(combo->host.str=(char*)sctx->ip, combo->user.str,FALSE)))
    goto found_acl;
  if((au= find_acl_user(combo->host.str=(char*)"%", combo->user.str, FALSE)))
    goto found_acl;
  mysql_mutex_unlock(&acl_cache->lock);
--- a/storage/myisam/ha_myisam.cc
+++ b/storage/myisam/ha_myisam.cc
@ -1,5 +1,5 @@
 /*
-   Copyright (c) 2000, 2012, Oracle and/or its affiliates.
+   Copyright (c) 2000, 2018, Oracle and/or its affiliates.
   Copyright (c) 2009, 2017, MariaDB Corporation.
   This program is free software; you can redistribute it and/or modify
@ -1191,10 +1191,14 @@ int ha_myisam::repair(THD *thd, HA_CHECK &param, bool do_optimize)
    if (file->s->base.auto_key)
      update_auto_increment_key(&param, file, 1);
    if (optimize_done)
    {
      mysql_mutex_lock(&share->intern_lock);
      error = update_state_info(&param, file,
 				UPDATE_TIME | UPDATE_OPEN_COUNT |
 				(local_testflag &
 				 T_STATISTICS ? UPDATE_STAT : 0));
      mysql_mutex_unlock(&share->intern_lock);
    }
    info(HA_STATUS_NO_LOCK | HA_STATUS_TIME | HA_STATUS_VARIABLE |
 	 HA_STATUS_CONST);
    if (rows != file->state->records && ! (param.testflag & T_VERY_SILENT))
--- a/storage/myisam/mi_check.c
+++ b/storage/myisam/mi_check.c
@ -1,4 +1,4 @@
-/* Copyright (c) 2000, 2013, Oracle and/or its affiliates.
+/* Copyright (c) 2000, 2018, Oracle and/or its affiliates.
   This program is free software; you can redistribute it and/or modify
   it under the terms of the GNU General Public License as published by
@ -4464,6 +4464,10 @@ int update_state_info(HA_CHECK *param, MI_INFO *info,uint update)
    int error;
    uint r_locks=share->r_locks,w_locks=share->w_locks;
    share->r_locks= share->w_locks= share->tot_locks= 0;
    DBUG_EXECUTE_IF("simulate_incorrect_share_wlock_value",
                    DEBUG_SYNC_C("after_share_wlock_set_to_0"););
    error=_mi_writeinfo(info,WRITEINFO_NO_UNLOCK);
    share->r_locks=r_locks;
    share->w_locks=w_locks;
--- a/storage/myisam/mi_locking.c
+++ b/storage/myisam/mi_locking.c
@ -1,4 +1,4 @@
-/* Copyright (c) 2000, 2017, Oracle and/or its affiliates. All rights reserved.
+/* Copyright (c) 2000, 2018, Oracle and/or its affiliates. All rights reserved.
   Copyright (c) 2009, 2018, MariaDB Corporation
   This program is free software; you can redistribute it and/or modify
@ -240,6 +240,10 @@ int mi_lock_database(MI_INFO *info, int lock_type)
      info->invalidator=info->s->invalidator;
      share->w_locks++;
      share->tot_locks++;
      DBUG_EXECUTE_IF("simulate_incorrect_share_wlock_value",
                      DEBUG_SYNC_C("after_share_wlock_increment"););
      info->s->in_use= list_add(info->s->in_use, &info->in_use);
      break;
    default: