From: Jorgen Loland
Date: May 19 2011 11:10am
Subject: Re: bzr commit into mysql-trunk branch (tor.didriksen:3309) WL#4800
List-Archive: http://lists.mysql.com/commits/137690
Message-Id: <4DD4FA96.2040904@oracle.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 8bit

Guilhem,

You have my blessing on the security patch. The security checks look good, but 
I'm trusting Dmitri's judgment on the correctness. A few notes:

=== modified file 'sql/sql_prepare.cc'
--- sql/sql_prepare.cc	2011-03-21 17:55:41 +0000
+++ sql/sql_prepare.cc	2011-05-05 11:28:31 +0000
@@ -2021,8 +2018,7 @@ static bool check_prepared_statement(Pre
      if (res == 2)
      {
        /* Statement and field info has already been sent */
-      res= FALSE;
-      goto end;
+      DBUG_RETURN(FALSE);

jl: false

@@ -2107,19 +2102,15 @@ static bool check_prepared_statement(Pre
+    DBUG_RETURN(stmt->is_sql_prepare() ?
+                FALSE : (send_prep_stmt(stmt, 0) || thd->protocol->flush()));
+error:
+  DBUG_RETURN(TRUE);

jl: false, true

=== modified file 'sql/opt_trace.h'
  @param  support_dbug_or_support_missing_priv 'true' if this statement
                           should have its trace in the dbug log (--debug),
                           or if missing_privilege() may be called on this
                           trace

jl: support_dbug_or_support_missing_priv is an awfully long name. Can you make 
it shorter, at least by removing the second "support"?


-- 
Jørgen Løland | Senior Software Engineer | +47 73842138
Oracle MySQL
Trondheim, Norway