From: Jon&nbsp;Olav&nbsp;Hauglid
Date: September 23 2010 8:24am
Subject: bzr commit into mysql-5.5-runtime branch (jon.hauglid:3142) Bug#56678
List-Archive: http://lists.mysql.com/commits/118904
X-Bug: 56678
Message-Id: <201009230826.o8N0kbXl020897@acsinet15.oracle.com>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============4919245088056068233=="

--===============4919245088056068233==
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

#At file:///export/home/x/mysql-5.5-runtime-bug56678/ based on revid:jon.hauglid@stripped

 3142 Jon Olav Hauglid	2010-09-23
      Bug #56678 Valgrind warnings from binlog.binlog_unsafe
      
      After the patch for Bug#54579, multi inserts done with INSERT DELAYED
      are binlogged as normal INSERT. During processing of the statement,
      a new query string without the DELAYED keyword is made. The problem
      was that this new string was incorrectly made when the INSERT DELAYED
      was part of a prepared statement - data was read outside the allocated
      buffer.
      
      The reason for this bug was that a pointer to the position of the
      DELAYED keyword inside the query string was stored when parsing the
      statement. This pointer was then later (at runtime) used (via pointer
      subtraction) to find the number of characters to skip when making a
      new query string without DELAYED. But when the statement was re-executed
      as part of a prepared statement, the original pointer would be invalid
      and the pointer subtraction would give a wrong/random result.
      
      This patch fixes the problem by instead storing the number of characters
      to skip at parse time. This value will not depend on the memory position
      of the query string at runtime and therefore not give wrong results
      when the statement is executed in a prepared statement.
      
      This bug was a regression introduced by the patch for Bug#54579.
      
      No test case added as this bug is already covered by the existing
      binlog.binlog_unsafe test case when running with valgrind.

    modified:
      mysql-test/suite/binlog/r/binlog_statement_insert_delayed.result
      sql/sql_insert.cc
      sql/sql_lex.h
      sql/sql_yacc.yy
=== modified file 'mysql-test/suite/binlog/r/binlog_statement_insert_delayed.result'
--- a/mysql-test/suite/binlog/r/binlog_statement_insert_delayed.result	2010-08-30 06:03:28 +0000
+++ b/mysql-test/suite/binlog/r/binlog_statement_insert_delayed.result	2010-09-23 08:24:17 +0000
@@ -28,11 +28,11 @@ show binlog events from <binlog_start>;
 Log_name	Pos	Event_type	Server_id	End_log_pos	Info
 master-bin.000001	#	Query	#	#	BEGIN
 master-bin.000001	#	Intvar	#	#	INSERT_ID=301
-master-bin.000001	#	Query	#	#	use `test`; insert /* before delayed */  /* after delayed */ into t1 values (null),(null),(null),(null)
+master-bin.000001	#	Query	#	#	use `test`; insert /* before delayed */ /* after delayed */ into t1 values (null),(null),(null),(null)
 master-bin.000001	#	Query	#	#	COMMIT
 master-bin.000001	#	Query	#	#	BEGIN
 master-bin.000001	#	Intvar	#	#	INSERT_ID=305
-master-bin.000001	#	Query	#	#	use `test`; insert  /*!  */ into t1 values (null),(null),(400),(null)
+master-bin.000001	#	Query	#	#	use `test`; insert  /*! */ into t1 values (null),(null),(400),(null)
 master-bin.000001	#	Query	#	#	COMMIT
 master-bin.000001	#	Query	#	#	use `test`; FLUSH TABLES
 select * from t1;

=== modified file 'sql/sql_insert.cc'
--- a/sql/sql_insert.cc	2010-09-15 14:15:31 +0000
+++ b/sql/sql_insert.cc	2010-09-23 08:24:17 +0000
@@ -634,14 +634,10 @@ bool open_and_lock_for_insert_delayed(TH
 static int
 create_insert_stmt_from_insert_delayed(THD *thd, String *buf)
 {
-  /* Append the part of thd->query before "DELAYED" keyword */
-  if (buf->append(thd->query(),
-                  thd->lex->keyword_delayed_begin - thd->query()))
+  /* Make a copy of thd->query() and then remove the "DELAYED" keyword */
+  if (buf->append(thd->query()) ||
+      buf->replace(thd->lex->keyword_delayed_begin_offset, 8, 0))
     return 1;
-  /* Append the part of thd->query after "DELAYED" keyword */
-  if (buf->append(thd->lex->keyword_delayed_begin + 7))
-    return 1;
-
   return 0;
 }
 

=== modified file 'sql/sql_lex.h'
--- a/sql/sql_lex.h	2010-09-01 13:12:42 +0000
+++ b/sql/sql_lex.h	2010-09-23 08:24:17 +0000
@@ -2355,12 +2355,12 @@ struct LEX: public Query_tables_list
     This pointer is required to add possibly omitted DEFINER-clause to the
     DDL-statement before dumping it to the binlog.
 
-    keyword_delayed_begin points to the begin of the DELAYED keyword in
-    INSERT DELAYED statement.
+    keyword_delayed_begin_offset is the offset to the beginning of the DELAYED
+    keyword in INSERT DELAYED statement.
   */
   union {
     const char *stmt_definition_begin;
-    const char *keyword_delayed_begin;
+    uint keyword_delayed_begin_offset;
   };
 
   const char *stmt_definition_end;

=== modified file 'sql/sql_yacc.yy'
--- a/sql/sql_yacc.yy	2010-09-09 14:29:14 +0000
+++ b/sql/sql_yacc.yy	2010-09-23 08:24:17 +0000
@@ -10447,7 +10447,8 @@ insert_lock_option:
         | LOW_PRIORITY  { $$= TL_WRITE_LOW_PRIORITY; }
         | DELAYED_SYM
         {
-          Lex->keyword_delayed_begin= YYLIP->get_tok_start();
+          Lex->keyword_delayed_begin_offset= (uint)(YYLIP->get_tok_start() -
+                                                    YYTHD->query());
           $$= TL_WRITE_DELAYED;
         }
         | HIGH_PRIORITY { $$= TL_WRITE; }
@@ -10457,7 +10458,8 @@ replace_lock_option:
           opt_low_priority { $$= $1; }
         | DELAYED_SYM
         {
-          Lex->keyword_delayed_begin= YYLIP->get_tok_start();
+          Lex->keyword_delayed_begin_offset= (uint)(YYLIP->get_tok_start() -
+                                                    YYTHD->query());
           $$= TL_WRITE_DELAYED;
         }
         ;


--===============4919245088056068233==
MIME-Version: 1.0
Content-Type: text/bzr-bundle; charset="us-ascii";
	name="bzr/jon.hauglid@stripped"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

# Bazaar merge directive format 2 (Bazaar 0.90)
# revision_id: jon.hauglid@stripped
# target_branch: file:///export/home/x/mysql-5.5-runtime-bug56678/
# testament_sha1: 541a139d5e30cf836a29a5f6dc0aa82122b7dcd2
# timestamp: 2010-09-23 10:24:20 +0200
# source_branch: file:///export/home/x/mysql-5.5-bugfixing/
# base_revision_id: jon.hauglid@stripped\
#   mpy5ty4vmw0k5j19
# 
# Begin bundle
IyBCYXphYXIgcmV2aXNpb24gYnVuZGxlIHY0CiMKQlpoOTFBWSZTWQ2+Jr4ABFLfgHEweHf//3Z3
/SD////0YAptcyt8HXoAGV0sNKUq1tGICSmiEokqfjU2RSfimZGjRMoP0m1EYRkGmjTanqZqaYNS
T2ommmTQaBpk0NADQABpoBoABqDTJoSj1H6oyAaD0gAAAAAAAkSJoyTIFT9BM1PJIaD2khtT1Mh6
gGgD1A4yZNGIYmmAgYE0wRgmJppoAMIJJAgEyaZDII0MUwETQmygaAAeUiCcVPIpHifWkK8dmPiz
ixMxCwJ39/67e7QP1ccDqPOA0i66DBgrNCV94wLu+xtrSYxgvWxm2mI59iQztWIQIaD8YrJ/74Ub
mcSCEiAoviwZHhbtlafAqTjXIPfYxmwNodINtNjY2G/dcfuBfTNo5ojpvouuZ1OPTK+bc3g6ddSX
ndHJ1eVdnOcPN+Q3rl/n8Xbf574os7jg68CnAhFrs92KPlXGWm1GOISEhdu60cg1D2Daqy3ZU6R0
nMfuDReeELSsjbh2A44zdHQQCsBmwZEVCrQQo1sJAIaqhZuLWnNMszyKETv56WRKxuMsEzTaNGhr
O9XyACC+KE6dHorznG2ZkkJKoc+AakjzCeT75YAlgjoYNshkIlIUhfBG6zRs92qq17uSbXw1SWpL
cFd2+q9Ah9jkB+QtI+0sDs2kE4GZs6XLvI9fzWyaFJfFTDmUDoFASob1aIoLYaDad51SCoNv9T7L
UuwhkeA4xL+uzV1VN/a/WYRVQq/AFEO210KlNd7aYNaU7reJJRNZMAYp4BGrJdA3ARwnCa8LD3mS
NDdWFiws9rpmYgx7GAo0UjDkgcCIicLa3OakixNq0l4sqmJYmiqNuhWBSwMoKuGkpigV6zLWKbMy
4qPP6Qsq0FQL1D9hoFbFyLizcRT7JVIFYwMmYUhNukwcpSiaQRKPFnSBL3HQMuxgBkiOhhXRBKTw
KMygdkGovmBMq85XMd1K+QvdUSraNoc9eoGycBNNu/8ULHU6vfFDkwWnYyQXrDXlEqUHG8umukCs
RtLB+QKRfKU0j5TV/M1TUMVZvSrMKhm7zGF67CH3ISvKKBnXKKFYJ5fHAaEN5r5PVssaVqeWPHjF
cKje58DkWPUi24oKzAqTjcqDIFdZPutu+MJQFnpUz5wWbnKYcXlZVrpMyLjuxHlg5xSWER0mMq3N
OGxDhsBlA1rob10nzqG9ue6nWNYaGLrdWyNZ905fUmWEd0L6oUOKy90C8Cwr0HElA4ngy8SRsU9L
WOJ24vIGg3reasIbCgguWBxKViWEw87O5xAzsFdOQsNBtJ7He1GhdY1TAnVCcduYKVhiVKVJ3ETE
NDEZrLCQxINNonc4l2iczLD0Mjx7Au0zu3lQ+9ZsCeyjuHRsLTCRkaigwHjQxqpLfjTCe55FhNmx
wXwIKrUc+FDe6C2b9BrLCjYPE1EgxJFwzMiXbr0apwrUk9rqXFodyLQKcCdzmjBKl7+Rwm+59Ea4
EG2jmZmbyDJA5a/xDywZI9iQB5+P7AZqzGJn6b9ShL3DhTZmyn+gewDyD2lyMR0gEZ+yHcD2MOwi
DxDyBpFGip4AQB9jUYkNm+EdcBIGfGnCUKSPb4fNQDqJqEyigyDPvhEneLEYfUZM5HI+gmMqenw7
juPYtW7x8QRBr7RhNsKSXgOif5nRYPWVE3zGb//E148BkPUlkYZnWxjM+HdyP0Ke4o4CX72CscVt
BhO2HHEvaiJ4OfbUp6kjtj+EwBAgg+vhYxcfo6scfQuXM5Jx3mspWB90NeUFBuOhHKZ5+f6kf4nf
9Dh/umSoZOAOArvK4cYIxLDIoHWp4e2dxMS4Ln1pKBzAFIIwhFoBZwGLp4XQyGcGNybML5JwiB8V
yCJYc3bLicx6suyouagWQ+KBUItQxOatV5kaulA4/hp1znITRf1RUWx4FO8YF7UbDWZbhZnj6Of1
bMbaGLnsATzYE41OyfoxK0jEEeg38tpqr560bNs2fiYHyHAMgrt+FhDrQmSw0wxcX2Hhw7iP6k5R
8irGWBJwYyZkQMq+dsm9Mlp4VMJqOWvNtvu4vAyNSRnTmB4ESCIMmBlwUIL3esxpYz3ypbzSGLF8
QXXxy6s8EShXi3jsRktI5N9Rl59ChBmgpr6IOlxyA4KmDu/hvW8geLcDyKXE43TpRMQRzZcyzSi7
QaRcV/wOobRQw1rqmtQzY9ItfhPdfpY2JsbUQYkiUpC57+gaXHoRsRg2g2mB2laA0raCm4ml/ku8
7e9N6pz6XVCGXFwA0I8Wm10P0DYMkxrgdnZM4gmLBPruvLjhwmjkQGAFJBOCXEuV6EjazICNjEeN
XvHEUUqYpbcIlhnDahjqgrpLDBrpXBEL538N2jRYyZLQS80wyZtiXHkCsWATnPSYvDZwOi8bbylO
050FBmJzytR5l0qtAJzHvTW0oNlGFLN6i3sYyOSU2ZtrOB+EcGZL4C8QnSe4HoPWz7QA1mRWG0AY
DqeRuMNSuU6AYoJ2S6vdd4oHrqQL4uIL5+OnizAiHJ2K02DKg0BMEZ0jvgbDjUqvNXlcEYrksd60
F3kXb8bsHDZYbBsc2SNJCAqNEhWDGL3CcMCJ7nM10KJTaVIjHA5jRMRjgudTUyY0GI2xoTRCZCYx
dyVCQbMUfuY0e+tVFxk5UpXtuZg94oM0fjWT9nJCNP23OK2XmAMKXSckcHFGtcQCtLqgeOrbg9Su
hrY1vJDpyoomn77h+gFjLeuTgYTJRQ+yuheRC8mRJjf2UKsgKqqC9zkCnNSY+JgbSoAz0L56A+Af
kYGBpGVjDmRyYHADzcOS8vlWPQRYqO9sqIqLoD0iSsxtie2XN6KLqpy7c9wWlo8MlG70WlTndmVw
8CnItKRhgYT7l53FJEiMAxdY8n7ge2yUDTGhzgulsL9GEjrw2lavKW69LaKZIG9oWutV5JZFA1l4
tnIz3HrDqbbbfeak1EDY2O1IKipLJy00lt6UgJQlMvgS7jClptbYmJGhpEVJoQfnEeoMnsPVhlpu
BTKiUyXQCuIxFhKRCnEsZtpFH0w2pnT8RkZ+4gCLEHqbYkoJetVX3VqbAsoK1DY0hjYSQPXgOQ4s
pL3ipw7TmZKS8qTkNkV/ciA40L6smG1oDs6ZmwqgCyJGCTNCXrAKVViozbn7jK4nmGaU6eBxmGzK
lrVgRlMKB6rsNJ8OAKokuGtYGhcmBm3zuB7cwTI3JDGIx7k5EqF5jGLzo/LW5BaXWaS5u2/0eh5F
wMMMbLlFdi3AeDz0BVFgX8RK5B19V0PclXnSZI4nO7AZTzt9BdyRThQkA2+Jr4A=


--===============4919245088056068233==--