Skip to content

Commit 4d06d7b

Browse files
committed
Merge branch '10.6' into bb-10.11-release
2 parents 7885a40 + 557bd9e commit 4d06d7b

72 files changed

Lines changed: 228 additions & 325 deletions

File tree

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

debian/autobake-deb.sh

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -19,6 +19,9 @@ export DEB_BUILD_OPTIONS="nocheck $DEB_BUILD_OPTIONS"
1919
# shellcheck source=/dev/null
2020
source ./VERSION
2121

22+
architecture=$(dpkg-architecture -q DEB_BUILD_ARCH)
23+
uname_machine=$(uname -m)
24+
2225
# General CI optimizations to keep build output smaller
2326
if [[ $GITLAB_CI ]]
2427
then
@@ -82,9 +85,6 @@ remove_package_notes()
8285
sed -e '/package.notes/d' -i debian/rules debian/control
8386
}
8487

85-
architecture=$(dpkg-architecture -q DEB_BUILD_ARCH)
86-
uname_machine=$(uname -m)
87-
8888
# Parse release name and number from Linux standard base release
8989
# Example:
9090
# $ lsb_release -a

mysql-test/main/gis.result

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -5577,4 +5577,10 @@ INSERT INTO t1 VALUES (10,'');
55775577
ERROR 22003: Cannot get geometry object from data you send to the GEOMETRY field
55785578
DROP TABLE t1;
55795579
set sql_mode= @orig_sql_mode;
5580+
#
5581+
# MDEV-39481 ASAN error on malformed WKB polygon
5582+
#
5583+
select st_astext(st_geomfromwkb(x'0103000000020000000400000000000000000000000000000000000000000000000000f03f0000000000000000000000000000f03f000000000000f03f0000000000000000000000000000000005000000000000000000e03f000000000000e03f')) 'no asan error here';
5584+
no asan error here
5585+
NULL
55805586
# End of 10.6 tests

mysql-test/main/gis.test

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -3558,4 +3558,9 @@ INSERT INTO t1 VALUES (10,'');
35583558
DROP TABLE t1;
35593559
set sql_mode= @orig_sql_mode;
35603560

3561+
--echo #
3562+
--echo # MDEV-39481 ASAN error on malformed WKB polygon
3563+
--echo #
3564+
select st_astext(st_geomfromwkb(x'0103000000020000000400000000000000000000000000000000000000000000000000f03f0000000000000000000000000000f03f000000000000f03f0000000000000000000000000000000005000000000000000000e03f000000000000e03f')) 'no asan error here';
3565+
35613566
--echo # End of 10.6 tests

mysql-test/main/outfile.result

947 Bytes
Binary file not shown.

mysql-test/main/outfile.test

Lines changed: 29 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -8,12 +8,12 @@
88

99
create table t1 (`a` blob);
1010
insert into t1 values("hello world"),("Hello mars"),(NULL);
11-
select * into outfile "../../tmp/outfile-test.1" from t1;
12-
select load_file('../../tmp/outfile-test.1');
13-
select * into dumpfile "../../tmp/outfile-test.2" from t1 limit 1;
14-
select load_file('../../tmp/outfile-test.2');
15-
select * into dumpfile "../../tmp/outfile-test.3" from t1 where a is null;
16-
select load_file('../../tmp/outfile-test.3');
11+
eval select * into outfile "../../tmp/outfile-test.1" from t1;
12+
select load_file(concat(@tmpdir,"/outfile-test.1"));
13+
eval select * into dumpfile "../../tmp/outfile-test.2" from t1 limit 1;
14+
select load_file(concat(@tmpdir,"/outfile-test.2"));
15+
eval select * into dumpfile "../../tmp/outfile-test.3" from t1 where a is null;
16+
select hex(load_file(concat(@tmpdir,"/outfile-test.3")));
1717

1818
# the following should give errors
1919

@@ -85,8 +85,8 @@ create user user_1@localhost;
8585
grant all on mysqltest.* to user_1@localhost;
8686
connect (con28181_1,localhost,user_1,,mysqltest);
8787

88-
--error ER_ACCESS_DENIED_ERROR
89-
select schema_name
88+
--error ER_SPECIFIC_ACCESS_DENIED_ERROR
89+
eval select schema_name
9090
into outfile "../../tmp/outfile-test.4"
9191
fields terminated by ',' optionally enclosed by '"'
9292
lines terminated by '\n'
@@ -113,5 +113,26 @@ revoke all privileges on *.* from user_1@localhost;
113113
drop user user_1@localhost;
114114
drop database mysqltest;
115115

116+
--echo #
117+
--echo # MDEV-39493 FILE privilege isn't checked for derived
118+
--echo #
119+
120+
create user u@localhost;
121+
grant select on *.* to u@localhost;
122+
connect u,localhost,u;
123+
--error ER_SPECIFIC_ACCESS_DENIED_ERROR
124+
evalp select 'hello' into outfile '$MYSQLTEST_VARDIR/tmp/3701920.out';
125+
--error ER_SPECIFIC_ACCESS_DENIED_ERROR
126+
evalp select 'hello' into dumpfile '$MYSQLTEST_VARDIR/tmp/3701920.dump';
127+
--error ER_SPECIFIC_ACCESS_DENIED_ERROR
128+
evalp select * into outfile '$MYSQLTEST_VARDIR/tmp/3701920.out' from (select 'hello') t;
129+
--error ER_SPECIFIC_ACCESS_DENIED_ERROR
130+
evalp select * into dumpfile '$MYSQLTEST_VARDIR/tmp/3701920.dump' from (select 'hello') t;
131+
disconnect u;
132+
connection default;
133+
drop user u@localhost;
134+
135+
--echo # End of 10.6 tests
136+
116137
# Wait till we reached the initial number of concurrent sessions
117138
--source include/wait_until_count_sessions.inc

mysql-test/suite/json/r/json_table_notembedded.result

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -12,7 +12,7 @@ select * from t, json_table(t.a, '$' columns(f varchar(20) path '$.foo')) as jt;
1212
a f
1313
{"foo":"bar"} bar
1414
select * into outfile 'f' from json_table('[]', '$' columns(x for ordinality)) q;
15-
ERROR 28000: Access denied for user 'u'@'localhost' (using password: NO)
15+
ERROR 42000: Access denied; you need (at least one of) the FILE privilege(s) for this operation
1616
connection default;
1717
disconnect con1;
1818
drop user u@localhost;

mysql-test/suite/json/t/json_table_notembedded.test

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -18,7 +18,7 @@ select * from t, json_table(t.a, '$' columns(f varchar(20) path '$.foo')) as jt;
1818
#
1919
# MDEV-25141 JSON_TABLE: SELECT into outfile bypasses file privilege check
2020
#
21-
--error ER_ACCESS_DENIED_ERROR
21+
--error ER_SPECIFIC_ACCESS_DENIED_ERROR
2222
select * into outfile 'f' from json_table('[]', '$' columns(x for ordinality)) q;
2323

2424
connection default;

sql/spatial.cc

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1653,6 +1653,7 @@ uint Gis_polygon::init_from_wkb(const char *wkb, uint len, wkbByteOrder bo,
16531653
if (ls.is_closed(&closed) || !closed)
16541654
return 0;
16551655
wkb+= ls_len;
1656+
len-= ls_len;
16561657
}
16571658

16581659
return (uint) (wkb - wkb_orig);

sql/sql_parse.cc

Lines changed: 4 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -4028,15 +4028,13 @@ mysql_execute_command(THD *thd, bool is_called_from_prepared_stmt)
40284028
lex->exchange != NULL implies SELECT .. INTO OUTFILE and this
40294029
requires FILE_ACL access.
40304030
*/
4031-
privilege_t privileges_requested= lex->exchange ? SELECT_ACL | FILE_ACL :
4032-
SELECT_ACL;
4031+
if (lex->exchange && (res= check_global_access(thd, FILE_ACL, false)))
4032+
break;
40334033

40344034
if (all_tables)
4035-
res= check_table_access(thd,
4036-
privileges_requested,
4037-
all_tables, FALSE, UINT_MAX, FALSE);
4035+
res= check_table_access(thd, SELECT_ACL, all_tables, 0, UINT_MAX, 0);
40384036
else
4039-
res= check_access(thd, privileges_requested, any_db.str, NULL,NULL,0,0);
4037+
res= check_access(thd, SELECT_ACL, any_db.str, NULL,NULL, 0, 0);
40404038

40414039
if (!res)
40424040
res= execute_sqlcom_select(thd, all_tables);

sql/sql_prepare.cc

Lines changed: 49 additions & 28 deletions
Original file line numberDiff line numberDiff line change
@@ -402,38 +402,46 @@ static bool send_prep_stmt(Prepared_statement *stmt,
402402
static ulong get_param_length(uchar **packet, ulong len)
403403
{
404404
uchar *pos= *packet;
405+
ulong length;
406+
405407
if (len < 1)
406408
return 0;
407409
if (*pos < 251)
408410
{
409411
(*packet)++;
410-
return (ulong) *pos;
412+
length= *pos;
411413
}
412-
if (len < 3)
413-
return 0;
414-
if (*pos == 252)
414+
else if (*pos == 252)
415415
{
416+
if (len < 3)
417+
return 0;
416418
(*packet)+=3;
417-
return (ulong) uint2korr(pos+1);
419+
length= uint2korr(pos+1);
418420
}
419-
if (len < 4)
420-
return 0;
421-
if (*pos == 253)
421+
else if (*pos == 253)
422422
{
423+
if (len < 4)
424+
return 0;
423425
(*packet)+=4;
424-
return (ulong) uint3korr(pos+1);
426+
length= uint3korr(pos+1);
427+
}
428+
else
429+
{
430+
if (len < 9)
431+
return 0;
432+
(*packet)+=9; // Must be 254 when here
433+
/*
434+
In our client-server protocol all numbers bigger than 2^24
435+
stored as 8 bytes with uint8korr. Here we always know that
436+
parameter length is less than 2^32 so don't look at the second
437+
4 bytes. But still we need to obey the protocol hence 9 in the
438+
assignment above.
439+
*/
440+
length= uint4korr(pos+1);
425441
}
426-
if (len < 5)
442+
if (pos + len < *packet + length)
427443
return 0;
428-
(*packet)+=9; // Must be 254 when here
429-
/*
430-
In our client-server protocol all numbers bigger than 2^24
431-
stored as 8 bytes with uint8korr. Here we always know that
432-
parameter length is less than 2^4 so don't look at the second
433-
4 bytes. But still we need to obey the protocol hence 9 in the
434-
assignment above.
435-
*/
436-
return (ulong) uint4korr(pos+1);
444+
return length;
437445
}
438446
#else
439447
#define get_param_length(packet, len) len
@@ -648,7 +656,12 @@ void Item_param::set_param_date(uchar **pos, ulong len)
648656
*/
649657
void Item_param::set_param_time(uchar **pos, ulong len)
650658
{
651-
MYSQL_TIME tm= *((MYSQL_TIME*)*pos);
659+
MYSQL_TIME tm;
660+
if (len >= sizeof (MYSQL_TIME))
661+
tm= *((MYSQL_TIME*)*pos);
662+
else
663+
set_zero_time(&tm, MYSQL_TIMESTAMP_TIME);
664+
652665
tm.hour+= tm.day * 24;
653666
tm.day= tm.year= tm.month= 0;
654667
if (tm.hour > 838)
@@ -663,15 +676,23 @@ void Item_param::set_param_time(uchar **pos, ulong len)
663676

664677
void Item_param::set_param_datetime(uchar **pos, ulong len)
665678
{
666-
MYSQL_TIME tm= *((MYSQL_TIME*)*pos);
679+
MYSQL_TIME tm;
680+
if (len >= sizeof (MYSQL_TIME))
681+
tm= *((MYSQL_TIME*)*pos);
682+
else
683+
set_zero_time(&tm, MYSQL_TIMESTAMP_DATETIME);
667684
tm.neg= 0;
668685
set_time(&tm, MYSQL_TIMESTAMP_DATETIME, MAX_DATETIME_WIDTH);
669686
}
670687

671688
void Item_param::set_param_date(uchar **pos, ulong len)
672689
{
673-
MYSQL_TIME *to= (MYSQL_TIME*)*pos;
674-
set_time(to, MYSQL_TIMESTAMP_DATE, MAX_DATE_WIDTH);
690+
MYSQL_TIME tm;
691+
if (len >= sizeof (MYSQL_TIME))
692+
tm= *((MYSQL_TIME*)*pos);
693+
else
694+
set_zero_time(&tm, MYSQL_TIMESTAMP_DATE);
695+
set_time(&tm, MYSQL_TIMESTAMP_DATE, MAX_DATE_WIDTH);
675696
}
676697
#endif /*!EMBEDDED_LIBRARY*/
677698

@@ -683,8 +704,6 @@ void Item_param::set_param_str(uchar **pos, ulong len)
683704
set_null();
684705
else
685706
{
686-
if (length > len)
687-
length= len;
688707
/*
689708
We use &my_charset_bin here. Conversion and setting real character
690709
sets will be done in Item_param::convert_str_value(), after the
@@ -1610,13 +1629,15 @@ static int mysql_test_select(Prepared_statement *stmt,
16101629

16111630
lex->first_select_lex()->context.resolve_in_select_list= TRUE;
16121631

1613-
privilege_t privilege(lex->exchange ? SELECT_ACL | FILE_ACL : SELECT_ACL);
1632+
if (lex->exchange && check_global_access(thd, FILE_ACL, false))
1633+
goto error;
1634+
16141635
if (tables)
16151636
{
1616-
if (check_table_access(thd, privilege, tables, FALSE, UINT_MAX, FALSE))
1637+
if (check_table_access(thd, SELECT_ACL, tables, FALSE, UINT_MAX, FALSE))
16171638
goto error;
16181639
}
1619-
else if (check_access(thd, privilege, any_db.str, NULL, NULL, 0, 0))
1640+
else if (check_access(thd, SELECT_ACL, any_db.str, NULL, NULL, 0, 0))
16201641
goto error;
16211642

16221643
if (!lex->result && !(lex->result= new (stmt->mem_root) select_send(thd)))

0 commit comments

Comments
 (0)