MDEV-8938 Server Crash on Update with joins
Make unique table check after setup_fields of update because unique table can materialize table and we do not need field resolving after materialization.
Make unique table check after setup_fields of update because unique table can materialize table and we do not need field resolving after materialization.
INCORRECT RESULTS
Issue:
-----
Updating varchar and text fields in the same update
statement can produce incorrect results. When a varchar
field is assigned to the text field and the varchar field
is then set to a different value, the text field's result
contains the varchar field's new value.
SOLUTION:
---------
Currently the blob type does not allocate space for the
string to be stored. Instead it contains a pointer to the
varchar string. So when the varchar field is changed as
part of the update statement, the value contained in the
blob also changes.
The fix would be to actually store the value by allocating
space for the blob's string. We can avoid allocating this
space when the varchar field is not being written into.
- If an UPDATE 1) modifies the key it is using, and 2) has ORDER BY ... LIMIT
which matches the key it is using, Then we should use "Using buffer", not
"Using filesort".
from MariaDB 10.0.
The bug in mdev-3948 was an instance of the problem fixed by Sergey's patch
in 10.0 - namely that the range optimizer could change table->[read | write]_set,
and not restore it.
revno: 3471
committer: Sergey Petrunya <psergey@askmonty.org>
branch nick: 10.0-serg-fix-imerge
timestamp: Sat 2012-11-03 12:24:36 +0400
message:
# MDEV-3817: Wrong result with index_merge+index_merge_intersection, InnoDB table, join, AND and OR conditions
Reconcile the fixes from:
#
# guilhem.bichot@oracle.com-20110805143029-ywrzuz15uzgontr0
# Fix for BUG#12698916 - "JOIN QUERY GIVES WRONG RESULT AT 2ND EXEC. OR
# AFTER FLUSH TABLES [-INT VS NULL]"
#
# guilhem.bichot@oracle.com-20111209150650-tzx3ldzxe1yfwji6
# Fix for BUG#12912171 - ASSERTION FAILED: QUICK->HEAD->READ_SET == SAVE_READ_SET
# and
#
and related fixes from: BUG#1006164, MDEV-376:
Now, ROR-merged QUICK_RANGE_SELECT objects make no assumptions about the values
of table->read_set and table->write_set.
Each QUICK_ROR_SELECT has (and had before) its own column bitmap, but now, all
QUICK_ROR_SELECT's functions that care: reset(), init_ror_merged_scan(), and
get_next() will set table->read_set when invoked and restore it back to what
it was before the call before they return.
This allows to avoid the mess when somebody else modifies table->read_set for
some reason.
Reconcile the fixes from:
#
# guilhem.bichot@oracle.com-20110805143029-ywrzuz15uzgontr0
# Fix for BUG#12698916 - "JOIN QUERY GIVES WRONG RESULT AT 2ND EXEC. OR
# AFTER FLUSH TABLES [-INT VS NULL]"
#
# guilhem.bichot@oracle.com-20111209150650-tzx3ldzxe1yfwji6
# Fix for BUG#12912171 - ASSERTION FAILED: QUICK->HEAD->READ_SET == SAVE_READ_SET
# and
#
and related fixes from: BUG#1006164, MDEV-376:
Now, ROR-merged QUICK_RANGE_SELECT objects make no assumptions about the values
of table->read_set and table->write_set.
Each QUICK_ROR_SELECT has (and had before) its own column bitmap, but now, all
QUICK_ROR_SELECT's functions that care: reset(), init_ror_merged_scan(), and
get_next() will set table->read_set when invoked and restore it back to what
it was before the call before they return.
This allows to avoid the mess when somebody else modifies table->read_set for
some reason.
This assert checks that the server does not try to send OK to the
client if there has been some error during processing. This is done
to make sure that the error is in fact sent to the client.
The problem was that view errors during processing of WHERE conditions
in UPDATE statements where not detected by the update code. It therefore
tried to send OK to the client, triggering the assert.
The bug was only noticeable in debug builds.
This patch fixes the problem by making sure that the update code
checks for errors during condition processing and acts accordingly.
This assert checks that the server does not try to send OK to the
client if there has been some error during processing. This is done
to make sure that the error is in fact sent to the client.
The problem was that view errors during processing of WHERE conditions
in UPDATE statements where not detected by the update code. It therefore
tried to send OK to the client, triggering the assert.
The bug was only noticeable in debug builds.
This patch fixes the problem by making sure that the update code
checks for errors during condition processing and acts accordingly.
This assertion would occur if UPDATE was used to update multiple
tables containing an AUTO_INCREMENT column and if the inserted
row had a user-supplied value for that column. The assertion
could then be triggered by the next statement.
The problem was only noticeable on debug builds of the server.
The cause of the problem was that the code for multi update did
not properly reset the TABLE->auto_increment_if_null flag after update.
The flag is used to indicate that a non-null value of an auto_increment field
has been provided by the user or retrieved from a current record.
Open_tables() contains an assertion that tests this flag, and this
was triggered in this case by ALTER TABLE.
This patch fixes the problem by resetting the auto_increment_if_null
field to FALSE once a row has been updated.
This bug is similar to Bug#47274, but for multi update rather
than INSERT DELAYED.
Test case added to update.test.
This assertion would occur if UPDATE was used to update multiple
tables containing an AUTO_INCREMENT column and if the inserted
row had a user-supplied value for that column. The assertion
could then be triggered by the next statement.
The problem was only noticeable on debug builds of the server.
The cause of the problem was that the code for multi update did
not properly reset the TABLE->auto_increment_if_null flag after update.
The flag is used to indicate that a non-null value of an auto_increment field
has been provided by the user or retrieved from a current record.
Open_tables() contains an assertion that tests this flag, and this
was triggered in this case by ALTER TABLE.
This patch fixes the problem by resetting the auto_increment_if_null
field to FALSE once a row has been updated.
This bug is similar to Bug#47274, but for multi update rather
than INSERT DELAYED.
Test case added to update.test.
leads to an assertion failure
Any run-time error in stored function (like recursive function
call or update of table that is already updating by statement
which invoked this stored function etc.) that was used in some
expression of the single-table UPDATE statement caused an
assertion failure.
Multiple-table UPDATE (as well as INSERT and both single- and
multiple-table DELETE) are not affected.
mysql-test/r/update.result:
Added test case for bug #40745.
mysql-test/t/update.test:
Added test case for bug #40745.
sql/sql_update.cc:
Bug #40745: Error during WHERE clause calculation in UPDATE
leads to an assertion failure
The mysql_update function has been updated to take into account
the status of invoked stored functions before setting the status
of whole UPDATE query to OK.
leads to an assertion failure
Any run-time error in stored function (like recursive function
call or update of table that is already updating by statement
which invoked this stored function etc.) that was used in some
expression of the single-table UPDATE statement caused an
assertion failure.
Multiple-table UPDATE (as well as INSERT and both single- and
multiple-table DELETE) are not affected.
In multi_update::send_data(), the counter of matched rows was not correctly incremented, when during insertion of a new row to a temporay table it had to be converted from HEAP to MyISAM.
This fix changes the logic to increment the counter of matched rows in the following cases:
1. If the error returned from write_row() is zero.
2. If the error returned from write_row() is non-zero, is neither HA_ERR_FOUND_DUPP_KEY nor HA_ERR_FOUND_DUPP_UNIQUE, and a call to create_myisam_from_heap() succeeds.
mysql-test/r/update.result:
Added a test case for bug #22364 "Inconsistent "matched rows" when executing UPDATE"
mysql-test/t/update.test:
Added a test case for bug #22364 "Inconsistent "matched rows" when executing UPDATE"
sql/sql_update.cc:
In multi_update::send_data(), the counter of matched rows was not correctly incremented, when during insertion of a new row to a temporay table it had to be converted from HEAP to MyISAM.
This fix changes the logic to increment the counter of matched rows in the following cases:
1. If the error returned from write_row() is zero.
2. If the error returned from write_row() is non-zero, is neither HA_ERR_FOUND_DUPP_KEY nor HA_ERR_FOUND_DUPP_UNIQUE, and a call to create_myisam_from_heap() succeeds.
In multi_update::send_data(), the counter of matched rows was not correctly incremented, when during insertion of a new row to a temporay table it had to be converted from HEAP to MyISAM.
This fix changes the logic to increment the counter of matched rows in the following cases:
1. If the error returned from write_row() is zero.
2. If the error returned from write_row() is non-zero, is neither HA_ERR_FOUND_DUPP_KEY nor HA_ERR_FOUND_DUPP_UNIQUE, and a call to create_myisam_from_heap() succeeds.
When the ORDER BY clause gets fixed it's allowed to search in the current
item_list in order to find aliased fields and expressions. This is ok for a
SELECT but wrong for an UPDATE statement. If the ORDER BY clause will
contain a non-existing field which is mentioned in the UPDATE set list
then the server will crash due to using of non-existing (0x0) field.
When an Item_field is getting fixed it's allowed to search item list for
aliased expressions and fields only for selects.
sql/sql_base.cc:
Bug#25126: Wrongly resolved field leads to a crash.
When an Item_field is getting fixed it's allowed to search item list for
aliased expressions and fields only for selects.
sql/sql_select.cc:
Bug#25126: Wrongly resolved field leads to a crash.
When an Item_field is getting fixed it's allowed to search item list for
aliased expressions and fields only for selects.
mysql-test/r/update.result:
Added a test case for bug#25126: Wrongly resolved field leads to a crash.
mysql-test/t/update.test:
Added a test case for bug#25126: Wrongly resolved field leads to a crash.
When the ORDER BY clause gets fixed it's allowed to search in the current
item_list in order to find aliased fields and expressions. This is ok for a
SELECT but wrong for an UPDATE statement. If the ORDER BY clause will
contain a non-existing field which is mentioned in the UPDATE set list
then the server will crash due to using of non-existing (0x0) field.
When an Item_field is getting fixed it's allowed to search item list for
aliased expressions and fields only for selects.
it doesn't select.
This bug was fixed along with bug #16861: User defined variable can
have a wrong value if a tmp table was used.
There the fix consisted of Item_func_set_user_var overloading the method
Item::save_in_field. Consider the query from the test case:
INSERT INTO foo( bar, baz )
SELECT
bar,
@newBaz := 1 + baz
FROM
foo
WHERE
quux <= 0.1;
Here the assignment expression '@newBaz := 1 + baz' is represented by an
Item_func_set_user_var. Its member method save_in_field, which writes the
value of this assignment into the result field, writes the val_xxx() value,
which is not updated at this point. In the fix introduced by the patch,
the save_in_field method reads the actual variable value instead.
See also comment for
ChangeSet@1.2368.1.3, 2007-01-09 23:24:56+03:00, evgen@moonbone.local +4 -0
and comment for
Item_func_set_user_var::save_in_field (item_func.cc)
mysql-test/r/update.result:
BUG#24010
The correct, and expected, result
mysql-test/t/update.test:
BUG#24010
The test case for this bug. When the bug is active, the INSERT ... SELECT
statement will try to insert the values <1, 2> which gives an error
it doesn't select.
This bug was fixed along with bug #16861: User defined variable can
have a wrong value if a tmp table was used.
There the fix consisted of Item_func_set_user_var overloading the method
Item::save_in_field. Consider the query from the test case:
INSERT INTO foo( bar, baz )
SELECT
bar,
@newBaz := 1 + baz
FROM
foo
WHERE
quux <= 0.1;
Here the assignment expression '@newBaz := 1 + baz' is represented by an
Item_func_set_user_var. Its member method save_in_field, which writes the
value of this assignment into the result field, writes the val_xxx() value,
which is not updated at this point. In the fix introduced by the patch,
the save_in_field method reads the actual variable value instead.
See also comment for
ChangeSet@1.2368.1.3, 2007-01-09 23:24:56+03:00, evgen@moonbone.local +4 -0
and comment for
Item_func_set_user_var::save_in_field (item_func.cc)
This performance degradation for UPDATEs could be observed in the update
statements for which the search key cannot be converted to any valid
value of the type of the search column, like for a the condition
int_fld=99999999999999999999999999, though it can be guaranteed here
that there is no row with such a key value.
mysql-test/r/update.result:
Added a test case for bug #24035.
mysql-test/t/update.test:
Added a test case for bug #24035.
sql/opt_range.cc:
Fix bug #24035.
This performance degradation for could be observed in the update
statements for which the search key cannot be converted to any valid
value of the type of the search column, like for a the condition
int_fld=99999999999999999999999999, though it can be guaranteed here
that there is no row with such a key value.
Now the function get_mm_leaf creates trees of the type SEL_ARG::IMPOSSIBLE
for such conditions that tells the range scan not to perform any search
at all.
This performance degradation for UPDATEs could be observed in the update
statements for which the search key cannot be converted to any valid
value of the type of the search column, like for a the condition
int_fld=99999999999999999999999999, though it can be guaranteed here
that there is no row with such a key value.
mysql-test/r/update.result:
Testcase for BUG#15935
mysql-test/t/update.test:
Testcase for BUG#15935
sql/sql_update.cc:
BUG#15935:
- Do account for the fact that used_index!=MAX_KEY is also true for cases
when quick select is used, and use quick select then (and not full index scan).
- Also removed the redundant "used_index= MAX_KEY" statement
When setup_fields() function finds field named '*' it expands it to the list
of all table fields. It does so by checking that the first char of
field_name is '*', but it doesn't checks that the '* is the only char.
Due to this, when updating table with a field named like '*name', such field
is wrongly treated as '*' and expanded. This leads to making list of fields
to update being longer than list of the new values. Later, the fill_record()
function crashes by dereferencing null when there is left fields to update,
but no more values.
Added check in the setup_fields() function which ensures that the field
expanding will be done only when '*' is the only char in the field name.
mysql-test/t/update.test:
Added test case for bug#16510: Updating field named like '*name' caused server crash
mysql-test/r/update.result:
Added test case for bug#16510: Updating field named like '*name' caused server crash
sql/sql_base.cc:
Fixed bug #16510: Updating field named like '*name' caused server crash.
Added check in the setup_fields() function which ensures that the field
expanding will be done only when '*' is the only char in the field name.
When setup_fields() function finds field named '*' it expands it to the list
of all table fields. It does so by checking that the first char of
field_name is '*', but it doesn't checks that the '* is the only char.
Due to this, when updating table with a field named like '*name', such field
is wrongly treated as '*' and expanded. This leads to making list of fields
to update being longer than list of the new values. Later, the fill_record()
function crashes by dereferencing null when there is left fields to update,
but no more values.
Added check in the setup_fields() function which ensures that the field
expanding will be done only when '*' is the only char in the field name.
mysql-test/r/update.result:
Auto merged
mysql-test/t/update.test:
Auto merged
ndb/src/kernel/blocks/backup/Backup.cpp:
Auto merged
sql/sql_update.cc:
Auto merged
depending on table order
multi_update::send_data() was counting updates, not updated rows. Thus if one
record have several updates it will be counted several times in 'rows matched'
but updated only once.
multi_update::send_data() now counts only unique rows.
sql/sql_update.cc:
Fix bug#15028 Multitable update returns different numbers of matched rows
depending on table order
multi_update::send_data() now counts only unique rows.
mysql-test/t/update.test:
Test case for bug#15028 Multitable update returns different numbers of matched rows depending on table order
mysql-test/r/update.result:
Test case for bug#15028 Multitable update returns different numbers of matched rows depending on table order
depending on table order
multi_update::send_data() was counting updates, not updated rows. Thus if one
record have several updates it will be counted several times in 'rows matched'
but updated only once.
multi_update::send_data() now counts only unique rows.
client/mysqltest.c:
Auto merged
myisam/mi_check.c:
Auto merged
mysql-test/r/update.result:
Auto merged
mysql-test/t/update.test:
Auto merged
sql/item_timefunc.h:
Auto merged
sql/spatial.cc:
Auto merged
sql/sql_select.h:
Auto merged
BitKeeper/deleted/.del-acinclude.m4~f4ab416bac5003:
Auto merged
Date field was declared as not null, thus expression 'datefield is null'
was always false. For SELECT special handling of such cases is used.
There 'datefield is null' converted to 'datefield eq "0000-00-00"'.
In mysql_update() before creation of select added remove_eq_conds() call.
It makes some optimization of conds and in particular performs conversion
from 'is null' to 'eq'.
Also remove_eq_conds() makes some evaluation of conds and if it founds that
conds is always false then update statement is not processed further.
All this allows to perform some update statements process faster due to
optimized conds, and not wasting resources if conds known to be false.
sql/sql_select.cc:
Fix bug#14186 select datefield is null not updated
Remove static from remove_eq_conds()
sql/sql_select.h:
Fix bug#14186 select datefield is null not updated
Added remove_eq_conds() prototype.
mysql-test/r/update.result:
Test case for bug#14186 select datefield is null not updated
mysql-test/t/update.test:
Test case for bug#14186 select datefield is null not updated
sql/sql_update.cc:
Fix bug#14186 select datefield is null not updated
To mysql_update() added call to remove_eq_conds() to optimize conds and convert 'datefield is null' to 'datefield eq 0000-00-00'
Date field was declared as not null, thus expression 'datefield is null'
was always false. For SELECT special handling of such cases is used.
There 'datefield is null' converted to 'datefield eq "0000-00-00"'.
In mysql_update() before creation of select added remove_eq_conds() call.
It makes some optimization of conds and in particular performs conversion
from 'is null' to 'eq'.
Also remove_eq_conds() makes some evaluation of conds and if it founds that
conds is always false then update statement is not processed further.
All this allows to perform some update statements process faster due to
optimized conds, and not wasting resources if conds known to be false.
into ua141d10.elisa.omakaista.fi:/home/my/bk/mysql-5.0-tmp
heap/_check.c:
Auto merged
heap/hp_create.c:
Auto merged
include/config-netware.h:
Auto merged
include/my_base.h:
Auto merged
include/my_handler.h:
Auto merged
include/myisam.h:
Auto merged
innobase/include/Makefile.am:
Auto merged
myisam/mi_check.c:
Auto merged
myisam/mi_delete.c:
Auto merged
myisam/mi_rnext_same.c:
Auto merged
myisam/mi_search.c:
Auto merged
myisam/mi_write.c:
Auto merged
myisam/myisamdef.h:
Auto merged
myisam/sort.c:
Auto merged
mysql-test/mysql-test-run.sh:
Auto merged
mysql-test/r/date_formats.result:
Auto merged
mysql-test/r/update.result:
Auto merged
mysql-test/t/date_formats.test:
Auto merged
mysql-test/t/select.test:
Auto merged
mysql-test/t/update.test:
Auto merged
mysys/my_getopt.c:
Auto merged
mysys/my_handler.c:
Auto merged
scripts/make_binary_distribution.sh:
Auto merged
sql/ha_myisam.cc:
Auto merged
sql/item_timefunc.cc:
Auto merged
sql/records.cc:
Auto merged
sql/sql_load.cc:
Auto merged
sql/sql_select.cc:
Auto merged
sql/structs.h:
Auto merged
strings/conf_to_src.c:
Auto merged
strings/ctype-win1250ch.c:
Auto merged
Makefile.am:
Merged from 4.1
myisam/myisamchk.c:
Merged from 4.1
mysql-test/mysql-test-run.pl:
Merged from 4.1
mysql-test/r/insert_select.result:
Merged from 4.1
mysql-test/r/myisam.result:
Merged from 4.1
mysql-test/r/select.result:
Merged from 4.1
mysql-test/t/insert_select.test:
Merged from 4.1
mysql-test/t/myisam.test:
Merged from 4.1
netware/mysql_test_run.c:
Merged from 4.1
sql/item.cc:
Merged from 4.1
sql/mysqld.cc:
Merged from 4.1
sql/sql_update.cc:
Merged from 4.1
tests/mysql_client_test.c:
Merged from 4.1
heap/_check.c:
Change arguments to ha_key_cmp
heap/hp_create.c:
Change arguments to ha_key_cmp
include/my_base.h:
Remove SEARCH_RETURN_B_POS and instead always send an array to ha_key_cmp() as last argument
myisam/mi_check.c:
Change arguments to ha_key_cmp
myisam/mi_rnext_same.c:
Change arguments to ha_key_cmp
myisam/mi_search.c:
Change arguments to ha_key_cmp
myisam/mi_write.c:
Change arguments to ha_key_cmp
myisammrg/myrg_queue.c:
Change arguments to ha_key_cmp
mysys/my_handler.c:
Remove SEARCH_RETURN_B_POS and instead always send an array to ha_key_cmp() as last argument
(This removes an if in a loop at the expensive of an int on the stack)
sql/records.cc:
Simplify new rr_index() code
Create common error handling function for rr_() functions.
Remove loop from rr_index() as handler::index_next() can never return HA_ERR_RECORD_DELETED
sql/sql_load.cc:
Simplify
sql/sql_update.cc:
Simplify code
Fixed bug when one is updating an index column that could be used with ORDER BY
sql/structs.h:
Removed not needed structure element
mysql-test/r/update.result:
Auto merged
mysql-test/t/update.test:
Auto merged
sql/mysql_priv.h:
Auto merged
sql/mysqld.cc:
Auto merged
sql/records.cc:
Auto merged
sql/repl_failsafe.cc:
Auto merged
sql/slave.cc:
Auto merged
sql/structs.h:
Auto merged
