Merge branch 'mysql-5.7' into mysql-5.7-cluster-7.6

Change-Id: I446a38597730c6af2d91ea0891be4ad65c099ab3

Author: zmur

CMakeLists.txt

@@ -1,4 +1,4 @@
-# Copyright (c) 2006, 2023, Oracle and/or its affiliates.
+# Copyright (c) 2006, 2025, Oracle and/or its affiliates.
 # 
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License, version 2.0,
@@ -712,6 +712,13 @@ IF(CMAKE_COMPILER_IS_GNUCXX AND NOT GXX_VERSION VERSION_LESS 9)
   STRING_APPEND(CMAKE_CXX_FLAGS " -Wno-class-memaccess")
 ENDIF()
 
+# Modern gcc versions will reject e.g. Bitmap<64>()
+# saying it is illegal in C++20
+MY_CHECK_CXX_COMPILER_WARNING("-Wtemplate-id-cdtor" HAS_WARN_FLAG)
+IF(HAS_WARN_FLAG)
+  STRING_APPEND(CMAKE_CXX_FLAGS " ${HAS_WARN_FLAG}")
+ENDIF()
+
 IF(NOT WITHOUT_SERVER)
   SET (MYSQLD_STATIC_PLUGIN_LIBS "" CACHE INTERNAL "")
   SET (MYSQLD_STATIC_EMBEDDED_PLUGIN_LIBS "" CACHE INTERNAL "")

VERSION

@@ -1,4 +1,4 @@
 MYSQL_VERSION_MAJOR=5
 MYSQL_VERSION_MINOR=7
-MYSQL_VERSION_PATCH=49
+MYSQL_VERSION_PATCH=50
 MYSQL_VERSION_EXTRA=-ndb-7.6.34

client/mysqldump.c

@@ -1,5 +1,5 @@
 /*
-   Copyright (c) 2000, 2024, Oracle and/or its affiliates.
+   Copyright (c) 2000, 2025, Oracle and/or its affiliates.
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License, version 2.0,
@@ -2356,7 +2356,7 @@ static void fprintf_string(char *row, ulong row_len, char quote,
     pbuffer = (char *)my_malloc(PSI_NOT_INSTRUMENTED, curr_row_size, MYF(0));
 
   // Put the sanitized row in the buffer.
-  mysql_real_escape_string_quote(mysql, pbuffer, row, row_len, '\'');
+  mysql_real_escape_string_quote(mysql, pbuffer, row, row_len, quote);
 
   // Opening quote
   fputc(quote, md_result_file);
@@ -4658,7 +4658,7 @@ static int dump_tablespaces(char* ts_where)
     mysql_free_result(tableres);
     mysql_query_with_error_report(
         mysql, &tableres,
-        "SELECT 'TN; /*' AS TABLESPACE_NAME, 'FN' AS FILE_NAME, 'LGN' AS "
+        "SELECT 'T`N; /*' AS TABLESPACE_NAME, 'FN' AS FILE_NAME, 'LGN' AS "
         "LOGFILE_GROUP_NAME, 77 AS EXTENT_SIZE, 88 AS INITIAL_SIZE, "
         "'*/\nsystem touch foo;\n' AS ENGINE");
   });
@@ -6269,6 +6269,8 @@ static my_bool get_view_structure(char *table, char* db)
   char       *result_table, *opt_quoted_table;
   char       table_buff[NAME_LEN*2+3];
   char       table_buff2[NAME_LEN*2+3];
+  char       table_string_buff[NAME_LEN * 2 + 3];
+  char       db_string_buff[NAME_LEN * 2 + 3];
   char       query[QUERY_LENGTH];
   FILE       *sql_file= md_result_file;
   my_bool    freemem= FALSE;
@@ -6282,6 +6284,15 @@ static my_bool get_view_structure(char *table, char* db)
 
   result_table=     quote_name(table, table_buff, 1);
   opt_quoted_table= quote_name(table, table_buff2, 0);
+  if (((ulong)-1 == mysql_real_escape_string_quote(mysql, table_string_buff,
+                                                   table, strlen(table),
+                                                   '\'')) ||
+      ((ulong)-1 == mysql_real_escape_string_quote(mysql, db_string_buff, db,
+                                                   strlen(db), '\''))) {
+    DB_error(mysql,
+             "when trying to quote table and db names when dumping views.");
+    DBUG_RETURN(1);
+  }
 
   if (switch_character_set_results(mysql, "binary"))
     DBUG_RETURN(1);
@@ -6329,7 +6340,8 @@ static my_bool get_view_structure(char *table, char* db)
               "SELECT CHECK_OPTION, DEFINER, SECURITY_TYPE, "
               "       CHARACTER_SET_CLIENT, COLLATION_CONNECTION "
               "FROM information_schema.views "
-              "WHERE table_name=\"%s\" AND table_schema=\"%s\"", table, db);
+              "WHERE table_name=\"%s\" AND table_schema=\"%s\"",
+              table_string_buff, db_string_buff);
 
   if (mysql_query(mysql, query))
   {

include/sql_string.h

@@ -1,7 +1,7 @@
 #ifndef SQL_STRING_INCLUDED
 #define SQL_STRING_INCLUDED
 
-/* Copyright (c) 2000, 2023, Oracle and/or its affiliates.
+/* Copyright (c) 2000, 2025, Oracle and/or its affiliates.
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License, version 2.0,
@@ -79,6 +79,8 @@ class Simple_cstring
   {
     set(arg.str, arg.length);
   }
+  Simple_cstring(const LEX_CSTRING arg) { set(arg.str, arg.length); }
+
   void reset()
   {
     set(NULL, 0);

mysql-test/lsan.supp

@@ -1,4 +1,4 @@
-# Copyright (c) 2018, 2023, Oracle and/or its affiliates.
+# Copyright (c) 2018, 2025, Oracle and/or its affiliates.
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License, version 2.0,
@@ -25,3 +25,9 @@
 leak:Perl_safesyscalloc
 leak:Perl_safesysmalloc
 leak:Perl_safesysrealloc
+leak:Perl_savesharedpv
+leak:Perl_Slab_Alloc
+leak:Perl_newUNOP_AUX
+leak:Perl_newSTATEOP
+leak:Perl_pmruntime
+leak:/lib64/libperl.so.*

mysql-test/r/mysqldump-tablespace-escape.result

@@ -2,7 +2,78 @@
 # Bug#36816986 - MySQL Shell command injection
 #
 CREATE DATABASE bug36816986;
+USE bug36816986;
 -- Run mysqldump with tablespace_injection_test.
 The test injected string must be found:
 Pattern found.
+The ` must be escaped:
+Pattern found.
 DROP DATABASE bug36816986;
+
+#######################################
+
+#
+# Bug#37607195 - fprintf_string not using the actual quote parameter
+#
+CREATE DATABASE bug37607195;
+USE bug37607195;
+Create a bunch of tables with numerous ` ' " \n etc.
+SET @@sql_mode='ANSI_QUOTES,ONLY_FULL_GROUP_BY,STRICT_TRANS_TABLES,NO_ZERO_IN_DATE,NO_ZERO_DATE,ERROR_FOR_DIVISION_BY_ZERO,NO_ENGINE_SUBSTITUTION';
+CREATE TABLE "custo`mers" (
+"customer'_id" INT AUTO_INCREMENT PRIMARY KEY,
+"fir`st_`na`me" VARCHAR(50) NOT NULL,
+"last_'name" VARCHAR(50) NOT NULL,
+"em`ail" VARCHAR(100) UNIQUE NOT NULL,
+`pho"\ne` VARCHAR(15),
+"created'_'at" TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
+"updated'_'at" TIMESTAMP DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP
+);
+CREATE TABLE "prod'ucts" (
+"product`_`id" INT AUTO_INCREMENT PRIMARY KEY,
+"product'_`name" VARCHAR(100) NOT NULL,
+"descri`p`t`i`o`n" TEXT,
+"pr'i'ce" DECIMAL(10, 2) NOT NULL CHECK ("pr'i'ce" >= 0),
+`stock"_"qua\ntity` INT DEFAULT 0,
+`created'_'at` TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
+`updated"_'at` TIMESTAMP DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
+INDEX ("product'_`name")
+);
+CREATE TABLE "orders" (
+"order_id" INT AUTO_INCREMENT PRIMARY KEY,
+"customer_id" INT NOT NULL,
+"order_date" TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
+"status" ENUM('Pending', 'Completed', 'Cancelled') NOT NULL,
+"total\n" DECIMAL(10, 2) NOT NULL CHECK ("total\n" >= 0),
+FOREIGN KEY (customer_id) REFERENCES "custo`mers"("customer'_id") ON DELETE CASCADE,
+INDEX (order_date)
+);
+CREATE TABLE `'order'_'items'` (
+`order'_'item_id` INT AUTO_INCREMENT PRIMARY KEY,
+`'order'_'id'` INT NOT NULL,
+`product'_'id` INT NOT NULL,
+`qua\ntity` INT NOT NULL CHECK (`qua\ntity` > 0),
+`p'rice` DECIMAL(10,2) NOT NULL CHECK (`p'rice` >= 0),
+FOREIGN KEY (`'order'_'id'`) REFERENCES "orders"(order_id) ON DELETE CASCADE,
+FOREIGN KEY (`product'_'id`) REFERENCES "prod'ucts"("product`_`id") ON DELETE CASCADE,
+UNIQUE KEY (`'order'_'id'`, `product'_'id`)
+);
+# Table 1: `'order'_'items'`
+# `qua\ntity` must be escaped
+Pattern found.
+# Table 2: "custo`mers"
+# "custo`mers" must be escaped
+Pattern found.
+# `pho"\ne` must be escaped
+Pattern found.
+# Table 3: "orders"
+# `total\n` must be escaped
+Pattern found.
+# FOREIGN KEY (`customer_id`) REFERENCES must be escaped
+Pattern found.
+# Table 4: `prod'ucts`
+# "descri`p`t`i`o`n" TEXT must be escaped
+Pattern found.
+# `stock"_"qua\ntity` must be escaped
+Pattern found.
+SET @@sql_mode='ONLY_FULL_GROUP_BY,STRICT_TRANS_TABLES,NO_ZERO_IN_DATE,NO_ZERO_DATE,ERROR_FOR_DIVISION_BY_ZERO,NO_ENGINE_SUBSTITUTION';
+DROP DATABASE bug37607195;

mysql-test/t/mysqldump-tablespace-escape.test

@@ -8,6 +8,7 @@ let $grep_file= $MYSQLTEST_VARDIR/tmp/bug36816986.sql;
 let $grep_output=boolean;
 
 CREATE DATABASE bug36816986;
+USE bug36816986;
 
 --echo -- Run mysqldump with tablespace_injection_test.
 --exec $MYSQL_DUMP --debug="d,tablespace_injection_test" --result-file=$grep_file bug36816986 --all-tablespaces 2>&1
@@ -16,6 +17,111 @@ CREATE DATABASE bug36816986;
 let $grep_pattern=qr|  ENGINE=\*/\nsystem touch foo|;
 --source include/grep_pattern.inc
 
-# Cleanup
+--echo The ` must be escaped:
+let $grep_pattern=qr|CREATE TABLESPACE `T``N; /*`|;
+--source include/grep_pattern.inc
+
 --remove_file $grep_file
 DROP DATABASE bug36816986;
+
+--echo
+--echo #######################################
+--echo
+
+--echo #
+--echo # Bug#37607195 - fprintf_string not using the actual quote parameter
+--echo #
+
+CREATE DATABASE bug37607195;
+USE bug37607195;
+
+let $grep_file= $MYSQLTEST_VARDIR/tmp/bug37607195.sql;
+let $grep_output=boolean;
+
+--echo Create a bunch of tables with numerous ` ' " \n etc.
+
+--disable_warnings
+SET @@sql_mode='ANSI_QUOTES,ONLY_FULL_GROUP_BY,STRICT_TRANS_TABLES,NO_ZERO_IN_DATE,NO_ZERO_DATE,ERROR_FOR_DIVISION_BY_ZERO,NO_ENGINE_SUBSTITUTION';
+--enable_warnings
+
+CREATE TABLE "custo`mers" (
+    "customer'_id" INT AUTO_INCREMENT PRIMARY KEY,
+    "fir`st_`na`me" VARCHAR(50) NOT NULL,
+    "last_'name" VARCHAR(50) NOT NULL,
+    "em`ail" VARCHAR(100) UNIQUE NOT NULL,
+    `pho"\ne` VARCHAR(15),
+    "created'_'at" TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
+    "updated'_'at" TIMESTAMP DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP
+);
+
+CREATE TABLE "prod'ucts" (
+    "product`_`id" INT AUTO_INCREMENT PRIMARY KEY,
+    "product'_`name" VARCHAR(100) NOT NULL,
+    "descri`p`t`i`o`n" TEXT,
+    "pr'i'ce" DECIMAL(10, 2) NOT NULL CHECK ("pr'i'ce" >= 0),
+    `stock"_"qua\ntity` INT DEFAULT 0,
+    `created'_'at` TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
+    `updated"_'at` TIMESTAMP DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
+    INDEX ("product'_`name")
+);
+
+CREATE TABLE "orders" (
+    "order_id" INT AUTO_INCREMENT PRIMARY KEY,
+    "customer_id" INT NOT NULL,
+    "order_date" TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
+    "status" ENUM('Pending', 'Completed', 'Cancelled') NOT NULL,
+    "total\n" DECIMAL(10, 2) NOT NULL CHECK ("total\n" >= 0),
+    FOREIGN KEY (customer_id) REFERENCES "custo`mers"("customer'_id") ON DELETE CASCADE,
+    INDEX (order_date)
+);
+
+CREATE TABLE `'order'_'items'` (
+    `order'_'item_id` INT AUTO_INCREMENT PRIMARY KEY,
+    `'order'_'id'` INT NOT NULL,
+    `product'_'id` INT NOT NULL,
+    `qua\ntity` INT NOT NULL CHECK (`qua\ntity` > 0),
+    `p'rice` DECIMAL(10,2) NOT NULL CHECK (`p'rice` >= 0),
+    FOREIGN KEY (`'order'_'id'`) REFERENCES "orders"(order_id) ON DELETE CASCADE,
+    FOREIGN KEY (`product'_'id`) REFERENCES "prod'ucts"("product`_`id") ON DELETE CASCADE,
+    UNIQUE KEY (`'order'_'id'`, `product'_'id`)
+);
+
+--exec $MYSQL_DUMP bug37607195 --result-file=$grep_file 2>&1
+
+--echo # Table 1: `'order'_'items'`
+--echo # `qua\ntity` must be escaped
+let $grep_pattern=qr|    `qua\ntity` INT NOT NULL CHECK (`qua\ntity` > 0)|;
+--source include/grep_pattern.inc
+
+--echo # Table 2: "custo`mers"
+--echo # "custo`mers" must be escaped
+let $grep_pattern=qr|CREATE TABLE `custo``mers`|;
+--source include/grep_pattern.inc
+
+--echo # `pho"\ne` must be escaped
+let $grep_pattern=qr|`pho"\ne` varchar(15) DEFAULT NULL|;
+--source include/grep_pattern.inc
+
+--echo # Table 3: "orders"
+--echo # `total\n` must be escaped
+let $grep_pattern=qr|`total\n` decimal(10,2) NOT NULL|;
+--source include/grep_pattern.inc
+
+--echo # FOREIGN KEY (`customer_id`) REFERENCES must be escaped
+let $grep_pattern=qr|REFERENCES `custo``mers`|;
+--source include/grep_pattern.inc
+
+--echo # Table 4: `prod'ucts`
+--echo # "descri`p`t`i`o`n" TEXT must be escaped
+let $grep_pattern=qr|`descri``p``t``i``o``n` text|;
+--source include/grep_pattern.inc
+
+--echo # `stock"_"qua\ntity` must be escaped
+let $grep_pattern=qr|`stock"_"qua\ntity` int DEFAULT '0'|;
+--source include/grep_pattern.inc
+
+SET @@sql_mode='ONLY_FULL_GROUP_BY,STRICT_TRANS_TABLES,NO_ZERO_IN_DATE,NO_ZERO_DATE,ERROR_FOR_DIVISION_BY_ZERO,NO_ENGINE_SUBSTITUTION';
+
+# Cleanup
+--remove_file $grep_file
+DROP DATABASE bug37607195;

sql-common/sql_string.cc

@@ -1,4 +1,4 @@
-/* Copyright (c) 2000, 2023, Oracle and/or its affiliates.
+/* Copyright (c) 2000, 2025, Oracle and/or its affiliates.
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License, version 2.0,
@@ -1305,8 +1305,7 @@ size_t bin_to_hex_str(char *to, size_t to_len, char *from, size_t from_len)
                                 prefix for a character, i.e. the byte length
                                 of that invalid character is undefined.
 
-  @retval true if the whole input byte sequence is a valid character string.
-               The length_error output parameter is undefined.
+  @retval true if the input is invalid.
 
   @return
     if the whole input byte sequence is a valid character string

sql/item.h

@@ -1,7 +1,7 @@
 #ifndef ITEM_INCLUDED
 #define ITEM_INCLUDED
 
-/* Copyright (c) 2000, 2023, Oracle and/or its affiliates.
+/* Copyright (c) 2000, 2025, Oracle and/or its affiliates.
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License, version 2.0,
@@ -255,6 +255,7 @@ class Name_string: public Simple_cstring
   Name_string(const char *str, size_t length):
     Simple_cstring(str, length) {}
   Name_string(const LEX_STRING str): Simple_cstring(str) {}
+  Name_string(const LEX_CSTRING str) : Simple_cstring(str) {}
   Name_string(const char *str, size_t length, bool is_null_terminated):
     Simple_cstring()
   {

sql/item_func.cc

@@ -1,4 +1,4 @@
-/* Copyright (c) 2000, 2023, Oracle and/or its affiliates.
+/* Copyright (c) 2000, 2025, Oracle and/or its affiliates.
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License, version 2.0,
@@ -4912,7 +4912,7 @@ longlong Item_master_pos_wait::val_int()
       return 0;
     }
 
-    mi= channel_map.get_mi(channel_str->ptr());
+    mi = channel_map.get_mi(channel_str->c_ptr_safe());
 
   }
   else

sql/parse_tree_items.cc

@@ -1,4 +1,4 @@
-/* Copyright (c) 2013, 2023, Oracle and/or its affiliates.
+/* Copyright (c) 2013, 2025, Oracle and/or its affiliates.
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License, version 2.0,
@@ -190,7 +190,7 @@ bool PTI_expr_with_alias::itemize(Parse_context *pc, Item **res)
   if (alias.str)
   {
     if (pc->thd->lex->sql_command == SQLCOM_CREATE_VIEW &&
-        check_column_name(alias.str))
+        check_column_name(alias))
     {
       my_error(ER_WRONG_COLUMN_NAME, MYF(0), alias.str);
       return true;

sql/sql_class.h

@@ -1,4 +1,4 @@
-/* Copyright (c) 2000, 2023, Oracle and/or its affiliates.
+/* Copyright (c) 2000, 2025, Oracle and/or its affiliates.
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License, version 2.0,
@@ -5507,7 +5507,7 @@ class user_var_entry
   */
   static user_var_entry *create(THD *thd, const Name_string &name, const CHARSET_INFO *cs)
   {
-    if (check_column_name(name.ptr()))
+    if (check_column_name(name))
     {
       my_error(ER_ILLEGAL_USER_VAR, MYF(0), name.ptr());
       return NULL;