It was possible to crash a mysqld build with EXTRA_DEBUG using
CREATE TABLE ... COMMENT with a specially-crafted UTF-8 string.
This CS removes the check that caused it since it no longer
applies in current servers anyway, and adds comments instead
to avoid future confusion.
variable settings (rpl_sys)
Problem: under certain conditions (e.g. user variables usage in triggers)
accessing a user defined variable we may use a variables hash table that
belongs to already deleted thread. It happens if
thd= new THD;
has the same address as just deleted thd as we use
if (stored_thd == thd)
to check.
That may lead to unpredictable results, server crash etc.
Fix: use thread_id instead of thd address to distinguish threads.
Note: no simple and repeatable test case.
Problem: memory leak occurs when we open a federated table
that has its share in the hash.
Fix: free not used memory.
Note: the fix should NOT be merged to 5.1 (the code changed).
set but is ignored".
This patch makes @@session.max_allowed_packed and
@@session.net_buffer_length read-only as suggested in the bug
report. The user will have to use SET GLOBAL (and reconnect)
to alter the session values of these variables.
The error string ER_VARIABLE_IS_READONLY is introduced.
Tests are modified accordingly.
Cache size is truncated via 32bit ulong in ha_init_key_cache() and
ha_resize_key_cache()
This change fixes the cast to size_t instead of ulong. This cast is safe,
because key_buffer_size parameter is limited to SIZE_T_MAX
That's a Win-specific error.
When we create libmysqld.dll we have many libraries like mysys, dbug,
strings, etc linked into that dll, so the application built upon
this library shouldn't link these libraries to itself, rather use
those inside the dll.
Fixed by redirecting calls into the libmysqld.dll
per-file comments:
dbug/dbug.c
Bug#38293 Libmysqld crash in mysql_library_init if language file missing
fake _db_something definitions added
include/my_dbug.h
Bug#38293 Libmysqld crash in mysql_library_init if language file missing
fake _db_something declarations added
libmysqld/examples/CMakeLists.txt
Bug#38293 Libmysqld crash in mysql_library_init if language file missing
superfluous libraries removed from linking
libmysqld/libmysqld.def
Bug#38293 Libmysqld crash in mysql_library_init if language file missing
set of mysys functions added to the export section
When a CSV file contained comma separated elements
that were not enclosed in quotes, it was causing the
mysql server to crash.
The old algorithm that parsed the content of a row in
mysql 5.0 was assuming that the values of the fields
in a .CSV file will be enclosed in quotes and will be
separated by commas.
This was causing the old algorithm to fail when the
content of the file resembled the following
3,"sans quotes"
The CSV engine that is part of mysql 5.0 was expecting
the above to be
"3","sans quotes"
The above is just one example of where the engine was
failing for what would be recognized as a valid .CSV
file content otherwise.
The proposed fix changes the old algorithm being used
to parse rows from the .CSV file to handle two separate
cases
1) When the current field of the row is enclosed in quotes
2) When the current field of the row is not enclosed in
quotes
Item_func_div didn't calculate the precision of the result properly.
The result of 5/0.0001 is 5000 so we have to add decimals of the divisor
to the planned precision.
per-file comments:
mysql-test/r/type_newdecimal.result
Bug#31616 div_precision_increment description looks wrong
test result fixed
mysql-test/t/type_newdecimal.test
Bug#31616 div_precision_increment description looks wrong
test case
sql/item_func.cc
Bug#31616 div_precision_increment description looks wrong
precision must be increased with args[1]->decimals parameter
The function thd_security_context allocates memory on an unprotected MEM_ROOT if the
message length becomes longer than requested and the initial buffer memory needs to
be reallocated.
This patch fixes the design error by copying parts of the reallocated buffer
to the destination buffer. This works because the destination buffer isn't
owned by the String object and thus isn't freed when a new buffer is allocated.
Any new memory allocated by the String object is reclaimed when the object
is destroyed at the end of the function call.
missing after downgrade
Obsolete arc/ directory and view .frm file backup support
has been removed by the patch for bug 17823. However, that
bugfix caused a problem with "live downgrades" of the
server: if we rename some view 4 times under 5.1.29/5.0.72
and then try to rename it under 5.1.28/5.0.70 on the same
database, the server fails with a error:
query 'RENAME TABLE ... TO ...' failed: 6: Error on
delete of '....frm-0001' (Errcode: 2)
Also .frm file of that view may be lost (renamed to .frm~).
The server failed because it tried to rename latest 3
backup .frm files renaming the view: the server used an
integer value of the "revision" field of .frm file to
extract those file names. After the fix for bug 17823 those
files were not created/maintained any more, however the
"revision" field was incremented as usual. So, the server
failed renaming non existent files.
This fix solves the problem by removing the support for
"revision" .frm file field:
1. New server silently ignores existent "revision" fields
in old .frm files and never write it down;
2. Old server assumes, that missing "revision" field in new
.frm files means default value of 0.
3. Accordingly to the fix for bug 17823 the new server
drops arc/ directory on alter/rename view, so after
"live downgrade" old server begins maintenance of the
arc/ directory from scratch without conflicts with .frm
files.
status
The problem appears to be a race condition, when service is being
stopped right after startup. We set the service status to SERVICE_RUNNING
way too early it cannot yet handle stop requests - initialization has
not finished and hEventShutdown that signals server to stop is not yet
created. If somebody issues "net stop MySQL" at this time, MySQL is not
informed about the stop and continues to run as usual, while
NTService::ServiceMain() stucks forever waiting for mysql's "main" thread
to finish.
Solution is to remain in SERVICE_START_PENDING status until after server
initialization is fully complete and only then change the status to
SERVICE_RUNNING. In SERVICE_START_PENDING we do not accept service control
requests, i.e it is not possible to stop service in that time.
VARIABLE_VALUE field is decreased to 1024 symbols.
(affected I_S tables: GLOBAL_VARIABLES, SESSION_VARIABLES,
GLOBAL_STATUS, SESSION_STATUS).
The only variable which can be longer than 1024 is
init_connect. The variable will be truncated with warning.
Additional fix:
Added where condition filter which speed up queries which
have where condition with expressions which use VARIABLE_NAME
field.
changed 'charset', 'collation' field length from 64 to MY_CS_NAME_SIZE(32)
in tables:
SCHEMATA, TABLES, COLUMNS, CHARACTER_SETS,
COLLATIONS, COLLATION_CHARACTER_SET_APPLICABILITY
Occurred with EXTRA_DEBUG on windows.
Problem was insufficient length of a local variable that stored path names.
Solution was to use the correct length.
With fix for bug 25951 index hints are ignored for fulltext
searches, as handling of fulltext indexes is different from
handling regular indexes. Meaning it is not possible to
implement true index hints support for fulltext indexes within
the scope of current fulltext architecture.
The problem is that prior to fix for bug 25951, some useful
index hints still could be given for boolean mode searches.
This patch implements special index hints support for fulltext
indexes with the following characteristics:
- all index hints are still ignored for NLQ mode searches -
it cannot work without an index;
- for 5.1 and up index hints FOR ORDER BY and FOR GROUP BY are
still ignored for fulltext indexes;
- boolean mode searches honor USE/FORCE/IGNORE INDEX hints;
- as opposed to index hints for regular indexes, index hints
for fulltext BOOLEAN mode searches affect the usage of the
index for the whole query.
on tables with partitions
Problem was that the handler function try_semi_consistent_read
was not propagated to the innodb handler.
Solution was to implement that function in the partitioning
handler.
Innodb monitor could cause a server crash because of invalid access to a
shared variable in a concurrent environment.
This patch adds a guard to protect against crashes but not against
inconsistent values because of performance reasons.
The convert_constant_item function converts a constant to integer using
field for condition like 'field = a_constant'. In some cases the
convert_constant_item is called for a subquery when outer select is already
being executed, so convert_constant_item saves field's value to prevent its
corruption. For EXPLAIN and at the prepare phase field's value isn't
initialized yet, thus when convert_constant_item tries to restore saved
value it fails assertion.
Now the convert_constant_item doesn't save/restore field's value if it's
haven't been read yet. Outer constant values are always saved.
order by
Problem was that the first index read was unordered,
and the next was ordered, resulting in use of
uninitialized data.
Solution was to use the correct variable to see if
the 'next' call should be ordered or not.
