The crash is the result of an attempt made by JOIN::optimize to evaluate
the WHERE condition when no records have been actually read.
The fix is to remove erroneous 'outer_join' variable check.
The crash happens because of incorrect max_length calculation
in QUOTE function(due to overflow). max_length is set
to 0 and it leads to assert failure.
The fix is to cast expression result to
ulonglong variable and adjust it if the
result exceeds MAX_BLOB_WIDTH.
There was no way to repair corrupt ARCHIVE data file,
when unrecoverable data loss is inevitable.
With this fix REPAIR ... EXTENDED attempts to restore
as much rows as possible, ignoring unrecoverable data.
Normal REPAIR is still able to repair meta-data file
only.
Repairing MyISAM table with fulltext indexes and low
myisam_sort_buffer_size may crash the server.
Estimation of number of index entries was done incorrectly,
causing further assertion failure or server crash.
Docs note: min value for myisam_sort_buffer_size has been
changed from 4 to 4096.
Invalid memory read if HANDLER ... READ NEXT is executed
after failed (e.g. empty table) HANDLER ... READ FIRST.
The problem was that we attempted to perform READ NEXT,
whereas there is no pivot available from failed READ FIRST.
With this fix READ NEXT after failed READ FIRST equals
to READ FIRST.
This bug affects MyISAM tables only.
When MyISAM writes newly created index page it may be
initialized partially. In other words some bytes of
sensible data and uninitialized tail of the page may
go into index file.
Under certain rare circumstances these hunks of memory
may contain data that would be otherwise inaccessible
to user, like passwords or data from other tables.
Fixed by initializing memory for temporary MyISAM key
buffer to '\0'.
No test case for this fix as it is heavily covered by
existing tests.
Detailed revision comments:
r6822 | vasil | 2010-03-15 10:17:31 +0200 (Mon, 15 Mar 2010) | 12 lines
branches/5.1:
Typecast to silence a compiler warning:
row/row0sel.c: 4548
C4244: '=' : conversion from 'float' to 'ib_ulonglong', possible loss of data
row/row0sel.c: 4553
C4244: '=' : conversion from 'double' to 'ib_ulonglong', possible loss of data
Reported by: Jonas Oreland <Jonas.Oreland@Sun.COM>
Discussed with: Sunny Bains <sunny.bains@oracle.com>
Detailed revision comments:
r6785 | vasil | 2010-03-10 09:04:38 +0200 (Wed, 10 Mar 2010) | 11 lines
branches/5.1:
Add the missing --reap statements in innodb_bug38231.test. Probably MySQL
enforced the presence of those recently and the test started failing like:
main.innodb_bug38231 [ fail ]
Test ended at 2010-03-10 08:48:32
CURRENT_TEST: main.innodb_bug38231
mysqltest: At line 49: Cannot run query on connection between send and reap
r6788 | vasil | 2010-03-10 10:53:21 +0200 (Wed, 10 Mar 2010) | 8 lines
branches/5.1:
In innodb_bug38231.test: replace the fragile sleep 0.2 that depends on timing
with a more robust condition which waits for the TRUNCATE and LOCK commands
to appear in information_schema.processlist. This could also break if there
are other sessions executing the same SQL commands, but there are none during
the execution of the mysql test.
Detailed revision comments:
r6783 | jyang | 2010-03-09 17:54:14 +0200 (Tue, 09 Mar 2010) | 9 lines
branches/5.1: Fix bug #47621 "MySQL and InnoDB data dictionaries
will become out of sync when renaming columns". MySQL does not
provide new column name information to storage engine to
update the system table. To avoid column name mismatch, we shall
just request a table copy for now.
rb://246 approved by Marko.
If the listed columns in the view definition of
the table used in a 'INSERT .. SELECT ..'
statement mismatched, a debug assertion would
trigger in the cache invalidation code
following the failing statement.
Although the find_field_in_view() function
correctly generated ER_BAD_FIELD_ERROR during
setup_fields(), the error failed to propagate
further than handle_select(). This patch fixes
the issue by adding a check for the return
value.
The crash happens because greedy_serach
can not determine best plan due to
wrong inner table dependences. These
dependences affects join table sorting
which performs before greedy_search starting.
In our case table which has real 'no dependences'
should be put on top of the list but it does not
happen as inner tables have no dependences as well.
The fix is to exclude RAND_TABLE_BIT mask from
condition which checks if table dependences
should be updated.
Merge joerg@mysql.com-20100322150231-vdq0afbqtmbs6phy from BZR,
Including univ.i before mysql/plugin.h is needed to avoid this
compiler error:
o This is how gcc puts it:
o > > ccache /usr/local/gcc-4.3.2/bin/gcc -static-libgcc -DHAVE_CONFIG_H -I. -I../../include -I../../include -I../../include -I../../regex -I./include -I../../sql -I. -I../../zlib -g -O3 -march=i686 -DUNIV_LINUX -MT libinnobase_a-trx0i_s.o -MD -MP -MF .deps/libinnobase_a-trx0i_s.Tpo -c -o libinnobase_a-trx0i_s.o `test -f 'trx/trx0i_s.c' || echo './'`trx/trx0i_s.c
o > > In file included from ./include/univ.i:114,
o > > from trx/trx0i_s.c:36:
o > > ../../include/my_pthread.h:628: error: expected ')' before '*' token
o > > In file included from ../../include/my_pthread.h:732,
o > > from ./include/univ.i:114,
o > > from trx/trx0i_s.c:36:
o > > ../../include/mysql/psi/mysql_thread.h💯 error: expected specifier-qualifier-list before 'pthread_rwlock_t'
o > > ../../include/mysql/psi/mysql_thread.h:116: error: expected specifier-qualifier-list before 'pthread_rwlock_t'
o > > ../../include/mysql/psi/mysql_thread.h: In function 'inline_mysql_rwlock_init':
o > > ../../include/mysql/psi/mysql_thread.h:711: error: 'mysql_rwlock_t' has no member named 'm_psi'
o > > ../../include/mysql/psi/mysql_thread.h:716: error: 'mysql_rwlock_t' has no member named 'm_rwlock'
o > > .... ((continued))
o
o Intel's icc gives slightly clearer messages:
o > > icc -static-intel -static-libgcc -DHAVE_CONFIG_H -I. -I../../include -I../../include -I../../include -I../../regex -I./include -I../../sql -I. -I../../zlib -O3 -g -unroll2 -ip -mp -restrict -no-ftz -no-prefetch -DUNIV_LINUX -MT libinnobase_a-trx0i_s.o -MD -MP -MF .deps/libinnobase_a-trx0i_s.Tpo -c -o libinnobase_a-trx0i_s.o `test -f 'trx/trx0i_s.c' || echo './'`trx/trx0i_s.c
o > > ../../include/my_pthread.h(628): error: identifier "pthread_rwlock_t" is undefined
o > > extern int rw_pr_init(rw_pr_lock_t *);
o > > ^
o > >
o > > ../../include/mysql/psi/mysql_thread.h(100): error: identifier "pthread_rwlock_t" is undefined
o > > rw_lock_t m_rwlock;
o > > ^
o > >
o > > ../../include/mysql/psi/mysql_thread.h(116): error: identifier "pthread_rwlock_t" is undefined
o > > rw_pr_lock_t m_prlock;
o > > ^
col equal to itself!
There's no need to copy the value of a field into itself.
While generally harmless (except for some performance penalties)
it may be dangerous when the copy code doesn't expect this.
Fixed by checking if the source field is the same as the destination
field before copying the data.
Note that we must preserve the order of assignment of the null
flags (hence the null_value assignment addition).
The reason of the failure was apparent flaw in that a pointer to an uninitialized buffer was
passed to DBUG_PRINT of Protocol_text::store().
Fixed with splitting the print-out into two branches:
one with length zero of the problematic arg and the rest.
function on windows
When making sure that the directory path ends up with a
slash/backslash we need to check for the correct length of
the buffer and trim at the appropriate location so we don't
write past the end of the buffer.
CHECK_FIELD_IGNORE was treated as CHECK_FIELD_ERROR_FOR_NULL;
UPDATE...SET...NULL on NOT NULL fields behaved differently after
a trigger.
Now distinguishes between IGNORE and ERROR_FOR_NULL and save/restores
check-field options.
myisam tables
Queries following TRUNCATE of partitioned MyISAM table
may crash server if myisam_use_mmap is true.
Internally this is MyISAM bug, but limited to partitioned
tables, because MyISAM doesn't use ::delete_all_rows()
method for TRUNCATE, but goes via table recreate instead.
MyISAM didn't properly fall back to non-mmaped I/O after
mmap() failure. Was not repeatable on linux before, likely
because (quote from man mmap):
SUSv3 specifies that mmap() should fail if length is 0.
However, in kernels before 2.6.12, mmap() succeeded in
this case: no mapping was created and the call returned
addr. Since kernel 2.6.12, mmap() fails with the error
EINVAL for this case.
Problem: caseup_multiply and casedn_multiply members
were not initialized for a dynamic collation, so
UPPER() and LOWER() functions returned empty strings.
Fix: initializing the members properly.
Adding tests:
mysql-test/r/ctype_ldml.result
mysql-test/t/ctype_ldml.test
Applying the fix:
mysys/charset.c
(Original patch by Sinisa Milivojevic)
The YEAR(4) value of 2000 was equal to the "bad" YEAR(4) value of 0000.
The get_year_value() function has been modified to not adjust bad
YEAR(4) value to 2000.
