1
#! /bin/sh /usr/share/dpatch/dpatch-run
2
# Description: fix denial of service via pre-evaluation of LIKE
3
# predicates during view preparation.
4
# Origin: upstream, http://bazaar.launchpad.net/~mysql/mysql-server/mysql-5.1/revision/3452.1.22
5
# Bug: http://bugs.mysql.com/bug.php?id=54568
8
diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' mysql-dfsg-5.1-5.1.41~/mysql-test/r/subselect4.result mysql-dfsg-5.1-5.1.41/mysql-test/r/subselect4.result
9
--- mysql-dfsg-5.1-5.1.41~/mysql-test/r/subselect4.result 2009-11-04 14:01:28.000000000 -0500
10
+++ mysql-dfsg-5.1-5.1.41/mysql-test/r/subselect4.result 2010-11-08 12:56:38.000000000 -0500
12
(SELECT 1 FROM t1,t2 WHERE t2.b > t3.b)
16
+# Bug#54568: create view cause Assertion failed: 0,
17
+# file .\item_subselect.cc, line 836
19
+EXPLAIN SELECT 1 LIKE ( 1 IN ( SELECT 1 ) );
20
+id select_type table type possible_keys key key_len ref rows Extra
21
+1 PRIMARY NULL NULL NULL NULL NULL NULL NULL No tables used
23
+Note 1249 Select 2 was reduced during optimization
24
+DESCRIBE SELECT 1 LIKE ( 1 IN ( SELECT 1 ) );
25
+id select_type table type possible_keys key key_len ref rows Extra
26
+1 PRIMARY NULL NULL NULL NULL NULL NULL NULL No tables used
28
+Note 1249 Select 2 was reduced during optimization
29
+# None of the below should crash
30
+CREATE VIEW v1 AS SELECT 1 LIKE ( 1 IN ( SELECT 1 ) );
31
+CREATE VIEW v2 AS SELECT 1 LIKE '%' ESCAPE ( 1 IN ( SELECT 1 ) );
36
diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' mysql-dfsg-5.1-5.1.41~/mysql-test/t/subselect4.test mysql-dfsg-5.1-5.1.41/mysql-test/t/subselect4.test
37
--- mysql-dfsg-5.1-5.1.41~/mysql-test/t/subselect4.test 2009-11-04 14:00:59.000000000 -0500
38
+++ mysql-dfsg-5.1-5.1.41/mysql-test/t/subselect4.test 2010-11-08 12:56:38.000000000 -0500
42
--echo End of 5.0 tests.
45
+--echo # Bug#54568: create view cause Assertion failed: 0,
46
+--echo # file .\item_subselect.cc, line 836
48
+EXPLAIN SELECT 1 LIKE ( 1 IN ( SELECT 1 ) );
49
+DESCRIBE SELECT 1 LIKE ( 1 IN ( SELECT 1 ) );
50
+--echo # None of the below should crash
51
+CREATE VIEW v1 AS SELECT 1 LIKE ( 1 IN ( SELECT 1 ) );
52
+CREATE VIEW v2 AS SELECT 1 LIKE '%' ESCAPE ( 1 IN ( SELECT 1 ) );
57
+--echo # End of 5.1 tests.
59
diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' mysql-dfsg-5.1-5.1.41~/sql/item_cmpfunc.cc mysql-dfsg-5.1-5.1.41/sql/item_cmpfunc.cc
60
--- mysql-dfsg-5.1-5.1.41~/sql/item_cmpfunc.cc 2010-11-08 12:56:34.000000000 -0500
61
+++ mysql-dfsg-5.1-5.1.41/sql/item_cmpfunc.cc 2010-11-08 12:56:38.000000000 -0500
66
- if (escape_item->const_item())
67
+ if (escape_item->const_item() && !thd->lex->view_prepare_mode)
69
/* If we are on execution stage */
70
String *escape_str= escape_item->val_str(&tmp_value1);