Commit graph

76 commits

Author SHA1 Message Date
Marc Alff
385b4bf7ff Manual merge of mysql-5.0-bugteam -> mysql-5.1-bugteam
Note: NULL merge of sql/sql_yacc.yy, the fix for bug#38296 will be provided separately for 5.1
2008-08-11 16:44:13 -06:00
Marc Alff
394691cd90 Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.0 only : back porting the 6.0 patch manually

The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.

Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes

With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.

- calls to new/alloc are tested for a NULL result,

- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.

- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.

No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-11 10:10:00 -06:00
kostja@bodhi.(none)
16633169e4 Merge bk-internal.mysql.com:/home/bk/mysql-5.1
into  bodhi.(none):/opt/local/work/mysql-5.1-runtime
2007-06-01 12:12:06 +04:00
kostja@vajra.(none)
c759487769 5.1 version of a fix and test cases for bugs:
Bug#4968 ""Stored procedure crash if cursor opened on altered table"
Bug#6895 "Prepared Statements: ALTER TABLE DROP COLUMN does nothing"
Bug#19182 "CREATE TABLE bar (m INT) SELECT n FROM foo; doesn't work from 
stored procedure."
Bug#19733 "Repeated alter, or repeated create/drop, fails"
Bug#22060 "ALTER TABLE x AUTO_INCREMENT=y in SP crashes server"
Bug#24879 "Prepared Statements: CREATE TABLE (UTF8 KEY) produces a 
growing key length" (this bug is not fixed in 5.0)

Re-execution of CREATE DATABASE, CREATE TABLE and ALTER TABLE 
statements in stored routines or as prepared statements caused
incorrect results (and crashes in versions prior to 5.0.25).

In 5.1 the problem occured only for CREATE DATABASE, CREATE TABLE
SELECT and CREATE TABLE with INDEX/DATA DIRECTOY options).
  
The problem of bugs 4968, 19733, 19282 and 6895 was that functions
mysql_prepare_table, mysql_create_table and mysql_alter_table are not
re-execution friendly: during their operation they modify contents
of LEX (members create_info, alter_info, key_list, create_list),
thus making the LEX unusable for the next execution.
In particular, these functions removed processed columns and keys from
create_list, key_list and drop_list. Search the code in sql_table.cc 
for drop_it.remove() and similar patterns to find evidence.
  
The fix is to supply to these functions a usable copy of each of the
above structures at every re-execution of an SQL statement. 
  
To simplify memory management, LEX::key_list and LEX::create_list
were added to LEX::alter_info, a fresh copy of which is created for
every execution.
  
The problem of crashing bug 22060 stemmed from the fact that the above 
metnioned functions were not only modifying HA_CREATE_INFO structure 
in LEX, but also were changing it to point to areas in volatile memory
of the execution memory root.
   
The patch solves this problem by creating and using an on-stack
copy of HA_CREATE_INFO in mysql_execute_command.

Additionally, this patch splits the part of mysql_alter_table
that analizes and rewrites information from the parser into
a separate function - mysql_prepare_alter_table, in analogy with
mysql_prepare_table, which is renamed to mysql_prepare_create_table.
2007-05-28 15:30:01 +04:00
monty@mysql.com/narttu.mysql.fi
088e2395f1 WL#3817: Simplify string / memory area types and make things more consistent (first part)
The following type conversions was done:

- Changed byte to uchar
- Changed gptr to uchar*
- Change my_string to char *
- Change my_size_t to size_t
- Change size_s to size_t

Removed declaration of byte, gptr, my_string, my_size_t and size_s. 

Following function parameter changes was done:
- All string functions in mysys/strings was changed to use size_t
  instead of uint for string lengths.
- All read()/write() functions changed to use size_t (including vio).
- All protocoll functions changed to use size_t instead of uint
- Functions that used a pointer to a string length was changed to use size_t*
- Changed malloc(), free() and related functions from using gptr to use void *
  as this requires fewer casts in the code and is more in line with how the
  standard functions work.
- Added extra length argument to dirname_part() to return the length of the
  created string.
- Changed (at least) following functions to take uchar* as argument:
  - db_dump()
  - my_net_write()
  - net_write_command()
  - net_store_data()
  - DBUG_DUMP()
  - decimal2bin() & bin2decimal()
- Changed my_compress() and my_uncompress() to use size_t. Changed one
  argument to my_uncompress() from a pointer to a value as we only return
  one value (makes function easier to use).
- Changed type of 'pack_data' argument to packfrm() to avoid casts.
- Changed in readfrm() and writefrom(), ha_discover and handler::discover()
  the type for argument 'frmdata' to uchar** to avoid casts.
- Changed most Field functions to use uchar* instead of char* (reduced a lot of
  casts).
- Changed field->val_xxx(xxx, new_ptr) to take const pointers.

Other changes:
- Removed a lot of not needed casts
- Added a few new cast required by other changes
- Added some cast to my_multi_malloc() arguments for safety (as string lengths
  needs to be uint, not size_t).
- Fixed all calls to hash-get-key functions to use size_t*. (Needed to be done
  explicitely as this conflict was often hided by casting the function to
  hash_get_key).
- Changed some buffers to memory regions to uchar* to avoid casts.
- Changed some string lengths from uint to size_t.
- Changed field->ptr to be uchar* instead of char*. This allowed us to
  get rid of a lot of casts.
- Some changes from true -> TRUE, false -> FALSE, unsigned char -> uchar
- Include zlib.h in some files as we needed declaration of crc32()
- Changed MY_FILE_ERROR to be (size_t) -1.
- Changed many variables to hold the result of my_read() / my_write() to be
  size_t. This was needed to properly detect errors (which are
  returned as (size_t) -1).
- Removed some very old VMS code
- Changed packfrm()/unpackfrm() to not be depending on uint size
  (portability fix)
- Removed windows specific code to restore cursor position as this
  causes slowdown on windows and we should not mix read() and pread()
  calls anyway as this is not thread safe. Updated function comment to
  reflect this. Changed function that depended on original behavior of
  my_pwrite() to itself restore the cursor position (one such case).
- Added some missing checking of return value of malloc().
- Changed definition of MOD_PAD_CHAR_TO_FULL_LENGTH to avoid 'long' overflow.
- Changed type of table_def::m_size from my_size_t to ulong to reflect that
  m_size is the number of elements in the array, not a string/memory
  length.
- Moved THD::max_row_length() to table.cc (as it's not depending on THD).
  Inlined max_row_length_blob() into this function.
- More function comments
- Fixed some compiler warnings when compiled without partitions.
- Removed setting of LEX_STRING() arguments in declaration (portability fix).
- Some trivial indentation/variable name changes.
- Some trivial code simplifications:
  - Replaced some calls to alloc_root + memcpy to use
    strmake_root()/strdup_root().
  - Changed some calls from memdup() to strmake() (Safety fix)
  - Simpler loops in client-simple.c
2007-05-10 12:59:39 +03:00
sergefp@pylon.mylan
87d98bec74 Merge mysql.com:/home/psergey/mysql-5.0-merge
into  mysql.com:/home/psergey/mysql-5.1-merge
2007-03-29 12:24:23 +04:00
sergefp@mysql.com
399bc9861e Merge of BUG#26624 and BUG#26625 2007-03-29 10:35:28 +04:00
sergefp@mysql.com
ce3f182604 BUG#26625: crash in range optimizer (out of mem)
- Define Sql_alloc::operator new() as thow() so that C++ compiler
  handles NULL return values
(there is no testcase as there is no portable way to set limit on the 
amount of memory that a process can allocate)
2007-03-28 18:38:42 +04:00
monty@mysql.com/narttu.mysql.fi
3d34c6f957 Fixed windows compilation problems 2007-02-24 04:22:34 +02:00
kostja@bodhi.local
d7a63c0f6a Manual merge. 2007-01-15 13:10:07 +03:00
kent@kent-amd64.(none)
be15e3bc15 Merge mysql.com:/home/kent/bk/main/mysql-5.0
into  mysql.com:/home/kent/bk/main/mysql-5.1
2006-12-23 20:20:40 +01:00
kent@mysql.com/kent-amd64.(none)
226a5c833f Many files:
Changed header to GPL version 2 only
2006-12-23 20:17:15 +01:00
kostja@bodhi.local
758404b238 Merge bodhi.local:/opt/local/work/mysql-4.1-4968
into  bodhi.local:/opt/local/work/mysql-5.0-4968-pull-from-4.1
2006-12-12 01:23:30 +03:00
kostja@bodhi.local
90072e69b3 A fix and test cases for
Bug#4968 "Stored procedure crash if cursor opened on altered table"
Bug#19733 "Repeated alter, or repeated create/drop, fails"
Bug#19182 "CREATE TABLE bar (m INT) SELECT n FROM foo; doesn't work from 
stored procedure."
Bug#6895 "Prepared Statements: ALTER TABLE DROP COLUMN does nothing"
Bug#22060 "ALTER TABLE x AUTO_INCREMENT=y in SP crashes server"

Test cases for bugs 4968, 19733, 6895 will be added in 5.0.

Re-execution of CREATE DATABASE, CREATE TABLE and ALTER TABLE 
statements in stored routines or as prepared statements caused
incorrect results (and crashes in versions prior to 5.0.25).
In 5.1 the problem occured only for CREATE DATABASE, CREATE TABLE
SELECT and CREATE TABLE with INDEX/DATA DIRECTOY options).

The problem of bugs 4968, 19733, 19282 and 6895 was that functions
mysql_prepare_table, mysql_create_table and mysql_alter_table were not
re-execution friendly: during their operation they used to modify contents
of LEX (members create_info, alter_info, key_list, create_list),
thus making the LEX unusable for the next execution.
In particular, these functions removed processed columns and keys from
create_list, key_list and drop_list. Search the code in sql_table.cc 
for drop_it.remove() and similar patterns to find evidence.

The fix is to supply to these functions a usable copy of each of the
above structures at every re-execution of an SQL statement. 

To simplify memory management, LEX::key_list and LEX::create_list
were added to LEX::alter_info, a fresh copy of which is created for
every execution.

The problem of crashing bug 22060 stemmed from the fact that the above 
metnioned functions were not only modifying HA_CREATE_INFO structure in 
LEX, but also were changing it to point to areas in volatile memory of 
the execution memory root.
 
The patch solves this problem by creating and using an on-stack
copy of HA_CREATE_INFO (note that code in 5.1 already creates and
uses a copy of this structure in mysql_create_table()/alter_table(),
but this approach didn't work well for CREATE TABLE SELECT statement).
2006-12-08 02:20:09 +03:00
gkodinov@dl145s.mysql.com
ce8ed889d7 Merge dl145s.mysql.com:/data/bk/team_tree_merge/MERGE/mysql-5.0-opt
into  dl145s.mysql.com:/data/bk/team_tree_merge/MERGE/mysql-5.1
2006-09-18 12:57:20 +02:00
igor@rurik.mysql.com
0e96978cf6 Fixed bug #16081: row equalities were not taken into
account by the optimizer.
Now all row equalities are converted into conjunctions of
equalities between row elements. They are taken into account
by the optimizer together with the original regular equality
predicates.
2006-09-01 04:23:04 -07:00
lars@mysql.com
ad126d90e0 WL#1012: All changes as one single changeset.
This includes both code and test cases.
2005-12-22 06:39:02 +01:00
timour@mysql.com
cc7d1268c4 WL#2486 - Natural/using join according to SQL:2003.
Post-review fixes according to Monty's review.
2005-11-28 21:57:50 +02:00
konstantin@mysql.com
6f8d3c4844 A fix and a test case for Bug#6513 "Test Suite: Values inserted by using
cursor is interpreted latin1 character and Bug#9819 "Cursors: Mysql Server
Crash while fetching from table with 5 million records."
A fix for a possible memory leak when fetching into an SP cursor
in a long loop.
The patch uses a common implementation of cursors in the binary protocol and 
in stored procedures and implements materialized cursors.
For implementation details, see comments in sql_cursor.cc
2005-09-22 02:11:21 +04:00
konstantin@mysql.com
fb7be5270f Add a comment about I_List<> copy constructor. 2005-08-22 19:23:01 +04:00
serg@serg.mylan
23a59c9857 merged 2005-05-19 15:20:10 +02:00
serg@serg.mylan
8044488d7c merged 2005-05-18 22:14:08 +02:00
sergefp@mysql.com
f08287f386 Fix for BUG#10095: {wrong query results because of incorrect constant propagation}
The problem: base_list::remove didn't modify base_list::last when removing 
the last list element.
The fix: If we remove the last element, find the element before it (by walking
from the beginning of the list) and set base_list::last accordingly.

The list gets corrupted in both 4.0 and 4.1. There are no visible problems in 
current 4.1 because current 4.1 doesn't call where_cond->fix_fields() after 
constant propagation step.
2005-05-15 22:56:45 +02:00
msvensson@neptunus.(none)
34cec09efb Merge neptunus.(none):/home/msvensson/mysql/bug10241
into neptunus.(none):/home/msvensson/mysql/mysql-5.0
2005-05-09 11:26:48 +02:00
msvensson@neptunus.(none)
5b5565c30a BUG#10241 cygwin port: invalid pragma interface directives
- Introduce ifdefs so we can control when to use #pragma interface on cygwin
2005-05-04 15:05:56 +02:00
monty@mysql.com
38d1a42481 Merge with 4.1 2005-02-15 17:12:13 +02:00
konstantin@mysql.com
f7512e756f Fix signatures of placement operator delete in places where placement
delete is declared. As we don't use exceptions placement delete is never 
called and the fix only affects numerous warnings when
compiling with MS Visual C++.
For more info see http://www.gotw.ca/gotw/010.htm.
2005-02-15 03:55:44 +03:00
monty@mysql.com
ccb2f3381b Things missing in last changset
After merge fixes
Don't give duplicate warnings for some ::store() functions
2005-02-10 15:41:51 +02:00
monty@mysql.com
a1a39fab84 Merge with 4.1 2005-02-10 02:27:37 +02:00
monty@mysql.com
79ec81071a Better bugfix for "HAVING when refering to RAND()" (Bug #8216)
Ensure that references in HAVING, ORDER BY or GROUP BY are calculated after fields in SELECT.
This will ensure that any reference to these has a valid value.
Generalized the code for split_sum_func()
2005-02-08 14:41:09 +02:00
serg@serg.mylan
f09429a4df protection: TRASH in delete
fixed a bug that it discovered
2004-11-28 15:53:17 +01:00
monty@mysql.com
2bba55b57f After merge fixes
Added push_back(void *, MEM_ROOT *) to make some list-handling code easier that needs to be allocated in a different mem-root
(Before one had to change thd->mem_root ; push_back(); restore mem_root.
2004-11-09 03:58:44 +02:00
monty@mysql.com
afbe601302 merge with 4.1 2004-10-29 19:26:52 +03:00
monty@mysql.com
3afecef4df Fix compiler warnings (detected by Intel's C++ compiler)
Fixed checking of privilege handling in CREATE ... SELECT (Bug #6094)
2004-10-22 18:44:51 +03:00
igor@rurik.mysql.com
71f6ab7a09 Merge for Item_equal. 2004-10-09 10:34:13 -07:00
monty@mysql.com
31122efde7 Merge with 4.1
(Includes merge of arena code in 4.1 and 5.0)
2004-09-06 15:14:10 +03:00
serg@serg.mylan
3de8784b17 safemalloc always resets the free'd memory, not only when PEDANTIC_SAFEMALLOC 2004-07-26 21:33:42 +02:00
pem@mysql.com
dfd59e296e Merge 4.1 -> 5.0. 2004-04-07 19:07:44 +02:00
monty@mysql.com
350b433569 merge with 4.0 2004-03-16 22:41:30 +02:00
monty@mysql.com
b9c4ee353d Rollback UPDATE/DELETE statements on kill
nsure that rows in a multi-row INSERT DELAYED are inserted atomicly
2004-03-04 18:16:10 +02:00
serg@serg.mylan
21a0716e84 qnx qcc compatibility fix 2004-02-19 13:41:32 +01:00
igor@rurik.mysql.com
f18e0068ba Manual merge 2004-02-19 01:09:54 -08:00
igor@rurik.mysql.com
09fa16424a Many files:
After review fixes for Item_equal.
2004-02-18 22:21:37 -08:00
pem@mysql.com
c8585f3283 Merge 4.1 into 5.0. 2004-02-10 18:44:02 +01:00
serg@serg.mylan
4e4d618683 catch accesses to deleted objects
double delete bug fixed
2004-01-30 08:09:42 +01:00
igor@rurik.mysql.com
e235d796c9 Merge 2003-12-01 18:47:19 -08:00
igor@rurik.mysql.com
1a9be364dd range.test:
Added tests for != predicate.
sql_select.cc:
  Fixing bugs in Item_equal code:
  added a parameter in substitute_for_equal_field;
  modified eliminate_item_equal.
sql_list.h:
  Cleanup
2003-12-01 18:19:31 -08:00
pem@mysql.com
6e717133c5 Merge 4.1 to 5.0 2003-12-01 16:14:40 +01:00
monty@mysql.com
ede8169d24 Added missing SSL library (Should be in source distribution)
Fixed compiler warnings (a lot of hidden variables detected by the Forte compiler)
Added a lot of 'version_xxx' strings to 'show variables'
Prevent copying of TMP_TABLE_PARAM (This caused core dump bug on Solaris)
Fixed problem with printing sub selects to debug log
2003-11-28 12:18:13 +02:00
igor@rurik.mysql.com
1a3a62c390 Post-merge after introducing Item_equal 2003-11-26 17:57:43 -08:00