From: Jon Olav Hauglid
Date: September 24 2010 8:44am
Subject: bzr push into mysql-5.5-runtime branch (jon.hauglid:3144 to 3145) Bug#56678
List-Archive: http://lists.mysql.com/commits/119007
X-Bug: 56678
Message-Id: <201009240844.o8O7XLl2002609@rcsinet15.oracle.com>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============8652287221116417610=="

--===============8652287221116417610==
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

 3145 Jon Olav Hauglid	2010-09-24
      Bug #56678 Valgrind warnings from binlog.binlog_unsafe
      
      After the patch for Bug#54579, multi inserts done with INSERT DELAYED
      are binlogged as normal INSERT. During processing of the statement,
      a new query string without the DELAYED keyword is made. The problem
      was that this new string was incorrectly made when the INSERT DELAYED
      was part of a prepared statement - data was read outside the allocated
      buffer.
      
      The reason for this bug was that a pointer to the position of the
      DELAYED keyword inside the query string was stored when parsing the
      statement. This pointer was then later (at runtime) used (via pointer
      subtraction) to find the number of characters to skip when making a
      new query string without DELAYED. But when the statement was re-executed
      as part of a prepared statement, the original pointer would be invalid
      and the pointer subtraction would give a wrong/random result.
      
      This patch fixes the problem by instead storing the offsets from the
      beginning of the query string to the start and end of the DELAYED 
      keyword. These values will not depend on the memory position
      of the query string at runtime and therefore not give wrong results
      when the statement is executed in a prepared statement.
      
      This bug was a regression introduced by the patch for Bug#54579.
      
      No test case added as this bug is already covered by the existing
      binlog.binlog_unsafe test case when running with valgrind.

    modified:
      sql/sql_insert.cc
      sql/sql_lex.h
      sql/sql_yacc.yy
 3144 Jon Olav Hauglid	2010-09-24
      Bug #54920 Stored functions are allowed in HANDLER statements,
                 but broken.
      
      Before this patch, it was allowed to use stored functions in
      HANDLER ... READ statements. The problem was that this functionality
      was not really supported by the code. Proper locking would for example
      not be performed, and it was also possible to break replication by
      having stored functions that performed updates.
      
      This patch disallows the use of stored functions in HANDLER ... READ.
      Any such statement will now give an ER_NOT_SUPPORTED_YET error.
      This is an incompatible change and should be reflected in the
      documentation.
      
      Test case added to handler_myisam/handler_innodb.test.

    modified:
      mysql-test/include/handler.inc
      mysql-test/r/handler_innodb.result
      mysql-test/r/handler_myisam.result
      sql/sql_yacc.yy
=== modified file 'sql/sql_insert.cc'
--- a/sql/sql_insert.cc	2010-09-15 14:15:31 +0000
+++ b/sql/sql_insert.cc	2010-09-24 08:44:09 +0000
@@ -634,14 +634,12 @@ bool open_and_lock_for_insert_delayed(TH
 static int
 create_insert_stmt_from_insert_delayed(THD *thd, String *buf)
 {
-  /* Append the part of thd->query before "DELAYED" keyword */
-  if (buf->append(thd->query(),
-                  thd->lex->keyword_delayed_begin - thd->query()))
+  /* Make a copy of thd->query() and then remove the "DELAYED" keyword */
+  if (buf->append(thd->query()) ||
+      buf->replace(thd->lex->keyword_delayed_begin_offset,
+                   thd->lex->keyword_delayed_end_offset -
+                   thd->lex->keyword_delayed_begin_offset, 0))
     return 1;
-  /* Append the part of thd->query after "DELAYED" keyword */
-  if (buf->append(thd->lex->keyword_delayed_begin + 7))
-    return 1;
-
   return 0;
 }
 

=== modified file 'sql/sql_lex.h'
--- a/sql/sql_lex.h	2010-09-01 13:12:42 +0000
+++ b/sql/sql_lex.h	2010-09-24 08:44:09 +0000
@@ -2355,15 +2355,19 @@ struct LEX: public Query_tables_list
     This pointer is required to add possibly omitted DEFINER-clause to the
     DDL-statement before dumping it to the binlog.
 
-    keyword_delayed_begin points to the begin of the DELAYED keyword in
-    INSERT DELAYED statement.
+    keyword_delayed_begin_offset is the offset to the beginning of the DELAYED
+    keyword in INSERT DELAYED statement. keyword_delayed_end_offset is the
+    offset to the character right after the DELAYED keyword.
   */
   union {
     const char *stmt_definition_begin;
-    const char *keyword_delayed_begin;
+    uint keyword_delayed_begin_offset;
   };
 
-  const char *stmt_definition_end;
+  union {
+    const char *stmt_definition_end;
+    uint keyword_delayed_end_offset;
+  };
 
   /**
     During name resolution search only in the table list given by 

=== modified file 'sql/sql_yacc.yy'
--- a/sql/sql_yacc.yy	2010-09-24 07:18:16 +0000
+++ b/sql/sql_yacc.yy	2010-09-24 08:44:09 +0000
@@ -10447,7 +10447,10 @@ insert_lock_option:
         | LOW_PRIORITY  { $$= TL_WRITE_LOW_PRIORITY; }
         | DELAYED_SYM
         {
-          Lex->keyword_delayed_begin= YYLIP->get_tok_start();
+          Lex->keyword_delayed_begin_offset= (uint)(YYLIP->get_tok_start() -
+                                                    YYTHD->query());
+          Lex->keyword_delayed_end_offset= Lex->keyword_delayed_begin_offset +
+                                           YYLIP->yyLength() + 1;
           $$= TL_WRITE_DELAYED;
         }
         | HIGH_PRIORITY { $$= TL_WRITE; }
@@ -10457,7 +10460,10 @@ replace_lock_option:
           opt_low_priority { $$= $1; }
         | DELAYED_SYM
         {
-          Lex->keyword_delayed_begin= YYLIP->get_tok_start();
+          Lex->keyword_delayed_begin_offset= (uint)(YYLIP->get_tok_start() -
+                                                    YYTHD->query());
+          Lex->keyword_delayed_end_offset= Lex->keyword_delayed_begin_offset +
+                                           YYLIP->yyLength() + 1;
           $$= TL_WRITE_DELAYED;
         }
         ;


--===============8652287221116417610==
MIME-Version: 1.0
Content-Type: text/bzr-bundle; charset="us-ascii";
	name="bzr/jon.hauglid@stripped"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

# Bazaar merge directive format 2 (Bazaar 0.90)
# revision_id: jon.hauglid@stripped
# target_branch: file:///export/home/x/mysql-5.5-runtime-bug56678/
# testament_sha1: 8e6c108872ce60c7aeca69bfba13498e523d7f96
# timestamp: 2010-09-24 10:44:42 +0200
# source_branch: file:///export/home/x/mysql-5.5-bugfixing/
# base_revision_id: jon.hauglid@stripped\
#   fmk8i6ost9fp170w
# 
# Begin bundle
IyBCYXphYXIgcmV2aXNpb24gYnVuZGxlIHY0CiMKQlpoOTFBWSZTWQ4reFcAA9TfgFEQ2P///3Z3
3SC////+YAlnHOvmustNFZ6Y1pq2VTkaASptsJSIyJkymmNTNqnononqZAAGjTRpkADIEohBpPJp
qaZAKPUaNPUP0kAAaAADQNCNGKk9QaaA0GjQAAGgAAAASaoQhGTaInqPFMIj9U8o0PSD1Mj0mgyZ
PUAcZMmjEMTTAQMCaYIwTE000AGEEkRMgTEMgBGRkp+imKep6EaPRAYg02owE7bAXLc9N8YpFpp0
5qDPevauBmw7Yk14BZTTSLMOFrYQor1VSVpWhJ42FPzLYiBPBMV5FqY6UfaKoZmdel97Hr8ZSSqS
TKQEijL9VTD9dP0nKW+JsFHDrn7TzRUWKG3Xce6GF/Gw6i/d0WNzV3c+apvpLLXBzYUs4NdWo59n
tGOmvh77sfh5D7K4TRvwzby/osWaU8tdJgpeOhJIUKbaf5rq1TqBt2ys93oKteQpZ6LWMRlMX9Uk
uHVoR77FjKMtQwuu9lhigQzWCVyUQZpDzmRh1T+FIx1WNLwsdA0VxVFLszIkVR9VVglRiqxjQ0g1
k3ESwofFai1pAeTiU1B1jKkglauLk2mUVtoG+VoSreSlbCl67OfTpqrn7/THRvXn5r1ln8kRwdJW
jqoyLA0EVTqdQ6fcjPKNJfQoHupFQu7OFpaYHgAdA5fQ/qBnQ1jnE4iC7Avlb0b6i6CZhGhkvB5Q
W5WtibJ27iKv00pLSoJLJe2sIaJKrisZILW1MDcnRZKEoAc1yAYkqTFTJSQ6nXkKhsEIYAEhOKSr
KyiDdCfgVBbSieZ1XZP0sEj72FJHTqLu1Olrn2P1FLrsHK8u/cSVGhClxPjLFuApSWhSCzyfcHCv
oEWZpSSRMR3ZhnELWEkw1ME1ujEVLpADrSopfARkJX5iNEsD4Uk1pMXFv3kbzE5Dltmqbz/RMdbx
8zruk3ZiVsqOsyG7KcZdmpMHOuFGooUCgRI/8QM3LHwW5ai5Vbi60ScRGCLIPcQ2QJzz1EY6qRF1
5j4Sc0lw45GE8a5ReSNoVZLmU59WDbdRNIKaBq0OutNPUnSUGgHzHc2ESBa2YlhAqJFw4jwPkajh
psLVYQYK40bHegdze83eWbIoKzAxxRZMotT/v8g0Js1sHxFxNARqCdKjoSkVGEWcqVV96J5F7+Mn
M5E4nodTTksMRss7h4ymUGsqEK4QB07M7xtWwMsK9N1MRBgjHNiKiIxpCpB91AoimRhsNRowIFhM
7h8b43VjWs73boFbtQK6kLUg3tgwJfg3Gb/qa+0t3By0hsvROEwkrNvpnDWwh9F8k3fAhnyoqCe7
0ckpA940CzM6X6xDrENQdgxCMI4hCAOkYeYK+QkWsGh+BqDIXXqJ4EKk7z4nnPEB5WE3sGk5p1xI
ypYQUT2995Nwn4GE0HJ3Uhc+kyAfcdqdpwDRCR7yshQfb8hFRSR5K/H5/NIHKTD1IF5XqKGmKkR+
tJs/b2OuNZDGS2WUbWH/Tgb6WJXgvm1TDDlTRYT5GWemPi8Mq1OsDXR7ppKJES+/KovEMfw+0s8e
QhgSAfevmTINMs38AqeaAlKBjNAvOWtBt/cDUyqRaC06WRrHusORqMRESoojlgnU8n9c5PHgvLra
qR2knFAPF4XXtwZ9QmRnjpQ6EwpSylS+saQo9KMlRBtWvvyNh7G4ldUilDWtASHArQmRBE+Zq0Zz
Oe43D2DGPMSnDgdQ23UYlXAuqyOJr3CPTvveqU5RcSdbyhAhg2iEVZe2aIys2MQGb/JUId91+JW5
pKKOneo6G05rOsrOzp86pFqxlrc3lj/2KCU9dGRQ4R86COtYtGNyuGlMMtfAIKjty0qi5lkKCXSy
A6KcDFjOwmH4mEMGM4RAzOYxZOi3TW/Pz1ZnfmgdL2X5/G6og5SkuYz7WEyzmgYZhl9WRUlwSCvN
3EXnQWRw3B2NPE5svU4nM5ngdhkRMAvwAOS/VdlsDFx8YcJvtLk7OwNZCppAMe6+7JpRQFFTuYEH
clvGF0+ojjcAzGYxPIrAL1RzMy2Lqebnj9SJSrmAZYtJEJO9BQ5npFBqqMcjbAy4iHF7BXh3953N
Gk8frSdJaSFm30CklsQYyRWTWdA1EzuLRN4TLXZgdhpYoqLlWtwb0GeJefZKVqkVYgqyqyRRUUxE
3xLwqH80y9yYcTjyOcQvD3nhBUZjmHnA+RaHHaWkHJj41Tb3hqjWTDHIUsbBHWFzeaOoSFFwgg9a
/pFC4mJpWKSYXmds6zq9TAGKSemEL+SIdCMWIed21mEEPF9C7BO1SUZgcYmRvrSr9lMqpCxW2WEf
23VxmzsmUUFEsmhAOAwugZZxUcClI0ZElI52hpkSAiwDNE70mKtskA1KyUVAiipqhhmGQMiCdOMi
Thozn4MHtkqys1uqksGNiG5uA9CNqKye9uIgv+m1ypg6JJhT9KSmY4+lcElYLukEHsbbBSujiw53
CRlUcSumrB7AuQUOI2rwgmQwqAhms812I6CaJMc+VStIisskZ18DQaikSsVSPMPiYGBZaO7A7JMk
nNY4u3rWQSChqzk2NVCoeJBBJW+cTnj0gFPR65l+yDoYNahm+SuUjebCyPMrzVCZD5l6YkCKBiyX
IHbB4QGIwS6hzUtiba3Lm1ct4agCxUUxmW7LmeImcvnJhDT1mjlPRPIqvcaYlKCimuGnOFOPOItj
UX/ppFFBRM7R5kFThrbrr1q8lMYiSJtEjCJQqrNqVmAWJf57p9ZLFrgmJSWrlqoF7wpvGXCGkDNW
cSB8foO7IQRKO6s0aLVkYUmYZnrFtHAkuo4nLasW0xRXHyOxQqTyNZ3QWWr+TJhrwDuGJeYDjZDa
t644Yio367qLCUBm5I+UQsNdcV25GspjcTachSaDJOpBfUG2gVScJATSJedSkF7xi+BzgBsLNG/h
7QFAucGGGDetiFMpHogehOucjwEq9zyYcix5eYdSn/F3JFOFCQDit4Vw


--===============8652287221116417610==--