- Problem: data separators were copied to a fixed-size buffer
on the stack; memcpy was used, without bounds checking; a
server crash could result if long FIELDS ENCLOSED BY, etc.,
was given
- Fix: write the separators directly, instead of copying to
a buffer first (in select_export::send_data())
sql/sql_class.cc:
In select_export::send_data(), write data separators
directly, instead of copying into a fixed-size memory
buffer before writing. This avoids a buffer overflow
when very large separators are specified.
TABLE ... WRITE".
CPU hogging occured when connection which had to wait for table lock was
serviced by thread which previously serviced connection that was killed
(note that connections can reuse threads if thread cache is enabled).
One possible scenario which exposed this problem was when thread which
provided binlog dump to replication slave was implicitly/automatically
killed when the same slave reconnected and started pulling data through
different thread/connection.
In 5.* versions memory hogging was added to CPU hogging. Moreover in
those versions the problem also occured when one killed particular query
in connection (using KILL QUERY) and later this connection had to wait for
some table lock.
This problem was caused by the fact that thread-specific mysys_var::abort
variable, which indicates that waiting operations on mysys layer should
be aborted (this includes waiting for table locks), was set by kill
operation but was never reset back. So this value was "inherited" by the
following statements or even other connections (which reused the same
physical thread). Such discrepancy between this variable and THD::killed
flag broke logic on SQL-layer and caused CPU and memory hogging.
This patch tries to fix this problem by properly resetting this member.
There is no test-case associated with this patch since it is hard to test
for memory/CPU hogging conditions in our test-suite.
sql/mysqld.cc:
We should not forget to reset THD::mysys_var::abort after kill operation
if we are going to use thread to which this operation was applied for
handling of other connections.
differences in tables
Certain merge tables were wrongly reported as having incorrect definition:
- Some fields that are 1 byte long (e.g. TINYINT, CHAR(1)), might
be internally casted (in certain cases) to a different type on a
storage engine layer. (affects 4.1 and up)
- If tables in a merge (and a MERGE table itself) had short VARCHAR column (less
than 4 bytes) and at least one (but not all) tables were ALTER'ed (even to an
identical table: ALTER TABLE xxx ENGINE=yyy), table definitions went ouf of
sync. (affects 4.1 only)
This is fixed by relaxing a check for underlying conformance and setting
field type to FIELD_TYPE_STRING in case varchar is shorter than 4
when a table is created.
myisam/mi_create.c:
Added a comment.
mysql-test/r/merge.result:
A test case for bug#26881.
mysql-test/t/merge.test:
A test case for bug#26881.
sql/ha_myisam.cc:
Relaxed some checks performed by check_definition():
As comparing of fulltext keys (and key segments) is not yet implemented,
only return an error in case one of keys is fulltext and other is not.
Otherwise, if both keys are fulltext, accept them as is.
As comparing of spatial keys (and key segments) is not yet implemented,
only return an error in case one of keys is spatial and other is not.
Otherwise, if both keys are spatial, accept them as is.
A workaround to handle situation when field is casted from FIELD_SKIP_ZERO
to FIELD_NORMAL. This could happen only in case field length is 1 and row
format is fixed.
sql/sql_parse.cc:
When a table that has varchar field shorter than 4 is created, field type is
set to FIELD_TYPE_VAR_STRING. Later, when a table is modified using alter
table, field type is changed to FIELD_TYPE_STRING (see Field_string::type).
That means HA_OPTION_PACK_RECORD flag might be lost and thus null_bit might
be shifted by alter table, in other words alter table doesn't create 100%
equal table definition.
This is usually not a problem, since when a table is created/altered,
definition on a storage engine layer is based on one that is passed from
sql layer. But it is a problem for merge engine - null_bit is shifted when
a table (merge or underlying) is altered.
Set field type to FIELD_TYPE_STRING in case FIELD_TYPE_VAR_STRING is shorter
than 4 when a table is created as it is done in Field::type.
incorrect key file for table
In certain cases it could happen that deleting a row could
corrupt an RTREE index.
According to Guttman's algorithm, page underflow is handled
by storing the page in a list for later re-insertion. The
keys from the stored pages have to be inserted into the
remaining pages of the same level of the tree. Hence the
level number is stored in the re-insertion list together
with the page.
In the MySQL RTree implementation the level counts from zero
at the root page, increasing numbers for levels down the tree.
If during re-insertion of the keys the tree height grows, all
level numbers become invalid. The remaining keys will be
inserted at the wrong level.
The fix is to increment the level numbers stored in the
reinsert list after a split of the root block during reinsertion.
myisam/rt_index.c:
Bug#25673 - spatial index corruption, error 126
incorrect key file for table
Added a loop in rtree_delete() to increment the level numbers
stored in the reinsert list after a split of the root block
during reinsertion.
Added comments and DBUG statements.
myisam/rt_key.c:
Bug#25673 - spatial index corruption, error 126
incorrect key file for table
Added DBUG statements.
myisam/rt_split.c:
Bug#25673 - spatial index corruption, error 126
incorrect key file for table
Added DBUG statements.
mysql-test/r/gis-rtree.result:
Bug#25673 - spatial index corruption, error 126
incorrect key file for table
Added the test result.
mysql-test/t/gis-rtree.test:
Bug#25673 - spatial index corruption, error 126
incorrect key file for table
Added a test.
Using INSERT DELAYED on MERGE tables could lead to table
corruptions.
The manual lists a couple of storage engines, which can be
used with INSERT DELAYED. MERGE is not in this list.
The attempt to try it anyway has not been rejected yet.
This bug was not detected earlier as it can work under
special circumstances. Most notable is low concurrency.
To be safe, this patch rejects any attempt to use INSERT
DELAYED on MERGE tables.
mysql-test/r/merge.result:
Bug#26464 - insert delayed + update + merge = corruption
Added test result.
mysql-test/t/merge.test:
Bug#26464 - insert delayed + update + merge = corruption
Added test.
sql/ha_myisammrg.h:
Bug#26464 - insert delayed + update + merge = corruption
Removed HA_CAN_INSERT_DELAYED flag from table_flags().
The insert delayed thread upgrades the lock from the first
entry in MYSQL_LOCK::locks only. Hence it is incapable to
handle MERGE tables, which have as many entries in this
array as they have MyISAM sub-tables.
- Add --debugger=dbx
- Fix --debugger=devenv, --debugger=DevEnv and --debugger=/path/devenv
mysql-test/mysql-test-run.pl:
Add support for --debugger=dbx to mysql-test-run.pl
Fix case senitive match for vc, vcexpress or deven
Make it possible to use full path to debugger for
--debugger=/path/vcexpress
When the ORDER BY clause gets fixed it's allowed to search in the current
item_list in order to find aliased fields and expressions. This is ok for a
SELECT but wrong for an UPDATE statement. If the ORDER BY clause will
contain a non-existing field which is mentioned in the UPDATE set list
then the server will crash due to using of non-existing (0x0) field.
When an Item_field is getting fixed it's allowed to search item list for
aliased expressions and fields only for selects.
sql/sql_base.cc:
Bug#25126: Wrongly resolved field leads to a crash.
When an Item_field is getting fixed it's allowed to search item list for
aliased expressions and fields only for selects.
sql/sql_select.cc:
Bug#25126: Wrongly resolved field leads to a crash.
When an Item_field is getting fixed it's allowed to search item list for
aliased expressions and fields only for selects.
mysql-test/r/update.result:
Added a test case for bug#25126: Wrongly resolved field leads to a crash.
mysql-test/t/update.test:
Added a test case for bug#25126: Wrongly resolved field leads to a crash.
