Commit graph

64125 commits

Author SHA1 Message Date
Tor Didriksen
5dc553cd28 merge 5.0-security => 5.1 security 2011-10-14 10:44:27 +02:00
Tor Didriksen
a6145f4b62 Bug#12563865 ROUNDED,TMP_BUF,DECIMAL_VALUE STACK CORRUPTION IN ALL VERSIONS >=5.0
Buffer over-run on all platforms, crash on windows, wrong result on other platforms,
when rounding numbers which start with 999999999 and have
precision = 9 or 18 or 27 or 36 ...


mysql-test/r/type_newdecimal.result:
  New test cases.
mysql-test/t/type_newdecimal.test:
  New test cases.
sql/my_decimal.h:
  Add sanity checking code, to catch buffer over/under-run.
strings/decimal.c:
  The original initialization of intg1 (add 1 if buf[0] == DIG_MAX)
  will set p1 to point outside the buffer, and the loop to copy the original value
      while (buf0 < p0)
        *(--p1) = *(--p0);
  will overwrite memory outside the my_decimal object.
2011-10-14 10:09:53 +02:00
Georgi Kodinov
a2cbf8358b empty weave merge mysql-5.0-security->mysql-5.1-security 2011-10-12 14:42:42 +03:00
Georgi Kodinov
494b581f14 auto-merge mysql-5.1->mysql-5.1-security 2011-10-12 14:34:44 +03:00
Georgi Kodinov
98231daa6f auto-merge mysql-5.0->mysql-5.0-security 2011-10-12 14:33:09 +03:00
Vinay Fisrekar
73db2a1504 bug#11766457 - adjusting/modifying the the tests as tests were failing if system time zone is set differently. 2011-10-12 10:10:52 +05:30
Tatjana Azundris Nuernberg
8c2943ba43 auto-merge 2011-10-10 15:34:29 +01:00
Magne Mahre
f36e854ac6 BUG#12589870 CRASHES WITH MULTIQUERY PACKET + USE<DB> + QUERY CACHE
A buffer large enough to hold the query _plus_ some additional
data is allocated before parsing is started.   The additional data 
is used by the query cache, and consists of the name of the current 
database and a set of flags.
 
When a packet containing multiple SQL statements is sent to the
server and one of the statements changes the current database
(a "USE <db>" statement), and the name of the new current database 
is longer than of the previous,  there is not enough space in the 
buffer for the new name, and we write out over the buffer boundary.

The fix adds an extra field to store the number of bytes
allocated to the database name in the buffer.  If the current
database name changes, and the new name is longer than the
previous one, we refuse to cache the query.
2011-10-07 14:08:31 +02:00
Tatjana Azundris Nuernberg
fa8e3ce64f manual merge 2011-10-06 11:35:01 +01:00
Tatjana Azundris Nuernberg
d740f9e603 additional clean-up for 11765687 2011-10-06 11:23:46 +01:00
Bjorn Munch
b84202dbc8 merge 5.1-mtr => 5.1 2011-10-05 22:38:00 +02:00
Sergey Glukhov
44145ce66c automerge 2011-10-05 14:22:32 +04:00
Sergey Glukhov
14dc91ff83 Bug#11747970 34660: CRASH WHEN FEDERATED TABLE LOSES CONNECTION DURING INSERT ... SELECT
Problematic query:
insert ignore into `t1_federated` (`c1`) select `c1` from  `t1_local` a
where not exists (select 1 from `t1_federated` b where a.c1 = b.c1);
When this query is killed in another connection it could lead to crash.
The problem is follwing:
An attempt to obtain table statistics for subselect table in killed query
fails with an error. So JOIN::optimize() for subquery is failed but
it does not prevent further subquery evaluation.
At the first subquery execution JOIN::optimize() is called
(see subselect_single_select_engine::exec()) and fails with
an error. 'executed' flag is set to TRUE and it prevents
further subquery evaluation. At the second call
JOIN::optimize() does not happen as 'JOIN::optimized' is TRUE
and in case of uncacheable subquery the 'executed' flag is set
to FALSE before subquery evaluation. So we loose 'optimize stage'
error indication (see subselect_single_select_engine::exec()).
In other words 'executed' flag is used for two purposes, for
error indication at JOIN::optimize() stage and for an
indication of subquery execution. And it seems it's wrong
as the flag could be reset.


mysql-test/r/error_simulation.result:
  test case
mysql-test/t/error_simulation.test:
  test case
sql/item_subselect.cc:
  added new flag subselect_single_select_engine::optimize_error
  which is used for error detection which could happen at optimize
  stage.
sql/item_subselect.h:
  added new flag subselect_single_select_engine::optimize_error
sql/sql_select.cc:
  test case
2011-10-05 13:28:20 +04:00
Marko Mäkelä
16c919527f Add InnoDB UNIV_SYNC_DEBUG assertions to rw-lock code.
rw_lock_x_lock_func(): Assert that the thread is not already holding
the lock in a conflicting mode (RW_LOCK_SHARED).

rw_lock_s_lock_func(): Assert that the thread is not already holding
the lock in a conflicting mode (RW_LOCK_EX).
2011-10-05 12:01:47 +03:00
Marko Mäkelä
96c2c18e4f Correct the ChangeLog 2011-10-04 21:01:40 +03:00
unknown
6055a3f532 Merge to current mysql-5.1 2011-10-04 10:46:54 -05:00
Joerg Bruehe
e4dc183df5 Merge to main. 2011-10-04 17:16:32 +02:00
unknown
c6d47e6e01 Bug#12980094 and Bug#13034534
Bug 12980094 - ASSERTION IN INNODB DETECTED IN RQG_PARTITION_DDL
Bug 13034534 - RQG TESTS FAIL ON WINDOWS WITH CRASH NEAR RW_LOCK_DEBUG_PRINT

All access to struct rw_lock_debug_struct must be protected by rw_lock_debug_mutex_enter().
2011-10-04 09:21:47 -05:00
Joerg Bruehe
4836c66d3c Fix bug#11886309: RPM UPGRADE OF MYSQL ADVANCED GPL TO MYSQL SERVER ADVANCED DOES NOT WORK
Change the RPM spec file so that each RPM "obsoletes" the corresponding RPMs
of all (other) configurations, so a "server" RPM of any configuration
can replace the "server" RPM of any other configuration on a "rpm -U".
2011-10-04 15:58:19 +02:00
Bjorn Munch
968e4363fd backporting 11766169, fixing 13034450 2011-10-03 13:41:59 +02:00
Tatjana Azundris Nuernberg
7944320f4e manual merge 2011-09-29 10:56:21 +01:00
Tatjana Azundris Nuernberg
8932ae2166 Bug#11765687 (MySQL58677): No privilege on table / view, but can know #rows / underlying table's name
1 - If a user had SHOW VIEW and SELECT privileges on a view and
this view was referencing another view, EXPLAIN SELECT on the outer
view (that the user had privileges on) could reveal the structure
of the underlying "inner" view as well as the number of rows in
the underlying tables, even if the user had privileges on none of
these referenced objects.

This happened because we used DEFINER's UID ("SUID") not just for
the view given in EXPLAIN, but also when checking privileges on
the underlying views (where we should use the UID of the EXPLAIN's
INVOKER instead).

We no longer run the EXPLAIN SUID (with DEFINER's privileges).
This prevents a possible exploit and makes permissions more
orthogonal.

2 - EXPLAIN SELECT would reveal a view's structure even if the user
did not have SHOW VIEW privileges for that view, as long as they
had SELECT privilege on the underlying tables.

Instead of requiring both SHOW VIEW privilege on a view and SELECT
privilege on all underlying tables, we were checking for presence
of either of them.

We now explicitly require SHOW VIEW and SELECT privileges on
the view we run EXPLAIN SELECT on, as well as all its
underlying views. We also require SELECT on all relevant
tables. 


mysql-test/r/view_grant.result:
  add extensive tests to illustrate desired behavior and
  prevent regressions (as always).
mysql-test/t/view_grant.test:
  add extensive tests to illustrate desired behavior and
  prevent regressions (as always).
sql/sql_view.cc:
  We no longer run the EXPLAIN SUID (with DEFINER's privileges).
  To achieve this, we use a temporary, SUID-less TABLE_LIST for
  the views while checking privileges.
2011-09-29 10:47:11 +01:00
Raghav Kapoor
ffd0a785f4 BUG#11758062 - 50206: ER_TOO_BIG_SELECT REFERS TO OUTMODED
SYSTEM VARIABLE NAME SQL_MAX_JOIN_SI 

BACKGROUND:

ER_TOO_BIG_SELECT refers to SQL_MAX_JOIN_SIZE, which is the
old name for MAX_JOIN_SIZE.

FIX:

Support for old name SQL_MAX_JOIN_SIZE is removed in MySQL 5.6
and is renamed as MAX_JOIN_SIZE.So the errmsg.txt 
and mysql.cc files have been updated and the corresponding result
files have also been updated.
2011-09-28 15:39:21 +05:30
Ashish Agarwal
5dbcff9b9c BUG#11759349 - 51655: CREATE TABLE IN MEMORY ENGINE DOESN'T STORE
CREATE_TIME IN INFORMATION_SC

It was impossible to determine MEMORY table creation time,
since it wasn't stored/exposed.

With this patch creation time is saved and it is available via
I_S.TABLES.CREATE_TIME.

Note: it was decided that additional analysis is required before
implementing UPDATE_TIME. Thus this patch doesn't store UPDATE_TIME.
2011-09-27 17:38:51 +05:30
Bjorn Munch
da756ef676 Bug #12844282 62075: MTR TESTS SHOULD NOT HAVE TO SAVE & RESET INNODB_FILE_FORMAT_CHECK
Added 'innodb_file_format_check' as variable to ignore change to.
  Tests that had to restore this amended
  Two tests assumed it to be Antelope, make sure these run on a freshly
    started server
  For 5.5, apparently innodb_file_format_max is the one to ignore
2011-09-27 12:56:05 +02:00
Bjorn Munch
147f897d37 merge from 5.1-mtr 2011-09-26 12:26:16 +02:00
Bjorn Munch
031b52c415 merge from 5.1 main 2011-09-26 10:06:25 +02:00
Alexander Nozdrin
1922d65fd8 Fix for Bug#13001491: MYSQL_REFRESH CRASHES WHEN STORED ROUTINES ARE RUN CONCURRENTLY.
The main problem was that lex_start() was forgotten to be called before processing
COM_REFRESH.

Another problem discovered was that if failures to flush the error log were not properly
handled, which resulted in the server crash.

The user-visible effect of these problems were:
  - if COM_REFRESH command was sent after SQL-queries of some sort,
    the server would crash.
  - if COM_REFRESH was requested with REFRESH_LOG only, and the error log
    failed to flush, the server would crash. The error log fails to flush
    when it points to unavailable file (for example, due to restricted
    permissions).

The fixes are:
  - call lex_start() in the beginning of COM_REFRESH;
  - handle failures to flush the error log properly, i.e. raise ER_UNKNOWN_ERROR.

sql/sql_parse.cc:
  Fix for Bug#13001491: MYSQL_REFRESH CRASHES WHEN STORED ROUTINES ARE RUN CONCURRENTLY.
tests/mysql_client_test.c:
  A test case for Bug#13001491: MYSQL_REFRESH CRASHES WHEN STORED ROUTINES
  ARE RUN CONCURRENTLY.
2011-09-22 18:31:16 +04:00
Marko Mäkelä
7f729cfac4 Bug#12963823 CRASH IN PURGE THREAD UNDER UNUSUAL CIRCUMSTANCES
Replace part of the patch that Kevin apparently forgot to push.
Fix the bug also in the built-in InnoDB of MySQL 5.1.

I cannot explain why the test case was not failing without the
full patch.

This was rb:762, approved by me.
2011-09-22 13:35:02 +03:00
unknown
265737d141 Bug 12963823 - Crash in Purge thread under unusual circumstances.
The problem occurred when indexes are added between the time that an
UNDO record is created and the time that the purge thread comes around
and deletes the old secondary index entries.  The purge thread would
hit an assert when trying to build a secondary index entry for
searching.  The problem was that the old value of those fields were not
in the UNDO record since they were not part of an index when the UPDATE
occured. 
A test case was added to innodb-index.test.
2011-09-20 18:12:36 -06:00
Bjorn Munch
50efe241c9 merge from 5.1 main minus merge jam pushes 2011-09-20 12:12:46 +02:00
Bjorn Munch
4896fc11b7 Bug #12916194 MTR SHOULD CUT OFF ANALYSIS OF SERVER LOG IF THERE IS TOO MUCH
Added simple cut-off w/warning if > one million lines
2011-09-19 16:06:35 +02:00
Sergey Vojtovich
a33b42146e Merge. 2011-09-16 16:03:08 +04:00
Sergey Vojtovich
3f9cbd7731 BUG#11761180 - 53646: MYISAMPACK CORRUPTS TABLES WITH
FULLTEXT INDEXES

myisamchk may create incorrect fulltext index for compressed
tables. Incorrect data pointer size was used while creating
fulltext index.

mysql-test/r/myisampack.result:
  A test case for BUG#11761180.
mysql-test/t/myisampack.test:
  A test case for BUG#11761180.
storage/myisam/ft_boolean_search.c:
  rec_reflength on share may have adjustments required for
  compressed tables and must be used instead of rec_reflength
  on base info.
storage/myisam/ft_nlq_search.c:
  rec_reflength on share may have adjustments required for
  compressed tables and must be used instead of rec_reflength
  on base info.
storage/myisam/mi_check.c:
  rec_reflength on share may have adjustments required for
  compressed tables and must be used instead of rec_reflength
  on base info.
storage/myisam/mi_write.c:
  rec_reflength on share may have adjustments required for
  compressed tables and must be used instead of rec_reflength
  on base info.
2011-09-16 15:30:31 +04:00
Mattias Jonsson
1cfcab041a merge into 5.1-sec of bug#11766879. 2011-09-15 19:26:38 +02:00
unknown
40761a9a73 Merge from mysql-5.1.59-release 2011-09-15 18:48:54 +02:00
Bjorn Munch
e24d8bbf0a Test federated_plugin must have ps-protocol off 2011-09-15 12:20:43 +02:00
Bjorn Munch
6e2adc9fb4 Bug #12912120 MTR SHOULD EXPORT MYSQLD'S PATH TO TEST CASES
Export $MYSQLD as full path to executable
  $MYSQLD_CMD is executable with minimum required args
2011-09-14 15:26:53 +02:00
Bjorn Munch
52960624d3 Bug #12793118 MYSQLTEST: --ERROR AND --DISABLE_ABORT_ON_ERROR DO NOT WORK FOR SQL IN COMMANDS
Call handle_error() instead of die() when evaluating these
  Must remember "current command" with link to errors to ignore
  Added test cases to mysqltest.test
2011-09-14 15:19:24 +02:00
Marko Mäkelä
d60cdefc0d Hopefully really final fix of Bug#11766591 59733: Possible deadlock
when buffered changes are to be discarded

sync_thread_add_level(level = SYNC_IBUF_INDEX_TREE): Relax a too strict
condition that the thread must not be holding locks below SYNC_FSP_PAGE.
It is perfectly valid to hold any latch above SYNC_IBUF_INDEX_TREE when
acquiring the insert buffer tree latch.
2011-09-14 15:39:36 +03:00
Vasil Dimov
37f4deccd0 Re-enable the prefetch code in InnoDB internal SQL parser and fix two
bugs in it - accessing uninitialized ::len member (thanks, Jimmy!)
and a memory leak.

This is a followup to vasil.dimov@oracle.com-20110909070724-jvirxnpkbxieauz5
which disabled the prefetch code.
2011-09-13 17:18:06 +03:00
Marko Mäkelä
3436169892 Hopefully final fix of Bug#11766591 59733: Possible deadlock
when buffered changes are to be discarded

ibuf_add_free_page(): Lower the latching order of the newly allocated page
to SYNC_IBUF_TREE_NODE_NEW after latching the insert buffer tree root.

This bug always was bogus UNIV_SYNC_DEBUG alarm. The function
buf_block_dbg_add_level() is a no-op unless UNIV_SYNC_DEBUG is defined.
2011-09-13 09:18:34 +03:00
Marko Mäkelä
cc496eb746 Bug#12601439 CONSISTENT READ FAILURE IN COLUMN PREFIX INDEX
When there is a secondary index on a column prefix of an externally
stored column and an entry in the secondary index is shorter than the
reserved prefix length, it should mean that the secondary index entry
is holding the complete column value. When comparing this secondary
index column value to the column in the clustered index row, we must
compare the entire prefix that was fetched from the clustered
index. The bug was that we would just compare that the column in the
clustered index starts with the value found in the secondary index
column.

This bug affects only the InnoDB Barracuda formats (ROW_FORMAT=DYNAMIC
and ROW_FORMAT=COMPRESSED), in which columns that are stored off-page
in the clustered index do not contain any prefix in the clustered
index record.

row_sel_sec_rec_is_for_blob(): Add the parameter prefix_len, for
ifield->prefix_len. Add some assertions.

Sorry, I did not manage to produce a test case. This patch does
produce correct results on the data set that Michael isolated on our
test machine. That was with the purge and background rollback
suspended, because they would make the bug go away.

rb:760 approved by Sunny Bains
2011-09-12 10:12:15 +03:00
Vasil Dimov
13fefeb04a Disable the prefetch code in the InnoDB internal SQL parser.
This change is a followup to
vasil.dimov@oracle.com-20110907145810-v98kldmho23vhhic
which triggered the usage of the prefetch and valgrind tests spat lots of
warnings.

The prefetch code will be removed.

Discussed with:	Marko (over IM)
2011-09-09 10:07:24 +03:00
Marko Mäkelä
8c545acd53 Bug#12948130 UNNECESSARY X-LOCKING OF ADAPTIVE HASH INDEX (BTR_SEARCH_LATCH)
InnoDB acquires an x-latch on btr_search_latch for certain in-place updates
that do affect the adaptive hash index. These operations do not really need
to be protected by the btr_search_latch:

* updating DB_TRX_ID
* updating DB_ROLL_PTR
* updating PAGE_MAX_TRX_ID
* updating the delete-mark flag

rb:750 approved by Sunny Bains
2011-09-08 16:10:24 +03:00
Marko Mäkelä
132f023b08 Bug#11766591 59733: POSSIBLE DEADLOCK WHEN BUFFERED CHANGES ARE DISCARDED
Tweak the faulty UNIV_SYNC_DEBUG diagnostics a little bit more.

ibuf_add_free_page(): Lower the latching order of the newly allocated page
only after acquiring the ibuf_mutex.
2011-09-08 15:54:15 +03:00
Vasil Dimov
10e7b94834 Use cursors for seeking records in SYS_FOREIGN and SYS_INDEXES from
DROP_TABLE_PROC().

With this change I observe a speedup from 6.2s to 0.1s when executing
DROP_TABLE_PROC() during DROP TABLE with 512 foreign keys, like what
is being done in innodb_bug56143.test

This fixes "Bug#11765460 DROP TABLE USES INEFFICIENT METHODS TO REMOVE
FKS/INDEXES FROM INNODB SYS TABLES"

Reviewed by:	Marko
2011-09-07 17:58:10 +03:00
Nirbhay Choubey
a667fe030b Bug#11765888 58898: MYSQL_INSTALL_DB: NOT ALL OPTIONS DOCUMENTED
(EG: --DEFAULTS-FILE )
  
Updating help message in scripts/mysql_install_db.pl.in file.


scripts/mysql_install_db.pl.in:
  Bug#11765888 58898: MYSQL_INSTALL_DB: NOT ALL OPTIONS DOCUMENTED
                              (EG: --DEFAULTS-FILE )
    
  Updating help message.
2011-09-06 21:50:04 +05:30
Nirbhay Choubey
d24953af5c Removing a stray line, went into the last push. 2011-09-06 21:25:28 +05:30
Nirbhay Choubey
079d3cc6a6 Bug#11765888 58898: MYSQL_INSTALL_DB: NOT ALL OPTIONS DOCUMENTED
(EG: --DEFAULTS-FILE )

Added help message for the missing options (--no-defaults,
--defaults-file and --defaults-extra-file).
2011-09-06 21:06:09 +05:30