Limit size of server_audit_file_path value
Currently, the length of this value is not checked and can cause a buffer
overflow if given a long file path specifying a directory.
In file_logger:logger_open(), there is a check:
```
if (new_log.path_len+n_dig(rotations)+1 > FN_REFLEN)
// handle error
```
As n_dig(rotations) may return up to 3, this inherently limits the file path to
FN_REFLEN - 4 characters.
All new code of the whole pull request, including one or several files that are
either new files or modified ones, are contributed under the BSD-new license. I
am contributing on behalf of my employer Amazon Web Services, Inc.
Disallow range optimization for BETWEEN when casting one of the arguments
from STRING to a numeric type would be required to construct a range for
the query.
Adds a new method on Item_func_between called can_optimize_range_const
which allows range optimization when the types of the arguments to BETWEEN
would permit it.
The problem is that copy function was used in field list but never
copied in this execution path.
So copy should be performed before returning result.
Protection against uninitialized copy usage added.
through pointer to incorrect function type.
Redoing a new plugin interface for an obsolete protocol was
too much so we just remove the UBSAN testing on the function.
It wasn't possible to just disable funtion-type-mismatch
in _ma_unique_hash, skip_trailing_space, my_hash_sort_mb_nopad_bin and my_strnncollsp_utf8mb4_bin
UBSAN detected the nullptr-with-offset in a few places
when handling empty blobs.
Fix:
- Adding DBUG_ASSERT(source_string) into all hash_sort() implementations
to catch this problem in non-UBSAN debug builds.
- Fixing mi_unique_hash(), mi_unique_comp(),
_ma_unique_hash(), _ma_unique_comp() to replace NULL pointer to
an empty string ponter..
Note, we should also add DBUG_ASSERT(source_string != NULL) into
all implementations of strnncoll*(). But I'm afraid the patch
is going to be too long and too dangerous for 10.5.
UUID::cmp() correctly compared:
- two swapped v1 UUIDs
- two non-swapped v6 UIDs
but v1 vs v6 were not compared correctly.
Adding a new method cmp_swap_noswap() and using
it in UUID::cmp() to compare two value of different swapness.
Threads can normally exit without a explicit pthread_exit call.
There seem to date to old glibc bugs, many around 2.2.5.
The semi related bug was https://bugs.mysql.com/bug.php?id=82886.
To improve safety in the signal handlers DBUG_* code was removed.
These where also needed to avoid some MSAN unresolved stack issues.
This is effectively a backport of 2719cc4925.
When binding to NULL, DEFAULT or IGNORE from an Item value, Item_param did not
change m_type_handler, so its value remained from the previous bind.
Thid led to DBUG_ASSERTs in Item_param::get_date() and
Timestamp_or_zero_datetime_native_null.
Fix:
Set Item_param::m_type_handler to &type_handler_null when
binding from an Item returning NULL.
This patch also fixes MDEV-35427.
Partial commit of the greater MDEV-34348 scope.
MDEV-34348: MariaDB is violating clang-16 -Wcast-function-type-strict
The functions queue_compare, qsort2_cmp, and qsort_cmp2
all had similar interfaces, and were used interchangable
and unsafely cast to one another.
This patch consolidates the functions all into the
qsort_cmp2 interface.
Reviewed By:
============
Marko Mäkelä <marko.makela@mariadb.com>
Joining with a thread that has previously been joined results in undefined behavior.
This example plugin performs the same join to the same thread a few
lines later. ASAN keeps track of this and fails.
Make the behaviour defined by joining only once.
Thanks Vladislav Vaintroub for looking up the behaviour.
While here;
* init/deinit function argument was actually used.
* correct code comments
* attribute define not needed
Thanks Marko Mäkelä for review and suggesting other
fixes.
Fixed main.mysql_upgrade to pass when unix_socket plugin is unavailable.
Also don't redefine _GNU_SOURCE, which was previously defined by command
line/environment. This fixes silent auth_socket build failure with
MYSQL_MAINTAINER_MODE=ERR.
