DESCRIPTION
===========
Performing a pattern match of a Regex resulting into a very
large string, leads to crash due to integer wraparound.
ANALYSIS
========
doinsert() - The length calculated here (to copy the
number of bytes) comes out to be too large to be stored in
the "int" variable 'length'. We need to ensure that the
variable can accommodate large lengths.
FIX
===
'length' in doinsert() is now defined as of type "size_t"
instead of "int"
DESCRIPTION
===========
Performing a pattern match of a Regex resulting into a very
large string, leads to crash due to failed realloc().
ANALYSIS
========
dupl() calls enlarge(). It in turn calls realloc() for
pointer p->strip. This eventually fails due to OOM.
However we are still using the same pointer in memcpy()
causing a SEGFAULT!
FIX
===
1) In dupl(), checking for error code (which would be set
if realloc fails) immediately after call to enlarge().
Returning now with this error code.
2) Handling the same in the caller functions.
The MySQL server uses Henry Spencer's library for regular
expressions to support the REGEXP/RLIKE string operator.
This changeset adapts a recent fix from the upstream for
better 32-bit compatiblity. (Note that we cannot simply use
the current upstream version as a drop-in replacement
for the version used by the server as the latter has
been extended to understand MySQL charsets etc.)
handling.
The problem was that parsing of nested regular expression involved
recursive calls. Such recursion didn't take into account the amount of
available stack space, which ended up leading to stack overflow crashes.
Apart strict-aliasing warnings, fix the remaining warnings
generated by GCC 4.4.4 -Wall and -Wextra flags.
One major source of warnings was the in-house function my_bcmp
which (unconventionally) took pointers to unsigned characters
as the byte sequences to be compared. Since my_bcmp and bcmp
are deprecated functions whose only difference with memcmp is
the return value, every use of the function is replaced with
memcmp as the special return value wasn't actually being used
by any caller.
There were also various other warnings, mostly due to type
mismatches, missing return values, missing prototypes, dead
code (unreachable) and ignored return values.
with gcc 4.3.2
This patch fixes a number of GCC warnings about variables used
before initialized. A new macro UNINIT_VAR() is introduced for
use in the variable declaration, and LINT_INIT() usage will be
gradually deprecated. (A workaround is used for g++, pending a
patch for a g++ bug.)
GCC warnings for unused results (attribute warn_unused_result)
for a number of system calls (present at least in later
Ubuntus, where the usual void cast trick doesn't work) are
also fixed.
Faster thr_alarm()
Added 'Opened_files' status variable to track calls to my_open()
Don't give warnings when running mysql_install_db
Added option --source-install to mysql_install_db
I had to do the following renames() as used polymorphism didn't work with Forte compiler on 64 bit systems
index_read() -> index_read_map()
index_read_idx() -> index_read_idx_map()
index_read_last() -> index_read_last_map()
Simple optimzations and cleanups
Removed compiler warnings and fixed portability issues
Added client functions 'mysql_embedded()' to allow client to check if we are using embedded server
Fixes for purify
