From: Jon Olav Hauglid
Date: September 24 2010 6:28am
Subject: bzr commit into mysql-5.5-runtime branch (jon.hauglid:3143) Bug#56678
List-Archive: http://lists.mysql.com/commits/118988
X-Bug: 56678
Message-Id: <201009240630.o8O6US4P012281@rcsinet13.oracle.com>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============0481113176402735121=="

--===============0481113176402735121==
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

#At file:///export/home/x/mysql-5.5-runtime-bug56678/ based on revid:jon.hauglid@stripped

 3143 Jon Olav Hauglid	2010-09-24
      Bug #56678 Valgrind warnings from binlog.binlog_unsafe
      
      After the patch for Bug#54579, multi inserts done with INSERT DELAYED
      are binlogged as normal INSERT. During processing of the statement,
      a new query string without the DELAYED keyword is made. The problem
      was that this new string was incorrectly made when the INSERT DELAYED
      was part of a prepared statement - data was read outside the allocated
      buffer.
      
      The reason for this bug was that a pointer to the position of the
      DELAYED keyword inside the query string was stored when parsing the
      statement. This pointer was then later (at runtime) used (via pointer
      subtraction) to find the number of characters to skip when making a
      new query string without DELAYED. But when the statement was re-executed
      as part of a prepared statement, the original pointer would be invalid
      and the pointer subtraction would give a wrong/random result.
      
      This patch fixes the problem by instead storing the offsets from the
      beginning of the query string to the start and end of the DELAYED 
      keyword. These values will not depend on the memory position
      of the query string at runtime and therefore not give wrong results
      when the statement is executed in a prepared statement.
      
      This bug was a regression introduced by the patch for Bug#54579.
      
      No test case added as this bug is already covered by the existing
      binlog.binlog_unsafe test case when running with valgrind.

    modified:
      sql/sql_insert.cc
      sql/sql_lex.h
      sql/sql_yacc.yy
=== modified file 'sql/sql_insert.cc'
--- a/sql/sql_insert.cc	2010-09-15 14:15:31 +0000
+++ b/sql/sql_insert.cc	2010-09-24 06:28:42 +0000
@@ -634,14 +634,12 @@ bool open_and_lock_for_insert_delayed(TH
 static int
 create_insert_stmt_from_insert_delayed(THD *thd, String *buf)
 {
-  /* Append the part of thd->query before "DELAYED" keyword */
-  if (buf->append(thd->query(),
-                  thd->lex->keyword_delayed_begin - thd->query()))
+  /* Make a copy of thd->query() and then remove the "DELAYED" keyword */
+  if (buf->append(thd->query()) ||
+      buf->replace(thd->lex->keyword_delayed_begin_offset,
+                   thd->lex->keyword_delayed_end_offset -
+                   thd->lex->keyword_delayed_begin_offset, 0))
     return 1;
-  /* Append the part of thd->query after "DELAYED" keyword */
-  if (buf->append(thd->lex->keyword_delayed_begin + 7))
-    return 1;
-
   return 0;
 }
 

=== modified file 'sql/sql_lex.h'
--- a/sql/sql_lex.h	2010-09-01 13:12:42 +0000
+++ b/sql/sql_lex.h	2010-09-24 06:28:42 +0000
@@ -2355,15 +2355,19 @@ struct LEX: public Query_tables_list
     This pointer is required to add possibly omitted DEFINER-clause to the
     DDL-statement before dumping it to the binlog.
 
-    keyword_delayed_begin points to the begin of the DELAYED keyword in
-    INSERT DELAYED statement.
+    keyword_delayed_begin_offset is the offset to the beginning of the DELAYED
+    keyword in INSERT DELAYED statement. keyword_delayed_end_offset is the
+    offset to the character right after the DELAYED keyword.
   */
   union {
     const char *stmt_definition_begin;
-    const char *keyword_delayed_begin;
+    uint keyword_delayed_begin_offset;
   };
 
-  const char *stmt_definition_end;
+  union {
+    const char *stmt_definition_end;
+    uint keyword_delayed_end_offset;
+  };
 
   /**
     During name resolution search only in the table list given by 

=== modified file 'sql/sql_yacc.yy'
--- a/sql/sql_yacc.yy	2010-09-09 14:29:14 +0000
+++ b/sql/sql_yacc.yy	2010-09-24 06:28:42 +0000
@@ -10447,7 +10447,10 @@ insert_lock_option:
         | LOW_PRIORITY  { $$= TL_WRITE_LOW_PRIORITY; }
         | DELAYED_SYM
         {
-          Lex->keyword_delayed_begin= YYLIP->get_tok_start();
+          Lex->keyword_delayed_begin_offset= (uint)(YYLIP->get_tok_start() -
+                                                    YYTHD->query());
+          Lex->keyword_delayed_end_offset= Lex->keyword_delayed_begin_offset +
+                                           YYLIP->yyLength() + 1;
           $$= TL_WRITE_DELAYED;
         }
         | HIGH_PRIORITY { $$= TL_WRITE; }
@@ -10457,7 +10460,10 @@ replace_lock_option:
           opt_low_priority { $$= $1; }
         | DELAYED_SYM
         {
-          Lex->keyword_delayed_begin= YYLIP->get_tok_start();
+          Lex->keyword_delayed_begin_offset= (uint)(YYLIP->get_tok_start() -
+                                                    YYTHD->query());
+          Lex->keyword_delayed_end_offset= Lex->keyword_delayed_begin_offset +
+                                           YYLIP->yyLength() + 1;
           $$= TL_WRITE_DELAYED;
         }
         ;


--===============0481113176402735121==
MIME-Version: 1.0
Content-Type: text/bzr-bundle; charset="us-ascii";
	name="bzr/jon.hauglid@stripped"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

# Bazaar merge directive format 2 (Bazaar 0.90)
# revision_id: jon.hauglid@stripped
# target_branch: file:///export/home/x/mysql-5.5-runtime-bug56678/
# testament_sha1: 6be74491420c9edd42e8c07d4b25b62fc0ac6878
# timestamp: 2010-09-24 08:28:46 +0200
# source_branch: file:///export/home/x/mysql-5.5-bugfixing/
# base_revision_id: jon.hauglid@stripped\
#   3enqzccpv7sp95ie
# 
# Begin bundle
IyBCYXphYXIgcmV2aXNpb24gYnVuZGxlIHY0CiMKQlpoOTFBWSZTWVHs5QUAA+BfgFEQ2P///3Z3
3SC////+YAlnHOr4KADj1NqtttlVQSkF6zp4SiKelPahpPRTyemnqepHqaPRTT1NNMANNABGAMkm
npGmUh4p+qD1NNHqAAAAAAAAaEaZFJ6j1NND1Bo0aeoAAAAAAAJEiZI1No0JPFP0p+lTR5T9FNGn
omnpDTRpo0Gg9Q4yZNGIYmmAgYE0wRgmJppoAMIJIiDICZBqaDE0ACU8oeoepkAANpHAnNOFF+na
yDlRid3dq09pGPxvbU8J7nztjCqqoYZcskkoRtz7kz7kgTap1sX2ORAp1rK2rbVdirLEgsXaYZLn
nP4+mYSkxJZhAxNjVNcivv1ec2k/5Nw2Ovav1XyptjabDx7LD4IrToaPKUx5TMXJ45Z5HGFNuVXn
rE3Vy16zLd7hp6pfH97MOfA9Mqq/jXPxKcpk3EeSWoq0wHIkgJFF9P81ldjYDaulV7zkGfAhQvor
UxnUxhtJLxs9EnhcsdRYocZ051VGJBDNaEsyUUM0pOMSMTQ/YUMa6S0gPbAW0RQoMepkRFDS5zwX
CSJGM8wg9UZikMSk63krSoJwmIRUG1MuCCFy8uVcdQ11A/ysgr2KVhNQx9WjffJ7t3WtruOncdnJ
rvIbkMJMQw0iQqBmRVcnUOX1RqpjWX0KB71ioXmzhaWmRwANFkHX/Y/JBmjoIxMjO+749hFuoxtV
goB10vwmUl/rfCJpdLeRWOZWJZqAlsXpuCGdKlWtdKC1uLA3Y6IsOJwC9AYCcWtgWxmEUFm0pMfZ
VwlW6FFJ0SUyH/aIzOZUcRxHnOaKsHVUVZX52CR9mBcR22i7VlY6M6tg9caVlCPDYUlAzBNPYQqt
2IswVhBqyoy9pctD4FLA2rBegi+87tSfRxdu+nfMtQq9LwCBQmNNhjT1TU0mER7BG4jNV/HR8jER
Kd+00iLKw5DGpaj7mNjV2tjNcBPJook5rJHVMkV1k2gFrM+s1WKZ+QxuXHlzUFtMFfMtLxEXRxLK
IXm564CK5ZMUY05Y6zoNvbS5UXjlOBYUFBUNt1UXSoeoLAxHNeBdtWQjuJ4890K1cxUoWxwPuqPx
ImtdMSPHbYWD3iaSyIjkbjWcSC8CB13TW9SHm1HQkO7MdQ8d5lWTM4IsxN9eRcRrEfSlZiO+++L5
i0IUQqVeOd5mlcOWlAxWZZI1HLLNXHWeZ3LieO6azmN20mZmXCGGuICMIjVY1FU9XvXs10MJr07K
pkBpTQVosOmkUPJRFCS0JGfPEtx63wJHnlCNr0NxptIV8OxGEInCHRzCoqVdh2+EdPcT7w3QjhRj
O1VSksfQvo2NCORQS5/wI0ZmNsGft59KhB8BwE2tDKf8I9Qj/Q+0sRcF2cRUPUWHvBfUJmMCQPYP
gJR0iqKf8QaJpPUymwBFUFxaHC6V2piakTGDYz8/RQWIz7yqvNPrhFi8RlEHgc6H9LBY0Cn7HnA3
m4i8bKT4OPSIDB5d/Q0oGq4T3cU/OgrvPG0SJTZdiUZ6RMcqkl4E61eoo5JosJ8zPVXHk8N01VMD
bR8VCUSIl9uPGZ9WPrynYthOR3kzCR4AR06t5KXsI/Iy9xv+NaL7moQuAtn7ZfgZ2nWbD3fQtKNS
pXombI0o6lz75KsdhKSAw/5ZR7FQL9gzM1viDky2Im2SKSThEbY+RH0qknp6U8vYtnWipG9yKERA
khMiCImN5eWaDyGNUxdqER7uwzBQXHRLUD+PrNkrgIb2jG3OsFKUixrEFtfEWj1yw5XGalyA5biu
XdkcMDoz0Gfoc6YCPGZ2naslss8HT5qoUtdO5zeZv/MoKasqMyhwf6IXGC4q2YLq/nIjC3agILZv
yxWrgYSoI4ugUvwgbm6Viqew4q1FrTXUmBc7jBpZT5Spf5JNXvrQcn46aOy+RBytJcBn6BhMsjMY
Zhl7bSSXUkE7vIRgcRbDet3mcD5sJcQj4dhUehFHPngF+AB2L/y714gueHNYyU2amXgGn1z11vY2
A2NqILyVwiECrcMLh4kcrwGYvMjiTSWKo7C/RjRczs7U3yYyJZ4uAasLBJgl7WDYbnkNg5NsZ2Hr
A29YhxS1eXueRlrPH1ScSyIcVZv8AkVb0GulFxVYIHZU7Ba6xKpohsIY6bUZjSs63hkiPS3hvwwv
YuZ0M2FXqmGTG4XXcZhUS7tRnFbPI8hHjh7Ga/kfIGT7bSZyPmefSXnrktPoy6vYgxBkwxwFTtz+
N5HFnDwEy8QqFQ4RQe9n5xQuBtNa2iTCs7zxMlksVWkmJFeuEMeSIdxGLEO/DezCCHN814hVaqVG
oDhE2nVNT91USrCxW2WEfudM41M7MSGwbGTZe0l2DRYgzK6HUiE4aTFE8HI2UKATYDczzWm1dF1A
HaulWqxTLEZnMY2MgZEE6cZFLhlqPxYPfYpkzc6klixohu1wIsRwRnK4vIQafDhBmYdYkxV6rS2p
BGxcRK4XlSCUXPhJUvntZBYbbTiZq26Y0Ap71lCaGFEIWT5rvI6ipFLHHrkrCIrLlbUYr4NRsJJK
1TRzD2K1qNRZaO7A7JMJObBxd/nYQSChrDrbZKhUPEggpV3OJx2coBXyedRh0QdDBkoXfVXqk7DQ
sjxJ3SEyHuXhrIEUDFlPAHbF4QGTDIYoc2PHUb4UM00jLXSGQBEgMxqUqJTawVxStNUauZftPMuD
bbxXeYJqUDY2bUYPo0DFwc6/a8CiQCsLY6QgT12HbZYVgkwMREgxxEYRCCBm1iySxmKnVYu4Uyec
FrIU5Z5NgUfXGQ1lLaBfMuIHz/Md2QgiUfRWZZWrYY1lwzPMXQOBSvAcTlstbZxROPcYCOBSpHM3
HmgtuX2ZMNrSTbzFBgKBxCbGuBcNGEVG+UXWSe2MikzzOkCWZccqtT6qBdRgOtMCS7WBm3sDsKAj
ckDmIxA7isF7DGEDhADQtnbn09WyAoFDgwwwb1uQqiRhUSBi5TiG0NwLS08jxYBtjogokMv9Qf4u
5IpwoSCj2coK


--===============0481113176402735121==--