1 /*
2 Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved.
3
4 This program is free software; you can redistribute it and/or modify
5 it under the terms of the GNU General Public License, version 2.0,
6 as published by the Free Software Foundation.
7
8 This program is also distributed with certain software (including
9 but not limited to OpenSSL) that is licensed under separate terms,
10 as designated in a particular file or component or in included license
11 documentation. The authors of MySQL hereby grant you an additional
12 permission to link the program and your derivative works with the
13 separately licensed software that they have included with MySQL.
14
15 This program is distributed in the hope that it will be useful,
16 but WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 GNU General Public License, version 2.0, for more details.
19
20 You should have received a copy of the GNU General Public License
21 along with this program; if not, write to the Free Software
22 Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
23 */
24
25
26 /**
27 @file
28
29 @brief
30 This file defines all string functions
31
32 @warning
33 Some string functions don't always put and end-null on a String.
34 (This shouldn't be needed)
35 */
36
37 /* May include caustic 3rd-party defs. Use early, so it can override nothing. */
38 #include <openssl/sha.h>
39
40 #include "item_strfunc.h"
41
42 #ifdef HAVE_UNISTD_H
43 #include <unistd.h>
44 #endif
45 #ifdef HAVE_CRYPT_H
46 #include <crypt.h>
47 #endif
48
49 #include "base64.h" // base64_encode_max_arg_length
50 #include "my_aes.h" // MY_AES_IV_SIZE
51 #include "my_md5.h" // MD5_HASH_SIZE
52 #include "my_rnd.h" // my_rand_buffer
53 #include "sha1.h" // SHA1_HASH_SIZE
54 #include "auth_common.h" // check_password_policy
55 #include "des_key_file.h" // st_des_keyblock
56 #include "item_geofunc.h" // Item_func_geomfromgeojson
57 #include "password.h" // my_make_scrambled_password
58 #include "sql_class.h" // THD
59 #include "strfunc.h" // hexchar_to_int
60
61 C_MODE_START
62 #include "../mysys/my_static.h" // For soundex_map
63 C_MODE_END
64
65 #include "template_utils.h"
66
67 #include "pfs_file_provider.h"
68 #include "mysql/psi/mysql_file.h"
69
70 using std::min;
71 using std::max;
72
73
74 /*
75 For the Items which have only val_str_ascii() method
76 and don't have their own "native" val_str(),
77 we provide a "wrapper" method to convert from ASCII
78 to Item character set when it's necessary.
79 Conversion happens only in case of "tricky" Item character set (e.g. UCS2).
80 Normally conversion does not happen, and val_str_ascii() is immediately
81 returned instead.
82 */
val_str_from_val_str_ascii(String * str,String * str2)83 String *Item_str_func::val_str_from_val_str_ascii(String *str, String *str2)
84 {
85 DBUG_ASSERT(fixed == 1);
86
87 if (!(collation.collation->state & MY_CS_NONASCII))
88 {
89 String *res= val_str_ascii(str);
90 if (res)
91 res->set_charset(collation.collation);
92 return res;
93 }
94
95 DBUG_ASSERT(str != str2);
96
97 uint errors;
98 String *res= val_str_ascii(str);
99 if (!res)
100 return 0;
101
102 if ((null_value= str2->copy(res->ptr(), res->length(),
103 &my_charset_latin1, collation.collation,
104 &errors)))
105 return 0;
106
107 return str2;
108 }
109
fix_fields(THD * thd,Item ** ref)110 bool Item_str_func::fix_fields(THD *thd, Item **ref)
111 {
112 bool res= Item_func::fix_fields(thd, ref);
113 /*
114 In Item_str_func::check_well_formed_result() we may set null_value
115 flag on the same condition as in test() below.
116 */
117 maybe_null= (maybe_null || thd->is_strict_mode());
118 return res;
119 }
120
121
val_decimal(my_decimal * decimal_value)122 my_decimal *Item_str_func::val_decimal(my_decimal *decimal_value)
123 {
124 DBUG_ASSERT(fixed == 1);
125 char buff[64];
126 String *res, tmp(buff,sizeof(buff), &my_charset_bin);
127 res= val_str(&tmp);
128 if (!res)
129 return 0;
130 (void)str2my_decimal(E_DEC_FATAL_ERROR, (char*) res->ptr(),
131 res->length(), res->charset(), decimal_value);
132 return decimal_value;
133 }
134
135
val_real()136 double Item_str_func::val_real()
137 {
138 DBUG_ASSERT(fixed == 1);
139 int err_not_used;
140 char *end_not_used, buff[64];
141 String *res, tmp(buff,sizeof(buff), &my_charset_bin);
142 res= val_str(&tmp);
143 return res ? my_strntod(res->charset(), (char*) res->ptr(), res->length(),
144 &end_not_used, &err_not_used) : 0.0;
145 }
146
147
val_int()148 longlong Item_str_func::val_int()
149 {
150 DBUG_ASSERT(fixed == 1);
151 int err;
152 char buff[22];
153 String *res, tmp(buff,sizeof(buff), &my_charset_bin);
154 res= val_str(&tmp);
155 return (res ?
156 my_strntoll(res->charset(), res->ptr(), res->length(), 10, NULL,
157 &err) :
158 (longlong) 0);
159 }
160
161
val_str_ascii(String * str)162 String *Item_func_md5::val_str_ascii(String *str)
163 {
164 DBUG_ASSERT(fixed == 1);
165 String * sptr= args[0]->val_str(str);
166 str->set_charset(&my_charset_bin);
167 if (sptr)
168 {
169 uchar digest[MD5_HASH_SIZE];
170
171 null_value=0;
172 compute_md5_hash((char *) digest, sptr->ptr(), sptr->length());
173 if (str->alloc(32)) // Ensure that memory is free
174 {
175 null_value=1;
176 return 0;
177 }
178 array_to_hex((char *) str->ptr(), digest, MD5_HASH_SIZE);
179 str->length((uint) 32);
180 return str;
181 }
182 null_value=1;
183 return 0;
184 }
185
186
187 /*
188 The MD5()/SHA() functions treat their parameter as being a case sensitive.
189 Thus we set binary collation on it so different instances of MD5() will be
190 compared properly.
191 */
get_checksum_charset(const char * csname)192 static CHARSET_INFO *get_checksum_charset(const char *csname)
193 {
194 CHARSET_INFO *cs= get_charset_by_csname(csname, MY_CS_BINSORT, MYF(0));
195 if (!cs)
196 {
197 // Charset has no binary collation: use my_charset_bin.
198 cs= &my_charset_bin;
199 }
200 return cs;
201 }
202
203
fix_length_and_dec()204 void Item_func_md5::fix_length_and_dec()
205 {
206 CHARSET_INFO *cs= get_checksum_charset(args[0]->collation.collation->csname);
207 args[0]->collation.set(cs, DERIVATION_COERCIBLE);
208 fix_length_and_charset(32, default_charset());
209 }
210
211
val_str_ascii(String * str)212 String *Item_func_sha::val_str_ascii(String *str)
213 {
214 DBUG_ASSERT(fixed == 1);
215 String * sptr= args[0]->val_str(str);
216 str->set_charset(&my_charset_bin);
217 if (sptr) /* If we got value different from NULL */
218 {
219 /* Temporary buffer to store 160bit digest */
220 uint8 digest[SHA1_HASH_SIZE];
221 compute_sha1_hash(digest, sptr->ptr(), sptr->length());
222 /* Ensure that memory is free */
223 if (!(str->alloc(SHA1_HASH_SIZE * 2)))
224 {
225 array_to_hex((char *) str->ptr(), digest, SHA1_HASH_SIZE);
226 str->length((uint) SHA1_HASH_SIZE*2);
227 null_value=0;
228 return str;
229 }
230 }
231 null_value=1;
232 return 0;
233 }
234
fix_length_and_dec()235 void Item_func_sha::fix_length_and_dec()
236 {
237 CHARSET_INFO *cs= get_checksum_charset(args[0]->collation.collation->csname);
238 args[0]->collation.set(cs, DERIVATION_COERCIBLE);
239 // size of hex representation of hash
240 fix_length_and_charset(SHA1_HASH_SIZE * 2, default_charset());
241 }
242
243 /*
244 SHA2(str, hash_length)
245 The second argument indicates the desired bit length of the
246 result, which must have a value of 224, 256, 384, 512, or 0
247 (which is equivalent to 256).
248 */
val_str_ascii(String * str)249 String *Item_func_sha2::val_str_ascii(String *str)
250 {
251 DBUG_ASSERT(fixed == 1);
252 #if defined(HAVE_OPENSSL) && !defined(EMBEDDED_LIBRARY)
253 unsigned char digest_buf[SHA512_DIGEST_LENGTH];
254 uint digest_length= 0;
255
256 String *input_string= args[0]->val_str(str);
257 str->set_charset(&my_charset_bin);
258
259 if (input_string == NULL)
260 {
261 null_value= TRUE;
262 return (String *) NULL;
263 }
264
265 null_value= args[0]->null_value;
266 if (null_value)
267 return NULL;
268
269 const unsigned char *input_ptr=
270 pointer_cast<const unsigned char*>(input_string->ptr());
271 size_t input_len= input_string->length();
272
273 longlong hash_length= args[1]->val_int();
274 null_value= args[1]->null_value;
275 // Give error message in switch below.
276 if (null_value)
277 hash_length= -1;
278
279 switch (hash_length) {
280 #ifndef OPENSSL_NO_SHA512
281 case 512:
282 digest_length= SHA512_DIGEST_LENGTH;
283 (void) SHA512(input_ptr, input_len, digest_buf);
284 break;
285 case 384:
286 digest_length= SHA384_DIGEST_LENGTH;
287 (void) SHA384(input_ptr, input_len, digest_buf);
288 break;
289 #endif
290 #ifndef OPENSSL_NO_SHA256
291 case 224:
292 digest_length= SHA224_DIGEST_LENGTH;
293 (void) SHA224(input_ptr, input_len, digest_buf);
294 break;
295 case 256:
296 case 0: // SHA-256 is the default
297 digest_length= SHA256_DIGEST_LENGTH;
298 (void) SHA256(input_ptr, input_len, digest_buf);
299 break;
300 #endif
301 default:
302 // For const values we have already warned in fix_length_and_dec.
303 if (!args[1]->const_item())
304 push_warning_printf(current_thd,
305 Sql_condition::SL_WARNING,
306 ER_WRONG_PARAMETERS_TO_NATIVE_FCT,
307 ER(ER_WRONG_PARAMETERS_TO_NATIVE_FCT), "sha2");
308 null_value= TRUE;
309 return NULL;
310 }
311
312 /*
313 Since we're subverting the usual String methods, we must make sure that
314 the destination has space for the bytes we're about to write.
315 */
316 str->mem_realloc(digest_length*2 + 1); /* Each byte as two nybbles */
317
318 /* Convert the large number to a string-hex representation. */
319 array_to_hex((char *) str->ptr(), digest_buf, digest_length);
320
321 /* We poked raw bytes in. We must inform the the String of its length. */
322 str->length(digest_length*2); /* Each byte as two nybbles */
323
324 null_value= FALSE;
325 return str;
326
327 #else
328 push_warning_printf(current_thd,
329 Sql_condition::SL_WARNING,
330 ER_FEATURE_DISABLED,
331 ER(ER_FEATURE_DISABLED),
332 "sha2", "--with-ssl");
333 null_value= TRUE;
334 return (String *) NULL;
335 #endif /* defined(HAVE_OPENSSL) && !defined(EMBEDDED_LIBRARY) */
336 }
337
338
fix_length_and_dec()339 void Item_func_sha2::fix_length_and_dec()
340 {
341 maybe_null = 1;
342 max_length = 0;
343
344 #if defined(HAVE_OPENSSL) && !defined(EMBEDDED_LIBRARY)
345 longlong sha_variant;
346 if (args[1]->const_item())
347 {
348 sha_variant= args[1]->val_int();
349 // Give error message in switch below.
350 if (args[1]->null_value)
351 sha_variant= -1;
352 }
353 else
354 {
355 sha_variant= 512;
356 }
357
358 switch (sha_variant) {
359 #ifndef OPENSSL_NO_SHA512
360 case 512:
361 fix_length_and_charset(SHA512_DIGEST_LENGTH * 2, default_charset());
362 break;
363 case 384:
364 fix_length_and_charset(SHA384_DIGEST_LENGTH * 2, default_charset());
365 break;
366 #endif
367 #ifndef OPENSSL_NO_SHA256
368 case 256:
369 case 0: // SHA-256 is the default
370 fix_length_and_charset(SHA256_DIGEST_LENGTH * 2, default_charset());
371 break;
372 case 224:
373 fix_length_and_charset(SHA224_DIGEST_LENGTH * 2, default_charset());
374 break;
375 #endif
376 default:
377 fix_length_and_charset(SHA256_DIGEST_LENGTH * 2, default_charset());
378 push_warning_printf(current_thd,
379 Sql_condition::SL_WARNING,
380 ER_WRONG_PARAMETERS_TO_NATIVE_FCT,
381 ER(ER_WRONG_PARAMETERS_TO_NATIVE_FCT), "sha2");
382 }
383
384 CHARSET_INFO *cs= get_checksum_charset(args[0]->collation.collation->csname);
385 args[0]->collation.set(cs, DERIVATION_COERCIBLE);
386
387 #else
388 push_warning_printf(current_thd,
389 Sql_condition::SL_WARNING,
390 ER_FEATURE_DISABLED,
391 ER(ER_FEATURE_DISABLED),
392 "sha2", "--with-ssl");
393 #endif /* defined(HAVE_OPENSSL) && !defined(EMBEDDED_LIBRARY) */
394 }
395
396 /* Implementation of AES encryption routines */
397
398 /** helper class to process an IV argument to aes_encrypt/aes_decrypt */
399 class iv_argument
400 {
401 char iv_buff[MY_AES_IV_SIZE + 1]; // +1 to cater for the terminating NULL
402 String tmp_iv_value;
403 public:
iv_argument()404 iv_argument() :
405 tmp_iv_value(iv_buff, sizeof(iv_buff), system_charset_info)
406 {}
407
408 /**
409 Validate the arguments and retrieve the IV value.
410
411 Processes a 3d optional IV argument to an Item_func function.
412 Contains all the necessary stack buffers etc.
413
414 @param aes_opmode the encryption mode
415 @param arg_count number of parameters passed to the function
416 @param args array of arguments passed to the function
417 @param func_name the name of the function (for errors)
418 @param thd the current thread (for errors)
419 @param [out] error_generated set to true if error was generated.
420
421 @return a pointer to the retrived validated IV or NULL
422 */
retrieve_iv_ptr(enum my_aes_opmode aes_opmode,uint arg_count,Item ** args,const char * func_name,THD * thd,my_bool * error_generated)423 const unsigned char *retrieve_iv_ptr(enum my_aes_opmode aes_opmode,
424 uint arg_count,
425 Item **args,
426 const char *func_name,
427 THD *thd,
428 my_bool *error_generated)
429 {
430 const unsigned char *iv_str= NULL;
431
432 *error_generated= FALSE;
433
434 if (my_aes_needs_iv(aes_opmode))
435 {
436 /* we only enforce the need for IV */
437 if (arg_count == 3)
438 {
439 String *iv= args[2]->val_str(&tmp_iv_value);
440 if (!iv || iv->length() < MY_AES_IV_SIZE)
441 {
442 my_error(ER_AES_INVALID_IV, MYF(0), func_name, (long long) MY_AES_IV_SIZE);
443 *error_generated= TRUE;
444 return NULL;
445 }
446 iv_str= (unsigned char *) iv->ptr();
447 }
448 else
449 {
450 my_error(ER_WRONG_PARAMCOUNT_TO_NATIVE_FCT, MYF(0), func_name);
451 *error_generated= TRUE;
452 return NULL;
453 }
454 }
455 else
456 {
457 if (arg_count == 3)
458 {
459 push_warning_printf(thd, Sql_condition::SL_WARNING,
460 WARN_OPTION_IGNORED,
461 ER(WARN_OPTION_IGNORED), "IV");
462 }
463 }
464 return iv_str;
465 }
466 };
467
468
itemize(Parse_context * pc,Item ** res)469 bool Item_func_aes_encrypt::itemize(Parse_context *pc, Item **res)
470 {
471 if (skip_itemize(res))
472 return false;
473 if (super::itemize(pc, res))
474 return true;
475 /* Unsafe for SBR since result depends on a session variable */
476 pc->thd->lex->set_stmt_unsafe(LEX::BINLOG_STMT_UNSAFE_SYSTEM_FUNCTION);
477 /* Not safe to cache either */
478 pc->thd->lex->set_uncacheable(pc->select, UNCACHEABLE_SIDEEFFECT);
479 return false;
480 }
481
482
val_str(String * str)483 String *Item_func_aes_encrypt::val_str(String *str)
484 {
485 DBUG_ASSERT(fixed == 1);
486 char key_buff[80];
487 String tmp_key_value(key_buff, sizeof(key_buff), system_charset_info);
488 String *sptr, *key;
489 int aes_length;
490 THD *thd= current_thd;
491 ulong aes_opmode;
492 iv_argument iv_arg;
493 DBUG_ENTER("Item_func_aes_encrypt::val_str");
494
495 sptr= args[0]->val_str(str); // String to encrypt
496 key= args[1]->val_str(&tmp_key_value); // key
497 aes_opmode= thd->variables.my_aes_mode;
498
499 DBUG_ASSERT(aes_opmode <= MY_AES_END);
500
501 if (sptr && key) // we need both arguments to be not NULL
502 {
503 const unsigned char *iv_str=
504 iv_arg.retrieve_iv_ptr((enum my_aes_opmode) aes_opmode, arg_count, args,
505 func_name(), thd, &null_value);
506 if (null_value)
507 DBUG_RETURN(NULL);
508
509 // Calculate result length
510 aes_length= my_aes_get_size(sptr->length(),
511 (enum my_aes_opmode) aes_opmode);
512
513 str_value.set_charset(&my_charset_bin);
514 if (!str_value.alloc(aes_length)) // Ensure that memory is free
515 {
516 // finally encrypt directly to allocated buffer.
517 if (my_aes_encrypt((unsigned char *) sptr->ptr(), sptr->length(),
518 (unsigned char *) str_value.ptr(),
519 (unsigned char *) key->ptr(), key->length(),
520 (enum my_aes_opmode) aes_opmode,
521 iv_str) == aes_length)
522 {
523 // We got the expected result length
524 str_value.length((uint) aes_length);
525 DBUG_RETURN(&str_value);
526 }
527 }
528 }
529 null_value=1;
530 DBUG_RETURN(0);
531 }
532
533
fix_length_and_dec()534 void Item_func_aes_encrypt::fix_length_and_dec()
535 {
536 ulong aes_opmode= current_thd->variables.my_aes_mode;
537 DBUG_ASSERT(aes_opmode <= MY_AES_END);
538
539 max_length=my_aes_get_size(args[0]->max_length,
540 (enum my_aes_opmode) aes_opmode);
541 }
542
543
itemize(Parse_context * pc,Item ** res)544 bool Item_func_aes_decrypt::itemize(Parse_context *pc, Item **res)
545 {
546 if (skip_itemize(res))
547 return false;
548 if (super::itemize(pc, res))
549 return true;
550 /* Unsafe for SBR since result depends on a session variable */
551 pc->thd->lex->set_stmt_unsafe(LEX::BINLOG_STMT_UNSAFE_SYSTEM_FUNCTION);
552 /* Not safe to cache either */
553 pc->thd->lex->set_uncacheable(pc->select, UNCACHEABLE_SIDEEFFECT);
554 return false;
555 }
556
557
val_str(String * str)558 String *Item_func_aes_decrypt::val_str(String *str)
559 {
560 DBUG_ASSERT(fixed == 1);
561 char key_buff[80];
562 String tmp_key_value(key_buff, sizeof(key_buff), system_charset_info);
563 String *sptr, *key;
564 THD *thd= current_thd;
565 ulong aes_opmode;
566 iv_argument iv_arg;
567 DBUG_ENTER("Item_func_aes_decrypt::val_str");
568
569 sptr= args[0]->val_str(str); // String to decrypt
570 key= args[1]->val_str(&tmp_key_value); // Key
571 aes_opmode= thd->variables.my_aes_mode;
572 DBUG_ASSERT(aes_opmode <= MY_AES_END);
573
574 if (sptr && key) // Need to have both arguments not NULL
575 {
576 const unsigned char *iv_str=
577 iv_arg.retrieve_iv_ptr((enum my_aes_opmode) aes_opmode, arg_count, args,
578 func_name(), thd, &null_value);
579 if (null_value)
580 DBUG_RETURN(NULL);
581 str_value.set_charset(&my_charset_bin);
582 if (!str_value.alloc(sptr->length())) // Ensure that memory is free
583 {
584 // finally decrypt directly to allocated buffer.
585 int length;
586 length= my_aes_decrypt((unsigned char *) sptr->ptr(), sptr->length(),
587 (unsigned char *) str_value.ptr(),
588 (unsigned char *) key->ptr(), key->length(),
589 (enum my_aes_opmode) aes_opmode, iv_str);
590 if (length >= 0) // if we got correct data data
591 {
592 str_value.length((uint) length);
593 DBUG_RETURN(&str_value);
594 }
595 }
596 }
597 // Bad parameters. No memory or bad data will all go here
598 null_value=1;
599 DBUG_RETURN(0);
600 }
601
602
fix_length_and_dec()603 void Item_func_aes_decrypt::fix_length_and_dec()
604 {
605 max_length=args[0]->max_length;
606 maybe_null= 1;
607 }
608
609
itemize(Parse_context * pc,Item ** res)610 bool Item_func_random_bytes::itemize(Parse_context *pc, Item **res)
611 {
612 if (skip_itemize(res))
613 return false;
614 if (super::itemize(pc, res))
615 return true;
616
617 /* it is unsafe for SBR since it uses crypto random from the ssl library */
618 pc->thd->lex->set_stmt_unsafe(LEX::BINLOG_STMT_UNSAFE_SYSTEM_FUNCTION);
619 /* Not safe to cache either */
620 pc->thd->lex->set_uncacheable(pc->select, UNCACHEABLE_RAND);
621 return false;
622 }
623
624
625 /*
626 Artificially limited to 1k to avoid excessive memory usage.
627 The SSL lib supports up to INT_MAX.
628 */
629 const longlong Item_func_random_bytes::MAX_RANDOM_BYTES_BUFFER= 1024;
630
631
fix_length_and_dec()632 void Item_func_random_bytes::fix_length_and_dec()
633 {
634 collation.set(&my_charset_bin);
635 max_length= MAX_RANDOM_BYTES_BUFFER;
636 }
637
638
val_str(String * a)639 String *Item_func_random_bytes::val_str(String *a)
640 {
641 DBUG_ASSERT(fixed == 1);
642 longlong n_bytes= args[0]->val_int();
643 null_value= args[0]->null_value;
644
645 if (null_value)
646 return NULL;
647
648 str_value.set_charset(&my_charset_bin);
649
650 if (n_bytes <= 0 || n_bytes > MAX_RANDOM_BYTES_BUFFER)
651 {
652 my_error(ER_DATA_OUT_OF_RANGE, MYF(0), "length", func_name());
653 null_value= TRUE;
654 return NULL;
655 }
656
657 if (str_value.alloc(n_bytes))
658 {
659 my_error(ER_OUTOFMEMORY, n_bytes);
660 null_value= TRUE;
661 return NULL;
662 }
663
664 str_value.set_charset(&my_charset_bin);
665
666 if (my_rand_buffer((unsigned char *) str_value.ptr(), n_bytes))
667 {
668 my_error(ER_ERROR_WHEN_EXECUTING_COMMAND, MYF(0), func_name(),
669 "SSL library can't generate random bytes");
670 null_value= TRUE;
671 return NULL;
672 }
673
674 str_value.length(n_bytes);
675 return &str_value;
676 }
677
678
fix_length_and_dec()679 void Item_func_to_base64::fix_length_and_dec()
680 {
681 maybe_null= args[0]->maybe_null;
682 collation.set(default_charset(), DERIVATION_COERCIBLE, MY_REPERTOIRE_ASCII);
683 if (args[0]->max_length > (uint) base64_encode_max_arg_length())
684 {
685 maybe_null= 1;
686 fix_char_length_ulonglong((ulonglong) base64_encode_max_arg_length());
687 }
688 else
689 {
690 uint64 length= base64_needed_encoded_length((uint64) args[0]->max_length);
691 DBUG_ASSERT(length > 0);
692 fix_char_length_ulonglong((ulonglong) length - 1);
693 }
694 }
695
696
val_str_ascii(String * str)697 String *Item_func_to_base64::val_str_ascii(String *str)
698 {
699 String *res= args[0]->val_str(str);
700 bool too_long= false;
701 uint64 length;
702 if (!res ||
703 res->length() > (uint) base64_encode_max_arg_length() ||
704 (too_long=
705 ((length= base64_needed_encoded_length((uint64) res->length())) >
706 current_thd->variables.max_allowed_packet)) ||
707 tmp_value.alloc((uint) length))
708 {
709 null_value= 1; // NULL input, too long input, or OOM.
710 if (too_long)
711 {
712 push_warning_printf(current_thd, Sql_condition::SL_WARNING,
713 ER_WARN_ALLOWED_PACKET_OVERFLOWED,
714 ER(ER_WARN_ALLOWED_PACKET_OVERFLOWED), func_name(),
715 current_thd->variables.max_allowed_packet);
716 }
717 return 0;
718 }
719 base64_encode(res->ptr(), (int) res->length(), (char*) tmp_value.ptr());
720 DBUG_ASSERT(length > 0);
721 tmp_value.length((uint) length - 1); // Without trailing '\0'
722 null_value= 0;
723 return &tmp_value;
724 }
725
726
fix_length_and_dec()727 void Item_func_from_base64::fix_length_and_dec()
728 {
729 if (args[0]->max_length > (uint) base64_decode_max_arg_length())
730 {
731 fix_char_length_ulonglong((ulonglong) base64_decode_max_arg_length());
732 }
733 else
734 {
735 uint64 length= base64_needed_decoded_length((uint64) args[0]->max_length);
736 fix_char_length_ulonglong((ulonglong) length);
737 }
738 maybe_null= 1; // Can be NULL, e.g. in case of badly formed input string
739 }
740
741
val_str(String * str)742 String *Item_func_from_base64::val_str(String *str)
743 {
744 String *res= args[0]->val_str_ascii(str);
745 bool too_long= false;
746 int64 length;
747 const char *end_ptr;
748
749 if (!res ||
750 res->length() > (uint) base64_decode_max_arg_length() ||
751 (too_long=
752 ((uint64) (length= base64_needed_decoded_length((uint64) res->length())) >
753 current_thd->variables.max_allowed_packet)) ||
754 tmp_value.alloc((uint) length) ||
755 (length= base64_decode(res->ptr(), (uint64) res->length(),
756 (char *) tmp_value.ptr(), &end_ptr, 0)) < 0 ||
757 end_ptr < res->ptr() + res->length())
758 {
759 null_value= 1; // NULL input, too long input, OOM, or badly formed input
760 if (too_long)
761 {
762 push_warning_printf(current_thd, Sql_condition::SL_WARNING,
763 ER_WARN_ALLOWED_PACKET_OVERFLOWED,
764 ER(ER_WARN_ALLOWED_PACKET_OVERFLOWED), func_name(),
765 current_thd->variables.max_allowed_packet);
766 }
767 return 0;
768 }
769 tmp_value.length((uint) length);
770 null_value= 0;
771 return &tmp_value;
772 }
773
774
775 /**
776 Concatenate args with the following premises:
777 If only one arg (which is ok), return value of arg;
778 Don't reallocate val_str() if not absolute necessary.
779 */
780
val_str(String * str)781 String *Item_func_concat::val_str(String *str) {
782 DBUG_ASSERT(fixed == 1);
783 String *res;
784
785 THD *thd = current_thd;
786 null_value = false;
787 tmp_value.length(0);
788 for (uint i = 0; i < arg_count; ++i) {
789 if (!(res = args[i]->val_str(str))) {
790 null_value = 1;
791 return 0;
792 }
793 if (res->length() + tmp_value.length() >
794 thd->variables.max_allowed_packet) {
795 push_warning_printf(thd, Sql_condition::SL_WARNING,
796 ER_WARN_ALLOWED_PACKET_OVERFLOWED,
797 ER(ER_WARN_ALLOWED_PACKET_OVERFLOWED), func_name(),
798 thd->variables.max_allowed_packet);
799 null_value = 1;
800 return 0;
801 }
802 if (tmp_value.append(*res)) {
803 null_value = 1;
804 return 0;
805 }
806 }
807 res = &tmp_value;
808 res->set_charset(collation.collation);
809 return res;
810 }
811
812
fix_length_and_dec()813 void Item_func_concat::fix_length_and_dec()
814 {
815 ulonglong char_length= 0;
816
817 if (agg_arg_charsets_for_string_result(collation, args, arg_count))
818 return;
819
820 for (uint i=0 ; i < arg_count ; i++)
821 char_length+= args[i]->max_char_length();
822
823 fix_char_length_ulonglong(char_length);
824 }
825
826 /**
827 @details
828 Function des_encrypt() by tonu@spam.ee & monty
829 Works only if compiled with OpenSSL library support.
830 @return
831 A binary string where first character is CHAR(128 | key-number).
832 If one uses a string key key_number is 127.
833 Encryption result is longer than original by formula:
834 @code new_length= org_length + (8-(org_length % 8))+1 @endcode
835 */
836
val_str(String * str)837 String *Item_func_des_encrypt::val_str(String *str)
838 {
839 DBUG_ASSERT(fixed == 1);
840 #if defined(HAVE_OPENSSL) && !defined(EMBEDDED_LIBRARY)
841 uint code= ER_WRONG_PARAMETERS_TO_PROCEDURE;
842 DES_cblock ivec;
843 struct st_des_keyblock keyblock;
844 struct st_des_keyschedule keyschedule;
845 const char *append_str="********";
846 uint key_number, tail;
847 size_t res_length;
848 String *res= args[0]->val_str(str);
849
850 if ((null_value= args[0]->null_value))
851 return 0; // ENCRYPT(NULL) == NULL
852 if ((res_length=res->length()) == 0)
853 return make_empty_result();
854 if (arg_count == 1)
855 {
856 /* Protect against someone doing FLUSH DES_KEY_FILE */
857 mysql_mutex_lock(&LOCK_des_key_file);
858 keyschedule= des_keyschedule[key_number=des_default_key];
859 mysql_mutex_unlock(&LOCK_des_key_file);
860 }
861 else if (args[1]->result_type() == INT_RESULT)
862 {
863 key_number= (uint) args[1]->val_int();
864 if (key_number > 9)
865 goto error;
866 mysql_mutex_lock(&LOCK_des_key_file);
867 keyschedule= des_keyschedule[key_number];
868 mysql_mutex_unlock(&LOCK_des_key_file);
869 }
870 else
871 {
872 String *keystr=args[1]->val_str(&tmp_value);
873 if (!keystr)
874 goto error;
875 key_number=127; // User key string
876
877 /* We make good 24-byte (168 bit) key from given plaintext key with MD5 */
878 memset(&ivec, 0, sizeof(ivec));
879 EVP_BytesToKey(EVP_des_ede3_cbc(),EVP_md5(),NULL,
880 (uchar*) keystr->ptr(), (int) keystr->length(),
881 1, (uchar*) &keyblock,ivec);
882 DES_set_key_unchecked(&keyblock.key1,&keyschedule.ks1);
883 DES_set_key_unchecked(&keyblock.key2,&keyschedule.ks2);
884 DES_set_key_unchecked(&keyblock.key3,&keyschedule.ks3);
885 }
886
887 /*
888 The problem: DES algorithm requires original data to be in 8-bytes
889 chunks. Missing bytes get filled with '*'s and result of encryption
890 can be up to 8 bytes longer than original string. When decrypted,
891 we do not know the size of original string :(
892 We add one byte with value 0x1..0x8 as the last byte of the padded
893 string marking change of string length.
894 */
895
896 tail= 8 - (res_length % 8); // 1..8 marking extra length
897 res_length+=tail;
898 tmp_arg.mem_realloc(res_length);
899 tmp_arg.length(0);
900 tmp_arg.append(res->ptr(), res->length());
901 code= ER_OUT_OF_RESOURCES;
902 if (tmp_arg.append(append_str, tail) || tmp_value.alloc(res_length+1))
903 goto error;
904 tmp_arg[res_length-1]=tail; // save extra length
905 tmp_value.mem_realloc(res_length+1);
906 tmp_value.length(res_length+1);
907 tmp_value.set_charset(&my_charset_bin);
908 tmp_value[0]=(char) (128 | key_number);
909 // Real encryption
910 memset(&ivec, 0, sizeof(ivec));
911 DES_ede3_cbc_encrypt((const uchar*) (tmp_arg.ptr()),
912 (uchar*) (tmp_value.ptr()+1),
913 res_length,
914 &keyschedule.ks1,
915 &keyschedule.ks2,
916 &keyschedule.ks3,
917 &ivec, TRUE);
918 return &tmp_value;
919
920 error:
921 push_warning_printf(current_thd, Sql_condition::SL_WARNING,
922 code, ER(code),
923 "des_encrypt");
924 #else
925 push_warning_printf(current_thd, Sql_condition::SL_WARNING,
926 ER_FEATURE_DISABLED, ER(ER_FEATURE_DISABLED),
927 "des_encrypt", "--with-ssl");
928 #endif /* defined(HAVE_OPENSSL) && !defined(EMBEDDED_LIBRARY) */
929 null_value=1;
930 return 0;
931 }
932
933
val_str(String * str)934 String *Item_func_des_decrypt::val_str(String *str)
935 {
936 DBUG_ASSERT(fixed == 1);
937 #if defined(HAVE_OPENSSL) && !defined(EMBEDDED_LIBRARY)
938 uint code= ER_WRONG_PARAMETERS_TO_PROCEDURE;
939 DES_cblock ivec;
940 struct st_des_keyblock keyblock;
941 struct st_des_keyschedule keyschedule;
942 String *res= args[0]->val_str(str);
943 size_t length;
944 uint tail;
945
946 if ((null_value= args[0]->null_value))
947 return 0;
948 length= res->length();
949 if (length < 9 || (length % 8) != 1 || !((*res)[0] & 128))
950 return res; // Skip decryption if not encrypted
951
952 if (arg_count == 1) // If automatic uncompression
953 {
954 uint key_number=(uint) (*res)[0] & 127;
955 // Check if automatic key and that we have privilege to uncompress using it
956 if (!(current_thd->security_context()->check_access(SUPER_ACL)) ||
957 key_number > 9)
958 goto error;
959
960 mysql_mutex_lock(&LOCK_des_key_file);
961 keyschedule= des_keyschedule[key_number];
962 mysql_mutex_unlock(&LOCK_des_key_file);
963 }
964 else
965 {
966 // We make good 24-byte (168 bit) key from given plaintext key with MD5
967 String *keystr=args[1]->val_str(&tmp_value);
968 if (!keystr)
969 goto error;
970
971 memset(&ivec, 0, sizeof(ivec));
972 EVP_BytesToKey(EVP_des_ede3_cbc(),EVP_md5(),NULL,
973 (uchar*) keystr->ptr(),(int) keystr->length(),
974 1,(uchar*) &keyblock,ivec);
975 // Here we set all 64-bit keys (56 effective) one by one
976 DES_set_key_unchecked(&keyblock.key1,&keyschedule.ks1);
977 DES_set_key_unchecked(&keyblock.key2,&keyschedule.ks2);
978 DES_set_key_unchecked(&keyblock.key3,&keyschedule.ks3);
979 }
980 code= ER_OUT_OF_RESOURCES;
981 if (tmp_value.alloc(length-1))
982 goto error;
983
984 memset(&ivec, 0, sizeof(ivec));
985 DES_ede3_cbc_encrypt((const uchar*) res->ptr()+1,
986 (uchar*) (tmp_value.ptr()),
987 length-1,
988 &keyschedule.ks1,
989 &keyschedule.ks2,
990 &keyschedule.ks3,
991 &ivec, FALSE);
992 /* Restore old length of key */
993 if ((tail=(uint) (uchar) tmp_value[length-2]) > 8)
994 goto wrong_key; // Wrong key
995 tmp_value.length(length-1-tail);
996 tmp_value.set_charset(&my_charset_bin);
997 return &tmp_value;
998
999 error:
1000 push_warning_printf(current_thd, Sql_condition::SL_WARNING,
1001 code, ER(code),
1002 "des_decrypt");
1003 wrong_key:
1004 #else
1005 push_warning_printf(current_thd, Sql_condition::SL_WARNING,
1006 ER_FEATURE_DISABLED, ER(ER_FEATURE_DISABLED),
1007 "des_decrypt", "--with-ssl");
1008 #endif /* defined(HAVE_OPENSSL) && !defined(EMBEDDED_LIBRARY) */
1009 null_value=1;
1010 return 0;
1011 }
1012
1013
1014 /**
1015 concat with separator. First arg is the separator
1016 concat_ws takes at least two arguments.
1017 */
1018
val_str(String * str)1019 String *Item_func_concat_ws::val_str(String *str) {
1020 DBUG_ASSERT(fixed == 1);
1021 char tmp_str_buff[10];
1022 String tmp_sep_str(tmp_str_buff, sizeof(tmp_str_buff), default_charset_info);
1023 String *sep_str, *res = NULL, *res2;
1024 uint i;
1025
1026 THD *thd = current_thd;
1027 null_value = false;
1028 if (!(sep_str = args[0]->val_str(&tmp_sep_str))) {
1029 null_value = 1;
1030 return 0;
1031 }
1032 tmp_value.length(0);
1033
1034 // Skip until non-null argument is found.
1035 // If not, return the empty string
1036 for (i = 1; i < arg_count; i++)
1037 if ((res = args[i]->val_str(str))) {
1038 break;
1039 }
1040
1041 if (i == arg_count)
1042 return make_empty_result();
1043
1044 if (tmp_value.append(*res)) {
1045 null_value = 1;
1046 return 0;
1047 }
1048
1049 for (i++; i < arg_count; i++) {
1050 if (!(res2 = args[i]->val_str(str)))
1051 continue; // Skip NULL
1052
1053 if (tmp_value.length() + sep_str->length() + res2->length() >
1054 thd->variables.max_allowed_packet) {
1055 push_warning_printf(thd, Sql_condition::SL_WARNING,
1056 ER_WARN_ALLOWED_PACKET_OVERFLOWED,
1057 ER(ER_WARN_ALLOWED_PACKET_OVERFLOWED), func_name(),
1058 thd->variables.max_allowed_packet);
1059 null_value = 1;
1060 return 0;
1061 }
1062 if (tmp_value.append(*sep_str) || tmp_value.append(*res2)) {
1063 null_value = 1;
1064 return 0;
1065 }
1066 }
1067 res = &tmp_value;
1068 res->set_charset(collation.collation);
1069 return res;
1070 }
1071
1072
fix_length_and_dec()1073 void Item_func_concat_ws::fix_length_and_dec()
1074 {
1075 ulonglong char_length;
1076
1077 if (agg_arg_charsets_for_string_result(collation, args, arg_count))
1078 return;
1079
1080 /*
1081 arg_count cannot be less than 2,
1082 it is done on parser level in sql_yacc.yy
1083 so, (arg_count - 2) is safe here.
1084 */
1085 char_length= (ulonglong) args[0]->max_char_length() * (arg_count - 2);
1086 for (uint i=1 ; i < arg_count ; i++)
1087 char_length+= args[i]->max_char_length();
1088
1089 fix_char_length_ulonglong(char_length);
1090 }
1091
1092
val_str(String * str)1093 String *Item_func_reverse::val_str(String *str)
1094 {
1095 DBUG_ASSERT(fixed == 1);
1096 String *res = args[0]->val_str(str);
1097 char *ptr, *end, *tmp;
1098
1099 if ((null_value=args[0]->null_value))
1100 return 0;
1101 /* An empty string is a special case as the string pointer may be null */
1102 if (!res->length())
1103 return make_empty_result();
1104 if (tmp_value.alloced_length() < res->length() &&
1105 tmp_value.mem_realloc(res->length()))
1106 {
1107 null_value= 1;
1108 return 0;
1109 }
1110 tmp_value.length(res->length());
1111 tmp_value.set_charset(res->charset());
1112 ptr= (char *) res->ptr();
1113 end= ptr + res->length();
1114 tmp= (char *) tmp_value.ptr() + tmp_value.length();
1115 if (use_mb(res->charset()))
1116 {
1117 uint32 l;
1118 while (ptr < end)
1119 {
1120 if ((l= my_ismbchar(res->charset(),ptr,end)))
1121 {
1122 tmp-= l;
1123 DBUG_ASSERT(tmp >= tmp_value.ptr());
1124 memcpy(tmp,ptr,l);
1125 ptr+= l;
1126 }
1127 else
1128 *--tmp= *ptr++;
1129 }
1130 }
1131 else
1132 {
1133 while (ptr < end)
1134 *--tmp= *ptr++;
1135 }
1136 return &tmp_value;
1137 }
1138
1139
fix_length_and_dec()1140 void Item_func_reverse::fix_length_and_dec()
1141 {
1142 agg_arg_charsets_for_string_result(collation, args, 1);
1143 DBUG_ASSERT(collation.collation != NULL);
1144 fix_char_length(args[0]->max_char_length());
1145 }
1146
1147 /**
1148 Replace all occurences of string2 in string1 with string3.
1149
1150 Don't reallocate val_str() if not needed.
1151
1152 @todo
1153 Fix that this works with binary strings
1154 */
1155
val_str(String * str)1156 String *Item_func_replace::val_str(String *str)
1157 {
1158 DBUG_ASSERT(fixed == 1);
1159 String *res,*res2,*res3;
1160 int offset;
1161 size_t from_length, to_length;
1162 bool alloced=0;
1163 const char *ptr,*end,*strend,*search,*search_end;
1164 uint32 l;
1165 bool binary_cmp;
1166
1167 null_value=0;
1168 res=args[0]->val_str(str);
1169 if (args[0]->null_value)
1170 goto null;
1171 res2=args[1]->val_str(&tmp_value);
1172 if (args[1]->null_value)
1173 goto null;
1174
1175 res->set_charset(collation.collation);
1176
1177 binary_cmp = ((res->charset()->state & MY_CS_BINSORT) || !use_mb(res->charset()));
1178
1179 if (res2->length() == 0)
1180 return res;
1181 offset=0;
1182 if (binary_cmp && (offset=res->strstr(*res2)) < 0)
1183 return res;
1184 if (!(res3=args[2]->val_str(&tmp_value2)))
1185 goto null;
1186 from_length= res2->length();
1187 to_length= res3->length();
1188
1189 if (!binary_cmp)
1190 {
1191 search=res2->ptr();
1192 search_end=search+from_length;
1193 redo:
1194 DBUG_ASSERT(res->ptr() || !offset);
1195 ptr=res->ptr()+offset;
1196 strend=res->ptr()+res->length();
1197 /*
1198 In some cases val_str() can return empty string
1199 with ptr() == NULL and length() == 0.
1200 Let's check strend to avoid overflow.
1201 */
1202 end= strend ? strend - from_length + 1 : NULL;
1203 while (ptr < end)
1204 {
1205 if (*ptr == *search)
1206 {
1207 char *i,*j;
1208 i=(char*) ptr+1; j=(char*) search+1;
1209 while (j != search_end)
1210 if (*i++ != *j++) goto skip;
1211 offset= (int) (ptr-res->ptr());
1212 if (res->length()-from_length + to_length >
1213 current_thd->variables.max_allowed_packet)
1214 {
1215 push_warning_printf(current_thd, Sql_condition::SL_WARNING,
1216 ER_WARN_ALLOWED_PACKET_OVERFLOWED,
1217 ER(ER_WARN_ALLOWED_PACKET_OVERFLOWED),
1218 func_name(),
1219 current_thd->variables.max_allowed_packet);
1220
1221 goto null;
1222 }
1223 if (!alloced)
1224 {
1225 alloced=1;
1226 if (res->uses_buffer_owned_by(str))
1227 {
1228 if (tmp_value_res.alloc(res->length() + to_length) ||
1229 tmp_value_res.copy(*res))
1230 goto null;
1231 res= &tmp_value_res;
1232 }
1233 else
1234 res= copy_if_not_alloced(str, res, res->length() + to_length);
1235 }
1236 res->replace((uint) offset,from_length,*res3);
1237 offset+=(int) to_length;
1238 goto redo;
1239 }
1240 skip:
1241 if ((l= my_ismbchar(res->charset(), ptr,strend)))
1242 ptr+= l;
1243 else
1244 ++ptr;
1245 }
1246 }
1247 else
1248 do
1249 {
1250 if (res->length()-from_length + to_length >
1251 current_thd->variables.max_allowed_packet)
1252 {
1253 push_warning_printf(current_thd, Sql_condition::SL_WARNING,
1254 ER_WARN_ALLOWED_PACKET_OVERFLOWED,
1255 ER(ER_WARN_ALLOWED_PACKET_OVERFLOWED), func_name(),
1256 current_thd->variables.max_allowed_packet);
1257 goto null;
1258 }
1259 if (!alloced)
1260 {
1261 alloced=1;
1262 if (res->uses_buffer_owned_by(str))
1263 {
1264 if (tmp_value_res.alloc(res->length() + to_length) ||
1265 tmp_value_res.copy(*res))
1266 goto null;
1267 res= &tmp_value_res;
1268 }
1269 else
1270 res= copy_if_not_alloced(str, res, res->length() + to_length);
1271 }
1272 res->replace((uint) offset,from_length,*res3);
1273 offset+=(int) to_length;
1274 }
1275 while ((offset=res->strstr(*res2,(uint) offset)) >= 0);
1276 return res;
1277
1278 null:
1279 null_value=1;
1280 return 0;
1281 }
1282
1283
fix_length_and_dec()1284 void Item_func_replace::fix_length_and_dec()
1285 {
1286 ulonglong char_length= (ulonglong) args[0]->max_char_length();
1287 int diff=(int) (args[2]->max_char_length() - args[1]->max_char_length());
1288 if (diff > 0 && args[1]->max_char_length())
1289 { // Calculate of maxreplaces
1290 ulonglong max_substrs= char_length / args[1]->max_char_length();
1291 char_length+= max_substrs * (uint) diff;
1292 }
1293
1294 if (agg_arg_charsets_for_string_result_with_comparison(collation, args, 3))
1295 return;
1296 fix_char_length_ulonglong(char_length);
1297 }
1298
1299
val_str(String * str)1300 String *Item_func_insert::val_str(String *str)
1301 {
1302 DBUG_ASSERT(fixed == 1);
1303 String *res,*res2;
1304 longlong start, length, orig_len; /* must be longlong to avoid truncation */
1305
1306 null_value=0;
1307 res=args[0]->val_str(str);
1308 res2=args[3]->val_str(&tmp_value);
1309 start= args[1]->val_int();
1310 length= args[2]->val_int();
1311
1312 if (args[0]->null_value || args[1]->null_value || args[2]->null_value ||
1313 args[3]->null_value)
1314 goto null; /* purecov: inspected */
1315
1316 orig_len= static_cast<longlong>(res->length());
1317
1318 if ((start < 1) || (start > orig_len))
1319 return res; // Wrong param; skip insert
1320
1321 --start; // Internal start from '0'
1322
1323 if ((length < 0) || (length > orig_len))
1324 length= orig_len;
1325
1326 /*
1327 There is one exception not handled (intentionaly) by the character set
1328 aggregation code. If one string is strong side and is binary, and
1329 another one is weak side and is a multi-byte character string,
1330 then we need to operate on the second string in terms on bytes when
1331 calling ::numchars() and ::charpos(), rather than in terms of characters.
1332 Lets substitute its character set to binary.
1333 */
1334 if (collation.collation == &my_charset_bin)
1335 {
1336 res->set_charset(&my_charset_bin);
1337 res2->set_charset(&my_charset_bin);
1338 }
1339
1340 /* start and length are now sufficiently valid to pass to charpos function */
1341 start= res->charpos((int) start);
1342 length= res->charpos((int) length, (uint32) start);
1343
1344 /* Re-testing with corrected params */
1345 if (start > orig_len)
1346 return res; /* purecov: inspected */ // Wrong param; skip insert
1347 if (length > orig_len - start)
1348 length= orig_len - start;
1349
1350 if ((ulonglong) (orig_len - length + res2->length()) >
1351 (ulonglong) current_thd->variables.max_allowed_packet)
1352 {
1353 push_warning_printf(current_thd, Sql_condition::SL_WARNING,
1354 ER_WARN_ALLOWED_PACKET_OVERFLOWED,
1355 ER(ER_WARN_ALLOWED_PACKET_OVERFLOWED),
1356 func_name(), current_thd->variables.max_allowed_packet);
1357 goto null;
1358 }
1359 if (res->uses_buffer_owned_by(str))
1360 {
1361 if (tmp_value_res.alloc(orig_len) ||
1362 tmp_value_res.copy(*res))
1363 goto null;
1364 res= &tmp_value_res;
1365 }
1366 else
1367 res= copy_if_not_alloced(str, res, orig_len);
1368
1369 res->replace((uint32) start,(uint32) length,*res2);
1370 return res;
1371 null:
1372 null_value=1;
1373 return 0;
1374 }
1375
1376
fix_length_and_dec()1377 void Item_func_insert::fix_length_and_dec()
1378 {
1379 ulonglong char_length;
1380
1381 // Handle character set for args[0] and args[3].
1382 if (agg_arg_charsets_for_string_result(collation, args, 2, 3))
1383 return;
1384 char_length= ((ulonglong) args[0]->max_char_length() +
1385 (ulonglong) args[3]->max_char_length());
1386 fix_char_length_ulonglong(char_length);
1387 }
1388
1389
val_str(String * str)1390 String *Item_str_conv::val_str(String *str)
1391 {
1392 DBUG_ASSERT(fixed == 1);
1393 String *res;
1394 if (!(res=args[0]->val_str(str)))
1395 {
1396 null_value=1; /* purecov: inspected */
1397 return 0; /* purecov: inspected */
1398 }
1399 null_value=0;
1400 if (multiply == 1)
1401 {
1402 size_t len;
1403 if (res->uses_buffer_owned_by(str))
1404 {
1405 if (tmp_value.copy(*res))
1406 return error_str();
1407 res= &tmp_value;
1408 }
1409 else
1410 res= copy_if_not_alloced(str, res, res->length());
1411
1412 len= converter(collation.collation, (char*) res->ptr(), res->length(),
1413 (char*) res->ptr(), res->length());
1414 DBUG_ASSERT(len <= res->length());
1415 res->length(len);
1416 }
1417 else
1418 {
1419 size_t len= res->length() * multiply;
1420 tmp_value.alloc(len);
1421 tmp_value.set_charset(collation.collation);
1422 len= converter(collation.collation, (char*) res->ptr(), res->length(),
1423 (char*) tmp_value.ptr(), len);
1424 tmp_value.length(len);
1425 res= &tmp_value;
1426 }
1427 return res;
1428 }
1429
1430
fix_length_and_dec()1431 void Item_func_lower::fix_length_and_dec()
1432 {
1433 agg_arg_charsets_for_string_result(collation, args, 1);
1434 DBUG_ASSERT(collation.collation != NULL);
1435 multiply= collation.collation->casedn_multiply;
1436 converter= collation.collation->cset->casedn;
1437 fix_char_length_ulonglong((ulonglong) args[0]->max_char_length() * multiply);
1438 }
1439
fix_length_and_dec()1440 void Item_func_upper::fix_length_and_dec()
1441 {
1442 agg_arg_charsets_for_string_result(collation, args, 1);
1443 DBUG_ASSERT(collation.collation != NULL);
1444 multiply= collation.collation->caseup_multiply;
1445 converter= collation.collation->cset->caseup;
1446 fix_char_length_ulonglong((ulonglong) args[0]->max_char_length() * multiply);
1447 }
1448
1449
val_str(String * str)1450 String *Item_func_left::val_str(String *str)
1451 {
1452 DBUG_ASSERT(fixed == 1);
1453 String *res= args[0]->val_str(str);
1454
1455 /* must be longlong to avoid truncation */
1456 longlong length= args[1]->val_int();
1457 size_t char_pos;
1458
1459 if ((null_value=(args[0]->null_value || args[1]->null_value)))
1460 return 0;
1461
1462 /* if "unsigned_flag" is set, we have a *huge* positive number. */
1463 if ((length <= 0) && (!args[1]->unsigned_flag))
1464 return make_empty_result();
1465 if ((res->length() <= (ulonglong) length) ||
1466 (res->length() <= (char_pos= res->charpos((int) length))))
1467 return res;
1468
1469 tmp_value.set(*res, 0, char_pos);
1470 return &tmp_value;
1471 }
1472
1473
left_right_max_length()1474 void Item_str_func::left_right_max_length()
1475 {
1476 uint32 char_length= args[0]->max_char_length();
1477 if (args[1]->const_item())
1478 {
1479 int length= (int) args[1]->val_int();
1480 if (args[1]->null_value)
1481 goto end;
1482
1483 if (length <= 0)
1484 char_length=0;
1485 else
1486 set_if_smaller(char_length, (uint) length);
1487 }
1488
1489 end:
1490 fix_char_length(char_length);
1491 }
1492
1493
fix_length_and_dec()1494 void Item_func_left::fix_length_and_dec()
1495 {
1496 agg_arg_charsets_for_string_result(collation, args, 1);
1497 DBUG_ASSERT(collation.collation != NULL);
1498 left_right_max_length();
1499 }
1500
1501
val_str(String * str)1502 String *Item_func_right::val_str(String *str)
1503 {
1504 DBUG_ASSERT(fixed == 1);
1505 String *res= args[0]->val_str(str);
1506 /* must be longlong to avoid truncation */
1507 longlong length= args[1]->val_int();
1508
1509 if ((null_value=(args[0]->null_value || args[1]->null_value)))
1510 return 0; /* purecov: inspected */
1511
1512 /* if "unsigned_flag" is set, we have a *huge* positive number. */
1513 if ((length <= 0) && (!args[1]->unsigned_flag))
1514 return make_empty_result(); /* purecov: inspected */
1515
1516 if (res->length() <= (ulonglong) length)
1517 return res; /* purecov: inspected */
1518
1519 size_t start=res->numchars();
1520 if (start <= (uint) length)
1521 return res;
1522 start=res->charpos(start - (uint) length);
1523 tmp_value.set(*res,start,res->length()-start);
1524 return &tmp_value;
1525 }
1526
1527
fix_length_and_dec()1528 void Item_func_right::fix_length_and_dec()
1529 {
1530 agg_arg_charsets_for_string_result(collation, args, 1);
1531 DBUG_ASSERT(collation.collation != NULL);
1532 left_right_max_length();
1533 }
1534
1535
val_str(String * str)1536 String *Item_func_substr::val_str(String *str)
1537 {
1538 DBUG_ASSERT(fixed == 1);
1539 String *res = args[0]->val_str(str);
1540 /* must be longlong to avoid truncation */
1541 longlong start= args[1]->val_int();
1542 /* Assumes that the maximum length of a String is < INT_MAX32. */
1543 /* Limit so that code sees out-of-bound value properly. */
1544 longlong length= arg_count == 3 ? args[2]->val_int() : INT_MAX32;
1545 longlong tmp_length;
1546
1547 if ((null_value=(args[0]->null_value || args[1]->null_value ||
1548 (arg_count == 3 && args[2]->null_value))))
1549 return 0; /* purecov: inspected */
1550
1551 /* Negative or zero length, will return empty string. */
1552 if ((arg_count == 3) && (length <= 0) &&
1553 (length == 0 || !args[2]->unsigned_flag))
1554 return make_empty_result();
1555
1556 /* Assumes that the maximum length of a String is < INT_MAX32. */
1557 /* Set here so that rest of code sees out-of-bound value as such. */
1558 if ((length <= 0) || (length > INT_MAX32))
1559 length= INT_MAX32;
1560
1561 /* if "unsigned_flag" is set, we have a *huge* positive number. */
1562 /* Assumes that the maximum length of a String is < INT_MAX32. */
1563 if ((!args[1]->unsigned_flag && (start < INT_MIN32 || start > INT_MAX32)) ||
1564 (args[1]->unsigned_flag && ((ulonglong) start > INT_MAX32)))
1565 return make_empty_result();
1566
1567 start= ((start < 0) ? res->numchars() + start : start - 1);
1568 start= res->charpos((int) start);
1569 if ((start < 0) || (start + 1 > static_cast<longlong>(res->length())))
1570 return make_empty_result();
1571
1572 length= res->charpos((int) length, (uint32) start);
1573 tmp_length= static_cast<longlong>(res->length()) - start;
1574 length= min(length, tmp_length);
1575
1576 if (!start && (longlong) res->length() == length)
1577 return res;
1578 tmp_value.set(*res, (uint32) start, (uint32) length);
1579 return &tmp_value;
1580 }
1581
1582
fix_length_and_dec()1583 void Item_func_substr::fix_length_and_dec()
1584 {
1585 max_length=args[0]->max_length;
1586
1587 agg_arg_charsets_for_string_result(collation, args, 1);
1588 DBUG_ASSERT(collation.collation != NULL);
1589 if (args[1]->const_item())
1590 {
1591 int32 start= (int32) args[1]->val_int();
1592 if (args[1]->null_value)
1593 goto end;
1594 if (start < 0)
1595 max_length= ((uint)(-start) > max_length) ? 0 : (uint)(-start);
1596 else
1597 max_length-= min((uint)(start - 1), max_length);
1598 }
1599 if (arg_count == 3 && args[2]->const_item())
1600 {
1601 int32 length= (int32) args[2]->val_int();
1602 if (args[2]->null_value)
1603 goto end;
1604 if (length <= 0)
1605 max_length=0; /* purecov: inspected */
1606 else
1607 set_if_smaller(max_length,(uint) length);
1608 }
1609
1610 end:
1611 max_length*= collation.collation->mbmaxlen;
1612 }
1613
1614
fix_length_and_dec()1615 void Item_func_substr_index::fix_length_and_dec()
1616 {
1617 if (agg_arg_charsets_for_string_result_with_comparison(collation, args, 2))
1618 return;
1619 fix_char_length(args[0]->max_char_length());
1620 }
1621
1622
val_str(String * str)1623 String *Item_func_substr_index::val_str(String *str)
1624 {
1625 DBUG_ASSERT(fixed == 1);
1626 char buff[MAX_FIELD_WIDTH];
1627 String tmp(buff,sizeof(buff),system_charset_info);
1628 String *res= args[0]->val_str(str);
1629 String *delimiter= args[1]->val_str(&tmp);
1630 int32 count= (int32) args[2]->val_int();
1631 int offset;
1632
1633 if (args[0]->null_value || args[1]->null_value || args[2]->null_value)
1634 { // string and/or delim are null
1635 null_value=1;
1636 return 0;
1637 }
1638 null_value=0;
1639 size_t delimiter_length= delimiter->length();
1640 if (!res->length() || !delimiter_length || !count)
1641 return make_empty_result(); // Wrong parameters
1642
1643 res->set_charset(collation.collation);
1644
1645 if (use_mb(res->charset()))
1646 {
1647 const char *ptr= res->ptr();
1648 const char *strend= ptr+res->length();
1649 const char *end= strend-delimiter_length+1;
1650 const char *search= delimiter->ptr();
1651 const char *search_end= search+delimiter_length;
1652 int32 n=0,c=count,pass;
1653 uint32 l;
1654 for (pass=(count>0);pass<2;++pass)
1655 {
1656 while (ptr < end)
1657 {
1658 if (*ptr == *search)
1659 {
1660 char *i,*j;
1661 i=(char*) ptr+1; j=(char*) search+1;
1662 while (j != search_end)
1663 if (*i++ != *j++) goto skip;
1664 if (pass==0) ++n;
1665 else if (!--c) break;
1666 ptr+= delimiter_length;
1667 continue;
1668 }
1669 skip:
1670 if ((l=my_ismbchar(res->charset(), ptr,strend))) ptr+=l;
1671 else ++ptr;
1672 } /* either not found or got total number when count<0 */
1673 if (pass == 0) /* count<0 */
1674 {
1675 c+=n+1;
1676 if (c<=0) return res; /* not found, return original string */
1677 ptr=res->ptr();
1678 }
1679 else
1680 {
1681 if (c) return res; /* Not found, return original string */
1682 if (count>0) /* return left part */
1683 {
1684 tmp_value.set(*res,0,(ulong) (ptr-res->ptr()));
1685 }
1686 else /* return right part */
1687 {
1688 ptr+= delimiter_length;
1689 tmp_value.set(*res,(ulong) (ptr-res->ptr()), (ulong) (strend-ptr));
1690 }
1691 }
1692 }
1693 }
1694 else
1695 {
1696 if (count > 0)
1697 { // start counting from the beginning
1698 for (offset=0; ; offset+= delimiter_length)
1699 {
1700 if ((offset= res->strstr(*delimiter, offset)) < 0)
1701 return res; // Didn't find, return org string
1702 if (!--count)
1703 {
1704 tmp_value.set(*res,0,offset);
1705 break;
1706 }
1707 }
1708 }
1709 else
1710 {
1711 /*
1712 Negative index, start counting at the end
1713 */
1714 for (offset=res->length(); offset; )
1715 {
1716 /*
1717 this call will result in finding the position pointing to one
1718 address space less than where the found substring is located
1719 in res
1720 */
1721 if ((offset= res->strrstr(*delimiter, offset)) < 0)
1722 return res; // Didn't find, return org string
1723 /*
1724 At this point, we've searched for the substring
1725 the number of times as supplied by the index value
1726 */
1727 if (!++count)
1728 {
1729 offset+= delimiter_length;
1730 tmp_value.set(*res,offset,res->length()- offset);
1731 break;
1732 }
1733 }
1734 if (count)
1735 return res; // Didn't find, return org string
1736 }
1737 }
1738 return (&tmp_value);
1739 }
1740
1741 /*
1742 ** The trim functions are extension to ANSI SQL because they trim substrings
1743 ** They ltrim() and rtrim() functions are optimized for 1 byte strings
1744 ** They also return the original string if possible, else they return
1745 ** a substring that points at the original string.
1746 */
1747
val_str(String * str)1748 String *Item_func_trim::val_str(String *str)
1749 {
1750 DBUG_ASSERT(fixed == 1);
1751
1752 String *res= args[0]->val_str(str);
1753 if ((null_value = args[0]->null_value))
1754 return NULL;
1755
1756 char buff[MAX_FIELD_WIDTH];
1757 String tmp(buff, sizeof(buff), system_charset_info);
1758 const String *remove_str= &remove; // Default value.
1759
1760 if (arg_count == 2)
1761 {
1762 remove_str= args[1]->val_str(&tmp);
1763 if ((null_value= args[1]->null_value))
1764 return NULL;
1765 }
1766
1767 const size_t remove_length= remove_str->length();
1768 if (remove_length == 0 ||
1769 remove_length > res->length())
1770 return res;
1771
1772 const char *ptr= res->ptr();
1773 const char *end= ptr + res->length();
1774 const char *const r_ptr= remove_str->ptr();
1775
1776 if (use_mb(res->charset()))
1777 {
1778 if (m_trim_leading)
1779 {
1780 while (ptr + remove_length <= end)
1781 {
1782 uint num_bytes= 0;
1783 while (num_bytes < remove_length)
1784 {
1785 uint len;
1786 if ((len= my_ismbchar(res->charset(), ptr + num_bytes, end)))
1787 num_bytes+= len;
1788 else
1789 ++num_bytes;
1790 }
1791 if (num_bytes != remove_length)
1792 break;
1793 if (memcmp(ptr, r_ptr, remove_length))
1794 break;
1795 ptr+= remove_length;
1796 }
1797 }
1798 if (m_trim_trailing)
1799 {
1800 // Optimize a common case, removing 0x20
1801 if (remove_length == 1)
1802 {
1803 const char *save_ptr= ptr;
1804 const char *new_end= ptr;
1805 const char chr= (*remove_str)[0];
1806 while (ptr < end)
1807 {
1808 uint32 l;
1809 if ((l= my_ismbchar(res->charset(), ptr, end)))
1810 {
1811 ptr+= l;
1812 new_end= ptr;
1813 }
1814 else if (*ptr++ != chr)
1815 new_end= ptr;
1816 }
1817 end= new_end;
1818 ptr= save_ptr;
1819 }
1820 else
1821 {
1822 bool found;
1823 const char *save_ptr= ptr;
1824 do
1825 {
1826 found= false;
1827 while (ptr + remove_length < end)
1828 {
1829 uint32 l;
1830 if ((l= my_ismbchar(res->charset(), ptr, end)))
1831 ptr+= l;
1832 else
1833 ++ptr;
1834 }
1835 if (ptr + remove_length == end && !memcmp(ptr, r_ptr, remove_length))
1836 {
1837 end-= remove_length;
1838 found= true;
1839 }
1840 ptr= save_ptr;
1841 }
1842 while (found);
1843 }
1844 }
1845 }
1846 else
1847 {
1848 if (m_trim_leading)
1849 {
1850 while (ptr + remove_length <= end && !memcmp(ptr, r_ptr, remove_length))
1851 ptr+= remove_length;
1852 }
1853 if (m_trim_trailing)
1854 {
1855 while (ptr + remove_length <= end &&
1856 !memcmp(end-remove_length, r_ptr, remove_length))
1857 end-=remove_length;
1858 }
1859 }
1860 if (ptr == res->ptr() && end == ptr + res->length())
1861 return res;
1862 tmp_value.set(*res, static_cast<uint>(ptr - res->ptr()),
1863 static_cast<uint>(end - ptr));
1864 return &tmp_value;
1865 }
1866
fix_length_and_dec()1867 void Item_func_trim::fix_length_and_dec()
1868 {
1869 if (arg_count == 1)
1870 {
1871 agg_arg_charsets_for_string_result(collation, args, 1);
1872 DBUG_ASSERT(collation.collation != NULL);
1873 remove.set_charset(collation.collation);
1874 remove.set_ascii(" ",1);
1875 }
1876 else
1877 {
1878 // Handle character set for args[1] and args[0].
1879 // Note that we pass args[1] as the first item, and args[0] as the second.
1880 if (agg_arg_charsets_for_string_result_with_comparison(collation,
1881 &args[1], 2, -1))
1882 return;
1883 }
1884 fix_char_length(args[0]->max_char_length());
1885 }
1886
1887 /*
1888 We need a separate function for print(), in order to do correct printing.
1889 The function func_name() is also used e.g. by Item_func::eq() to
1890 distinguish between different functions, and we do not want
1891 trim(leading) to match trim(trailing) for eq()
1892 */
trim_func_name(Item_func_trim::TRIM_MODE mode)1893 static const char *trim_func_name(Item_func_trim::TRIM_MODE mode)
1894 {
1895 switch(mode)
1896 {
1897 case Item_func_trim::TRIM_BOTH_DEFAULT:
1898 case Item_func_trim::TRIM_BOTH:
1899 case Item_func_trim::TRIM_LEADING:
1900 case Item_func_trim::TRIM_TRAILING: return "trim";
1901 case Item_func_trim::TRIM_LTRIM: return "ltrim";
1902 case Item_func_trim::TRIM_RTRIM: return "rtrim";
1903 }
1904 return NULL;
1905 }
1906
print(String * str,enum_query_type query_type)1907 void Item_func_trim::print(String *str, enum_query_type query_type)
1908 {
1909 str->append(trim_func_name(m_trim_mode));
1910 str->append('(');
1911 const char *mode_name;
1912 switch(m_trim_mode) {
1913 case TRIM_BOTH:
1914 mode_name= "both ";
1915 break;
1916 case TRIM_LEADING:
1917 mode_name= "leading ";
1918 break;
1919 case TRIM_TRAILING:
1920 mode_name= "trailing ";
1921 break;
1922 default:
1923 mode_name= NULL;
1924 break;
1925 }
1926 if (mode_name)
1927 {
1928 str->append(mode_name);
1929 }
1930 if (arg_count == 2)
1931 {
1932 args[1]->print(str, query_type);
1933 str->append(STRING_WITH_LEN(" from "));
1934 }
1935 args[0]->print(str, query_type);
1936 str->append(')');
1937 }
1938
1939
1940 /**
1941 Helper function for calculating a new password. Used in
1942 Item_func_password::fix_length_and_dec() for const parameters and in
1943 Item_func_password::val_str_ascii() for non-const parameters.
1944 @param str The plain text password which should be digested
1945 @param buffer a pointer to the buffer where the digest will be stored.
1946
1947 @note The buffer must be of at least CRYPT_MAX_PASSWORD_SIZE size.
1948
1949 @return Size of the password.
1950 */
1951
calculate_password(String * str,char * buffer)1952 static size_t calculate_password(String *str, char *buffer)
1953 {
1954 DBUG_ASSERT(str);
1955 if (str->length() == 0) // PASSWORD('') returns ''
1956 return 0;
1957
1958 size_t buffer_len= 0;
1959 THD *thd= current_thd;
1960 int old_passwords= 0;
1961 if (thd)
1962 old_passwords= thd->variables.old_passwords;
1963
1964 push_deprecated_warn_no_replacement(current_thd, "PASSWORD");
1965 #if defined(HAVE_OPENSSL)
1966 if (old_passwords == 2)
1967 {
1968 if (str->length() > MAX_PLAINTEXT_LENGTH)
1969 {
1970 my_error(ER_NOT_VALID_PASSWORD, MYF(0));
1971 return 0;
1972 }
1973
1974 my_make_scrambled_password(buffer, str->ptr(),
1975 str->length());
1976 buffer_len= strlen(buffer) + 1;
1977 }
1978 else
1979 #endif
1980 if (old_passwords == 0)
1981 {
1982 my_make_scrambled_password_sha1(buffer, str->ptr(),
1983 str->length());
1984 buffer_len= SCRAMBLED_PASSWORD_CHAR_LENGTH;
1985 }
1986 return buffer_len;
1987 }
1988
1989 /* Item_func_password */
fix_length_and_dec()1990 void Item_func_password::fix_length_and_dec()
1991 {
1992 maybe_null= false; // PASSWORD() never returns NULL
1993
1994 if (args[0]->const_item())
1995 {
1996 String str;
1997 String *res= args[0]->val_str(&str);
1998 if (!args[0]->null_value)
1999 {
2000 m_hashed_password_buffer_len=
2001 calculate_password(res, m_hashed_password_buffer);
2002 fix_length_and_charset(m_hashed_password_buffer_len, default_charset());
2003 m_recalculate_password= false;
2004 return;
2005 }
2006 }
2007
2008 m_recalculate_password= true;
2009 fix_length_and_charset(CRYPT_MAX_PASSWORD_SIZE, default_charset());
2010 }
2011
val_str_ascii(String * str)2012 String *Item_func_password::val_str_ascii(String *str)
2013 {
2014 DBUG_ASSERT(fixed == 1);
2015
2016 String *res= args[0]->val_str(str);
2017
2018 if (args[0]->null_value)
2019 res= make_empty_result();
2020
2021 /* we treat NULLs as equal to empty string when calling the plugin */
2022 my_validate_password_policy(res->ptr(), res->length());
2023
2024 null_value= 0;
2025 if (args[0]->null_value) // PASSWORD(NULL) returns ''
2026 return res;
2027
2028 if (m_recalculate_password)
2029 m_hashed_password_buffer_len= calculate_password(res,
2030 m_hashed_password_buffer);
2031
2032 if (m_hashed_password_buffer_len == 0)
2033 return make_empty_result();
2034
2035 str->set(m_hashed_password_buffer, m_hashed_password_buffer_len,
2036 default_charset());
2037
2038 return str;
2039 }
2040
itemize(Parse_context * pc,Item ** res)2041 bool Item_func_encrypt::itemize(Parse_context *pc, Item **res)
2042 {
2043 if (skip_itemize(res))
2044 return false;
2045 if (super::itemize(pc, res))
2046 return true;
2047 DBUG_ASSERT(arg_count == 1 || arg_count == 2);
2048 if (arg_count == 1)
2049 pc->thd->lex->set_uncacheable(pc->select, UNCACHEABLE_RAND);
2050 return false;
2051 }
2052
2053
2054 #define bin_to_ascii(c) ((c)>=38?((c)-38+'a'):(c)>=12?((c)-12+'A'):(c)+'.')
2055
val_str(String * str)2056 String *Item_func_encrypt::val_str(String *str)
2057 {
2058 DBUG_ASSERT(fixed == 1);
2059 #ifdef HAVE_CRYPT
2060 String *res = args[0]->val_str(str);
2061 char salt[3],*salt_ptr;
2062 if ((null_value=args[0]->null_value))
2063 return 0;
2064 if (res->length() == 0)
2065 return make_empty_result();
2066 if (arg_count == 1)
2067 { // generate random salt
2068 time_t timestamp=current_thd->query_start();
2069 salt[0] = bin_to_ascii( (ulong) timestamp & 0x3f);
2070 salt[1] = bin_to_ascii(( (ulong) timestamp >> 5) & 0x3f);
2071 salt[2] = 0;
2072 salt_ptr=salt;
2073 }
2074 else
2075 { // obtain salt from the first two bytes
2076 String *salt_str=args[1]->val_str(&tmp_value);
2077 if ((null_value= (args[1]->null_value || salt_str->length() < 2)))
2078 return 0;
2079 salt_ptr= salt_str->c_ptr_safe();
2080 }
2081 mysql_mutex_lock(&LOCK_crypt);
2082 char *tmp= crypt(res->c_ptr_safe(),salt_ptr);
2083 if (!tmp)
2084 {
2085 mysql_mutex_unlock(&LOCK_crypt);
2086 null_value= 1;
2087 return 0;
2088 }
2089 str->set(tmp, strlen(tmp), &my_charset_bin);
2090 str->copy();
2091 mysql_mutex_unlock(&LOCK_crypt);
2092 return str;
2093 #else
2094 null_value=1;
2095 return 0;
2096 #endif /* HAVE_CRYPT */
2097 }
2098
seed()2099 bool Item_func_encode::seed()
2100 {
2101 char buf[80];
2102 ulong rand_nr[2];
2103 String *key, tmp(buf, sizeof(buf), system_charset_info);
2104
2105 if (!(key= args[1]->val_str(&tmp)))
2106 return TRUE;
2107
2108 hash_password(rand_nr, key->ptr(), key->length());
2109 sql_crypt.init(rand_nr);
2110
2111 return FALSE;
2112 }
2113
fix_length_and_dec()2114 void Item_func_encode::fix_length_and_dec()
2115 {
2116 max_length=args[0]->max_length;
2117 maybe_null=args[0]->maybe_null || args[1]->maybe_null;
2118 collation.set(&my_charset_bin);
2119 /* Precompute the seed state if the item is constant. */
2120 seeded= args[1]->const_item() &&
2121 (args[1]->result_type() == STRING_RESULT) && !seed();
2122 }
2123
val_str(String * str)2124 String *Item_func_encode::val_str(String *str)
2125 {
2126 String *res;
2127 DBUG_ASSERT(fixed == 1);
2128
2129 if (!(res=args[0]->val_str(str)))
2130 {
2131 null_value= 1;
2132 return NULL;
2133 }
2134
2135 if (!seeded && seed())
2136 {
2137 null_value= 1;
2138 return NULL;
2139 }
2140
2141 null_value= 0;
2142 if (res->uses_buffer_owned_by(str))
2143 {
2144 if (tmp_value_res.copy(*res))
2145 return error_str();
2146 res= &tmp_value_res;
2147 }
2148 else
2149 res= copy_if_not_alloced(str, res, res->length());
2150
2151 crypto_transform(res);
2152 sql_crypt.reinit();
2153
2154 return res;
2155 }
2156
crypto_transform(String * res)2157 void Item_func_encode::crypto_transform(String *res)
2158 {
2159 push_deprecated_warn(current_thd, "ENCODE", "AES_ENCRYPT");
2160 sql_crypt.encode((char*) res->ptr(),res->length());
2161 res->set_charset(&my_charset_bin);
2162 }
2163
crypto_transform(String * res)2164 void Item_func_decode::crypto_transform(String *res)
2165 {
2166 push_deprecated_warn(current_thd, "DECODE", "AES_DECRYPT");
2167 sql_crypt.decode((char*) res->ptr(),res->length());
2168 }
2169
2170
safe_charset_converter(const CHARSET_INFO * tocs)2171 Item *Item_func_sysconst::safe_charset_converter(const CHARSET_INFO *tocs)
2172 {
2173 Item_string *conv;
2174 uint conv_errors;
2175 String tmp, cstr, *ostr= val_str(&tmp);
2176 if (null_value)
2177 {
2178 Item *null_item= new Item_null(fully_qualified_func_name());
2179 null_item->collation.set (tocs);
2180 return null_item;
2181 }
2182 cstr.copy(ostr->ptr(), ostr->length(), ostr->charset(), tocs, &conv_errors);
2183 if (conv_errors ||
2184 !(conv= new Item_static_string_func(fully_qualified_func_name(),
2185 cstr.ptr(), cstr.length(),
2186 cstr.charset(),
2187 collation.derivation)))
2188 {
2189 return NULL;
2190 }
2191 conv->str_value.copy();
2192 conv->str_value.mark_as_const();
2193 return conv;
2194 }
2195
2196
itemize(Parse_context * pc,Item ** res)2197 bool Item_func_database::itemize(Parse_context *pc, Item **res)
2198 {
2199 if (skip_itemize(res))
2200 return false;
2201 if (super::itemize(pc, res))
2202 return true;
2203
2204 pc->thd->lex->safe_to_cache_query=0;
2205 return false;
2206 }
2207
2208
val_str(String * str)2209 String *Item_func_database::val_str(String *str)
2210 {
2211 DBUG_ASSERT(fixed == 1);
2212 THD *thd= current_thd;
2213 if (thd->db().str == NULL)
2214 {
2215 null_value= 1;
2216 return 0;
2217 }
2218 else
2219 str->copy(thd->db().str, thd->db().length, system_charset_info);
2220 return str;
2221 }
2222
2223
2224 /**
2225 @note USER() is replicated correctly if binlog_format=ROW or (as of
2226 BUG#28086) binlog_format=MIXED, but is incorrectly replicated to ''
2227 if binlog_format=STATEMENT.
2228 */
init(const char * user,const char * host)2229 bool Item_func_user::init(const char *user, const char *host)
2230 {
2231 DBUG_ASSERT(fixed == 1);
2232
2233 // For system threads (e.g. replication SQL thread) user may be empty
2234 if (user)
2235 {
2236 const CHARSET_INFO *cs= str_value.charset();
2237 size_t res_length= (strlen(user)+strlen(host)+2) * cs->mbmaxlen;
2238
2239 if (str_value.alloc((uint) res_length))
2240 {
2241 null_value=1;
2242 return TRUE;
2243 }
2244
2245 res_length=cs->cset->snprintf(cs, (char*)str_value.ptr(), (uint) res_length,
2246 "%s@%s", user, host);
2247 str_value.length((uint) res_length);
2248 str_value.mark_as_const();
2249 }
2250 return FALSE;
2251 }
2252
2253
itemize(Parse_context * pc,Item ** res)2254 bool Item_func_user::itemize(Parse_context *pc, Item **res)
2255 {
2256 if (skip_itemize(res))
2257 return false;
2258 if (super::itemize(pc, res))
2259 return true;
2260
2261 LEX *lex= pc->thd->lex;
2262 lex->set_stmt_unsafe(LEX::BINLOG_STMT_UNSAFE_SYSTEM_FUNCTION);
2263 lex->safe_to_cache_query= 0;
2264 return false;
2265 }
2266
fix_fields(THD * thd,Item ** ref)2267 bool Item_func_user::fix_fields(THD *thd, Item **ref)
2268 {
2269 return (Item_func_sysconst::fix_fields(thd, ref) ||
2270 init(thd->m_main_security_ctx.user().str,
2271 thd->m_main_security_ctx.host_or_ip().str));
2272 }
2273
2274
itemize(Parse_context * pc,Item ** res)2275 bool Item_func_current_user::itemize(Parse_context *pc, Item **res)
2276 {
2277 if (skip_itemize(res))
2278 return false;
2279 if (super::itemize(pc, res))
2280 return true;
2281
2282 context= pc->thd->lex->current_context();
2283 return false;
2284 }
2285
2286
fix_fields(THD * thd,Item ** ref)2287 bool Item_func_current_user::fix_fields(THD *thd, Item **ref)
2288 {
2289 if (Item_func_sysconst::fix_fields(thd, ref))
2290 return TRUE;
2291
2292 Security_context *ctx=
2293 #ifndef NO_EMBEDDED_ACCESS_CHECKS
2294 (context->security_ctx
2295 ? context->security_ctx : thd->security_context());
2296 #else
2297 thd->security_context();
2298 #endif /*NO_EMBEDDED_ACCESS_CHECKS*/
2299 return init(ctx->priv_user().str, ctx->priv_host().str);
2300 }
2301
2302
fix_length_and_dec()2303 void Item_func_soundex::fix_length_and_dec()
2304 {
2305 uint32 char_length= args[0]->max_char_length();
2306 agg_arg_charsets_for_string_result(collation, args, 1);
2307 DBUG_ASSERT(collation.collation != NULL);
2308 set_if_bigger(char_length, 4);
2309 fix_char_length(char_length);
2310 tmp_value.set_charset(collation.collation);
2311 }
2312
2313
2314 /**
2315 If alpha, map input letter to soundex code.
2316 If not alpha and remove_garbage is set then skip to next char
2317 else return 0
2318 */
2319
soundex_toupper(int ch)2320 static int soundex_toupper(int ch)
2321 {
2322 return (ch >= 'a' && ch <= 'z') ? ch - 'a' + 'A' : ch;
2323 }
2324
2325
get_scode(int wc)2326 static char get_scode(int wc)
2327 {
2328 int ch= soundex_toupper(wc);
2329 if (ch < 'A' || ch > 'Z')
2330 {
2331 // Thread extended alfa (country spec)
2332 return '0'; // as vokal
2333 }
2334 return(soundex_map[ch-'A']);
2335 }
2336
2337
my_uni_isalpha(int wc)2338 static bool my_uni_isalpha(int wc)
2339 {
2340 /*
2341 Return true for all Basic Latin letters: a..z A..Z.
2342 Return true for all Unicode characters with code higher than U+00C0:
2343 - characters between 'z' and U+00C0 are controls and punctuations.
2344 - "U+00C0 LATIN CAPITAL LETTER A WITH GRAVE" is the first letter after 'z'.
2345 */
2346 return (wc >= 'a' && wc <= 'z') ||
2347 (wc >= 'A' && wc <= 'Z') ||
2348 (wc >= 0xC0);
2349 }
2350
2351
val_str(String * str)2352 String *Item_func_soundex::val_str(String *str)
2353 {
2354 DBUG_ASSERT(fixed == 1);
2355 String *res =args[0]->val_str(str);
2356 char last_ch,ch;
2357 const CHARSET_INFO *cs= collation.collation;
2358 my_wc_t wc;
2359 uint nchars;
2360 int rc;
2361
2362 if ((null_value= args[0]->null_value))
2363 return 0; /* purecov: inspected */
2364
2365 if (tmp_value.alloc(max(res->length(), static_cast<size_t>(4 * cs->mbminlen))))
2366 return str; /* purecov: inspected */
2367 char *to= (char *) tmp_value.ptr();
2368 char *to_end= to + tmp_value.alloced_length();
2369 char *from= (char *) res->ptr(), *end= from + res->length();
2370
2371 for ( ; ; ) /* Skip pre-space */
2372 {
2373 if ((rc= cs->cset->mb_wc(cs, &wc, (uchar*) from, (uchar*) end)) <= 0)
2374 return make_empty_result(); /* EOL or invalid byte sequence */
2375
2376 if (rc == 1 && cs->ctype)
2377 {
2378 /* Single byte letter found */
2379 if (my_isalpha(cs, *from))
2380 {
2381 last_ch= get_scode(*from); // Code of the first letter
2382 *to++= soundex_toupper(*from++); // Copy first letter
2383 break;
2384 }
2385 from++;
2386 }
2387 else
2388 {
2389 from+= rc;
2390 if (my_uni_isalpha(wc))
2391 {
2392 /* Multibyte letter found */
2393 wc= soundex_toupper(wc);
2394 last_ch= get_scode(wc); // Code of the first letter
2395 if ((rc= cs->cset->wc_mb(cs, wc, (uchar*) to, (uchar*) to_end)) <= 0)
2396 {
2397 /* Extra safety - should not really happen */
2398 DBUG_ASSERT(false);
2399 return make_empty_result();
2400 }
2401 to+= rc;
2402 break;
2403 }
2404 }
2405 }
2406
2407 /*
2408 last_ch is now set to the first 'double-letter' check.
2409 loop on input letters until end of input
2410 */
2411 for (nchars= 1 ; ; )
2412 {
2413 if ((rc= cs->cset->mb_wc(cs, &wc, (uchar*) from, (uchar*) end)) <= 0)
2414 break; /* EOL or invalid byte sequence */
2415
2416 if (rc == 1 && cs->ctype)
2417 {
2418 if (!my_isalpha(cs, *from++))
2419 continue;
2420 }
2421 else
2422 {
2423 from+= rc;
2424 if (!my_uni_isalpha(wc))
2425 continue;
2426 }
2427
2428 ch= get_scode(wc);
2429 if ((ch != '0') && (ch != last_ch)) // if not skipped or double
2430 {
2431 // letter, copy to output
2432 if ((rc= cs->cset->wc_mb(cs, (my_wc_t) ch,
2433 (uchar*) to, (uchar*) to_end)) <= 0)
2434 {
2435 // Extra safety - should not really happen
2436 DBUG_ASSERT(false);
2437 break;
2438 }
2439 to+= rc;
2440 nchars++;
2441 last_ch= ch; // save code of last input letter
2442 } // for next double-letter check
2443 }
2444
2445 /* Pad up to 4 characters with DIGIT ZERO, if the string is shorter */
2446 if (nchars < 4)
2447 {
2448 uint nbytes= (4 - nchars) * cs->mbminlen;
2449 cs->cset->fill(cs, to, nbytes, '0');
2450 to+= nbytes;
2451 }
2452
2453 tmp_value.length((uint) (to-tmp_value.ptr()));
2454 return &tmp_value;
2455 }
2456
2457
fix_length_and_dec()2458 void Item_func_geohash::fix_length_and_dec()
2459 {
2460 fix_length_and_charset(Item_func_geohash::upper_limit_output_length,
2461 default_charset());
2462 }
2463
2464
2465 /**
2466 Here we check for valid types. We have to accept geometry of any type,
2467 and determine if it's really a POINT in val_str().
2468 */
fix_fields(THD * thd,Item ** ref)2469 bool Item_func_geohash::fix_fields(THD *thd, Item **ref)
2470 {
2471 if (Item_str_func::fix_fields(thd, ref))
2472 return true;
2473
2474 int geohash_length_arg_index;
2475 if (arg_count == 2)
2476 {
2477 /*
2478 First argument expected to be a point and second argument is expected
2479 to be geohash output length.
2480
2481 PARAM_ITEM and the binary charset checks are to allow prepared statements
2482 and usage of user-defined variables.
2483 */
2484 geohash_length_arg_index= 1;
2485 maybe_null= (args[0]->maybe_null || args[1]->maybe_null);
2486 if (!is_item_null(args[0]) &&
2487 args[0]->field_type() != MYSQL_TYPE_GEOMETRY &&
2488 args[0]->type() != PARAM_ITEM &&
2489 args[0]->collation.collation != &my_charset_bin)
2490 {
2491 my_error(ER_INCORRECT_TYPE, MYF(0), "point", func_name());
2492 return true;
2493 }
2494 }
2495 else if (arg_count == 3)
2496 {
2497 /*
2498 First argument is expected to be longitude, second argument is expected
2499 to be latitude and third argument is expected to be geohash
2500 output length.
2501 */
2502 geohash_length_arg_index= 2;
2503 maybe_null= (args[0]->maybe_null || args[1]->maybe_null ||
2504 args[2]->maybe_null);
2505 if (!check_valid_latlong_type(args[0]))
2506 {
2507 my_error(ER_INCORRECT_TYPE, MYF(0), "longitude", func_name());
2508 return true;
2509 }
2510 else if (!check_valid_latlong_type(args[1]))
2511 {
2512 my_error(ER_INCORRECT_TYPE, MYF(0), "latitude", func_name());
2513 return true;
2514 }
2515 }
2516 else
2517 {
2518 /*
2519 This should never happen, since function
2520 only supports two or three arguments.
2521 */
2522 DBUG_ASSERT(false);
2523 return true;
2524 }
2525
2526
2527 /*
2528 Check if geohash length argument is of valid type.
2529
2530 PARAM_ITEM is to allow parameter marker during PREPARE, and INT_ITEM is to
2531 allow EXECUTE of prepared statements and usage of user-defined variables.
2532 */
2533 if (is_item_null(args[geohash_length_arg_index]))
2534 return false;
2535
2536 bool is_binary_charset=
2537 (args[geohash_length_arg_index]->collation.collation == &my_charset_bin);
2538 bool is_parameter=
2539 (args[geohash_length_arg_index]->type() == PARAM_ITEM ||
2540 args[geohash_length_arg_index]->type() == INT_ITEM);
2541
2542 switch (args[geohash_length_arg_index]->field_type())
2543 {
2544 case MYSQL_TYPE_TINY:
2545 case MYSQL_TYPE_SHORT:
2546 case MYSQL_TYPE_LONG:
2547 case MYSQL_TYPE_LONGLONG:
2548 case MYSQL_TYPE_INT24:
2549 case MYSQL_TYPE_VARCHAR:
2550 case MYSQL_TYPE_STRING:
2551 case MYSQL_TYPE_VAR_STRING:
2552 case MYSQL_TYPE_TINY_BLOB:
2553 case MYSQL_TYPE_MEDIUM_BLOB:
2554 case MYSQL_TYPE_LONG_BLOB:
2555 case MYSQL_TYPE_BLOB:
2556 if (is_binary_charset && !is_parameter)
2557 {
2558 my_error(ER_INCORRECT_TYPE, MYF(0), "geohash max length", func_name());
2559 return true;
2560 }
2561 break;
2562 default:
2563 my_error(ER_INCORRECT_TYPE, MYF(0), "geohash max length", func_name());
2564 return true;
2565 }
2566 return false;
2567 }
2568
2569
2570 /**
2571 Checks if supplied item is a valid latitude or longitude, based on which
2572 type it is. Implemented as a whitelist of allowed types, where binary data is
2573 not allowed.
2574
2575 @param ref Item to check for valid latitude/longitude.
2576 @return false if item is not valid, true otherwise.
2577 */
check_valid_latlong_type(Item * arg)2578 bool Item_func_geohash::check_valid_latlong_type(Item *arg)
2579 {
2580 if (is_item_null(arg))
2581 return true;
2582
2583 /*
2584 is_field_type_valid will be true if the item is a constant or a field of
2585 valid type.
2586 */
2587 bool is_binary_charset= (arg->collation.collation == &my_charset_bin);
2588 bool is_field_type_valid= false;
2589 switch (arg->field_type())
2590 {
2591 case MYSQL_TYPE_DECIMAL:
2592 case MYSQL_TYPE_NEWDECIMAL:
2593 case MYSQL_TYPE_TINY:
2594 case MYSQL_TYPE_SHORT:
2595 case MYSQL_TYPE_LONG:
2596 case MYSQL_TYPE_FLOAT:
2597 case MYSQL_TYPE_DOUBLE:
2598 case MYSQL_TYPE_LONGLONG:
2599 case MYSQL_TYPE_INT24:
2600 case MYSQL_TYPE_VARCHAR:
2601 case MYSQL_TYPE_STRING:
2602 case MYSQL_TYPE_VAR_STRING:
2603 case MYSQL_TYPE_TINY_BLOB:
2604 case MYSQL_TYPE_MEDIUM_BLOB:
2605 case MYSQL_TYPE_LONG_BLOB:
2606 case MYSQL_TYPE_BLOB:
2607 is_field_type_valid= !is_binary_charset;
2608 break;
2609 default:
2610 is_field_type_valid= false;
2611 break;
2612 }
2613
2614 /*
2615 Parameters and parameter markers always have
2616 field_type() == MYSQL_TYPE_VARCHAR. type() is dependent on if it's a
2617 parameter marker or parameter (PREPARE or EXECUTE, respectively).
2618 */
2619 bool is_parameter= (arg->type() == INT_ITEM || arg->type() == DECIMAL_ITEM ||
2620 arg->type() == REAL_ITEM || arg->type() == STRING_ITEM) &&
2621 (arg->field_type() == MYSQL_TYPE_VARCHAR);
2622 bool is_parameter_marker= (arg->type() == PARAM_ITEM &&
2623 arg->field_type() == MYSQL_TYPE_VARCHAR);
2624
2625 if (is_field_type_valid || is_parameter_marker || is_parameter)
2626 return true;
2627 return false;
2628 }
2629
2630
2631 /**
2632 Check if a Item is NULL. This includes NULL in the form of literal
2633 NULL, NULL in a user-defined variable and NULL in prepared statements.
2634
2635 Note that it will return true for MEDIUM_BLOB for FUNC_ITEM as well, in order
2636 to allow NULL in user-defined variables.
2637
2638 @param item The item to check for NULL.
2639
2640 @return true if the item is NULL, false otherwise.
2641 */
is_item_null(Item * item)2642 bool Item_func_geohash::is_item_null(Item *item)
2643 {
2644 if (item->field_type() == MYSQL_TYPE_NULL || item->type() == NULL_ITEM)
2645 return true;
2646
2647 // The following will allow the usage of NULL in user-defined variables.
2648 bool is_binary_charset= (item->collation.collation == &my_charset_bin);
2649 if (is_binary_charset && item->type() == FUNC_ITEM &&
2650 item->field_type() == MYSQL_TYPE_MEDIUM_BLOB)
2651 {
2652 return true;
2653 }
2654 return false;
2655 }
2656
2657
2658 /**
2659 Populate member variables with values from arguments.
2660
2661 In this function we populate the member variables 'latitude', 'longitude'
2662 and 'geohash_length' with values from the arguments supplied by the user.
2663 We also do type checking on the geometry object, as well as out-of-range
2664 check for both longitude, latitude and geohash length.
2665
2666 If an expection is raised, null_value will not be set. If a null argument
2667 was detected, null_value will be set to true.
2668
2669 @return false if class variables was populated, or true if the function
2670 failed to populate them.
2671 */
fill_and_check_fields()2672 bool Item_func_geohash::fill_and_check_fields()
2673 {
2674 longlong geohash_length_arg= -1;
2675 if (arg_count == 2)
2676 {
2677 // First argument is point, second argument is geohash output length.
2678 String string_buffer;
2679 String *swkb= args[0]->val_str(&string_buffer);
2680 geohash_length_arg= args[1]->val_int();
2681
2682 if ((null_value= args[0]->null_value || args[1]->null_value || !swkb))
2683 {
2684 return true;
2685 }
2686 else
2687 {
2688 Geometry *geom;
2689 Geometry_buffer geometry_buffer;
2690 if (!(geom= Geometry::construct(&geometry_buffer, swkb)))
2691 {
2692 my_error(ER_GIS_INVALID_DATA, MYF(0), func_name());
2693 return true;
2694 }
2695 else if (geom->get_type() != Geometry::wkb_point ||
2696 geom->get_x(&longitude) || geom->get_y(&latitude))
2697 {
2698 my_error(ER_INCORRECT_TYPE, MYF(0), "point", func_name());
2699 return true;
2700 }
2701 }
2702 }
2703 else if (arg_count == 3)
2704 {
2705 /*
2706 First argument is longitude, second argument is latitude
2707 and third argument is geohash output length.
2708 */
2709 longitude= args[0]->val_real();
2710 latitude= args[1]->val_real();
2711 geohash_length_arg= args[2]->val_int();
2712
2713 if ((null_value= args[0]->null_value || args[1]->null_value ||
2714 args[2]->null_value))
2715 return true;
2716 }
2717
2718 // Check if supplied arguments are within allowed range.
2719 if (longitude > max_longitude || longitude < min_longitude)
2720 {
2721 my_error(ER_DATA_OUT_OF_RANGE, MYF(0), "longitude", func_name());
2722 return true;
2723 }
2724 else if (latitude > max_latitude || latitude < min_latitude)
2725 {
2726 my_error(ER_DATA_OUT_OF_RANGE, MYF(0), "latitude", func_name());
2727 return true;
2728 }
2729
2730 if (geohash_length_arg <= 0 ||
2731 geohash_length_arg > upper_limit_output_length)
2732 {
2733 char geohash_length_string[MAX_BIGINT_WIDTH + 1];
2734 llstr(geohash_length_arg, geohash_length_string);
2735 my_error(ER_DATA_OUT_OF_RANGE, MYF(0), "max geohash length", func_name());
2736 return true;
2737 }
2738
2739 geohash_max_output_length= static_cast<uint>(geohash_length_arg);
2740 return false;
2741 }
2742
2743
2744 /**
2745 Encodes a pair of longitude and latitude values into a geohash string.
2746 The length of the output string will be no longer than the value of
2747 geohash_max_output_length member variable, but it might be shorter. The stop
2748 condition is the following:
2749
2750 After appending a character to the output string, check if the encoded values
2751 of latitude and longitude matches the input arguments values. If so, return
2752 the result to the user.
2753
2754 It does exist latitudes/longitude values which will cause the algorithm to
2755 loop until MAX(max_geohash_length, upper_geohash_limit), no matter how large
2756 these arguments are (eg. SELECT GEOHASH(0.01, 1, 100); ). It is thus
2757 important to supply an reasonable max geohash length argument.
2758 */
val_str_ascii(String * str)2759 String *Item_func_geohash::val_str_ascii(String *str)
2760 {
2761 DBUG_ASSERT(fixed == TRUE);
2762
2763 if (fill_and_check_fields())
2764 {
2765 if (null_value)
2766 {
2767 return NULL;
2768 }
2769 else
2770 {
2771 /*
2772 Since null_value == false, my_error() was raised inside
2773 fill_and_check_fields().
2774 */
2775 return error_str();
2776 }
2777 }
2778
2779 // Allocate one extra byte, for trailing '\0'.
2780 if (str->alloc(geohash_max_output_length + 1))
2781 return make_empty_result();
2782 str->length(0);
2783
2784 double upper_latitude= max_latitude;
2785 double lower_latitude= min_latitude;
2786 double upper_longitude= max_longitude;
2787 double lower_longitude= min_longitude;
2788 bool even_bit= true;
2789
2790 for (uint i= 0; i < geohash_max_output_length; i++)
2791 {
2792 /*
2793 We must encode in blocks of five bits, so we don't risk stopping
2794 in the middle of a character. If we stop in the middle of a character,
2795 some encoded geohash values will differ from geohash.org.
2796 */
2797 char current_char= 0;
2798 for (uint bit_number= 0; bit_number < 5; bit_number++)
2799 {
2800 if (even_bit)
2801 {
2802 // Encode one longitude bit.
2803 encode_bit(&upper_longitude, &lower_longitude, longitude,
2804 ¤t_char, bit_number);
2805 }
2806 else
2807 {
2808 // Encode one latitude bit.
2809 encode_bit(&upper_latitude, &lower_latitude, latitude,
2810 ¤t_char, bit_number);
2811 }
2812 even_bit = !even_bit;
2813 }
2814 str->q_append(char_to_base32(current_char));
2815
2816 /*
2817 If encoded values of latitude and longitude matches the supplied
2818 arguments, there is no need to do more calculation.
2819 */
2820 if (latitude == (lower_latitude + upper_latitude) / 2.0 &&
2821 longitude == (lower_longitude + upper_longitude) / 2.0)
2822 break;
2823 }
2824 return str;
2825 }
2826
2827
2828 /**
2829 Sets the bit number in char_value, determined by following formula:
2830
2831 IF target_value < (middle between lower_value and upper_value)
2832 set bit to 0
2833 ELSE
2834 set bit to 1
2835
2836 When the function returns, upper_value OR lower_value are adjusted
2837 to the middle value between lower and upper.
2838
2839 @param upper_value The upper error range for latitude or longitude.
2840 @param lower_value The lower error range for latitude or longitude.
2841 @param target_value Latitude or longitude value supplied as argument
2842 by the user.
2843 @param char_value The character we want to set the bit on.
2844 @param bit_number Wich bit number in char_value to set.
2845 */
encode_bit(double * upper_value,double * lower_value,double target_value,char * char_value,int bit_number)2846 void Item_func_geohash::encode_bit(double *upper_value, double *lower_value,
2847 double target_value, char *char_value,
2848 int bit_number)
2849 {
2850 DBUG_ASSERT(bit_number >= 0 && bit_number <= 4);
2851
2852 double middle_value= (*upper_value + *lower_value) / 2.0;
2853 if (target_value < middle_value)
2854 {
2855 *upper_value= middle_value;
2856 *char_value |= 0 << (4 - bit_number);
2857 }
2858 else
2859 {
2860 *lower_value= middle_value;
2861 *char_value |= 1 << (4 - bit_number);
2862 }
2863 }
2864
2865 /**
2866 Converts a char value to it's base32 representation, where 0 = a,
2867 1 = b, ... , 30 = y, 31 = z.
2868
2869 The function expects that the input character is within allowed range.
2870
2871 @param char_input The value to convert.
2872
2873 @return the ASCII equivalent.
2874 */
char_to_base32(char char_input)2875 char Item_func_geohash::char_to_base32(char char_input)
2876 {
2877 DBUG_ASSERT(char_input <= 31);
2878
2879 if (char_input < 10)
2880 return char_input + '0';
2881 else if (char_input < 17)
2882 return char_input + ('b' - 10);
2883 else if (char_input < 19)
2884 return char_input + ('b' - 10 + 1);
2885 else if (char_input < 21)
2886 return char_input + ('b' - 10 + 2);
2887 else
2888 return char_input + ('b' - 10 + 3);
2889 }
2890
2891
2892 /**
2893 Change a number to format '3,333,333,333.000'.
2894
2895 This should be 'internationalized' sometimes.
2896 */
2897
2898 const int FORMAT_MAX_DECIMALS= 30;
2899
2900
get_locale(Item * item)2901 MY_LOCALE *Item_func_format::get_locale(Item *item)
2902 {
2903 DBUG_ASSERT(arg_count == 3);
2904 String tmp, *locale_name= args[2]->val_str_ascii(&tmp);
2905 MY_LOCALE *lc;
2906 if (!locale_name ||
2907 !(lc= my_locale_by_name(locale_name->c_ptr_safe())))
2908 {
2909 push_warning_printf(current_thd, Sql_condition::SL_WARNING,
2910 ER_UNKNOWN_LOCALE,
2911 ER(ER_UNKNOWN_LOCALE),
2912 locale_name ? locale_name->c_ptr_safe() : "NULL");
2913 lc= &my_locale_en_US;
2914 }
2915 return lc;
2916 }
2917
fix_length_and_dec()2918 void Item_func_format::fix_length_and_dec()
2919 {
2920 uint32 char_length= args[0]->max_char_length();
2921 uint32 max_sep_count= (char_length / 3) + (decimals ? 1 : 0) + /*sign*/1;
2922 collation.set(default_charset());
2923 fix_char_length(char_length + max_sep_count + decimals);
2924 if (arg_count == 3)
2925 locale= args[2]->basic_const_item() ? get_locale(args[2]) : NULL;
2926 else
2927 locale= &my_locale_en_US; /* Two arguments */
2928 reject_geometry_args(arg_count, args, this);
2929 }
2930
2931
2932 /**
2933 @todo
2934 This needs to be fixed for multi-byte character set where numbers
2935 are stored in more than one byte
2936 */
2937
val_str_ascii(String * str)2938 String *Item_func_format::val_str_ascii(String *str)
2939 {
2940 size_t str_length;
2941 /* Number of decimal digits */
2942 int dec;
2943 /* Number of characters used to represent the decimals, including '.' */
2944 uint32 dec_length;
2945 MY_LOCALE *lc;
2946 DBUG_ASSERT(fixed == 1);
2947
2948 dec= (int) args[1]->val_int();
2949 if (args[1]->null_value)
2950 {
2951 null_value=1;
2952 return NULL;
2953 }
2954
2955 lc= locale ? locale : get_locale(args[2]);
2956
2957 dec= set_zone(dec, 0, FORMAT_MAX_DECIMALS);
2958 dec_length= dec ? dec+1 : 0;
2959 null_value=0;
2960
2961 if (args[0]->result_type() == DECIMAL_RESULT ||
2962 args[0]->result_type() == INT_RESULT)
2963 {
2964 my_decimal dec_val, rnd_dec, *res;
2965 res= args[0]->val_decimal(&dec_val);
2966 if ((null_value=args[0]->null_value))
2967 return 0; /* purecov: inspected */
2968 my_decimal_round(E_DEC_FATAL_ERROR, res, dec, false, &rnd_dec);
2969 my_decimal2string(E_DEC_FATAL_ERROR, &rnd_dec, 0, 0, 0, str);
2970 str_length= str->length();
2971 }
2972 else
2973 {
2974 double nr= args[0]->val_real();
2975 if ((null_value=args[0]->null_value))
2976 return 0; /* purecov: inspected */
2977 nr= my_double_round(nr, (longlong) dec, FALSE, FALSE);
2978 str->set_real(nr, dec, &my_charset_numeric);
2979 if (my_isnan(nr) || my_isinf(nr))
2980 return str;
2981 str_length=str->length();
2982 }
2983 /* We need this test to handle 'nan' and short values */
2984 if (lc->grouping[0] > 0 &&
2985 str_length >= dec_length + 1 + lc->grouping[0])
2986 {
2987 /* We need space for ',' between each group of digits as well. */
2988 char buf[2 * FLOATING_POINT_BUFFER + 2] = {0};
2989 int count;
2990 const char *grouping= lc->grouping;
2991 char sign_length= *str->ptr() == '-' ? 1 : 0;
2992 const char *src= str->ptr() + str_length - dec_length - 1;
2993 const char *src_begin= str->ptr() + sign_length;
2994 char *dst= buf + 2 * FLOATING_POINT_BUFFER;
2995 char *start_dst = dst;
2996
2997 /* Put the fractional part */
2998 if (dec)
2999 {
3000 dst-= (dec + 1);
3001 *dst= lc->decimal_point;
3002 memcpy(dst + 1, src + 2, dec);
3003 }
3004
3005 /* Put the integer part with grouping */
3006 for (count= *grouping; src >= src_begin; count--)
3007 {
3008 /*
3009 When *grouping==0x80 (which means "end of grouping")
3010 count will be initialized to -1 and
3011 we'll never get into this "if" anymore.
3012 */
3013 if (count == 0)
3014 {
3015 *--dst= lc->thousand_sep;
3016 if (grouping[1])
3017 grouping++;
3018 count= *grouping;
3019 }
3020 DBUG_ASSERT(dst > buf);
3021 *--dst= *src--;
3022 }
3023
3024 if (sign_length) /* Put '-' */
3025 *--dst= *str->ptr();
3026
3027 /* Put the rest of the integer part without grouping */
3028 size_t result_length = start_dst - dst;
3029 str->copy(dst, result_length, &my_charset_latin1);
3030 }
3031 else if (dec_length && lc->decimal_point != '.')
3032 {
3033 /*
3034 For short values without thousands (<1000)
3035 replace decimal point to localized value.
3036 */
3037 DBUG_ASSERT(dec_length <= str_length);
3038 ((char*) str->ptr())[str_length - dec_length]= lc->decimal_point;
3039 }
3040 return str;
3041 }
3042
3043
print(String * str,enum_query_type query_type)3044 void Item_func_format::print(String *str, enum_query_type query_type)
3045 {
3046 str->append(STRING_WITH_LEN("format("));
3047 args[0]->print(str, query_type);
3048 str->append(',');
3049 args[1]->print(str, query_type);
3050 if(arg_count > 2)
3051 {
3052 str->append(',');
3053 args[2]->print(str,query_type);
3054 }
3055 str->append(')');
3056 }
3057
fix_length_and_dec()3058 void Item_func_elt::fix_length_and_dec()
3059 {
3060 uint32 char_length= 0;
3061 decimals=0;
3062
3063 if (agg_arg_charsets_for_string_result(collation, args + 1, arg_count - 1))
3064 return;
3065
3066 for (uint i= 1 ; i < arg_count ; i++)
3067 {
3068 set_if_bigger(char_length, args[i]->max_char_length());
3069 set_if_bigger(decimals,args[i]->decimals);
3070 }
3071 fix_char_length(char_length);
3072 maybe_null=1; // NULL if wrong first arg
3073 }
3074
3075
val_real()3076 double Item_func_elt::val_real()
3077 {
3078 DBUG_ASSERT(fixed == 1);
3079 uint tmp;
3080 null_value=1;
3081 if ((tmp= (uint) args[0]->val_int()) == 0 || args[0]->null_value
3082 || tmp >= arg_count)
3083 return 0.0;
3084 double result= args[tmp]->val_real();
3085 null_value= args[tmp]->null_value;
3086 return result;
3087 }
3088
3089
val_int()3090 longlong Item_func_elt::val_int()
3091 {
3092 DBUG_ASSERT(fixed == 1);
3093 uint tmp;
3094 null_value=1;
3095 if ((tmp= (uint) args[0]->val_int()) == 0 || args[0]->null_value
3096 || tmp >= arg_count)
3097 return 0;
3098
3099 longlong result= args[tmp]->val_int();
3100 null_value= args[tmp]->null_value;
3101 return result;
3102 }
3103
3104
val_str(String * str)3105 String *Item_func_elt::val_str(String *str)
3106 {
3107 DBUG_ASSERT(fixed == 1);
3108 uint tmp;
3109 null_value=1;
3110 if ((tmp= (uint) args[0]->val_int()) == 0 || args[0]->null_value
3111 || tmp >= arg_count)
3112 return NULL;
3113
3114 String *result= args[tmp]->val_str(str);
3115 if (result)
3116 result->set_charset(collation.collation);
3117 null_value= args[tmp]->null_value;
3118 return result;
3119 }
3120
3121
itemize(Parse_context * pc,Item ** res)3122 bool Item_func_make_set::itemize(Parse_context *pc, Item **res)
3123 {
3124 if (skip_itemize(res))
3125 return false;
3126 /*
3127 We have to itemize() the "item" before the super::itemize() call there since
3128 this reflects the "natural" order of former semantic action code execution
3129 in the original parser:
3130 */
3131 return item->itemize(pc, &item) || super::itemize(pc, res);
3132 }
3133
3134
split_sum_func(THD * thd,Ref_ptr_array ref_pointer_array,List<Item> & fields)3135 void Item_func_make_set::split_sum_func(THD *thd,
3136 Ref_ptr_array ref_pointer_array,
3137 List<Item> &fields)
3138 {
3139 item->split_sum_func2(thd, ref_pointer_array, fields, &item, TRUE);
3140 Item_str_func::split_sum_func(thd, ref_pointer_array, fields);
3141 }
3142
3143
fix_length_and_dec()3144 void Item_func_make_set::fix_length_and_dec()
3145 {
3146 uint32 char_length= arg_count - 1; /* Separators */
3147
3148 if (agg_arg_charsets_for_string_result(collation, args, arg_count))
3149 return;
3150
3151 for (uint i=0 ; i < arg_count ; i++)
3152 char_length+= args[i]->max_char_length();
3153 fix_char_length(char_length);
3154 used_tables_cache|= item->used_tables();
3155 not_null_tables_cache&= item->not_null_tables();
3156 const_item_cache&= item->const_item();
3157 with_sum_func= with_sum_func || item->with_sum_func;
3158 }
3159
3160
update_used_tables()3161 void Item_func_make_set::update_used_tables()
3162 {
3163 Item_func::update_used_tables();
3164 item->update_used_tables();
3165 used_tables_cache|=item->used_tables();
3166 const_item_cache&=item->const_item();
3167 with_subselect|= item->has_subquery();
3168 with_stored_program|= item->has_stored_program();
3169 }
3170
3171
val_str(String * str)3172 String *Item_func_make_set::val_str(String *str)
3173 {
3174 DBUG_ASSERT(fixed == 1);
3175 ulonglong bits;
3176 bool first_found=0;
3177 Item **ptr=args;
3178 String *result= NULL;
3179
3180 bits=item->val_int();
3181 if ((null_value=item->null_value))
3182 return NULL;
3183
3184 if (arg_count < 64)
3185 bits &= ((ulonglong) 1 << arg_count)-1;
3186
3187 for (; bits; bits >>= 1, ptr++)
3188 {
3189 if (bits & 1)
3190 {
3191 String *res= (*ptr)->val_str(str);
3192 if (res) // Skip nulls
3193 {
3194 if (!first_found)
3195 { // First argument
3196 first_found=1;
3197 if (res != str)
3198 result=res; // Use original string
3199 else
3200 {
3201 if (tmp_str.copy(*res)) // Don't use 'str'
3202 return make_empty_result();
3203 result= &tmp_str;
3204 }
3205 }
3206 else
3207 {
3208 if (result != &tmp_str)
3209 { // Copy data to tmp_str
3210 if (tmp_str.alloc((result != NULL ? result->length() : 0) +
3211 res->length() + 1) ||
3212 tmp_str.copy(*result))
3213 return make_empty_result();
3214 result= &tmp_str;
3215 }
3216 if (tmp_str.append(STRING_WITH_LEN(","), &my_charset_bin) ||
3217 tmp_str.append(*res))
3218 return make_empty_result();
3219 }
3220 }
3221 }
3222 }
3223 if (result == NULL)
3224 return make_empty_result();
3225 return result;
3226 }
3227
3228
transform(Item_transformer transformer,uchar * arg)3229 Item *Item_func_make_set::transform(Item_transformer transformer, uchar *arg)
3230 {
3231 DBUG_ASSERT(!current_thd->stmt_arena->is_stmt_prepare());
3232
3233 Item *new_item= item->transform(transformer, arg);
3234 if (!new_item)
3235 return 0;
3236
3237 /*
3238 THD::change_item_tree() should be called only if the tree was
3239 really transformed, i.e. when a new item has been created.
3240 Otherwise we'll be allocating a lot of unnecessary memory for
3241 change records at each execution.
3242 */
3243 if (item != new_item)
3244 current_thd->change_item_tree(&item, new_item);
3245 return Item_str_func::transform(transformer, arg);
3246 }
3247
3248
print(String * str,enum_query_type query_type)3249 void Item_func_make_set::print(String *str, enum_query_type query_type)
3250 {
3251 str->append(STRING_WITH_LEN("make_set("));
3252 item->print(str, query_type);
3253 if (arg_count)
3254 {
3255 str->append(',');
3256 print_args(str, 0, query_type);
3257 }
3258 str->append(')');
3259 }
3260
3261
val_str(String * str)3262 String *Item_func_char::val_str(String *str)
3263 {
3264 DBUG_ASSERT(fixed == 1);
3265 str->length(0);
3266 str->set_charset(collation.collation);
3267 for (uint i=0 ; i < arg_count ; i++)
3268 {
3269 int32 num=(int32) args[i]->val_int();
3270 if (!args[i]->null_value)
3271 {
3272 char tmp[4];
3273 if (num & 0xFF000000L)
3274 {
3275 mi_int4store(tmp, num);
3276 str->append(tmp, 4, &my_charset_bin);
3277 }
3278 else if (num & 0xFF0000L)
3279 {
3280 mi_int3store(tmp, num);
3281 str->append(tmp, 3, &my_charset_bin);
3282 }
3283 else if (num & 0xFF00L)
3284 {
3285 mi_int2store(tmp, num);
3286 str->append(tmp, 2, &my_charset_bin);
3287 }
3288 else
3289 {
3290 tmp[0]= (char) num;
3291 str->append(tmp, 1, &my_charset_bin);
3292 }
3293 }
3294 }
3295 str->mem_realloc(str->length()); // Add end 0 (for Purify)
3296 return check_well_formed_result(str,
3297 false, // send warning
3298 true); // truncate
3299 }
3300
3301
alloc_buffer(String * res,String * str,String * tmp_value,size_t length)3302 inline String* alloc_buffer(String *res,String *str,String *tmp_value,
3303 size_t length)
3304 {
3305 if (res->alloced_length() < length)
3306 {
3307 if (str->alloced_length() >= length)
3308 {
3309 (void) str->copy(*res);
3310 str->length(length);
3311 return str;
3312 }
3313 if (tmp_value->alloc(length))
3314 return 0;
3315 (void) tmp_value->copy(*res);
3316 tmp_value->length(length);
3317 return tmp_value;
3318 }
3319 res->length(length);
3320 return res;
3321 }
3322
3323
fix_length_and_dec()3324 void Item_func_repeat::fix_length_and_dec()
3325 {
3326 agg_arg_charsets_for_string_result(collation, args, 1);
3327 DBUG_ASSERT(collation.collation != NULL);
3328 if (args[1]->const_item())
3329 {
3330 /* must be longlong to avoid truncation */
3331 longlong count= args[1]->val_int();
3332 if (args[1]->null_value)
3333 goto end;
3334
3335 /* Assumes that the maximum length of a String is < INT_MAX32. */
3336 /* Set here so that rest of code sees out-of-bound value as such. */
3337 if (count > INT_MAX32)
3338 count= INT_MAX32;
3339
3340 ulonglong char_length= (ulonglong) args[0]->max_char_length() * count;
3341 fix_char_length_ulonglong(char_length);
3342 return;
3343 }
3344
3345 end:
3346 max_length= MAX_BLOB_WIDTH;
3347 maybe_null= 1;
3348 }
3349
3350 /**
3351 Item_func_repeat::str is carefully written to avoid reallocs
3352 as much as possible at the cost of a local buffer
3353 */
3354
val_str(String * str)3355 String *Item_func_repeat::val_str(String *str)
3356 {
3357 DBUG_ASSERT(fixed == 1);
3358 size_t length, tot_length;
3359 char *to;
3360 /* must be longlong to avoid truncation */
3361 longlong count= args[1]->val_int();
3362 String *res= args[0]->val_str(str);
3363
3364 if (args[0]->null_value || args[1]->null_value)
3365 goto err; // string and/or delim are null
3366 null_value= 0;
3367
3368 if (count <= 0 && (count == 0 || !args[1]->unsigned_flag))
3369 return make_empty_result();
3370
3371 // Avoid looping, concatenating the empty string.
3372 if (res->length() == 0)
3373 return res;
3374
3375 /* Assumes that the maximum length of a String is < INT_MAX32. */
3376 /* Bounds check on count: If this is triggered, we will error. */
3377 if ((ulonglong) count > INT_MAX32)
3378 count= INT_MAX32;
3379 if (count == 1) // To avoid reallocs
3380 return res;
3381 length=res->length();
3382 // Safe length check
3383 if (length > current_thd->variables.max_allowed_packet / (uint) count)
3384 {
3385 push_warning_printf(current_thd, Sql_condition::SL_WARNING,
3386 ER_WARN_ALLOWED_PACKET_OVERFLOWED,
3387 ER(ER_WARN_ALLOWED_PACKET_OVERFLOWED),
3388 func_name(), current_thd->variables.max_allowed_packet);
3389 goto err;
3390 }
3391 tot_length= length*(uint) count;
3392 if (!(res= alloc_buffer(res,str,&tmp_value,tot_length)))
3393 goto err;
3394
3395 to=(char*) res->ptr()+length;
3396 while (--count)
3397 {
3398 memcpy(to,res->ptr(),length);
3399 to+=length;
3400 }
3401 return (res);
3402
3403 err:
3404 null_value=1;
3405 return 0;
3406 }
3407
3408
3409
fix_length_and_dec()3410 void Item_func_space::fix_length_and_dec()
3411 {
3412 collation.set(default_charset(), DERIVATION_COERCIBLE, MY_REPERTOIRE_ASCII);
3413 if (args[0]->const_item())
3414 {
3415 /* must be longlong to avoid truncation */
3416 longlong count= args[0]->val_int();
3417 if (args[0]->null_value)
3418 goto end;
3419 /*
3420 Assumes that the maximum length of a String is < INT_MAX32.
3421 Set here so that rest of code sees out-of-bound value as such.
3422 */
3423 if (count > INT_MAX32)
3424 count= INT_MAX32;
3425 fix_char_length_ulonglong(count);
3426 return;
3427 }
3428
3429 end:
3430 max_length= MAX_BLOB_WIDTH;
3431 maybe_null= 1;
3432 }
3433
3434
val_str(String * str)3435 String *Item_func_space::val_str(String *str)
3436 {
3437 uint tot_length;
3438 longlong count= args[0]->val_int();
3439 const CHARSET_INFO *cs= collation.collation;
3440
3441 if (args[0]->null_value)
3442 goto err; // string and/or delim are null
3443 null_value= 0;
3444
3445 if (count <= 0 && (count == 0 || !args[0]->unsigned_flag))
3446 return make_empty_result();
3447 /*
3448 Assumes that the maximum length of a String is < INT_MAX32.
3449 Bounds check on count: If this is triggered, we will error.
3450 */
3451 if ((ulonglong) count > INT_MAX32)
3452 count= INT_MAX32;
3453
3454 // Safe length check
3455 tot_length= (uint) count * cs->mbminlen;
3456 if (tot_length > current_thd->variables.max_allowed_packet)
3457 {
3458 push_warning_printf(current_thd, Sql_condition::SL_WARNING,
3459 ER_WARN_ALLOWED_PACKET_OVERFLOWED,
3460 ER(ER_WARN_ALLOWED_PACKET_OVERFLOWED),
3461 func_name(),
3462 current_thd->variables.max_allowed_packet);
3463 goto err;
3464 }
3465
3466 if (str->alloc(tot_length))
3467 goto err;
3468 str->length(tot_length);
3469 str->set_charset(cs);
3470 cs->cset->fill(cs, (char*) str->ptr(), tot_length, ' ');
3471 return str;
3472
3473 err:
3474 null_value= 1;
3475 return 0;
3476 }
3477
3478
fix_length_and_dec()3479 void Item_func_rpad::fix_length_and_dec()
3480 {
3481 // Handle character set for args[0] and args[2].
3482 if (agg_arg_charsets_for_string_result(collation, &args[0], 2, 2))
3483 return;
3484 if (args[1]->const_item())
3485 {
3486 ulonglong char_length= (ulonglong) args[1]->val_int();
3487 if (args[1]->null_value)
3488 goto end;
3489 DBUG_ASSERT(collation.collation->mbmaxlen > 0);
3490 /* Assumes that the maximum length of a String is < INT_MAX32. */
3491 /* Set here so that rest of code sees out-of-bound value as such. */
3492 if (char_length > INT_MAX32)
3493 char_length= INT_MAX32;
3494 fix_char_length_ulonglong(char_length);
3495 return;
3496 }
3497
3498 end:
3499 max_length= MAX_BLOB_WIDTH;
3500 maybe_null= 1;
3501 }
3502
3503
val_str(String * str)3504 String *Item_func_rpad::val_str(String *str)
3505 {
3506 DBUG_ASSERT(fixed == 1);
3507 char *to;
3508 /* must be longlong to avoid truncation */
3509 longlong count= args[1]->val_int();
3510 /* Avoid modifying this string as it may affect args[0] */
3511 String *res= args[0]->val_str(str);
3512 String *rpad= args[2]->val_str(&rpad_str);
3513
3514 if (!res || args[1]->null_value || !rpad ||
3515 ((count < 0) && !args[1]->unsigned_flag))
3516 {
3517 null_value= true;
3518 return NULL;
3519 }
3520 null_value=0;
3521 /* Assumes that the maximum length of a String is < INT_MAX32. */
3522 /* Set here so that rest of code sees out-of-bound value as such. */
3523 if ((ulonglong) count > INT_MAX32)
3524 count= INT_MAX32;
3525 /*
3526 There is one exception not handled (intentionaly) by the character set
3527 aggregation code. If one string is strong side and is binary, and
3528 another one is weak side and is a multi-byte character string,
3529 then we need to operate on the second string in terms on bytes when
3530 calling ::numchars() and ::charpos(), rather than in terms of characters.
3531 Lets substitute its character set to binary.
3532 */
3533 if (collation.collation == &my_charset_bin)
3534 {
3535 res->set_charset(&my_charset_bin);
3536 rpad->set_charset(&my_charset_bin);
3537 }
3538
3539 if (use_mb(rpad->charset()))
3540 {
3541 // This will chop off any trailing illegal characters from rpad.
3542 String *well_formed_pad= args[2]->check_well_formed_result(rpad,
3543 false, //send warning
3544 true); //truncate
3545 if (!well_formed_pad)
3546 {
3547 null_value= true;
3548 return NULL;
3549 }
3550 }
3551
3552 const size_t res_char_length= res->numchars();
3553
3554 // String to pad is big enough
3555 if (count <= static_cast<longlong>(res_char_length))
3556 {
3557 int res_charpos= res->charpos((int)count);
3558 if (tmp_value.alloc(res_charpos))
3559 return NULL;
3560 (void)tmp_value.copy(*res);
3561 tmp_value.length(res_charpos); // Shorten result if longer
3562 return &tmp_value;
3563 }
3564 const size_t pad_char_length= rpad->numchars();
3565
3566 // Must be ulonglong to avoid overflow
3567 const ulonglong byte_count= count * collation.collation->mbmaxlen;
3568 if (byte_count > current_thd->variables.max_allowed_packet)
3569 {
3570 push_warning_printf(current_thd, Sql_condition::SL_WARNING,
3571 ER_WARN_ALLOWED_PACKET_OVERFLOWED,
3572 ER(ER_WARN_ALLOWED_PACKET_OVERFLOWED),
3573 func_name(), current_thd->variables.max_allowed_packet);
3574 null_value= true;
3575 return NULL;
3576 }
3577 if (args[2]->null_value || !pad_char_length)
3578 {
3579 null_value= true;
3580 return NULL;
3581 }
3582 /* Must be done before alloc_buffer */
3583 const size_t res_byte_length= res->length();
3584 /*
3585 alloc_buffer() doesn't modify 'res' because 'res' is guaranteed too short
3586 at this stage.
3587 */
3588 if (!(res= alloc_buffer(res, str, &tmp_value,
3589 static_cast<size_t>(byte_count))))
3590 {
3591 null_value= true;
3592 return NULL;
3593 }
3594
3595 to= (char*) res->ptr()+res_byte_length;
3596 const char *ptr_pad=rpad->ptr();
3597 const size_t pad_byte_length= rpad->length();
3598 count-= res_char_length;
3599 for ( ; (uint32) count > pad_char_length; count-= pad_char_length)
3600 {
3601 memcpy(to,ptr_pad,pad_byte_length);
3602 to+= pad_byte_length;
3603 }
3604 if (count)
3605 {
3606 const size_t pad_charpos= rpad->charpos((int) count);
3607 memcpy(to, ptr_pad, pad_charpos);
3608 to+= pad_charpos;
3609 }
3610 res->length((uint) (to- (char*) res->ptr()));
3611 return (res);
3612 }
3613
3614
fix_length_and_dec()3615 void Item_func_lpad::fix_length_and_dec()
3616 {
3617 // Handle character set for args[0] and args[2].
3618 if (agg_arg_charsets_for_string_result(collation, &args[0], 2, 2))
3619 return;
3620
3621 if (args[1]->const_item())
3622 {
3623 ulonglong char_length= (ulonglong) args[1]->val_int();
3624 if (args[1]->null_value)
3625 goto end;
3626 DBUG_ASSERT(collation.collation->mbmaxlen > 0);
3627 /* Assumes that the maximum length of a String is < INT_MAX32. */
3628 /* Set here so that rest of code sees out-of-bound value as such. */
3629 if (char_length > INT_MAX32)
3630 char_length= INT_MAX32;
3631 fix_char_length_ulonglong(char_length);
3632 return;
3633 }
3634
3635 end:
3636 max_length= MAX_BLOB_WIDTH;
3637 maybe_null= 1;
3638 }
3639
3640
val_str(String * str)3641 String *Item_func_lpad::val_str(String *str)
3642 {
3643 DBUG_ASSERT(fixed == 1);
3644 size_t res_char_length, pad_char_length;
3645 /* must be longlong to avoid truncation */
3646 longlong count= args[1]->val_int();
3647 size_t byte_count;
3648 /* Avoid modifying this string as it may affect args[0] */
3649 String *res= args[0]->val_str(&tmp_value);
3650 String *pad= args[2]->val_str(&lpad_str);
3651
3652 if (!res || args[1]->null_value || !pad ||
3653 ((count < 0) && !args[1]->unsigned_flag))
3654 goto err;
3655 null_value=0;
3656 /* Assumes that the maximum length of a String is < INT_MAX32. */
3657 /* Set here so that rest of code sees out-of-bound value as such. */
3658 if ((ulonglong) count > INT_MAX32)
3659 count= INT_MAX32;
3660
3661 /*
3662 There is one exception not handled (intentionaly) by the character set
3663 aggregation code. If one string is strong side and is binary, and
3664 another one is weak side and is a multi-byte character string,
3665 then we need to operate on the second string in terms on bytes when
3666 calling ::numchars() and ::charpos(), rather than in terms of characters.
3667 Lets substitute its character set to binary.
3668 */
3669 if (collation.collation == &my_charset_bin)
3670 {
3671 res->set_charset(&my_charset_bin);
3672 pad->set_charset(&my_charset_bin);
3673 }
3674
3675 if (use_mb(pad->charset()))
3676 {
3677 // This will chop off any trailing illegal characters from pad.
3678 String *well_formed_pad= args[2]->check_well_formed_result(pad,
3679 false, // send warning
3680 true); // truncate
3681 if (!well_formed_pad)
3682 goto err;
3683 }
3684
3685 res_char_length= res->numchars();
3686
3687 if (count <= static_cast<longlong>(res_char_length))
3688 {
3689 int res_charpos= res->charpos((int)count);
3690 if (tmp_value.alloc(res_charpos))
3691 return NULL;
3692 (void)tmp_value.copy(*res);
3693 tmp_value.length(res_charpos); // Shorten result if longer
3694 return &tmp_value;
3695 }
3696
3697 pad_char_length= pad->numchars();
3698 byte_count= count * collation.collation->mbmaxlen;
3699
3700 if (byte_count > current_thd->variables.max_allowed_packet)
3701 {
3702 push_warning_printf(current_thd, Sql_condition::SL_WARNING,
3703 ER_WARN_ALLOWED_PACKET_OVERFLOWED,
3704 ER(ER_WARN_ALLOWED_PACKET_OVERFLOWED),
3705 func_name(), current_thd->variables.max_allowed_packet);
3706 goto err;
3707 }
3708
3709 if (args[2]->null_value || !pad_char_length ||
3710 str->alloc(byte_count))
3711 goto err;
3712
3713 str->length(0);
3714 str->set_charset(collation.collation);
3715 count-= res_char_length;
3716 while (count >= static_cast<longlong>(pad_char_length))
3717 {
3718 str->append(*pad);
3719 count-= pad_char_length;
3720 }
3721 if (count > 0)
3722 str->append(pad->ptr(), pad->charpos((int) count), collation.collation);
3723
3724 str->append(*res);
3725 null_value= 0;
3726 return str;
3727
3728 err:
3729 null_value= 1;
3730 return 0;
3731 }
3732
3733
fix_length_and_dec()3734 void Item_func_conv::fix_length_and_dec()
3735 {
3736 collation.set(default_charset());
3737 max_length=64;
3738 maybe_null= 1;
3739 reject_geometry_args(arg_count, args, this);
3740 }
3741
3742
val_str(String * str)3743 String *Item_func_conv::val_str(String *str)
3744 {
3745 DBUG_ASSERT(fixed == 1);
3746 String *res= args[0]->val_str(str);
3747 char *endptr,ans[65],*ptr;
3748 longlong dec;
3749 int from_base= (int) args[1]->val_int();
3750 int to_base= (int) args[2]->val_int();
3751 int err;
3752
3753 // Note that abs(INT_MIN) is undefined.
3754 if (args[0]->null_value || args[1]->null_value || args[2]->null_value ||
3755 from_base == INT_MIN || to_base == INT_MIN ||
3756 abs(to_base) > 36 || abs(to_base) < 2 ||
3757 abs(from_base) > 36 || abs(from_base) < 2 || !(res->length()))
3758 {
3759 null_value= 1;
3760 return NULL;
3761 }
3762 null_value= 0;
3763 unsigned_flag= !(from_base < 0);
3764
3765 if (args[0]->field_type() == MYSQL_TYPE_BIT)
3766 {
3767 /*
3768 Special case: The string representation of BIT doesn't resemble the
3769 decimal representation, so we shouldn't change it to string and then to
3770 decimal.
3771 */
3772 dec= args[0]->val_int();
3773 }
3774 else
3775 {
3776 if (from_base < 0)
3777 dec= my_strntoll(res->charset(), res->ptr(), res->length(),
3778 -from_base, &endptr, &err);
3779 else
3780 dec= (longlong) my_strntoull(res->charset(), res->ptr(), res->length(),
3781 from_base, &endptr, &err);
3782 }
3783
3784 if (!(ptr= longlong2str(dec, ans, to_base)) ||
3785 str->copy(ans, (uint32) (ptr - ans), default_charset()))
3786 {
3787 null_value= 1;
3788 return NULL;
3789 }
3790 return str;
3791 }
3792
3793
val_str(String * str)3794 String *Item_func_conv_charset::val_str(String *str)
3795 {
3796 DBUG_ASSERT(fixed == 1);
3797 if (use_cached_value)
3798 return null_value ? 0 : &str_value;
3799 String *arg= args[0]->val_str(str);
3800 uint dummy_errors;
3801 if (!arg)
3802 {
3803 null_value=1;
3804 return 0;
3805 }
3806 null_value= tmp_value.copy(arg->ptr(), arg->length(), arg->charset(),
3807 conv_charset, &dummy_errors);
3808 return null_value ? 0 : check_well_formed_result(&tmp_value,
3809 false, // send warning
3810 true); // truncate
3811 }
3812
fix_length_and_dec()3813 void Item_func_conv_charset::fix_length_and_dec()
3814 {
3815 collation.set(conv_charset, DERIVATION_IMPLICIT);
3816 fix_char_length(args[0]->max_char_length());
3817 }
3818
print(String * str,enum_query_type query_type)3819 void Item_func_conv_charset::print(String *str, enum_query_type query_type)
3820 {
3821 str->append(STRING_WITH_LEN("convert("));
3822 args[0]->print(str, query_type);
3823 str->append(STRING_WITH_LEN(" using "));
3824 str->append(conv_charset->csname);
3825 str->append(')');
3826 }
3827
itemize(Parse_context * pc,Item ** res)3828 bool Item_func_set_collation::itemize(Parse_context *pc, Item **res)
3829 {
3830 if (skip_itemize(res))
3831 return false;
3832 THD *thd= pc->thd;
3833 args[1]= new (pc->mem_root) Item_string(collation_string.str,
3834 collation_string.length,
3835 thd->charset());
3836 if (args[1] == NULL)
3837 return true;
3838
3839 return super::itemize(pc, res);
3840 }
3841
val_str(String * str)3842 String *Item_func_set_collation::val_str(String *str)
3843 {
3844 DBUG_ASSERT(fixed == 1);
3845 str=args[0]->val_str(str);
3846 if ((null_value=args[0]->null_value))
3847 return 0;
3848 str->set_charset(collation.collation);
3849 return str;
3850 }
3851
fix_length_and_dec()3852 void Item_func_set_collation::fix_length_and_dec()
3853 {
3854 CHARSET_INFO *set_collation;
3855 const char *colname;
3856 String tmp, *str= args[1]->val_str(&tmp);
3857 colname= str->c_ptr();
3858 if (colname == binary_keyword)
3859 set_collation= get_charset_by_csname(args[0]->collation.collation->csname,
3860 MY_CS_BINSORT,MYF(0));
3861 else
3862 {
3863 if (!(set_collation= mysqld_collation_get_by_name(colname)))
3864 return;
3865 }
3866
3867 if (!set_collation ||
3868 (!my_charset_same(args[0]->collation.collation,set_collation) &&
3869 args[0]->collation.derivation != DERIVATION_NUMERIC))
3870 {
3871 my_error(ER_COLLATION_CHARSET_MISMATCH, MYF(0),
3872 colname, args[0]->collation.collation->csname);
3873 return;
3874 }
3875 collation.set(set_collation, DERIVATION_EXPLICIT,
3876 args[0]->collation.repertoire);
3877 max_length= args[0]->max_length;
3878 }
3879
3880
eq(const Item * item,bool binary_cmp) const3881 bool Item_func_set_collation::eq(const Item *item, bool binary_cmp) const
3882 {
3883 /* Assume we don't have rtti */
3884 if (this == item)
3885 return 1;
3886 if (item->type() != FUNC_ITEM)
3887 return 0;
3888 Item_func *item_func=(Item_func*) item;
3889 if (arg_count != item_func->arg_count ||
3890 functype() != item_func->functype())
3891 return 0;
3892 Item_func_set_collation *item_func_sc=(Item_func_set_collation*) item;
3893 if (collation.collation != item_func_sc->collation.collation)
3894 return 0;
3895 for (uint i=0; i < arg_count ; i++)
3896 if (!args[i]->eq(item_func_sc->args[i], binary_cmp))
3897 return 0;
3898 return 1;
3899 }
3900
3901
print(String * str,enum_query_type query_type)3902 void Item_func_set_collation::print(String *str, enum_query_type query_type)
3903 {
3904 str->append('(');
3905 args[0]->print(str, query_type);
3906 str->append(STRING_WITH_LEN(" collate "));
3907 DBUG_ASSERT(args[1]->basic_const_item() &&
3908 args[1]->type() == Item::STRING_ITEM);
3909 args[1]->str_value.print(str);
3910 str->append(')');
3911 }
3912
val_str(String * str)3913 String *Item_func_charset::val_str(String *str)
3914 {
3915 DBUG_ASSERT(fixed == 1);
3916 uint dummy_errors;
3917
3918 const CHARSET_INFO *cs= args[0]->charset_for_protocol();
3919 null_value= 0;
3920 str->copy(cs->csname, strlen(cs->csname),
3921 &my_charset_latin1, collation.collation, &dummy_errors);
3922 return str;
3923 }
3924
val_str(String * str)3925 String *Item_func_collation::val_str(String *str)
3926 {
3927 DBUG_ASSERT(fixed == 1);
3928 uint dummy_errors;
3929 const CHARSET_INFO *cs= args[0]->charset_for_protocol();
3930
3931 null_value= 0;
3932 str->copy(cs->name, strlen(cs->name),
3933 &my_charset_latin1, collation.collation, &dummy_errors);
3934 return str;
3935 }
3936
3937
itemize(Parse_context * pc,Item ** res)3938 bool Item_func_weight_string::itemize(Parse_context *pc, Item **res)
3939 {
3940 if (skip_itemize(res))
3941 return false;
3942 if (as_binary)
3943 {
3944 if (args[0]->itemize(pc, &args[0]))
3945 return true;
3946 args[0]= new (pc->mem_root) Item_char_typecast(args[0], nweights,
3947 &my_charset_bin);
3948 if (args[0] == NULL)
3949 return true;
3950 }
3951 return super::itemize(pc, res);
3952 }
3953
print(String * str,enum_query_type query_type)3954 void Item_func_weight_string::print(String *str, enum_query_type query_type)
3955 {
3956 str->append(func_name());
3957 str->append('(');
3958 args[0]->print(str, query_type);
3959 if (nweights && !as_binary)
3960 {
3961 str->append(" as char");
3962 str->append_parenthesized(nweights);
3963 }
3964 // The flags is already normalized
3965 uint flag_lev = flags & MY_STRXFRM_LEVEL_ALL;
3966 uint flag_dsc = (flags >> MY_STRXFRM_DESC_SHIFT) & MY_STRXFRM_LEVEL_ALL;
3967 uint flag_rev = (flags >> MY_STRXFRM_REVERSE_SHIFT) & MY_STRXFRM_LEVEL_ALL;
3968 if (flag_lev)
3969 {
3970 str->append(" level ");
3971 uint level= 1;
3972 while (flag_lev)
3973 {
3974 if (flag_lev & 1)
3975 {
3976 str->append_longlong(level);
3977 if (flag_lev >> 1)
3978 str->append(',');
3979 }
3980 flag_lev>>= 1;
3981 level++;
3982 }
3983 }
3984 if (flag_dsc)
3985 {
3986 // ASC is default
3987 str->append(" desc");
3988 }
3989 if (flag_rev)
3990 {
3991 str->append(" reverse");
3992 }
3993
3994 str->append(')');
3995 }
3996
fix_length_and_dec()3997 void Item_func_weight_string::fix_length_and_dec()
3998 {
3999 const CHARSET_INFO *cs= args[0]->collation.collation;
4000 collation.set(&my_charset_bin, args[0]->collation.derivation);
4001 flags= my_strxfrm_flag_normalize(flags, cs->levels_for_order);
4002 field= args[0]->type() == FIELD_ITEM && args[0]->is_temporal() ?
4003 ((Item_field *) (args[0]))->field : (Field *) NULL;
4004 /*
4005 Use result_length if it was given explicitly in constructor,
4006 otherwise calculate max_length using argument's max_length
4007 and "nweights".
4008 */
4009 max_length= field ? field->pack_length() :
4010 result_length ? result_length :
4011 cs->mbmaxlen * max(args[0]->max_length, nweights);
4012 maybe_null= 1;
4013 }
4014
eq(const Item * item,bool binary_cmp) const4015 bool Item_func_weight_string::eq(const Item *item, bool binary_cmp) const
4016 {
4017 if (this == item)
4018 return 1;
4019 if (item->type() != FUNC_ITEM ||
4020 functype() != ((Item_func*)item)->functype() ||
4021 func_name() != ((Item_func*)item)->func_name())
4022 return 0;
4023
4024 Item_func_weight_string *wstr= (Item_func_weight_string*)item;
4025 if (nweights != wstr->nweights ||
4026 flags != wstr->flags)
4027 return 0;
4028
4029 if (!args[0]->eq(wstr->args[0], binary_cmp))
4030 return 0;
4031 return 1;
4032 }
4033
4034
4035 /* Return a weight_string according to collation */
val_str(String * str)4036 String *Item_func_weight_string::val_str(String *str)
4037 {
4038 String *res;
4039 const CHARSET_INFO *cs= args[0]->collation.collation;
4040 size_t tmp_length, frm_length;
4041 DBUG_ASSERT(fixed == 1);
4042
4043 if (args[0]->result_type() != STRING_RESULT ||
4044 !(res= args[0]->val_str(str)))
4045 goto nl;
4046
4047 /*
4048 Use result_length if it was given in constructor
4049 explicitly, otherwise calculate result length
4050 from argument and "nweights".
4051 */
4052 tmp_length= field ? field->pack_length() :
4053 result_length ? result_length :
4054 cs->coll->strnxfrmlen(cs, cs->mbmaxlen *
4055 max<size_t>(res->length(), nweights));
4056
4057 if(tmp_length > current_thd->variables.max_allowed_packet)
4058 {
4059 push_warning_printf(current_thd, Sql_condition::SL_WARNING,
4060 ER_WARN_ALLOWED_PACKET_OVERFLOWED,
4061 ER(ER_WARN_ALLOWED_PACKET_OVERFLOWED), func_name(),
4062 current_thd->variables.max_allowed_packet);
4063 goto nl;
4064 }
4065
4066 if (tmp_value.alloc(tmp_length))
4067 goto nl;
4068
4069 if (field)
4070 {
4071 frm_length= field->pack_length();
4072 field->make_sort_key((uchar *) tmp_value.ptr(), tmp_length);
4073 }
4074 else
4075 frm_length= cs->coll->strnxfrm(cs,
4076 (uchar *) tmp_value.ptr(), tmp_length,
4077 nweights ? nweights : tmp_length,
4078 (const uchar *) res->ptr(), res->length(),
4079 flags);
4080 DBUG_ASSERT(frm_length <= tmp_length);
4081
4082 tmp_value.length(frm_length);
4083 null_value= 0;
4084 return &tmp_value;
4085
4086 nl:
4087 null_value= 1;
4088 return 0;
4089 }
4090
4091
val_str_ascii(String * str)4092 String *Item_func_hex::val_str_ascii(String *str)
4093 {
4094 String *res;
4095 DBUG_ASSERT(fixed == 1);
4096 if (args[0]->result_type() != STRING_RESULT)
4097 {
4098 ulonglong dec;
4099 char ans[65],*ptr;
4100 /* Return hex of unsigned longlong value */
4101 if (args[0]->result_type() == REAL_RESULT ||
4102 args[0]->result_type() == DECIMAL_RESULT)
4103 {
4104 double val= args[0]->val_real();
4105 if ((val <= (double) LLONG_MIN) ||
4106 (val >= (double) (ulonglong) ULLONG_MAX))
4107 dec= ~(longlong) 0;
4108 else
4109 dec= (ulonglong) (val + (val > 0 ? 0.5 : -0.5));
4110 }
4111 else
4112 dec= (ulonglong) args[0]->val_int();
4113
4114 if ((null_value= args[0]->null_value))
4115 return 0;
4116
4117 if (!(ptr= longlong2str(dec, ans, 16)) ||
4118 str->copy(ans,(uint32) (ptr - ans),
4119 &my_charset_numeric))
4120 return make_empty_result(); // End of memory
4121 return str;
4122 }
4123
4124 /* Convert given string to a hex string, character by character */
4125 res= args[0]->val_str(str);
4126 if (!res || tmp_value.alloc(res->length()*2+1))
4127 {
4128 null_value=1;
4129 return 0;
4130 }
4131 null_value=0;
4132 tmp_value.length(res->length()*2);
4133 tmp_value.set_charset(&my_charset_latin1);
4134
4135 octet2hex((char*) tmp_value.ptr(), res->ptr(), res->length());
4136 return &tmp_value;
4137 }
4138
4139 /** Convert given hex string to a binary string. */
4140
val_str(String * str)4141 String *Item_func_unhex::val_str(String *str)
4142 {
4143 const char *from, *end;
4144 char *to;
4145 String *res;
4146 size_t length;
4147 null_value= true;
4148 DBUG_ASSERT(fixed == 1);
4149
4150 res= args[0]->val_str(str);
4151 // For a NULL input value return NULL without any warning
4152 if (args[0]->null_value)
4153 return NULL;
4154 if (!res || tmp_value.alloc(length= (1+res->length())/2))
4155 goto err;
4156
4157 from= res->ptr();
4158 tmp_value.length(length);
4159 to= const_cast<char*>(tmp_value.ptr());
4160 if (res->length() % 2)
4161 {
4162 int hex_char= hexchar_to_int(*from++);
4163 if (hex_char == -1)
4164 goto err;
4165 *to++= static_cast<char>(hex_char);
4166 }
4167 for (end= res->ptr() + res->length(); from < end ; from+= 2, to++)
4168 {
4169 int hex_char= hexchar_to_int(from[0]);
4170 if (hex_char == -1)
4171 goto err;
4172 *to= static_cast<char>(hex_char << 4);
4173 hex_char= hexchar_to_int(from[1]);
4174 if (hex_char == -1)
4175 goto err;
4176 *to|= hex_char;
4177 }
4178 null_value= false;
4179 return &tmp_value;
4180
4181 err:
4182 char buf[256];
4183 String err(buf, sizeof(buf), system_charset_info);
4184 err.length(0);
4185 args[0]->print(&err, QT_NO_DATA_EXPANSION);
4186 push_warning_printf(current_thd, Sql_condition::SL_WARNING,
4187 ER_WRONG_VALUE_FOR_TYPE,
4188 ER_THD(current_thd, ER_WRONG_VALUE_FOR_TYPE),
4189 "string", err.c_ptr_safe(), func_name());
4190
4191 return NULL;
4192 }
4193
4194
4195 #ifndef DBUG_OFF
val_str(String * str)4196 String *Item_func_like_range::val_str(String *str)
4197 {
4198 DBUG_ASSERT(fixed == 1);
4199 longlong nbytes= args[1]->val_int();
4200 String *res= args[0]->val_str(str);
4201 size_t min_len, max_len;
4202 const CHARSET_INFO *cs= collation.collation;
4203
4204 if (!res || args[0]->null_value || args[1]->null_value ||
4205 nbytes < 0 || nbytes > MAX_BLOB_WIDTH ||
4206 min_str.alloc(nbytes) || max_str.alloc(nbytes))
4207 goto err;
4208 null_value=0;
4209
4210 if (cs->coll->like_range(cs, res->ptr(), res->length(),
4211 '\\', '_', '%', nbytes,
4212 (char*) min_str.ptr(), (char*) max_str.ptr(),
4213 &min_len, &max_len))
4214 goto err;
4215
4216 min_str.set_charset(collation.collation);
4217 max_str.set_charset(collation.collation);
4218 min_str.length(min_len);
4219 max_str.length(max_len);
4220
4221 return is_min ? &min_str : &max_str;
4222
4223 err:
4224 null_value= 1;
4225 return 0;
4226 }
4227 #endif
4228
4229
eq(const Item * item,bool binary_cmp) const4230 bool Item_char_typecast::eq(const Item *item, bool binary_cmp) const
4231 {
4232 if (this == item)
4233 return 1;
4234 if (item->type() != FUNC_ITEM ||
4235 functype() != ((Item_func*)item)->functype() ||
4236 strcmp(func_name(), ((Item_func*)item)->func_name()))
4237 return 0;
4238
4239 Item_char_typecast *cast= (Item_char_typecast*)item;
4240 if (cast_length != cast->cast_length ||
4241 cast_cs != cast->cast_cs)
4242 return 0;
4243
4244 if (!args[0]->eq(cast->args[0], binary_cmp))
4245 return 0;
4246 return 1;
4247 }
4248
4249
print(String * str,enum_query_type query_type)4250 void Item_char_typecast::print(String *str, enum_query_type query_type)
4251 {
4252 str->append(STRING_WITH_LEN("cast("));
4253 args[0]->print(str, query_type);
4254 str->append(STRING_WITH_LEN(" as char"));
4255 if (cast_length >= 0)
4256 str->append_parenthesized(cast_length);
4257 if (cast_cs)
4258 {
4259 str->append(STRING_WITH_LEN(" charset "));
4260 str->append(cast_cs->csname);
4261 }
4262 str->append(')');
4263 }
4264
4265
val_str(String * str)4266 String *Item_char_typecast::val_str(String *str)
4267 {
4268 DBUG_ASSERT(fixed == 1);
4269 String *res;
4270 uint32 length;
4271
4272 if (cast_length >= 0 &&
4273 ((unsigned) cast_length) > current_thd->variables.max_allowed_packet)
4274 {
4275 push_warning_printf(current_thd, Sql_condition::SL_WARNING,
4276 ER_WARN_ALLOWED_PACKET_OVERFLOWED,
4277 ER(ER_WARN_ALLOWED_PACKET_OVERFLOWED),
4278 cast_cs == &my_charset_bin ?
4279 "cast_as_binary" : func_name(),
4280 current_thd->variables.max_allowed_packet);
4281 null_value= 1;
4282 return 0;
4283 }
4284
4285 if (!charset_conversion)
4286 {
4287 if (!(res= args[0]->val_str(str)))
4288 {
4289 null_value= 1;
4290 return 0;
4291 }
4292 }
4293 else
4294 {
4295 // Convert character set if differ
4296 uint dummy_errors;
4297 if (!(res= args[0]->val_str(str)) ||
4298 tmp_value.copy(res->ptr(), res->length(), from_cs,
4299 cast_cs, &dummy_errors))
4300 {
4301 null_value= 1;
4302 return 0;
4303 }
4304 res= &tmp_value;
4305 }
4306
4307 res->set_charset(cast_cs);
4308
4309 /*
4310 Cut the tail if cast with length
4311 and the result is longer than cast length, e.g.
4312 CAST('string' AS CHAR(1))
4313 */
4314 if (cast_length >= 0)
4315 {
4316 if (res->length() > (length= (uint32) res->charpos(cast_length)))
4317 { // Safe even if const arg
4318 char char_type[40];
4319 my_snprintf(char_type, sizeof(char_type), "%s(%lu)",
4320 cast_cs == &my_charset_bin ? "BINARY" : "CHAR",
4321 (ulong) length);
4322
4323 if (!res->alloced_length())
4324 { // Don't change const str
4325 str_value= *res; // Not malloced string
4326 res= &str_value;
4327 }
4328 ErrConvString err(res);
4329 push_warning_printf(current_thd, Sql_condition::SL_WARNING,
4330 ER_TRUNCATED_WRONG_VALUE,
4331 ER(ER_TRUNCATED_WRONG_VALUE), char_type,
4332 err.ptr());
4333 res->length(length);
4334 }
4335 else if (cast_cs == &my_charset_bin && res->length() < (uint) cast_length)
4336 {
4337 if (res->alloced_length() < (uint) cast_length)
4338 {
4339 str_value.alloc(cast_length);
4340 str_value.copy(*res);
4341 res= &str_value;
4342 }
4343 memset(const_cast<char*>(res->ptr() + res->length()), 0,
4344 cast_length - res->length());
4345 res->length(cast_length);
4346 }
4347 }
4348 null_value= 0;
4349 return res;
4350 }
4351
4352
fix_length_and_dec()4353 void Item_char_typecast::fix_length_and_dec()
4354 {
4355 /*
4356 If we convert between two ASCII compatible character sets and the
4357 argument repertoire is MY_REPERTOIRE_ASCII then from_cs is set to cast_cs.
4358 This allows just to take over the args[0]->val_str() result
4359 and thus avoid unnecessary character set conversion.
4360 */
4361 from_cs= args[0]->collation.repertoire == MY_REPERTOIRE_ASCII &&
4362 my_charset_is_ascii_based(cast_cs) &&
4363 my_charset_is_ascii_based(args[0]->collation.collation) ?
4364 cast_cs : args[0]->collation.collation;
4365
4366
4367 collation.set(cast_cs, DERIVATION_IMPLICIT);
4368 fix_char_length(cast_length >= 0 ? cast_length :
4369 cast_cs == &my_charset_bin ? args[0]->max_length :
4370 args[0]->max_char_length());
4371
4372 /*
4373 We always force character set conversion if cast_cs
4374 is a multi-byte character set. It garantees that the
4375 result of CAST is a well-formed string.
4376 For single-byte character sets we allow just to copy from the argument.
4377 A single-byte character sets string is always well-formed.
4378 */
4379 charset_conversion= (cast_cs->mbmaxlen > 1) ||
4380 (!my_charset_same(from_cs, cast_cs) &&
4381 from_cs != &my_charset_bin &&
4382 cast_cs != &my_charset_bin);
4383 }
4384
4385
print(String * str,enum_query_type query_type)4386 void Item_func_binary::print(String *str, enum_query_type query_type)
4387 {
4388 str->append(STRING_WITH_LEN("cast("));
4389 args[0]->print(str, query_type);
4390 str->append(STRING_WITH_LEN(" as binary)"));
4391 }
4392
4393
itemize(Parse_context * pc,Item ** res)4394 bool Item_load_file::itemize(Parse_context *pc, Item **res)
4395 {
4396 if (skip_itemize(res))
4397 return false;
4398 if (super::itemize(pc, res))
4399 return true;
4400 pc->thd->lex->set_stmt_unsafe(LEX::BINLOG_STMT_UNSAFE_SYSTEM_FUNCTION);
4401 pc->thd->lex->set_uncacheable(pc->select, UNCACHEABLE_SIDEEFFECT);
4402 return false;
4403 }
4404
4405
4406 #include <my_dir.h> // For my_stat
4407
val_str(String * str)4408 String *Item_load_file::val_str(String *str)
4409 {
4410 DBUG_ASSERT(fixed == 1);
4411 String *file_name;
4412 File file;
4413 MY_STAT stat_info;
4414 char path[FN_REFLEN];
4415 DBUG_ENTER("load_file");
4416
4417 if (!(file_name= args[0]->val_str(str))
4418 #ifndef NO_EMBEDDED_ACCESS_CHECKS
4419 || !(current_thd->security_context()->check_access(FILE_ACL))
4420 #endif
4421 )
4422 goto err;
4423
4424 (void) fn_format(path, file_name->c_ptr_safe(), mysql_real_data_home, "",
4425 MY_RELATIVE_PATH | MY_UNPACK_FILENAME);
4426
4427 /* Read only allowed from within dir specified by secure_file_priv */
4428 if (!is_secure_file_path(path))
4429 goto err;
4430
4431 if (!mysql_file_stat(key_file_loadfile, path, &stat_info, MYF(0)))
4432 goto err;
4433
4434 if (!(stat_info.st_mode & S_IROTH))
4435 {
4436 /* my_error(ER_TEXTFILE_NOT_READABLE, MYF(0), file_name->c_ptr()); */
4437 goto err;
4438 }
4439 if (stat_info.st_size > (long) current_thd->variables.max_allowed_packet)
4440 {
4441 push_warning_printf(current_thd, Sql_condition::SL_WARNING,
4442 ER_WARN_ALLOWED_PACKET_OVERFLOWED,
4443 ER(ER_WARN_ALLOWED_PACKET_OVERFLOWED),
4444 func_name(), current_thd->variables.max_allowed_packet);
4445 goto err;
4446 }
4447 if (tmp_value.alloc(stat_info.st_size))
4448 goto err;
4449 if ((file= mysql_file_open(key_file_loadfile,
4450 file_name->ptr(), O_RDONLY, MYF(0))) < 0)
4451 goto err;
4452 if (mysql_file_read(file, (uchar*) tmp_value.ptr(), stat_info.st_size,
4453 MYF(MY_NABP)))
4454 {
4455 mysql_file_close(file, MYF(0));
4456 goto err;
4457 }
4458 tmp_value.length(stat_info.st_size);
4459 mysql_file_close(file, MYF(0));
4460 null_value = 0;
4461 DBUG_RETURN(&tmp_value);
4462
4463 err:
4464 null_value = 1;
4465 DBUG_RETURN(0);
4466 }
4467
4468
val_str(String * str)4469 String* Item_func_export_set::val_str(String* str)
4470 {
4471 DBUG_ASSERT(fixed == 1);
4472 String yes_buf, no_buf, sep_buf;
4473 const ulonglong the_set = (ulonglong) args[0]->val_int();
4474 const String *yes= args[1]->val_str(&yes_buf);
4475 const String *no= args[2]->val_str(&no_buf);
4476 const String *sep= NULL;
4477
4478 ulonglong num_set_values = 64;
4479 str->length(0);
4480 str->set_charset(collation.collation);
4481
4482 /* Check if some argument is a NULL value */
4483 if (args[0]->null_value || args[1]->null_value || args[2]->null_value)
4484 {
4485 null_value= true;
4486 return NULL;
4487 }
4488 /*
4489 Arg count can only be 3, 4 or 5 here. This is guaranteed from the
4490 grammar for EXPORT_SET()
4491 */
4492 switch(arg_count) {
4493 case 5:
4494 num_set_values = static_cast<ulonglong>(args[4]->val_int());
4495 if (num_set_values > 64)
4496 num_set_values=64;
4497 if (args[4]->null_value)
4498 {
4499 null_value= true;
4500 return NULL;
4501 }
4502 /* Fall through */
4503 case 4:
4504 if (!(sep = args[3]->val_str(&sep_buf))) // Only true if NULL
4505 {
4506 null_value= true;
4507 return NULL;
4508 }
4509 break;
4510 case 3:
4511 {
4512 /* errors is not checked - assume "," can always be converted */
4513 uint errors;
4514 sep_buf.copy(STRING_WITH_LEN(","), &my_charset_bin,
4515 collation.collation, &errors);
4516 sep = &sep_buf;
4517 }
4518 break;
4519 default:
4520 DBUG_ASSERT(0); // cannot happen
4521 }
4522 null_value= false;
4523
4524 const ulonglong max_allowed_packet= current_thd->variables.max_allowed_packet;
4525 const ulonglong num_separators= num_set_values > 0 ? num_set_values - 1 : 0;
4526 const ulonglong max_total_length=
4527 num_set_values * max(yes->length(), no->length()) +
4528 num_separators * sep->length();
4529
4530 if (unlikely(max_total_length > max_allowed_packet))
4531 {
4532 push_warning_printf(current_thd, Sql_condition::SL_WARNING,
4533 ER_WARN_ALLOWED_PACKET_OVERFLOWED,
4534 ER(ER_WARN_ALLOWED_PACKET_OVERFLOWED),
4535 func_name(), static_cast<long>(max_allowed_packet));
4536 null_value= true;
4537 return NULL;
4538 }
4539
4540 uint ix;
4541 ulonglong mask;
4542 for (ix= 0, mask=0x1; ix < num_set_values; ++ix, mask = (mask << 1))
4543 {
4544 if (the_set & mask)
4545 str->append(*yes);
4546 else
4547 str->append(*no);
4548 if (ix != num_separators)
4549 str->append(*sep);
4550 }
4551
4552 if (str->ptr() == NULL)
4553 return make_empty_result();
4554
4555 return str;
4556 }
4557
fix_length_and_dec()4558 void Item_func_export_set::fix_length_and_dec()
4559 {
4560 uint32 length= max(args[1]->max_char_length(), args[2]->max_char_length());
4561 uint32 sep_length= (arg_count > 3 ? args[3]->max_char_length() : 1);
4562
4563 if (agg_arg_charsets_for_string_result(collation,
4564 args + 1, min(4U, arg_count) - 1))
4565 return;
4566 fix_char_length(length * 64 + sep_length * 63);
4567 }
4568
4569
4570 #define get_esc_bit(mask, num) (1 & (*((mask) + ((num) >> 3))) >> ((num) & 7))
4571
4572 /**
4573 QUOTE() function returns argument string in single quotes suitable for
4574 using in a SQL statement.
4575
4576 Adds a \\ before all characters that needs to be escaped in a SQL string.
4577 We also escape '^Z' (END-OF-FILE in windows) to avoid probelms when
4578 running commands from a file in windows.
4579
4580 This function is very useful when you want to generate SQL statements.
4581
4582 @note
4583 QUOTE(NULL) returns the string 'NULL' (4 letters, without quotes).
4584
4585 @retval
4586 str Quoted string
4587 @retval
4588 NULL Out of memory.
4589 */
4590
val_str(String * str)4591 String *Item_func_quote::val_str(String *str)
4592 {
4593 DBUG_ASSERT(fixed == 1);
4594 /*
4595 Bit mask that has 1 for set for the position of the following characters:
4596 0, \, ' and ^Z
4597 */
4598
4599 static uchar escmask[32]=
4600 {
4601 0x01, 0x00, 0x00, 0x04, 0x80, 0x00, 0x00, 0x00,
4602 0x00, 0x00, 0x00, 0x10, 0x00, 0x00, 0x00, 0x00,
4603 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
4604 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
4605 };
4606
4607 char *from, *to, *end, *start;
4608 String *arg= args[0]->val_str(str);
4609 size_t arg_length, new_length;
4610 if (!arg) // Null argument
4611 {
4612 /* Return the string 'NULL' */
4613 str->copy(STRING_WITH_LEN("NULL"), collation.collation);
4614 null_value= 0;
4615 return str;
4616 }
4617
4618 arg_length= arg->length();
4619
4620 if (collation.collation->mbmaxlen == 1)
4621 {
4622 new_length= arg_length + 2; /* for beginning and ending ' signs */
4623 for (from= (char*) arg->ptr(), end= from + arg_length; from < end; from++)
4624 new_length+= get_esc_bit(escmask, (uchar) *from);
4625 }
4626 else
4627 {
4628 new_length= (arg_length * 2) + /* For string characters */
4629 (2 * collation.collation->mbmaxlen); /* For quotes */
4630 }
4631
4632 if (tmp_value.alloc(new_length))
4633 goto null;
4634
4635 if (collation.collation->mbmaxlen > 1)
4636 {
4637 const CHARSET_INFO *cs= collation.collation;
4638 int mblen;
4639 uchar *to_end;
4640 to= (char*) tmp_value.ptr();
4641 to_end= (uchar*) to + new_length;
4642
4643 /* Put leading quote */
4644 if ((mblen= cs->cset->wc_mb(cs, '\'', (uchar *) to, to_end)) <= 0)
4645 goto null;
4646 to+= mblen;
4647
4648 for (start= (char*) arg->ptr(), end= start + arg_length; start < end; )
4649 {
4650 my_wc_t wc;
4651 bool escape;
4652 if ((mblen= cs->cset->mb_wc(cs, &wc, (uchar*) start, (uchar*) end)) <= 0)
4653 goto null;
4654 start+= mblen;
4655 switch (wc) {
4656 case 0: escape= 1; wc= '0'; break;
4657 case '\032': escape= 1; wc= 'Z'; break;
4658 case '\'': escape= 1; break;
4659 case '\\': escape= 1; break;
4660 default: escape= 0; break;
4661 }
4662 if (escape)
4663 {
4664 if ((mblen= cs->cset->wc_mb(cs, '\\', (uchar*) to, to_end)) <= 0)
4665 goto null;
4666 to+= mblen;
4667 }
4668 if ((mblen= cs->cset->wc_mb(cs, wc, (uchar*) to, to_end)) <= 0)
4669 goto null;
4670 to+= mblen;
4671 }
4672
4673 /* Put trailing quote */
4674 if ((mblen= cs->cset->wc_mb(cs, '\'', (uchar *) to, to_end)) <= 0)
4675 goto null;
4676 to+= mblen;
4677 new_length= to - tmp_value.ptr();
4678 goto ret;
4679 }
4680
4681 /*
4682 We replace characters from the end to the beginning
4683 */
4684 to= (char*) tmp_value.ptr() + new_length - 1;
4685 *to--= '\'';
4686 for (start= (char*) arg->ptr(),end= start + arg_length; end-- != start; to--)
4687 {
4688 /*
4689 We can't use the bitmask here as we want to replace \O and ^Z with 0
4690 and Z
4691 */
4692 switch (*end) {
4693 case 0:
4694 *to--= '0';
4695 *to= '\\';
4696 break;
4697 case '\032':
4698 *to--= 'Z';
4699 *to= '\\';
4700 break;
4701 case '\'':
4702 case '\\':
4703 *to--= *end;
4704 *to= '\\';
4705 break;
4706 default:
4707 *to= *end;
4708 break;
4709 }
4710 }
4711 *to= '\'';
4712
4713 ret:
4714 if (new_length > current_thd->variables.max_allowed_packet)
4715 {
4716 push_warning_printf(current_thd, Sql_condition::SL_WARNING,
4717 ER_WARN_ALLOWED_PACKET_OVERFLOWED,
4718 ER_THD(current_thd, ER_WARN_ALLOWED_PACKET_OVERFLOWED),
4719 func_name(),
4720 current_thd->variables.max_allowed_packet);
4721 return error_str();
4722 }
4723
4724 tmp_value.length(new_length);
4725 tmp_value.set_charset(collation.collation);
4726 null_value= 0;
4727 return &tmp_value;
4728
4729 null:
4730 null_value= 1;
4731 return 0;
4732 }
4733
4734 /**
4735 @returns The length that the compressed string args[0] had before
4736 being compressed.
4737
4738 @note This function is supposed to handle this case:
4739 SELECT UNCOMPRESSED_LENGTH(COMPRESS(<some string>))
4740 However, in mysql tradition, the input argument can be *anything*.
4741
4742 We return NULL if evaluation of the input argument returns NULL.
4743 If the input string does not look like something produced by
4744 Item_func_compress::val_str, we issue a warning and return 0.
4745 */
val_int()4746 longlong Item_func_uncompressed_length::val_int()
4747 {
4748 DBUG_ASSERT(fixed == 1);
4749 String *res= args[0]->val_str(&value);
4750
4751 if ((null_value= args[0]->null_value))
4752 return 0;
4753
4754 if (!res || res->is_empty())
4755 return 0;
4756
4757 /*
4758 If length is <= 4 bytes, data is corrupt. This is the best we can do
4759 to detect garbage input without decompressing it.
4760 */
4761 if (res->length() <= 4)
4762 {
4763 push_warning(current_thd, Sql_condition::SL_WARNING,
4764 ER_ZLIB_Z_DATA_ERROR, ER(ER_ZLIB_Z_DATA_ERROR));
4765 return 0;
4766 }
4767
4768 /*
4769 res->ptr() using is safe because we have tested that string is at least
4770 5 bytes long.
4771 res->c_ptr() is not used because:
4772 - we do not need \0 terminated string to get first 4 bytes
4773 - c_ptr() tests simbol after string end (uninitialiozed memory) which
4774 confuse valgrind
4775 */
4776 return uint4korr(res->ptr()) & 0x3FFFFFFF;
4777 }
4778
val_int()4779 longlong Item_func_crc32::val_int()
4780 {
4781 DBUG_ASSERT(fixed == 1);
4782 String *res=args[0]->val_str(&value);
4783 if (!res)
4784 {
4785 null_value=1;
4786 return 0; /* purecov: inspected */
4787 }
4788 null_value=0;
4789 return (longlong) crc32(0L, (uchar*)res->ptr(), res->length());
4790 }
4791
4792 #ifdef HAVE_COMPRESS
4793 #include "zlib.h"
4794
val_str(String * str)4795 String *Item_func_compress::val_str(String *str)
4796 {
4797 int err= Z_OK, code;
4798 ulong new_size;
4799 String *res;
4800 Byte *body;
4801 char *last_char;
4802 DBUG_ASSERT(fixed == 1);
4803
4804 if (!(res= args[0]->val_str(str)))
4805 {
4806 null_value= 1;
4807 return 0;
4808 }
4809 null_value= 0;
4810 if (res->is_empty()) return res;
4811
4812 /*
4813 Citation from zlib.h (comment for compress function):
4814
4815 Compresses the source buffer into the destination buffer. sourceLen is
4816 the byte length of the source buffer. Upon entry, destLen is the total
4817 size of the destination buffer, which must be at least 0.1% larger than
4818 sourceLen plus 12 bytes.
4819 We assume here that the buffer can't grow more than .25 %.
4820 */
4821 new_size= res->length() + res->length() / 5 + 12;
4822
4823 // Check new_size overflow: new_size <= res->length()
4824 if (((new_size+5) <= res->length()) ||
4825 buffer.mem_realloc(new_size + 4 + 1))
4826 {
4827 null_value= 1;
4828 return 0;
4829 }
4830
4831 body= ((Byte*)buffer.ptr()) + 4;
4832
4833 // As far as we have checked res->is_empty() we can use ptr()
4834 if ((err= compress(body, &new_size,
4835 (const Bytef*)res->ptr(), res->length())) != Z_OK)
4836 {
4837 code= err==Z_MEM_ERROR ? ER_ZLIB_Z_MEM_ERROR : ER_ZLIB_Z_BUF_ERROR;
4838 push_warning(current_thd, Sql_condition::SL_WARNING, code, ER(code));
4839 null_value= 1;
4840 return 0;
4841 }
4842
4843 int4store(const_cast<char*>(buffer.ptr()), res->length() & 0x3FFFFFFF);
4844
4845 /* This is to ensure that things works for CHAR fields, which trim ' ': */
4846 last_char= ((char*)body)+new_size-1;
4847 if (*last_char == ' ')
4848 {
4849 *++last_char= '.';
4850 new_size++;
4851 }
4852
4853 buffer.length(new_size + 4);
4854 return &buffer;
4855 }
4856
4857
val_str(String * str)4858 String *Item_func_uncompress::val_str(String *str)
4859 {
4860 DBUG_ASSERT(fixed == 1);
4861 String *res= args[0]->val_str(str);
4862 ulong new_size;
4863 int err;
4864 uint code;
4865
4866 if (!res)
4867 goto err;
4868 null_value= 0;
4869 if (res->is_empty())
4870 return res;
4871
4872 /* If length is less than 4 bytes, data is corrupt */
4873 if (res->length() <= 4)
4874 {
4875 push_warning(current_thd, Sql_condition::SL_WARNING,
4876 ER_ZLIB_Z_DATA_ERROR, ER(ER_ZLIB_Z_DATA_ERROR));
4877 goto err;
4878 }
4879
4880 /* Size of uncompressed data is stored as first 4 bytes of field */
4881 new_size= uint4korr(res->ptr()) & 0x3FFFFFFF;
4882 if (new_size > current_thd->variables.max_allowed_packet)
4883 {
4884 push_warning_printf(current_thd, Sql_condition::SL_WARNING,
4885 ER_TOO_BIG_FOR_UNCOMPRESS,
4886 ER(ER_TOO_BIG_FOR_UNCOMPRESS),
4887 static_cast<int>(current_thd->variables.
4888 max_allowed_packet));
4889 goto err;
4890 }
4891 if (buffer.mem_realloc((uint32)new_size))
4892 goto err;
4893
4894 if ((err= uncompress(pointer_cast<Byte*>(const_cast<char*>(buffer.ptr())),
4895 &new_size,
4896 pointer_cast<const Bytef*>(res->ptr()) + 4,
4897 res->length() - 4)) == Z_OK)
4898 {
4899 buffer.length((uint32) new_size);
4900 return &buffer;
4901 }
4902
4903 code= ((err == Z_BUF_ERROR) ? ER_ZLIB_Z_BUF_ERROR :
4904 ((err == Z_MEM_ERROR) ? ER_ZLIB_Z_MEM_ERROR : ER_ZLIB_Z_DATA_ERROR));
4905 push_warning(current_thd, Sql_condition::SL_WARNING, code, ER(code));
4906
4907 err:
4908 null_value= 1;
4909 return 0;
4910 }
4911 #endif
4912
4913 /*
4914 UUID, as in
4915 DCE 1.1: Remote Procedure Call,
4916 Open Group Technical Standard Document Number C706, October 1997,
4917 (supersedes C309 DCE: Remote Procedure Call 8/1994,
4918 which was basis for ISO/IEC 11578:1996 specification)
4919 */
4920
4921 static struct rand_struct uuid_rand;
4922 static uint nanoseq;
4923 static ulonglong uuid_time=0;
4924 static char clock_seq_and_node_str[]="-0000-000000000000";
4925
4926 /**
4927 number of 100-nanosecond intervals between
4928 1582-10-15 00:00:00.00 and 1970-01-01 00:00:00.00.
4929 */
4930 #define UUID_TIME_OFFSET ((ulonglong) 141427 * 24 * 60 * 60 * \
4931 1000 * 1000 * 10)
4932
4933 #define UUID_VERSION 0x1000
4934 #define UUID_VARIANT 0x8000
4935
tohex(char * to,uint from,uint len)4936 static void tohex(char *to, uint from, uint len)
4937 {
4938 to+= len;
4939 while (len--)
4940 {
4941 *--to= _dig_vec_lower[from & 15];
4942 from >>= 4;
4943 }
4944 }
4945
set_clock_seq_str()4946 static void set_clock_seq_str()
4947 {
4948 uint16 clock_seq= ((uint)(my_rnd(&uuid_rand)*16383)) | UUID_VARIANT;
4949 tohex(clock_seq_and_node_str+1, clock_seq, 4);
4950 nanoseq= 0;
4951 }
4952
4953
itemize(Parse_context * pc,Item ** res)4954 bool Item_func_uuid::itemize(Parse_context *pc, Item **res)
4955 {
4956 if (skip_itemize(res))
4957 return false;
4958 if (super::itemize(pc, res))
4959 return true;
4960 pc->thd->lex->set_stmt_unsafe(LEX::BINLOG_STMT_UNSAFE_SYSTEM_FUNCTION);
4961 pc->thd->lex->safe_to_cache_query= 0;
4962 return false;
4963 }
4964
4965
val_str(String * str)4966 String *Item_func_uuid::val_str(String *str)
4967 {
4968 DBUG_ASSERT(fixed == 1);
4969 char *s;
4970 THD *thd= current_thd;
4971
4972 mysql_mutex_lock(&LOCK_uuid_generator);
4973 if (! uuid_time) /* first UUID() call. initializing data */
4974 {
4975 ulong tmp=sql_rnd_with_mutex();
4976 uchar mac[6];
4977 int i;
4978 if (my_gethwaddr(mac))
4979 {
4980 /* purecov: begin inspected */
4981 /*
4982 generating random "hardware addr"
4983 and because specs explicitly specify that it should NOT correlate
4984 with a clock_seq value (initialized random below), we use a separate
4985 randominit() here
4986 */
4987 randominit(&uuid_rand, tmp + (ulong) thd, tmp + (ulong)global_query_id);
4988 for (i=0; i < (int)sizeof(mac); i++)
4989 mac[i]=(uchar)(my_rnd(&uuid_rand)*255);
4990 /* purecov: end */
4991 }
4992 s=clock_seq_and_node_str+sizeof(clock_seq_and_node_str)-1;
4993 for (i=sizeof(mac)-1 ; i>=0 ; i--)
4994 {
4995 *--s=_dig_vec_lower[mac[i] & 15];
4996 *--s=_dig_vec_lower[mac[i] >> 4];
4997 }
4998 randominit(&uuid_rand, tmp + (ulong) server_start_time,
4999 tmp + (ulong) thd->status_var.bytes_sent);
5000 set_clock_seq_str();
5001 }
5002
5003 ulonglong tv= my_getsystime() + UUID_TIME_OFFSET + nanoseq;
5004
5005 if (likely(tv > uuid_time))
5006 {
5007 /*
5008 Current time is ahead of last timestamp, as it should be.
5009 If we "borrowed time", give it back, just as long as we
5010 stay ahead of the previous timestamp.
5011 */
5012 if (nanoseq)
5013 {
5014 DBUG_ASSERT((tv > uuid_time) && (nanoseq > 0));
5015 /*
5016 -1 so we won't make tv= uuid_time for nanoseq >= (tv - uuid_time)
5017 */
5018 ulong delta= min<ulong>(nanoseq, (ulong) (tv - uuid_time -1));
5019 tv-= delta;
5020 nanoseq-= delta;
5021 }
5022 }
5023 else
5024 {
5025 if (unlikely(tv == uuid_time))
5026 {
5027 /*
5028 For low-res system clocks. If several requests for UUIDs
5029 end up on the same tick, we add a nano-second to make them
5030 different.
5031 ( current_timestamp + nanoseq * calls_in_this_period )
5032 may end up > next_timestamp; this is OK. Nonetheless, we'll
5033 try to unwind nanoseq when we get a chance to.
5034 If nanoseq overflows, we'll start over with a new numberspace
5035 (so the if() below is needed so we can avoid the ++tv and thus
5036 match the follow-up if() if nanoseq overflows!).
5037 */
5038 if (likely(++nanoseq))
5039 ++tv;
5040 }
5041
5042 if (unlikely(tv <= uuid_time))
5043 {
5044 /*
5045 If the admin changes the system clock (or due to Daylight
5046 Saving Time), the system clock may be turned *back* so we
5047 go through a period once more for which we already gave out
5048 UUIDs. To avoid duplicate UUIDs despite potentially identical
5049 times, we make a new random component.
5050 We also come here if the nanoseq "borrowing" overflows.
5051 In either case, we throw away any nanoseq borrowing since it's
5052 irrelevant in the new numberspace.
5053 */
5054 set_clock_seq_str();
5055 tv= my_getsystime() + UUID_TIME_OFFSET;
5056 nanoseq= 0;
5057 DBUG_PRINT("uuid",("making new numberspace"));
5058 }
5059 }
5060
5061 uuid_time=tv;
5062 mysql_mutex_unlock(&LOCK_uuid_generator);
5063
5064 uint32 time_low= (uint32) (tv & 0xFFFFFFFF);
5065 uint16 time_mid= (uint16) ((tv >> 32) & 0xFFFF);
5066 uint16 time_hi_and_version= (uint16) ((tv >> 48) | UUID_VERSION);
5067
5068 str->mem_realloc(UUID_LENGTH+1);
5069 str->length(UUID_LENGTH);
5070 str->set_charset(system_charset_info);
5071 s=(char *) str->ptr();
5072 s[8]=s[13]='-';
5073 tohex(s, time_low, 8);
5074 tohex(s+9, time_mid, 4);
5075 tohex(s+14, time_hi_and_version, 4);
5076 my_stpcpy(s+18, clock_seq_and_node_str);
5077 DBUG_EXECUTE_IF("force_fake_uuid",
5078 my_stpcpy(s, "a2d00942-b69c-11e4-a696-0020ff6fcbe6");
5079 );
5080 return str;
5081 }
5082
5083
fix_length_and_dec()5084 void Item_func_gtid_subtract::fix_length_and_dec()
5085 {
5086 maybe_null= args[0]->maybe_null || args[1]->maybe_null;
5087 collation.set(default_charset(), DERIVATION_COERCIBLE, MY_REPERTOIRE_ASCII);
5088 /*
5089 In the worst case, the string grows after subtraction. This
5090 happens when a GTID in args[0] is split by a GTID in args[1],
5091 e.g., UUID:1-6 minus UUID:3-4 becomes UUID:1-2,5-6. The worst
5092 case is UUID:1-100 minus UUID:9, where the two characters ":9" in
5093 args[1] yield the five characters "-8,10" in the result.
5094 */
5095 fix_char_length_ulonglong(args[0]->max_length +
5096 max<ulonglong>(args[1]->max_length -
5097 binary_log::Uuid::TEXT_LENGTH, 0) * 5 / 2);
5098 }
5099
5100
val_str_ascii(String * str)5101 String *Item_func_gtid_subtract::val_str_ascii(String *str)
5102 {
5103 DBUG_ENTER("Item_func_gtid_subtract::val_str_ascii");
5104 String *str1, *str2;
5105 const char *charp1, *charp2;
5106 enum_return_status status;
5107 /*
5108 We must execute args[*]->val_str_ascii() before checking
5109 args[*]->null_value to ensure that them are updated when
5110 this function is executed inside a stored procedure.
5111 */
5112 if ((str1= args[0]->val_str_ascii(&buf1)) != NULL &&
5113 (charp1= str1->c_ptr_safe()) != NULL &&
5114 (str2= args[1]->val_str_ascii(&buf2)) != NULL &&
5115 (charp2= str2->c_ptr_safe()) != NULL &&
5116 !args[0]->null_value && !args[1]->null_value)
5117 {
5118 Sid_map sid_map(NULL/*no rwlock*/);
5119 // compute sets while holding locks
5120 Gtid_set set1(&sid_map, charp1, &status);
5121 if (status == RETURN_STATUS_OK)
5122 {
5123 Gtid_set set2(&sid_map, charp2, &status);
5124 size_t length;
5125 // subtract, save result, return result
5126 if (status == RETURN_STATUS_OK)
5127 {
5128 set1.remove_gtid_set(&set2);
5129 if (!str->mem_realloc((length= set1.get_string_length()) + 1))
5130 {
5131 null_value= false;
5132 set1.to_string((char *)str->ptr());
5133 str->length(length);
5134 DBUG_RETURN(str);
5135 }
5136 }
5137 }
5138 }
5139 null_value= true;
5140 DBUG_RETURN(NULL);
5141 }
5142