Merge branch 'mysql-5.6' into mysql-5.7

client/base/mysql_query_runner.cc

@@ -303,7 +303,7 @@ void Mysql_query_runner::append_escape_string(
 
   int length = mysql_real_escape_string_quote(
     m_connection, &((*destination_string)[0]) + start_lenght, original,
-    original_length, '"');
+    (ulong)original_length, '"');
   destination_string->resize(start_lenght + length);
 }
 

client/check/mysqlcheck_core.cc

@@ -1,5 +1,5 @@
 /*
-   Copyright (c) 2001, 2015, Oracle and/or its affiliates. All rights reserved.
+   Copyright (c) 2001, 2016, Oracle and/or its affiliates. All rights reserved.
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -228,7 +228,7 @@ static int rebuild_table(string name)
 {
   int rc= 0;
   string query= "ALTER TABLE " + name + " FORCE";
-  if (mysql_real_query(sock, query.c_str(), (uint)query.length()))
+  if (mysql_real_query(sock, query.c_str(), (ulong)query.length()))
   {
     fprintf(stderr, "Failed to %s\n", query.c_str());
     fprintf(stderr, "Error: %s\n", mysql_error(sock));
@@ -315,7 +315,7 @@ static int handle_request_for_tables(string tables)
 
   string query= operation + " TABLE " + tables + " " + options;
 
-  if (mysql_real_query(sock, query.c_str(), query.length()))
+  if (mysql_real_query(sock, query.c_str(), (ulong)query.length()))
   {
     DBError(sock,
       "when executing '" + operation + " TABLE ... " + options + "'");
@@ -394,7 +394,8 @@ static void print_result()
             if (strstr(alter_txt, "PARTITION BY") &&
                 strlen(alter_txt) < MAX_ALTER_STR_SIZE)
             {
-              strcpy(prev_alter, alter_txt);
+              strncpy(prev_alter, alter_txt, MAX_ALTER_STR_SIZE-1);
+              prev_alter[MAX_ALTER_STR_SIZE-1]= 0;
             }
             else
             {

client/dump/abstract_mysql_chain_element_extension.cc

@@ -135,7 +135,7 @@ std::string Abstract_mysql_chain_element_extension::quote_name(
   Mysql::Tools::Base::Mysql_query_runner* runner= this->get_runner();
   buff[0]= '`';
   int len= mysql_real_escape_string_quote(runner->get_low_level_connection(),
-              buff+1, name_str, name.size(), '`');
+              buff+1, name_str, (ulong)name.size(), '`');
   buff[len+1]= '`';
   delete runner;
   return std::string(buff);

client/mysql.cc

@@ -3346,7 +3346,7 @@ int mysql_real_query_for_lazy(const char *buf, size_t length)
   for (uint retry=0;; retry++)
   {
     int error;
-    if (!mysql_real_query(&mysql,buf,length))
+    if (!mysql_real_query(&mysql,buf,(ulong)length))
       return 0;
     error= put_error(&mysql);
     if (mysql_errno(&mysql) != CR_SERVER_GONE_ERROR || retry > 1 ||

client/mysql_secure_installation.cc

@@ -261,7 +261,7 @@ void execute_query_with_message(const char *query, const char *opt_message)
 */
 bool execute_query(const char **query, size_t length)
 {
-  if (!mysql_real_query(&mysql, (const char *) *query, length))
+  if (!mysql_real_query(&mysql, (const char *) *query, (ulong)length))
     return FALSE;
   else if (mysql_errno(&mysql) == CR_SERVER_GONE_ERROR)
   {
@@ -374,7 +374,8 @@ int install_password_validation_plugin()
 	                       MYF(MY_WME));
       end= my_stpcpy(query, "SET GLOBAL validate_password_policy = ");
       *end++ = '\'';
-      end+= mysql_real_escape_string_quote(&mysql, end, strength, strength_length, '\'');
+      end+= mysql_real_escape_string_quote(&mysql, end, strength,
+                                           (ulong)strength_length, '\'');
       *end++ = '\'';
       if (!execute_query((const char **) &query,(unsigned int) (end-query)))
 	DBUG_PRINT("info", ("query success!"));
@@ -407,7 +408,8 @@ void estimate_password_strength(char *password_string)
                            MYF(MY_WME));
   end= my_stpcpy(query, "SELECT validate_password_strength(");
   *end++ = '\'';
-  end+= mysql_real_escape_string_quote(&mysql, end, password_string, password_length, '\'');
+  end+= mysql_real_escape_string_quote(&mysql, end, password_string,
+                                       (ulong)password_length, '\'');
   *end++ = '\'';
   *end++ = ')';
   if (!execute_query((const char **) &query,(unsigned int) (end-query)))
@@ -444,9 +446,10 @@ my_bool mysql_set_password(MYSQL *mysql, char *password)
   query= (char *)my_malloc(PSI_NOT_INSTRUMENTED, password_len+50, MYF(MY_WME));
   end= my_stpmov(query, "SET PASSWORD=");
   *end++ = '\'';
-  end+= mysql_real_escape_string_quote(mysql, end, password, password_len, '\'');
+  end+= mysql_real_escape_string_quote(mysql, end, password,
+                                       (ulong)password_len, '\'');
   *end++ = '\'';
-  if (mysql_real_query(mysql, query, (unsigned int) (end - query)))
+  if (mysql_real_query(mysql, query, (ulong) (end - query)))
   {
     my_free(query);
     return FALSE;
@@ -478,7 +481,7 @@ my_bool mysql_expire_password(MYSQL *mysql)
 {
   char sql[]= "UPDATE mysql.user SET password_expired= 'Y'";
   size_t sql_len= strlen(sql);
-  if (mysql_real_query(mysql, sql, sql_len))
+  if (mysql_real_query(mysql, sql, (ulong)sql_len))
     return FALSE;
 
   return TRUE;
@@ -552,7 +555,8 @@ static void set_opt_user_password(int plugin_set)
 	                       (pass_length*2 + tmp)*sizeof(char), MYF(MY_WME));
       end= my_stpcpy(query, "SET PASSWORD=");
       *end++ = '\'';
-      end+= mysql_real_escape_string_quote(&mysql, end, password1, pass_length, '\'');
+      end+= mysql_real_escape_string_quote(&mysql, end, password1,
+                                           (ulong)pass_length, '\'');
       *end++ = '\'';
       my_free(password1);
       my_free(password2);
@@ -709,11 +713,13 @@ void drop_users(MYSQL_RES *result)
 	                     sizeof(char), MYF(MY_WME));
     end= my_stpcpy(query, "DROP USER ");
     *end++ = '\'';
-    end+= mysql_real_escape_string_quote(&mysql, end, user_tmp, user_length, '\'');
+    end+= mysql_real_escape_string_quote(&mysql, end, user_tmp,
+                                         (ulong)user_length, '\'');
     *end++ = '\'';
     *end++ = '@';
     *end++ = '\'';
-    end+= mysql_real_escape_string_quote(&mysql, end, host_tmp, host_length, '\'');
+    end+= mysql_real_escape_string_quote(&mysql, end, host_tmp,
+                                         (ulong)host_length, '\'');
     *end++ = '\'';
     if (!execute_query((const char **) &query, (unsigned int) (end-query)))
       DBUG_PRINT("info", ("query success!"));

client/mysqladmin.cc

@@ -1054,7 +1054,7 @@ static int execute_commands(MYSQL *mysql,int argc, char **argv)
         /* escape quotes if password has any special characters */
         password_len= strlen(typed_password);
         tmp= (char*) my_malloc(PSI_NOT_INSTRUMENTED, password_len*2+1, MYF(MY_WME));
-        mysql_real_escape_string(mysql, tmp, typed_password, password_len);
+        mysql_real_escape_string(mysql, tmp, typed_password, (ulong)password_len);
         typed_password= tmp;
       }
       else

client/mysqldump.c

@@ -89,7 +89,7 @@
 
 static void add_load_option(DYNAMIC_STRING *str, const char *option,
                              const char *option_value);
-static ulong find_set(TYPELIB *lib, const char *x, uint length,
+static ulong find_set(TYPELIB *lib, const char *x, size_t length,
                       char **err_pos, uint *err_len);
 static char *alloc_query_str(size_t size);
 
@@ -910,7 +910,7 @@ get_one_option(int optid, const struct my_option *opt MY_ATTRIBUTE((unused)),
       opt_set_charset= 0;
       opt_compatible_mode_str= argument;
       opt_compatible_mode= find_set(&compatible_mode_typelib,
-                                    argument, (uint) strlen(argument),
+                                    argument, strlen(argument),
                                     &err_ptr, &err_len);
       if (err_len)
       {
@@ -1236,8 +1236,8 @@ static int fetch_db_collation(const char *db_name,
       break;
     }
 
-    strncpy(db_cl_name, db_cl_row[0], db_cl_size);
-    db_cl_name[db_cl_size - 1]= 0; /* just in case. */
+    strncpy(db_cl_name, db_cl_row[0], db_cl_size-1);
+    db_cl_name[db_cl_size - 1]= 0;
 
   } while (FALSE);
 
@@ -1721,15 +1721,15 @@ static void dbDisconnect(char *host)
 } /* dbDisconnect */
 
 
-static void unescape(FILE *file,char *pos,uint length)
+static void unescape(FILE *file,char *pos, size_t length)
 {
   char *tmp;
   DBUG_ENTER("unescape");
   if (!(tmp=(char*) my_malloc(PSI_NOT_INSTRUMENTED,
                               length*2+1, MYF(MY_WME))))
     die(EX_MYSQLERR, "Couldn't allocate memory");
 
-  mysql_real_escape_string_quote(&mysql_connection, tmp, pos, length, '\'');
+  mysql_real_escape_string_quote(&mysql_connection, tmp, pos, (ulong)length, '\'');
   fputc('\'', file);
   fputs(tmp, file);
   fputc('\'', file);
@@ -2481,9 +2481,9 @@ static uint dump_routines_for_db(char *db)
             if the user has EXECUTE privilege he see routine names, but NOT the
             routine body of other routines that are not the creator of!
           */
-          DBUG_PRINT("info",("length of body for %s row[2] '%s' is %d",
+          DBUG_PRINT("info",("length of body for %s row[2] '%s' is %zu",
                              routine_name, row[2] ? row[2] : "(null)",
-                             row[2] ? (int) strlen(row[2]) : 0));
+                             row[2] ? strlen(row[2]) : 0));
           if (row[2] == NULL)
           {
             print_comment(sql_file, 1, "\n-- insufficient privileges to %s\n",
@@ -5312,7 +5312,7 @@ static int start_transaction(MYSQL *mysql_con)
 }
 
 
-static ulong find_set(TYPELIB *lib, const char *x, uint length,
+static ulong find_set(TYPELIB *lib, const char *x, size_t length,
                       char **err_pos, uint *err_len)
 {
   const char *end= x + length;
@@ -5370,7 +5370,7 @@ static void print_value(FILE *file, MYSQL_RES  *result, MYSQL_ROW row,
         fputc(' ',file);
         fputs(prefix, file);
         if (string_value)
-          unescape(file,row[0],(uint) strlen(row[0]));
+          unescape(file,row[0], strlen(row[0]));
         else
           fputs(row[0], file);
         check_io(file);

client/mysqlshow.c

@@ -55,9 +55,9 @@ static int list_tables(MYSQL *mysql,const char *db,const char *table);
 static int list_table_status(MYSQL *mysql,const char *db,const char *table);
 static int list_fields(MYSQL *mysql,const char *db,const char *table,
 		       const char *field);
-static void print_header(const char *header,uint head_length,...);
-static void print_row(const char *header,uint head_length,...);
-static void print_trailer(uint length,...);
+static void print_header(const char *header,size_t head_length,...);
+static void print_row(const char *header,size_t head_length,...);
+static void print_trailer(size_t length,...);
 static void print_res_header(MYSQL_RES *result);
 static void print_res_top(MYSQL_RES *result);
 static void print_res_row(MYSQL_RES *result,MYSQL_ROW cur);
@@ -411,7 +411,8 @@ static int
 list_dbs(MYSQL *mysql,const char *wild)
 {
   const char *header;
-  uint length, counter = 0;
+  size_t length = 0;
+  uint counter = 0;
   ulong rowcount = 0L;
   char tables[NAME_LEN+1], rows[NAME_LEN+1];
   char query[NAME_LEN + 100];
@@ -449,7 +450,7 @@ list_dbs(MYSQL *mysql,const char *wild)
     printf("Wildcard: %s\n",wild);
 
   header="Databases";
-  length=(uint) strlen(header);
+  length= strlen(header);
   field=mysql_fetch_field(result);
   if (length < field->max_length)
     length=field->max_length;
@@ -537,7 +538,8 @@ static int
 list_tables(MYSQL *mysql,const char *db,const char *table)
 {
   const char *header;
-  uint head_length, counter = 0;
+  size_t head_length;
+  uint counter = 0;
   char query[NAME_LEN + 100], rows[NAME_LEN], fields[16];
   MYSQL_FIELD *field;
   MYSQL_RES *result;
@@ -575,7 +577,7 @@ list_tables(MYSQL *mysql,const char *db,const char *table)
   putchar('\n');
 
   header="Tables";
-  head_length=(uint) strlen(header);
+  head_length= strlen(header);
   field=mysql_fetch_field(result);
   if (head_length < field->max_length)
     head_length=field->max_length;
@@ -805,10 +807,10 @@ list_fields(MYSQL *mysql,const char *db,const char *table,
 *****************************************************************************/
 
 static void
-print_header(const char *header,uint head_length,...)
+print_header(const char *header,size_t head_length,...)
 {
   va_list args;
-  uint length,i,str_length,pre_space;
+  size_t length,i,str_length,pre_space;
   const char *field;
 
   va_start(args,head_length);
@@ -831,10 +833,10 @@ print_header(const char *header,uint head_length,...)
   putchar('|');
   for (;;)
   {
-    str_length=(uint) strlen(field);
+    str_length= strlen(field);
     if (str_length > length)
       str_length=length+1;
-    pre_space=(uint) (((int) length-(int) str_length)/2)+1;
+    pre_space= ((length- str_length)/2)+1;
     for (i=0 ; i < pre_space ; i++)
       putchar(' ');
     for (i = 0 ; i < str_length ; i++)
@@ -868,11 +870,11 @@ print_header(const char *header,uint head_length,...)
 
 
 static void
-print_row(const char *header,uint head_length,...)
+print_row(const char *header,size_t head_length,...)
 {
   va_list args;
   const char *field;
-  uint i,length,field_length;
+  size_t i,length,field_length;
 
   va_start(args,head_length);
   field=header; length=head_length;
@@ -881,7 +883,7 @@ print_row(const char *header,uint head_length,...)
     putchar('|');
     putchar(' ');
     fputs(field,stdout);
-    field_length=(uint) strlen(field);
+    field_length= strlen(field);
     for (i=field_length ; i <= length ; i++)
       putchar(' ');
     if (!(field=va_arg(args,char *)))
@@ -895,10 +897,10 @@ print_row(const char *header,uint head_length,...)
 
 
 static void
-print_trailer(uint head_length,...)
+print_trailer(size_t head_length,...)
 {
   va_list args;
-  uint length,i;
+  size_t length,i;
 
   va_start(args,head_length);
   length=head_length;
@@ -941,7 +943,7 @@ static void print_res_top(MYSQL_RES *result)
   mysql_field_seek(result,0);
   while((field = mysql_fetch_field(result)))
   {
-    if ((length=(uint) strlen(field->name)) > field->max_length)
+    if ((length= strlen(field->name)) > field->max_length)
       field->max_length=length;
     else
       length=field->max_length;

extra/yassl/src/log.cpp

@@ -1,5 +1,5 @@
 /*
-   Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved.
+   Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved.
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -60,6 +60,7 @@ namespace yaSSL {
         time_t clicks = time(0);
         char   timeStr[32];
 
+        memset(timeStr, 0, sizeof(timeStr));
         // get rid of newline
         strncpy(timeStr, ctime(&clicks), sizeof(timeStr));
         unsigned int len = strlen(timeStr);

plugin/innodb_memcached/daemon_memcached/utilities/engine_loader.c

@@ -137,6 +137,13 @@ void log_engine_details(ENGINE_HANDLE * engine,
             offset += nw;
             for (int ii = 0; ii < info->num_features; ++ii) {
                 if (info->features[ii].description != NULL) {
+                    // We don't want to write partially from source
+                    if (sizeof(message)-offset <=
+                        2+strlen(info->features[ii].description))
+                    {
+                        return;
+                    }
+
                     nw = snprintf(message + offset, sizeof(message) - offset,
                                   "%s%s", comma ? ", " : "",
                                   info->features[ii].description);

plugin/innodb_memcached/innodb_memcache/src/innodb_engine.c

@@ -1,6 +1,6 @@
 /***********************************************************************
 
-Copyright (c) 2011, 2015, Oracle and/or its affiliates. All rights reserved.
+Copyright (c) 2011, 2016, Oracle and/or its affiliates. All rights reserved.
 
 This program is free software; you can redistribute it and/or modify it
 under the terms of the GNU General Public License as published by the
@@ -1929,6 +1929,9 @@ innodb_get(
 						&col_value->value_int,
 						col_value->value_len,
 						col_value->is_unsigned);
+
+                                        assert(int_len <= conn_data->mul_col_buf_len);
+
 					memcpy(c_value, int_buf, int_len);
 					c_value += int_len;
 				} else {