The problem is that a unfiltered user query was being passed as
the format string parameter of sql_print_warning which later
performs printf-like formatting, leading to crashes if the user
query contains formatting instructions (ie: %s). Also, it was
using THD::query as the source of the user query, but this
variable is not meaningful in some situations -- in a delayed
insert, it points to the table name.
The solution is to pass the user query as a parameter for the
format string and use the function parameter query_arg as the
source of the user query.
mysql-test/suite/binlog/r/binlog_unsafe.result:
Add test case result for Bug#42634
mysql-test/suite/binlog/t/binlog_unsafe.test:
Add test case for Bug#42634
sql/sql_class.cc:
Don't pass the user query as a format string.
functions
String::realloc() did not check whether the existing string data fits in the newly
allocated buffer for cases when reallocating a String object with external buffer
(i.e.alloced == FALSE). This could lead to memory overruns in some cases.
mysql-test/r/func_str.result:
Added a test case for bug #41868.
mysql-test/t/func_str.test:
Added a test case for bug #41868.
sql/sql_class.cc:
After each call to Item::send() in select_send::send_data() reset buffer to its
original state to reduce unnecessary malloc() calls. See comments for bug #41868
for detailed analysis.
sql/sql_string.cc:
Fixed String::realloc() to check whether the existing string data fits in the newly allocated buffer for cases when reallocating a String object with external buffer.
The function thd_security_context allocates memory on an unprotected MEM_ROOT if the
message length becomes longer than requested and the initial buffer memory needs to
be reallocated.
This patch fixes the design error by copying parts of the reallocated buffer
to the destination buffer. This works because the destination buffer isn't
owned by the String object and thus isn't freed when a new buffer is allocated.
Any new memory allocated by the String object is reclaimed when the object
is destroyed at the end of the function call.
Innodb monitor could cause a server crash because of invalid access to a
shared variable in a concurrent environment.
This patch adds a guard to protect against crashes but not against
inconsistent values because of performance reasons.
sql/sql_class.cc:
* Attempt snapshot of static memory pointer proc_info to avoid null pointers.
When statement-based replication is used, and the
transaction isolation level is READ-COMMITTED or stricter,
InnoDB will print an error because statement-based
replication might lead to inconsistency between master
and slave databases. However, when the binary log is not
engaged, this is not an issue and an error should
not be printed.
This patch makes thd_binlog_format() return BINLOG_FORMAT_
UNSPEC when the binary log is not engaged for the given
thread.
mysql-test/t/innodb_mysql.test:
Adding test that no error message is printed from inside
InnoDB when the binary log is turned off.
Debug builds of MySQL 5.1, 6.0 with Sun Studio 12 broke because of
use of gcc specific feature.
The fix is to replace __FUNCTION__ with the corresponding character string
Debug builds of MySQL 5.1, 6.0 with Sun Studio 12 broke because of
use of gcc specific feature.
The fix is to replace __FUNCTION__ with the corresponding character
string
The failure was caused by executing a CREATE-SELECT statement that creates a
table in another database than the current one. In row-based logging, the
CREATE statement was written to the binary log without the database, hence
creating the table in the wrong database, causing the following inserts to
fail since the table didn't exist in the given database.
Fixed the bug by adding a parameter to store_create_info() that will make
the function print the database name before the table name and used that
in the calls that write the CREATE statement to the binary log. The database
name is only printed if it is different than the currently selected database.
The output of SHOW CREATE TABLE has not changed and is still printed without
the database name.
mysql-test/suite/rpl/t/rpl_row_create_table.test:
Added test to check that CREATE-SELECT into another database than the
current one replicates.
sql/sql_insert.cc:
Adding parameter to calls to store_create_info().
sql/sql_show.cc:
Adding parameter to calls to store_create_info().
Extending store_create_info() with parameter 'show_database' that will cause
the database to be written before the table name.
sql/sql_show.h:
Adding parameter to call to store_create_info() to tell if the database should be shown or not.
sql/sql_table.cc:
Adding parameter to calls to store_create_info().
NO_BACKSLASH_ESCAPES was not heeded in LOAD DATA INFILE
and SELECT INTO OUTFILE. It is now.
mysql-test/r/loaddata.result:
Show that SQL-mode NO_BACKSLASH_ESCAPES is heeded in
INFILE/OUTFILE, and that dump/restore cycles work!
mysql-test/t/loaddata.test:
Show that SQL-mode NO_BACKSLASH_ESCAPES is heeded in
INFILE/OUTFILE, and that dump/restore cycles work!
sql/sql_class.cc:
Add function to enquire whether ESCAPED BY was given.
When doing SELECT...OUTFILE, use ESCAPED BY if specifically
given; otherwise use sensible default value depending on
SQL-mode features NO_BACKSLASH_ESCAPES.
sql/sql_class.h:
Add function to enquire whether ESCAPED BY was given.
sql/sql_load.cc:
When doing LOAD DATA INFILE, use ESCAPED BY if specifically
given; otherwise use sensible default value depending on
SQL-mode features NO_BACKSLASH_ESCAPES.
The assertion indicates that some data was left in the transaction
cache when the server was shut down, which means that a previous
statement did not commit or rollback correctly.
What happened was that a bug in the rollback of a transactional
table caused the transaction cache to be emptied, but not reset.
The error can be triggered by having a failing UPDATE or INSERT,
on a transactional table, causing an implicit rollback.
Fixed by always flushing the pending event to reset the state
properly.
mysql-test/extra/rpl_tests/rpl_row_basic.test:
Testing that a failed update (that writes some rows to the
transaction cache) does not cause the transaction cache to
hold on to the data or forget to reset the transaction cache.
sql/log.cc:
Added call to remove pending event when the transaction cache
is emptied instead of written to binary log. The call will also
clear the outstanding table map count so that the cache is not
left it in a state of "empty but not reset".
Added function MYSQL_BIN_LOG::remove_pending_rows_event().
sql/log.h:
Added function MYSQL_BIN_LOG::remove_pending_rows_event().
sql/sql_class.cc:
Adding function THD::binlog_remove_pending_rows_event().
sql/sql_class.h:
Adding function THD::binlog_remove_pending_rows_event().
include/my_global.h:
Moving YESNO() macro here from log.cc (it prints either "yes" or "no" depending on a boolean value).
sql/log.cc:
Moving YESNO() function to my_global.h.
sql/sql_class.cc:
Adding default case to printout function to avoid warning.
Only defining function for debug builds since it isn't used
in non-debug build (hence produce a warning).
sql/sql_class.h:
Printing yes/no answer instead of memory address since the
case produces an error/warning on valgrind platform.
The failure was caused by executing a CREATE-SELECT statement that creates a
table in another database than the current one. In row-based logging, the
CREATE statement was written to the binary log without the database, hence
creating the table in the wrong database, causing the following inserts to
fail since the table didn't exist in the given database.
Fixed the bug by adding a parameter to store_create_info() that will make
the function print the database name before the table name and used that
in the calls that write the CREATE statement to the binary log. The database
name is only printed if it is different than the currently selected database.
The output of SHOW CREATE TABLE has not changed and is still printed without
the database name.
mysql-test/suite/rpl/r/rpl_row_create_table.result:
Result file change.
mysql-test/suite/rpl/t/rpl_row_create_table.test:
Added test to check that CREATE-SELECT into another database than the
current one replicates.
sql/sql_insert.cc:
Adding parameter to calls to store_create_info().
sql/sql_show.cc:
Adding parameter to calls to store_create_info().
Extending store_create_info() with parameter 'show_database' that will cause
the database to be written before the table name.
sql/sql_show.h:
Adding parameter to call to store_create_info() to tell if the database should be shown or not.
sql/sql_table.cc:
Adding parameter to calls to store_create_info().
The problem of this bug is that we need to get the list of tables
to be updated for a multi-table update statement, which requires to
open all the tables referenced by the statement and resolve all
the fields involved in update in order to figure out the list of
tables for update. However if there are replicate filter rules,
some tables might not exist on slave and result in a failure
before we could examine the filter rules.
I think the whole problem can not be solved on slave alone,
the master must record and send the information of tables
involved for update to slave, so that the slave do not need to
open all the tables referenced by the multi-table update statement to
figure out which tables are involved for update.
So a status variable is added to Query_log event to store the
value of table map for update on master. And on slave, it will
try to get the value of this variable and use it to examine
filter rules without opening any tables on slave, if this values
is not available, the old approach is used and thus the bug will
still occur for when replicating from old masters.
sql/sql_class.h:
add member table_map_for_update to THD
sql/sql_parse.cc:
check filter rules by using table_map_for_update value
sql/sql_update.cc:
save the value of table_map_for_update
build)
The crash was caused by freeing the internal parser stack during the parser
execution.
This occured only for complex stored procedures, after reallocating the parser
stack using my_yyoverflow(), with the following C call stack:
- MYSQLparse()
- any rule calling sp_head::restore_lex()
- lex_end()
- x_free(lex->yacc_yyss), xfree(lex->yacc_yyvs)
The root cause is the implementation of stored procedures, which breaks the
assumption from 4.1 that there is only one LEX structure per parser call.
The solution is to separate the LEX structure into:
- attributes that represent a statement (the current LEX structure),
- attributes that relate to the syntax parser itself (Yacc_state),
so that parsing multiple statements in stored programs can create multiple
LEX structures while not changing the unique Yacc_state.
Now, Yacc_state and the existing Lex_input_stream are aggregated into
Parser_state, a structure that represent the complete state of the (Lexical +
Syntax) parser.
mysql-test/r/parser_stack.result:
Bug#35577 (CREATE PROCEDURE causes either crash or syntax error depending on
build)
mysql-test/t/parser_stack.test:
Bug#35577 (CREATE PROCEDURE causes either crash or syntax error depending on
build)
sql/sp.cc:
Bug#35577 (CREATE PROCEDURE causes either crash or syntax error depending on
build)
sql/sp_head.cc:
Bug#35577 (CREATE PROCEDURE causes either crash or syntax error depending on
build)
sql/sql_class.cc:
Bug#35577 (CREATE PROCEDURE causes either crash or syntax error depending on
build)
sql/sql_class.h:
Bug#35577 (CREATE PROCEDURE causes either crash or syntax error depending on
build)
sql/sql_lex.cc:
Bug#35577 (CREATE PROCEDURE causes either crash or syntax error depending on
build)
sql/sql_lex.h:
Bug#35577 (CREATE PROCEDURE causes either crash or syntax error depending on
build)
sql/sql_parse.cc:
Bug#35577 (CREATE PROCEDURE causes either crash or syntax error depending on
build)
sql/sql_prepare.cc:
Bug#35577 (CREATE PROCEDURE causes either crash or syntax error depending on
build)
sql/sql_trigger.cc:
Bug#35577 (CREATE PROCEDURE causes either crash or syntax error depending on
build)
sql/sql_view.cc:
Bug#35577 (CREATE PROCEDURE causes either crash or syntax error depending on
build)
sql/sql_yacc.yy:
Bug#35577 (CREATE PROCEDURE causes either crash or syntax error depending on
build)
The crash appeared to be a result of allocating an instance of Discrete_interval
automatically that that was referred in out-of-declaration scope.
Fixed with correcting backing up and restoring scheme of
auto_inc_intervals_forced, introduced by bug#33029, by means of shallow copying;
added simulation code that forces executing those fixes of the former bug that
targeted at master-and-slave having incompatible bug#33029-prone versions.
mysql-test/suite/bugs/r/rpl_bug33029.result:
new results file
mysql-test/suite/bugs/t/rpl_bug33029.test:
test merely checks no crash happens on slave.
sql/slave.cc:
forcing to execute special logics implemented for bug#33029 if
simulate_bug33029 the debug option is set.
sql/sql_class.cc:
swaps of backed and the actual auto_inc_intervals_forced basing on shallow coping.
sql/structs.h:
Removing the deep _copy() and methods associated with it;
adding methods to Discrete_intervals_list:
private `=', copy constructor to prevent using;
private set_members();
public copy_shallow(), swap(), get_{head, tail, current}();
empty_no_free() through set_members().
into bodhi.(none):/opt/local/work/mysql-5.1-27430
Makefile.am:
Auto merged
include/my_global.h:
Auto merged
mysql-test/include/mix1.inc:
Auto merged
sql/item.cc:
Auto merged
sql/my_decimal.h:
Auto merged
sql/mysqld.cc:
Auto merged
sql/set_var.cc:
Auto merged
sql/set_var.h:
Auto merged
sql/sp.cc:
Auto merged
sql/sp_head.cc:
Auto merged
sql/sql_base.cc:
Auto merged
sql/sql_class.cc:
Auto merged
sql/sql_class.h:
Auto merged
sql/sql_parse.cc:
Auto merged
sql/sql_table.cc:
Auto merged
sql/sql_update.cc:
Auto merged
sql/share/errmsg.txt:
Auto merged
sql/sql_yacc.yy:
Auto merged
libmysqld/CMakeLists.txt:
Manual merge.
libmysqld/lib_sql.cc:
Manual merge.
mysql-test/t/disabled.def:
Manual merge.
PREPARE": rename members, methods, classes to follow the spec
(a code review request)
sql/mysql_priv.h:
enum_metadata_type -> enum_table_ref_type
sql/sp_head.cc:
Metadata_version_observer -> Reprepare_observer
sql/sql_base.cc:
metadata -> table_ref
sql/sql_class.cc:
Replace an abstract interface with a concrete implementation.
sql/sql_class.h:
enum_metadata_type -> enum_table_ref_type
sql/sql_prepare.cc:
Move implementation of Execute_observer to sql_class.cc and
rename the class to Reprepare_observer.
Use getters instead of direct access to the members.
sql/table.h:
metadata -> table_ref
subselects into account
It is forbidden to use the SELECT INTO construction inside UNION statements
unless on the last SELECT of the union. The parser records whether it
has seen INTO or not when parsing a UNION statement. But if the INTO was
legally used in an outer query, an error is thrown if UNION is seen in a
subquery. Fixed in 5.0 by remembering the nesting level of INTO tokens and
mitigate the error unless it collides with the UNION.
mysql-test/r/union.result:
Bug#32858: Test result
mysql-test/t/union.test:
Bug#32858: Test case
sql/sql_class.cc:
Bug#32858: Initializing new member
sql/sql_class.h:
Bug#32858: Added property nest_level to select_result class.
sql/sql_yacc.yy:
Bug#32858: The fix.
into bodhi.(none):/opt/local/work/mysql-5.1-27430
include/my_global.h:
Auto merged
mysql-test/r/grant.result:
Auto merged
mysql-test/t/disabled.def:
Auto merged
mysql-test/t/grant.test:
Auto merged
sql/item.cc:
Auto merged
sql/mysql_priv.h:
Auto merged
sql/mysqld.cc:
Auto merged
sql/set_var.cc:
Auto merged
sql/sql_acl.cc:
Auto merged
sql/sql_class.cc:
Auto merged
sql/sql_class.h:
Auto merged
sql/sql_parse.cc:
Auto merged
sql/sql_table.cc:
Auto merged
sql/sql_yacc.yy:
Auto merged
sql/table.h:
Auto merged
storage/myisam/mi_create.c:
Auto merged
tests/mysql_client_test.c:
Auto merged
sql/share/errmsg.txt:
Manual merge.
Add metadata validation to ~20 more SQL commands. Make sure that
these commands actually work in ps-protocol, since until now they
were enabled, but not carefully tested.
Fixes the ml003 bug found by Matthias during internal testing of the
patch.
mysql-test/r/ps_ddl.result:
Update test results (WL#4165)
mysql-test/t/ps_ddl.test:
Cover with tests metadata validation of 26 SQL statements.
sql/mysql_priv.h:
Fix the name in the comment.
sql/sp_head.cc:
Changed the way the observer is removed in case of stored procedures
to support validation prepare stmt from "call p1(<expr>)": whereas
tables used in the expression must be validated, substatements
of p1 must not.
The previous scheme used to silence the observer only in stored
functions and triggers.
sql/sql_class.cc:
Now the observer is silenced in sp_head::execute(). Remove it from
Sub_statement_state.
sql/sql_class.h:
Now the observer is silenced in sp_head::execute(). Remove it from
Sub_statement_state.
sql/sql_parse.cc:
Add CF_REEXECUTION_FRAGILE to 20 more SQLCOMs that need it.
sql/sql_prepare.cc:
Add metadata validation to ~20 new SQLCOMs that need it.
Fix memory leaks with expressions used in SHOW DATABASES and CALL
(and prepared statements).
We need to fix all expressions at prepare, since if these expressions
use subqueries, there are one-time transformations of the parse
tree that must be done at prepare.
List of fixed commands includes: SHOW TABLES, SHOW DATABASES,
SHOW TRIGGERS, SHOW EVENTS, SHOW OPEN TABLES,SHOW KEYS, SHOW FIELDS,
SHOW COLLATIONS, SHOW CHARSETS, SHOW VARIABLES, SHOW TATUS, SHOW TABLE
STATUS, SHOW PROCEDURE STATUS, SHOW FUNCTION STATUS, CALL.
Add comment to set_parameters().
sql/table.h:
Update comments.
WL#4165 Prepared statements: validation
WL#4166 Prepared statements: automatic re-prepare
Fixes
Bug#27430 Crash in subquery code when in PS and table DDL changed after PREPARE
Bug#27690 Re-execution of prepared statement after table was replaced with a view crashes
Bug#27420 A combination of PS and view operations cause error + assertion on shutdown
The basic idea of the patch is to keep track of table metadata between
prepared statement prepare and execute. If some table used in the statement
has changed, the prepared statement is re-prepared before execution.
See WL#4165 and WL#4166 contents and comments in the code for details
of the implementation.
include/my_global.h:
Remove 'register' keyword to avoid warnings when swapping large structures
that don't fit into a register. Any modern compiler is capable of placing
a variable in a register when that would benefit performance.
mysql-test/r/ps_1general.result:
Update test results: since now we re-prepare automatically,
more correct results are produced in prepare-ddl-execute scenario.
mysql-test/r/query_cache_merge.result:
Ensure that the table definition cache is large enough for
the test to pass in --ps-protocol
mysql-test/r/trigger.result:
Update test results to reflect automatic statement reprepare.
mysql-test/t/disabled.def:
Enable ps_ddl.test, which now passes.
mysql-test/t/ps_1general.test:
Since now we re-execute prepared statements after DDL successfully,
change the test to produce repeatable results. Remove expectancy of
an error in one place where now we automatically reprepare the prepared
statement.
mysql-test/t/query_cache_merge.test:
Ensure the table definition cache is large enough for the test to pass
in --ps-protocol
mysql-test/t/trigger.test:
Sinc
sql/item.cc:
Implement Item_param "copy" functionality, used at re-prepare of
a prepared statement.
We copy the type of the original parameter, and move the assigned value,
if any. Sic, the value is "moved", since it can be quite big --
e.g. in case we deal with a LONG DATA parameter.
It's essential to move the value from the old parameter since
at the time of re-prepare the client packet with the necessary information
may be not available.
sql/item.h:
Declare a new method used for reprepare.
sql/my_decimal.h:
Implement "swap()" functionality of class my_decimal to be
able to easily swap two decimal values.
sql/mysql_priv.h:
Declare enum_metadata_type.
sql/mysqld.cc:
Implement a status variable for the number of reprepared statements.
sql/sql_base.cc:
Implement metadata version validation.
sql/share/errmsg.txt:
Add two new error messages: ER_NEED_REPREPARE and ER_PS_REBIND.
The first error (theoretically) never reaches the user.
It is issued by the metadata validation framework when a metadata version
has changed between prepare and execute. Later on it's intercepted
and the statement is automatically re-prepared. Only if the error
has occurred repeatedly MAX_REPREPARE_ATTEMTS (3) times do we
return it to the user.
The second error is issued when after re-prepare we discover
that the metadata we sent over to the client using the binary
protocol differs drammatically from the new result set metadata
that the reprepared statement produces (e.g. number of result
set columns is different).
sql/sql_class.cc:
Implement metadata version validation framework.
sql/sql_class.h:
Declarations for metadata version validation framework.
sql/sql_parse.cc:
Mark commands for which we must invalidate and reprepare a prepared
statement when metadata has changed.
sql/sql_prepare.cc:
Implement WL#4165 and WL#4166 (limited support of metadata validation
and re-prepare).
sql/table.h:
Implement metadata validation.
tests/mysql_client_test.c:
Add a test case for WL#4166
If a binlog file is manually replaced with a namesake directory the internal purging did
not handle the error of deleting the file so that eventually
a post-execution guards fires an assert.
Fixed with reusing a snippet of code for bug@18199 to tolerate lack of the file but no other error
at an attempt to delete it.
The same applied to the index file deletion.
The cset carries pieces of manual merging.
mysql-test/r/binlog_index.result:
new results
mysql-test/r/ctype_big5.result:
results changed
mysql-test/suite/binlog/r/binlog_auto_increment_bug33029.result:
new results
mysql-test/suite/binlog/r/binlog_stm_blackhole.result:
new results
mysql-test/suite/binlog/t/binlog_auto_increment_bug33029.test:
cleanup. still todo: to let the test run multiple times w/o restarting the server (just ./mtr test)
mysql-test/suite/rpl/r/rpl_stm_auto_increment_bug33029.result:
results changed
mysql-test/suite/rpl/t/rpl_stm_auto_increment_bug33029.test:
guarding the test with statement format condition as the logics of the test requires
sql/log.cc:
two changes. One for the bug, other manual merge.
The bug change needs MYF(0) to pass to my_delete because not all error out of the function
are critical. The finer check is done on the caller of my_delete similarly how it was implemented
for bug@18199 fixes. Non-existance of a file is not a critical error.
sql/sql_class.cc:
manual merge, removing extra automatically brought hunk.
