Commit graph

522 commits

Author SHA1 Message Date
Sergei Golubchik
531935992a test fixes for FreeBSD
* FreeBSD returns errno 31 (EMLINK, Too many links),
  not 40 (ELOOP, Too many levels of symbolic links)
* (`mysqlbinlog|mysql`) was just crazy, why did it ever work?
* socket_ipv6.inc check (that checked whether ipv6 is supported)
  only worked correctly when ipv6 was supported
* perfschema.socket_summary_by_instance was changing global variables
  and then skip-ing the test (because on missing ipv6)
2022-05-04 19:34:20 +02:00
Oleksandr Byelkin
9614fde1aa Merge branch '10.2' into 10.3 2022-05-03 10:59:54 +02:00
Sergei Golubchik
6f6c74b0d1 Merge branch '10.2' into 10.3 2022-04-21 10:05:50 +02:00
Oleg Smirnov
7498978e6a MDEV-27699 ANALYZE FORMAT=JSON fields are incorrect for UNION ALL queries
UNION ALL queries are a subject of optimization introduced in MDEV-334
when creation of a temporary table is skipped.
While there is a check for this optimization in Explain_union::print_explain()
there was no such in Explain_union::print_explain_json(). This resulted in
printing irrelevant data like:
  "union_result": {
    "table_name": "<union2,3>",
    "access_type": "ALL",
    "r_loops": 0,
    "r_rows": null
in case when creation of the temporary table was actually optimized out.
This commits adds a check whether the temporary table was actually created
during the UNION ALL processing and eliminates printing of the irrelevant data.
2022-04-18 07:50:14 +03:00
Alexander Barkov
9d734cdd61 Merge remote-tracking branch 'origin/10.2' into 10.3 2022-04-14 11:50:34 +04:00
Alexander Barkov
2ae92e8981 MDEV-28267 ASAN heap-use-after-free in Item_sp::func_name_cstring
This crash happens on a combination of multiple conditions:

- There is a thead#1 running an "ANALYZE FORMAT=JSON" query for a
  "SELECT .. FROM INFORMATION_SCHEMA.COLUMNS WHERE .. "
- The WHERE clause contains a stored function call, say f1().
- The WHERE clause is built in the way so that the function f1()
  is never actually called, e.g.
    WHERE .. AND (TRUE OR f1()=expr)
- The database contains multiple VIEWs that have the function f1() call,
  e.g. in their <select list>
- The WHERE clause is built in the way so that these VIEWs match
  the condition.
- There is a parallel thread#2 running. It creates or drops or recreates
  some other stored routine, say f2(), which is not used in the ANALYZE query.
  It effectively invalidates the stored routine cache for thread#1
  without locking.
  Note, it is important that f2() is NOT used by ANALYZE query.
  Otherwise, thread#2 would be locked until the ANALYZE query
  finishes.

When all of the above conditions are met, the following happens:

1. thread#1 starts the ANALYZE query. It notices a call for the stored function
   f1() in the WHERE condition. The function f1() gets parsed and cached
   to the SP cache. Its address also gets assigned to Item_func_sp::m_sp.

2. thread#1 starts iterating through all tables that
   match the WHERE condition to find the information about their columns.

3. thread#1 processes columns of the VIEW v1.
   It notices a call for f1() in the VIEW v1 definition.
   But f1() is already cached in the step#1 and it is up to date.
   So nothing happens with the SP cache.

4. thread#2 re-creates f2() in a non-locking mode.
   It effectively invalidates the SP cache in thread#1.

5. thread#1 processes columns of the VIEW v2.
   It notices a call for f1() in the VIEW v2 definition.
   It also notices that the cached version of f1() is not up to date.
   It frees the old definition of f1(), parses it again, and puts a
   new version of f1() to the SP cache.

6. thread#1 finishes processing rows and generates the JSON output.
   When printing the "attached_condition" value, it calls
   Item_func_sp::print() for f1(). But this Item_func_sp links
   to the old (freed) version of f1().

The above scenario demonstrates that Item_func_sp::m_sp can point to an
alredy freed instance when Item_func_sp::func_name() is called,
so accessing to Item_sp::m_sp->m_handler is not safe.

This patch rewrites the code to use Item_func_sp::m_handler instead,
which is always reliable.

Note, this patch is only a cleanup for MDEV-28166 to quickly fix the regression.
It fixes MDEV-28267. But it does not fix the core problem:
The code behind I_S does not take into account that the SP
cache can be updated while evaluating rows of the COLUMNS table.
This is a corner case and it never happens with any other tables.
I_S.COLUMNS is very special.

Another example of the core problem is reported in MDEV-25243.
The code accesses to Item_sp::m_sp->m_chistics of an
already freed m_sp, again. It will be addressed separately.
2022-04-09 23:01:26 +04:00
Sergei Golubchik
d623b5a1dd MDEV-22282 When using mysqldump to backup a view that contains derived tables, the database name is prepended to each table in the view
derived tables have db = "", table_name = "*", those aren't real names
to be compared with.
2022-04-09 11:49:11 +02:00
Alexander Barkov
3814b04d6b MDEV-28062 Assertion `(length % 4) == 0' failed in my_lengthsp_utf32 on INSERT..SELECT
Adding an MTR test only.

This problem was earlier fixed by the patch for:
  MDEV-28078 Garbage on multiple equal ENUMs with tricky character sets
2022-04-08 11:36:31 +04:00
Sergei Golubchik
b725a91757 MDEV-28253 Mysqldump - INVISIBLE column error 2022-04-07 23:02:23 +02:00
Alexander Barkov
7355f7b1f5 Adding MTR tests to cover how keywords of different kinds behave in various contexts 2022-04-07 06:13:22 +04:00
Marko Mäkelä
7c584d8270 Merge 10.2 into 10.3 2022-04-06 08:06:35 +03:00
Sergei Golubchik
2d2c3da8ec MDEV-27673 Warning after "select progress from information_schema.processlist"
after moving fields in optimize_schema_tables_memory_usage()
store default values into their new, moved, locations.
2022-04-05 13:09:44 +02:00
Dmitry Shulga
8c169f5e03 MDEV-28220: Assert failure in sp_head::~sp_head on parsing a syntax incorrect statement CREATE SEQUENCE ... RESTART inside CREATE PROCEDURE/CREATE FUNCTION
This bug report is about the same issue as MDEV-28129 and MDEV-21173.
The issue is that the macros YYABORT is called instead of MYSQL_YYABORT
on parse error. In result the method LEX::cleanup_lex_after_parse_error
is not called to clean up data structures created on parsing of
the statement.
2022-04-02 16:43:51 +07:00
Marko Mäkelä
020e7d89eb Merge 10.2 into 10.3 2022-03-29 09:53:15 +03:00
Igor Babaev
e048289e55 MDEV-27937 Assertion failure when executing prepared statement with ? in IN list
This bug affected queries with IN predicates that contain parameter markers
in the value list. Such queries are executed via prepared statements.
The problem appeared only if the number of elements in the value list
was greater than the set value of the system variable
in_predicate_conversion_threshold.

The patch unconditionally prohibits conversion of an IN predicate to the
equivalent IN predicand if the value list of the IN predicate contains
parameters markers.

Approved by Oleksandr Byelkin <sanja@mariadb.com>
2022-03-25 14:14:51 -07:00
Igor Babaev
bbf02c85ba MDEV-24281 Reading from freed memory when running main.view with --ps-protocol
This bug could affect prepared statements for the command CREATE VIEW with
specification that contained unnamed basic constant in select list. If
generation of a valid name for the corresponding view column required
resolution of conflicts with names of other columns that were explicitly
defined then execution of such prepared statement and following deallocation
of this statement led to reading from freed memory.

Approved by Oleksandr Byelkin <sanja@mariadb.com>
2022-03-23 12:50:50 -07:00
Alexander Barkov
0812d0de8d MDEV-28131 Unexpected warning while selecting from information_schema.processlist
Problem:

DECIMAL columns in I_S must be explicitly set of some value.

I_S columns do not have `DEFAULT 0` (after MDEV-18918), so during
restore_record() their record fragments pointed by Field::ptr are
initialized to zero bytes 0x00.
But an array of 0x00's is not a valid binary DECIMAL value.
So val_decimal() called for such Field_new_decimal generated a warning
when seeing a wrong binary encoded DECIMAL value in the record.

Fix:

Explicitly setting INFORMATION_SCHEMA.PROCESSLIST.PROGRESS
to the decimal value of 0 if no progress information is available.
2022-03-21 16:42:58 +04:00
Oleksandr Byelkin
fbc1cc974e MDEV-26009 Server crash when calling twice procedure using FOR-loop
The problem was that instructions sp_instr_cursor_copy_struct and
sp_instr_copen uses the same lex, adding and removing "tail" of
prelocked tables and forgetting that tail of all tables is kept in
LEX::query_tables_last. If the LEX used only by one instruction
or the query do not have prelocked tables it is not important.
But to work correctly in all cases LEX::query_tables_last should
be reset to make new tables added in the correct list (after last
table in the LEX instead after last table of the prelocking "tail"
which was cut).
2022-03-21 07:55:57 +01:00
Sergei Golubchik
ecb6f9c894 MDEV-28095 crash in multi-update and implicit grouping
disallow implicit grouping in multi-update.
explicit GROUP BY is not allowed by the grammar.
2022-03-17 16:58:48 +01:00
Alexander Barkov
0e63023cb8 Merge branch 10.2 into 10.3 2022-03-16 12:49:13 +11:00
Daniel Black
a950086036 Merge 10.2 (part) into 10.3
commit '6de482a6fefac0c21daf33ed465644151cdf879f'

10.3 no longer errors in truncate_notembedded.test
but per comments, a non-crash is all that we are after.
2022-03-15 16:44:52 +11:00
Sergei Golubchik
bfed2c7d57 MDEV-27753 Incorrect ENGINE type of table after crash for CONNECT table
whenever possible, partitioning should use the full
partition plugin name, not the one byte legacy code.

Normally, ha_partition can get the engine plugin from
table_share->default_part_plugin.

But in some cases, e.g. in DROP TABLE, the table isn't
opened, table_share is NULL, and ha_partition has to parse
the frm, much like dd_frm_type() does.

temporary_tables.cc, sql_table.cc:

When dropping a table, it must be deleted in the engine
first, then frm file. Because frm can be the only true
source of metadata that the engine might need for DROP.

table.cc:

when opening a partitioned table, if the engine for
partitions is not found, do not fallback to MyISAM.
2022-03-14 08:55:59 +01:00
Sergei Golubchik
6789f2cfab MDEV-18304 sql_safe_updates does not work with OR clauses
not every index-using plan sets bits in table->quick_keys.
QUICK_ROR_INTERSECT_SELECT, for example, doesn't.

Use the fact that select->quick is set instead.

Also allow EXPLAIN to work.
2022-03-12 19:13:17 +01:00
Marko Mäkelä
535bef86ad Merge 10.2 into 10.3 2022-02-28 10:17:39 +02:00
Marko Mäkelä
00b70bbb51 Merge 10.2 into 10.3 2022-02-25 10:43:38 +02:00
Nayuta Yanagisawa
66f55a018b MDEV-27730 Add PLUGIN_VAR_DEPRECATED flag to plugin variables
The sys_var class has the deprecation_substitute member to mark the
deprecated variables. As it's set, the server produces warnings when
these variables are used. However, the plugin has no means to utilize
that functionality.

So, the PLUGIN_VAR_DEPRECATED flag is introduced to set the
deprecation_substitute with the empty string. A non-empty string can
make the warning more informative, but there's no nice way seen to
specify it, and not that needed at the moment.
2022-02-18 13:10:20 +09:00
Marko Mäkelä
5b237e5965 Merge 10.2 into 10.3 2022-02-17 10:53:58 +02:00
Lena Startseva
6c3f1f661c MDEV-27691: make working view-protocol
Added ability to disable/enable (--disable_view_protocol/--enable_view_protocol) view-protocol in tests.
When the  option "--disable_view_protocol" is used  util connections are closed.
Added new test for checking view-protocol
2022-02-16 13:06:23 +07:00
Sergei Golubchik
a36fc80aeb Merge branch '10.2' into 10.3 2022-02-10 20:23:56 +01:00
Oleksandr Byelkin
41a163ac5c Merge branch '10.2' into 10.3 2022-01-29 15:41:05 +01:00
Monty
2f5d6ef039 Fixed random failure main/truncate_notembedded
Backport from 10.6
2022-01-27 17:00:52 +02:00
Alexey Botchkov
020dc54dab MDEV-20770 Server crashes in JOIN::transform_in_predicates_into_in_subq upon 2nd execution of PS/SP comparing GEOMETRY with other types.
The Item_in_subselect::in_strategy keeps the value and as the error
happens the condition isn't modified. That leads to wrong ::fix_fields
execution on second PS run. Also the select->table_list is merged
but not restored if an error happens, which causes hanging loops on
the third PS execution.
2022-01-26 07:48:09 +04:00
Igor Babaev
0041265671 MDEV-27510 Query returns wrong result when using split optimization
This bug may affect the queries that uses a grouping derived table with
grouping list containing references to columns from different tables if
the optimizer decides to employ the split optimization for the derived
table. In some very specific cases it may affect queries with a grouping
derived table that refers only one base table.
This bug was caused by an improper fix for the bug MDEV-25128. The fix
tried to get rid of the equality conditions pushed into the where clause
of the grouping derived table T to which the split optimization had been
applied. The fix erroneously assumed that only those pushed equalities
that were used for ref access of the tables referenced by T were needed.
In fact the function remove_const() that figures out what columns from the
group list can be removed if the split optimization is applied can uses
other pushed equalities as well.
This patch actually provides a proper fix for MDEV-25128. Rather than
trying to remove invalid pushed equalities referencing the fields of SJM
tables with a look-up access the patch attempts not to push such equalities.

Approved by Oleksandr Byelkin <sanja@mariadb.com>
2022-01-25 17:12:37 -08:00
Alexander Barkov
da37bfd8d6 MDEV-18918 SQL mode EMPTY_STRING_IS_NULL breaks RBR upon CREATE TABLE .. SELECT
Removing DEFAULT from INFORMATION_SCHEMA columns.
DEFAULT in read-only tables is rather meaningless.
Upgrade should go smoothly.

Also fixes:
 MDEV-20254 Problems with EMPTY_STRING_IS_NULL and I_S tables
2022-01-25 10:31:03 +04:00
Sergei Petrunia
7922fbf7b7 MDEV-26249: Crash in Explain_node::print_explain_for_children with slow query log
The problem affected queries in form:

  SELECT FROM (SELECT where Split Materialized is applicable) WHERE 1=0

The problem was caused by this:
- The select in derived table uses two-phase optimization (due to a
  possible Split Materialized).
- The primary select has "Impossible where" and so it short-cuts its
  optimization.
- The optimization for the SELECT in the derived table is never finished,
  and EXPLAIN data structure has a dangling pointer to select #2.

Fixed with this: make JOIN::optimize_stage2() invoke optimization of
derived tables when it is handing a degenerate JOIN with zero tables.
We will not execute the derived tables but we need their query plans
for [SHOW]EXPLAIN.
2022-01-19 23:58:59 +03:00
Igor Babaev
97425f740f MDEV-27132 Wrong result from query when using split optimization
This bug could affect queries with a grouping derived table containing
equalities in the where clause of its specification if the optimizer
chose to apply split optimization to access the derived table. In such
cases wrong results could be returned from the queries.
When the optimizer considers a possibility of using split optimization
to a derived table it injects equalities joining the derived table with
other tables into the where condition of the derived table. After the join
order for the execution using split optimization has been chosen as the
cheapest the injected equalities that are not used to access the derived
table are removed from the where condition of the derived table.
For this removal the optimizer looks through the conjuncts of the where
condition of the derived table, fetches the equalities and checks whether
they belong to the list of injected equalities.
As the injection of the list was performed just by the insertion of it
into the list of top level AND condition of the where condition some extra
conjuncts from the where condition could be automatically attached to the
end of the list of injected equalities. If such attached conjunct happened
to be an equality predicate it was removed from the where condition of the
derived table and thus lost for checking at the execution phase.
The bug has been fixed by injecting of a shallow copy of the list of the
pushed equalities rather than the list itself leaving the latter intact.

Approved by Oleksandr Byelkin <sanja@mariadb.com>
2022-01-17 23:04:39 -08:00
Sergei Petrunia
c04adce8ac MDEV-26337: subquery with groupby and ROLLUP returns incorrect results on LEFT JOIN on INDEXED values
Disable LATERAL DERIVED optimization for subqueries that have WITH ROLLUP.

This bug could affect queries with grouping derived tables / views / CTEs
with ROLLUP. The bug could manifest itself if the corresponding
materialized derived tables are subject to split optimization.

The current implementation of the split optimization produces rows
from the derived table in an arbitrary order. So these rows must be
accumulated in another temporary table and sorted according to the
used GROUP BY clause in order to be able to generate the additional
ROLLUP rows.

This patch prohibits to use split optimization for grouping derived
tables / views / CTEs with ROLLUP.
2022-01-13 16:49:45 +03:00
Julius Goryavsky
3376668ca8 Merge branch 10.2 into 10.3 2021-12-23 14:14:04 +01:00
Alexander Barkov
a5ef74e7eb MDEV-27195 SIGSEGV in Table_scope_and_contents_source_st::vers_check_system_fields
The old code erroneously used default_charset_info to compare field names.
default_charset_info can point to any arbitrary collation,
including ucs2*, utf16*, utf32*, including those that do not
support strcasecmp().

my_charset_utf8mb4_unicode_ci, which is used in this scenario:

CREATE TABLE t1 ENGINE=InnoDB WITH SYSTEM VERSIONING AS SELECT 0;

does not support strcasecmp().

Fixing the code to use Lex_ident::streq(), which uses
system_charset_info instead of default_charset_info.
2021-12-22 13:12:40 +04:00
Dmitry Shulga
a65d01a4cf MDEV-23182: Server crashes in Item::fix_fields_if_needed / table_value_constr::prepare upon 2nd execution of PS
Repeating execution of a query containing the clause IN with string literals
in environment where the server variable in_predicate_conversion_threshold
is set results in server abnormal termination in case the query is run
as a Prepared Statement and conversion of charsets for string values in the
query are required.

The reason for server abnormal termination is that instances of the class
Item_string created on transforming the IN clause into subquery were created
on runtime memory root that is deallocated on finishing execution of Prepared
statement. On the other hand, references to Items placed on deallocated memory
root still exist in objects of the class table_value_constr. Subsequent running
of the same prepared statement leads to dereferencing of pointers to already
deallocated memory that could lead to undefined behaviour.

To fix the issue the values being pushed into a values list for TVC are created
by cloning their original items. This way the cloned items are allocate on
the PS memroot and as consequences no dangling pointer does more exist.
2021-12-16 10:14:57 +07:00
Sergei Golubchik
153b75b576 Merge branch '10.2' into 10.3 2021-12-06 22:23:07 +01:00
Marko Mäkelä
fafe60e7e2 MDEV-27134: Sporadic failure of DROP DATABASE test
Let us create and drop a separate database for getting rid of the
default database in the MDEV-22781 test.
2021-11-29 10:34:33 +02:00
Marko Mäkelä
289721de9a Merge 10.2 into 10.3 2021-11-29 10:33:06 +02:00
Marko Mäkelä
9962cda527 Merge 10.2 into 10.3 2021-11-17 13:55:54 +02:00
Vladislav Vaintroub
7ea12742d3 Merge branch '10.2' into 10.3 2021-11-12 00:08:53 +01:00
Marko Mäkelä
524b4a89da Merge 10.2 into 10.3 2021-11-09 08:26:59 +02:00
Marko Mäkelä
f7054ff5df MariaDB 10.3.32 release
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEEF39AEP5WyjM2MAMF8WVvJMdM0dgFAmGJZJ0ACgkQ8WVvJMdM
 0dj8Jw//QD4uSbC4EHVdCDXWPQ9K/+Wv2A1DG4kCtngtQAVd/MgOpWK+9gdDCbKE
 Ce6m7627YLLzgBDzkEX/VkciHPd9GqvquqmgVKY1MdQ6efmmwgbzaGcaWcuJF8Z/
 C1pa7j0Duxn6nEuRbvM8OTgN4KfFlAc0OxpraJ7Fr8NvduLZQYMokBBW9DrJT1f1
 zGp4k05wUImBsmBt6teS073FS89frDL4J2aYGTXAxMjiqtno2MCopUIF2rpk5B29
 sJFaDpHCitNYDXuXZvWEWmuuss4vHz/NUYXM/GygfIteJqXKRLEOLAFBfvETyt4q
 6pYZDVfEGdKquHQu1a2XDI3W9+W1inmZ11dtebGnRexJTp9xeSxPhxiUvOQJj84A
 w6cQICCtlDCql3VlOIbt0vvAuXu+rOqhlqHorz0l62o6YjGE92z+NUL7B6gODip9
 RGd0gwCloPo+jGHnfpC6rvfcjA32vEx6L8giYTAYybxqjN1bMNIrix+7zwgfpZPZ
 0QRZtWtio/Iozj41q6x7dmP2Pxjll58+fPUEKevQn2iPm5WoPe+zrq3/lUdXFbZY
 3cz9fZch4YMTlhhu9BwuEmc2T9aIIm/YwYaB0Kmg55J/KT9xyerpMFZmRaF0VWcQ
 70ODJSMEDBhBW3n19LuYK/p3uJr551V/dFbZ/6lCXzbyp5i5MO8=
 =yIEG
 -----END PGP SIGNATURE-----

Merge mariadb-10.3.32 into 10.3
2021-11-09 07:59:36 +02:00
Oleksandr Byelkin
d7c179e65c move "bad" test in seperate file with valgrind prohibited (different size of allocated memory) 2021-11-02 09:50:49 +01:00
Aleksey Midenkov
63c922ae0c MDEV-25803 Inplace ALTER breaks MyISAM/Aria table when order of keys is changed
mysql_prepare_create_table() does my_qsort(sort_keys) on key
info. This sorting is indeterministic: a table is created with one
order and inplace alter may overwrite frm with another order. Since
inplace alter does nothing about key info for MyISAM/Aria storage
engines this results in discrepancy between frm and storage engine key
definitions.

The fix avoids the sorting of keys when no new keys added by ALTER
(and this is ok for MyISAM/Aria since it cannot add new keys inplace).

Notes:

mi_keydef_write()/mi_keyseg_write() are used only in mi_create(). They
should be used in ha_inplace_alter_table() as well.

Aria corruption detection is unimplemented: maria_check_definition()
is never used!

MySQL 8.0 has this bug as well as of 8.0.26.

This breaks main.long_unique in 10.4. The new result is correct and
should be applied as it just different (original) order of keys.
2021-11-02 04:52:03 +03:00
Marko Mäkelä
657bcf928e Merge 10.2 into 10.3 2021-10-28 07:50:05 +03:00