If a stored function that contains a drop temporary table statement
is invoked by a create temporary table of the same name may cause
a server crash. The problem is that when dropping a table no check
is done to ensure that table is not being used by some outer query
(or outer statement), potentially leaving the outer query with a
reference to a stale (freed) table.
The solution is when dropping a temporary table, always check if
the table is being used by some outer statement as a temporary
table can be dropped inside stored procedures.
The check is performed by looking at the TABLE::query_id value for
temporary tables. To simplify this check and to solve a bug related
to handling of temporary tables in prelocked mode, this patch changes
the way in which this member is used to track the fact that table is
used/unused. Now we ensure that TABLE::query_id is zero for unused
temporary tables (which means that all temporary tables which were
used by a statement should be marked as free for reuse after it's
execution has been completed).
mysql-test/include/handler.inc:
Add test case for side effect of Bug#30882
mysql-test/r/handler_innodb.result:
Add test case result for side effect of Bug#30882
mysql-test/r/handler_myisam.result:
Add test case result for side effect of Bug#30882
mysql-test/r/sp-error.result:
Add test case result for Bug#30882
mysql-test/t/sp-error.test:
Add test case for Bug#30882
sql/event_db_repository.cc:
Update close_thread_tables call, no more default values.
sql/mysql_priv.h:
Remove implicit default parameters values of the close_thread_tables
function as no callers are using it.
sql/slave.cc:
Update close_thread_tables call, no more default values
sql/sp_head.cc:
Update close_thread_tables call, no more default values
sql/sql_base.cc:
Changed the approach to distinguishing currently unused temporary tables.
Now we ensure that such tables always have TABLE::query_id set to 0 and
use this fact to perform checks during opening and dropping of temporary
tables. This means that we have to call close_thread_tables() even for
statements which use only temporary tables. To make this call cheaper,
we re-factored close_thread_tables() to not take LOCK_open unless there
are open base tables.
sql/sql_handler.cc:
Properly close temporary tables associated with a handler.
sql/sql_insert.cc:
close_temporary_table is now merged into drop_temporary_table.
sql/sql_parse.cc:
Now the condition doesn't cover all cases because close_thread_tables()
must be called even for statements that use only temporary tables.
sql/sql_table.cc:
Use drop_temporary_table which perform checks to verify if
the table is not being used. Error path problem is due to
a handler tables issue and is going to be addressed in bug
31397.
sql/table.h:
Rename previously unused clear_query_id and document the usage of
query_id and open_by_handler.
in evaluate_join_record().
A minor cleanup required for the fix for Bug#12713.
sql/sql_select.cc:
Use thd->is_error() instead of direct access to thd->net.report_error
in evaluate_join_record()
during udf initialization. The bug is spotted while working on Bug 12713.
If a user-defined function was used in a SELECT statement, and an
error would occur during UDF initialization, this error would not terminate
execution of the SELECT, but rather would be converted to a warning.
The fix is to use a stack buffer to store the message from udf_init instead
of private my_error() buffer.
mysql-test/r/udf.result:
Update the result to reflect the fix for Bug#32007 select udf_function()
doesn't return an error if error during udf initialization
mysql-test/t/udf.test:
Update the test to reflect the fix for Bug #32007 select udf_function()
doesn't return an error if error during udf initialization
sql/item_func.cc:
A fix for Bug#32007.
net.last_error buffer was used to store the temporary message from udf_init.
Then, when my_error() was called, net.last_error was not empty so
my_error() would conclude that there is already an error in the error stack,
and not "overwrite" it.
However, thd->net.report_error was not set, so the the
SELECT was not aborted.
The fix is to use a stack buffer instead of thd->net.last_error
to store the message from udf_init. The message will end up in
thd->net.last_error anyway after a call to my_error.
check_user()/check_connection()/check_for_max_user_connections().
This is a pre-requisite patch for the fix for Bug#12713 "Error in a stored
function called from a SELECT doesn't cause ROLLBACK of statem"
Implement review comments.
sql/mysql_priv.h:
check_for_max_user_connections() is used in one place only, make it static.
sql/mysqld.cc:
Remove net_printf_error(): a consolidation of error reporting facilities
is necessary to simplify maintenance of the query cache, the
client-server protocol, stored procedure continue handlers.
Rewrite the only place where its use is somewhat justified
(my_error() can not be used since we need to report an error for the thread
that does not exist) with my_snprintf()/net_send_error().
sql/protocol.cc:
Remove net_printf_error().
sql/protocol.h:
Remove net_printf_error().
sql/sql_connect.cc:
Remove net_printf_error(). In check_connection()/check_user()/
check_for_max_user_connections() do not write directly to the network,
but use the standard my_error() mechanism to record an error in THD.
It will be sent to the client by the caller. This was the last place
in the server that would attempt to send an error directly, mainly left
untouched by 5.0 refactoring because it is executed only during
thread startup.
sql/sql_parse.cc:
In the old code, when res was greater than 0, it contained an exact
error code, e.g. ER_OUT_OF_RESOURCES or NO SUCH DATABASE,
or ER_HANDSHAKE_ERROR. I don't know the reason why this error code was
ignored, and instead a generic ER_UNKNOWN_COM_ERROR was pushed into the
error stack, but knowing the relaxed attitude towards preserving the error
codes in the old code, I'm inclinded to think that it was a bug.
After this patch, the most specific error message is already pushed,
so calling my_message() again is useless.
If res is < 0, the error used to be already sent. This is not done
by the new code, but will be done later, in the end
of dispatch_command(). When this is done, clear_error() will be called
for us - it is in the first lines of do_command.
To sum up, this change is to remove COM_CHANGE_USER specific error handling
in favor of the standard one employed for all other COM_* commands.
Add select_send::cleanup.
Fix a compilation warning.
Issues spotted while working on the fix for Bug#12713.
sql-common/client.c:
Fix a warning.
sql/sql_class.cc:
Give a variable a more specific name. Rewrite an incorrect comment.
Add a cleanup for select_send. The only case now this cleanup can be
necessary is when we have a prepared statement inside a stored procedure,
and a continue handler. At first execution, the statement is killed
after having executed select_send::send_fields. At the second execution
it is killed after having executed select_send::send_fields.
sql/sql_class.h:
Rename a member. Add comments.
Dropping users causes huge increase in memory usage because field values were
allocated on the server memory root for temporary usage but never deallocated.
This patch changes the target memory root to be that of the thread handler
instead since this root is cleared between each statement.
sql/sql_acl.cc:
Changed memory root from server life time memory to thread life time memory.
The SET PASSWORD statement is non-transactional (no explicit transaction
boundaries) in nature and hence is forbidden inside stored functions and
triggers, but it weren't being effectively forbidden.
The implemented fix is to issue a implicit commit with every SET PASSWORD
statement, effectively prohibiting these statements in stored functions
and triggers.
mysql-test/r/sp-error.result:
Add test case result for Bug#30904
mysql-test/t/sp-error.test:
Add test case for Bug#30904
sql/sql_lex.h:
Add variable to set that a statement with SET PASSWORD causes a implicit
commit.
sql/sql_parse.cc:
End active transaction in SET PASSWORD.
sql/sql_yacc.yy:
Set the correct flag on SET PASSWORD if inside a SP, thus effectively
prohibiting SET PASSWORD statements in stored functions and triggers.
and convert it to a warning instead of direct manipulation with the
thread error stack.
Fix a bug in handler::print_erorr when a garbled message was
printed for HA_ERR_NO_SUCH_TABLE.
This is a pre-requisite patch for the fix for Bug#12713 Error in a stored
function called from a SELECT doesn't cause ROLLBACK of statem
sql/handler.cc:
Use a standard mechanism to intercept the error message, instead
of direct manipulation with thread error stack.
Fix a bug when for HA_ERR_NO_SUCH_TABLE handler::print_error() would
print a garbled message.
sql/log.cc:
Extend internal error handler interface to carry the message text.
sql/mysqld.cc:
Extend internal error handler interface to carry the message text.
sql/sql_base.cc:
Extend internal error handler interface to carry the message text.
sql/sql_class.cc:
Extend internal error handler interface to carry the message text.
sql/sql_class.h:
Extend internal error handler interface to carry the message text.
sql/sql_error.cc:
Extend internal error handler interface to carry the message text.
into lambda.weblab:/home/malff/TREE/mysql-5.1-rt-merge
mysql-test/include/mix1.inc:
Auto merged
mysql-test/r/innodb_mysql.result:
Auto merged
mysql-test/r/select.result:
Auto merged
sql/handler.cc:
Auto merged
sql/item.cc:
Auto merged
sql/item_func.cc:
Auto merged
sql/mysql_priv.h:
Auto merged
sql/protocol.cc:
Auto merged
sql/set_var.cc:
Auto merged
sql/sql_base.cc:
Auto merged
sql/sql_class.h:
Auto merged
sql/sql_select.cc:
Auto merged
sql/sql_table.cc:
Auto merged
rebuild the table.
The problem was that ROW_FORMAT clause in ALTER TABLE did not trigger
table reconstruction.
The fix is to rebuild a table if ROW_FORMAT is specified.
mysql-test/include/mix1.inc:
Add a test case for BUG#27610: ALTER TABLE ROW_FORMAT=... does not
rebuild the table.
mysql-test/r/innodb_mysql.result:
Update result file.
sql/sql_table.cc:
Rebuild a table if ROW_FORMAT was specified in ALTER TABLE.
The root cause of this defect is that a call to my_error() is using a
'LEX_STRING' parameter instead of a 'char*'
This patch fixes the failing calls to my_error(), as well as similar calls
found during investigation.
This is a compiling bug (see the instrumentation in the bug report), no test cases provided.
sql/sql_base.cc:
Fix broken calls to "..." (va_args) functions.
sql/sql_table.cc:
Fix broken calls to "..." (va_args) functions.
into station.:/mnt/raid/alik/MySQL/devel/5.1-rt
mysql-test/r/select.result:
Auto merged
mysql-test/t/select.test:
Auto merged
sql/sql_table.cc:
Auto merged
into mysql.com:/home/gluh/MySQL/Merge/5.1-opt
client/client_priv.h:
Auto merged
client/mysqldump.c:
Auto merged
include/config-win.h:
Auto merged
libmysql/libmysql.c:
Auto merged
mysql-test/mysql-test-run.pl:
Auto merged
mysql-test/r/create.result:
Auto merged
mysql-test/r/func_sapdb.result:
Auto merged
mysql-test/r/information_schema.result:
Auto merged
mysql-test/r/variables.result:
Auto merged
mysql-test/t/information_schema.test:
Auto merged
mysql-test/t/variables.test:
Auto merged
sql/field.cc:
Auto merged
sql/ha_partition.cc:
Auto merged
sql/item_func.cc:
Auto merged
sql/item_func.h:
Auto merged
sql/item_sum.cc:
Auto merged
sql/item_timefunc.h:
Auto merged
sql/mysql_priv.h:
Auto merged
sql/protocol.cc:
Auto merged
sql/set_var.cc:
Auto merged
sql/sql_acl.cc:
Auto merged
sql/sql_base.cc:
Auto merged
sql/sql_class.h:
Auto merged
sql/sql_insert.cc:
Auto merged
sql/sql_lex.h:
Auto merged
sql/sql_parse.cc:
Auto merged
sql/sql_select.cc:
Auto merged
sql/sql_yacc.yy:
Auto merged
sql/table.cc:
Auto merged
storage/innobase/handler/ha_innodb.cc:
Auto merged
storage/myisam/sort.c:
Auto merged
tests/mysql_client_test.c:
Auto merged
mysql-test/r/query_cache.result:
manual merge
mysql-test/include/mix1.inc:
manual merge
mysql-test/r/innodb_mysql.result:
manual merge
mysql-test/r/type_datetime.result:
manual merge
mysql-test/r/type_decimal.result:
manual merge
mysql-test/t/query_cache.test:
manual merge
mysql-test/t/type_datetime.test:
manual merge
mysql-test/t/type_decimal.test:
manual merge
sql/item.cc:
manual merge
Inserting Data.
The problem was that under some circumstances Field class was not
properly initialized before calling create_length_to_internal_length()
function, which led to assert failure.
The fix is to do the proper initialization.
The user-visible problem was that under some circumstances
CREATE TABLE ... SELECT statement crashed the server or led
to wrong error message (wrong results).
mysql-test/r/select.result:
Update result file.
mysql-test/t/select.test:
Add a test case for BUG#30736: Row Size Too Large Error
Creating a Table and Inserting Data.
sql/sql_table.cc:
Move sql_field->decimals initialization before
sql_field->create_length_to_internal_length() call.
added correct handling of NULL values for lookup fields
mysql-test/r/information_schema.result:
test result
mysql-test/t/information_schema.test:
test case
sql/sql_show.cc:
added correct handling of NULL values for lookup fields
When doing indexed search the server constructs a key image for
faster comparison to the stored keys. While doing that it must not
perform (and stop if they fail) the additional date checks that can
be turned on by the SQL mode because there already may be values in
the table that don't comply with the error checks.
Fixed by ignoring these SQL mode bits while making the key image.
mysql-test/r/type_date.result:
Bug #28687: test case
mysql-test/t/type_date.test:
Bug #28687: test case
sql/item.cc:
Bug #28687: no invalid date warnings
an error, asserts server
In case of a fatal error during filesort in find_all_keys() the error
was returned without the necessary handler uninitialization.
Fixed by changing the code so that handler uninitialization is performed
before returning the error.
mysql-test/r/delete.result:
Added a test case for bug #31742.
mysql-test/t/delete.test:
Added a test case for bug #31742.
sql/filesort.cc:
In case of a fatal error in find_all_keys() do not return before doing
the necessary handler uninitialization steps.
into polly.(none):/home/kaa/src/opt/bug28550/my51-bug28550
mysql-test/t/func_str.test:
Auto merged
sql/item.cc:
Auto merged
sql/item.h:
Auto merged
sql/item_strfunc.h:
Auto merged
mysql-test/r/func_str.result:
Manual merge.
Since, as of MySQL 5.0.15, CHAR() arguments larger than 255 are converted into multiple result bytes, a single CHAR() argument can now take up to 4 bytes. This patch fixes Item_func_char::fix_length_and_dec() to take this into account.
This patch also fixes a regression introduced by the patch for bug21513. As now we do not always have the 'name' member of Item set for Item_hex_string and Item_bin_string, an own print() method has been added to Item_hex_string so that it could correctly be printed by Item_func::print_args().
mysql-test/r/func_str.result:
Import patch bug288550.patch
mysql-test/t/func_str.test:
Import patch bug288550.patch
sql/item.cc:
Import patch bug288550.patch
sql/item.h:
Import patch bug288550.patch
sql/item_strfunc.h:
Import patch bug288550.patch
Assertion `table->key_read == 0' failed.
The problem was that key_read on a table in a sub-select was not
properly reset. That happens because the code responsible for that
is copy&pasted all around the server. In some place, it was obviously
forgotten to be pasted.
The fix is to reset key_read properly.
mysql-test/r/key.result:
Update result file.
mysql-test/t/key.test:
A test case for BUG#31148: bool close_thread_table(THD*, TABLE**):
Assertion `table->key_read == 0' failed.
sql/sql_select.cc:
Reset key_read before closing index.
Add comments.
sql/ha_ndbcluster_binlog.cc:
query_error -> slave_error
sql/handler.cc:
query_error -> slave_error
sql/log.cc:
query_error -> slave_error
sql/log_event.cc:
query_error -> slave_error
sql/log_event_old.cc:
query_error -> slave_error
sql/mysqld.cc:
query_error -> slave_error
sql/protocol.cc:
query_error -> slave_error
sql/slave.cc:
query_error -> slave_error
sql/sp_head.cc:
query_error -> slave_error
sql/sql_class.cc:
query_error -> slave_error
sql/sql_class.h:
Rename: query_error -> is_slave_error, to avoid confusion.
Add commenta.
sql/sql_connect.cc:
Rename: query_error -> is_slave_error, to avoid confusion.
Originally it was the same code to handle init-connect and init-slave
mysqld options. Then init-connect implementation forked off,
but the one who copy-pasted the code didn't change it to not
use a replication-specific variable.
into anubis.xiphis.org:/usr/home/antony/work/mysql-5.1-engines.merge
configure.in:
Auto merged
mysql-test/r/heap_btree.result:
Auto merged
mysql-test/r/log_tables.result:
Auto merged
mysql-test/r/partition.result:
Auto merged
mysql-test/r/system_mysql_db.result:
Auto merged
mysql-test/t/heap_btree.test:
Auto merged
mysql-test/t/log_tables.test:
Auto merged
mysql-test/t/partition.test:
Auto merged
mysys/my_getopt.c:
Auto merged
scripts/mysql_system_tables.sql:
Auto merged
sql/sql_base.cc:
Auto merged
There actually were several problems here:
- WRITE-lock is required to load events from the mysql.event table,
but in the read-only mode an ordinary user can not acquire it;
- Security_context::master_access attribute was not properly
initialized in Security_context::init(), which led to differences
in behavior with and without debug configure options.
- if the server failed to load events from mysql.event, it forgot to
close the mysql.event table, that led to the coredump, described
in the bug report.
The patch is to fix all these problems:
- Use the super-user to acquire WRITE-lock on the mysql.even table;
- The WRITE-lock is acquired by the event scheduler in two cases:
- on initial loading of events from the database;
- when an event has been executed, so its attributes should
be updated.
Other cases when WRITE-lock is needed for the mysql.event table
happen under the user account. So, nothing should be changed there
for the read-only mode. The user is able to create/update/drop
an event only if he is a super-user.
- Initialize Security_context::master_access;
- Close the mysql.event table in case something went wrong.
mysql-test/r/events_bugs.result:
Update result file.
mysql-test/t/events_bugs.test:
A test case for BUG#31111: --read-only crashes MySQL (events fail
to load).
sql/event_data_objects.cc:
When the worker thread is going to drop event after the execution
we should do it under the super-user privileges in order to be able
to lock the mysql.event table for writing in the read-only mode.
This is a system operation, where user SQL can not be executed.
So, there is no risk in compromising security by dropping an event
under the super-user privileges.
sql/event_db_repository.cc:
1. Close tables if something went wrong in simple_open_n_lock_tables();
2. As soon as the system event scheduler thread is running under
the super-user privileges, we should always be able to acquire
WRITE-lock on the mysql.event table. However, let's have an assert
to check this.
sql/event_scheduler.cc:
Run the system event scheduler thread under the super-user privileges.
In particular, this is needed to be able to lock the mysql.event table
for writing when the server is running in the read-only mode.
The event scheduler executes only system operations and does not
execute user SQL (this is what the worker threads for). So, there
is no risk in compromising security by running the event scheduler
under the super-user privileges.
sql/events.cc:
Open the mysql.event table as the super user to be able to acquire
WRITE-lock in the read-only mode.
sql/sql_class.cc:
Initialize Security_context::master_acces.
The uncacheable flag should be set at fix_fields() stage.
Fixed by moving the flag setting to match the one in 5.1
mysql-test/r/query_cache.result:
Bug #31157: test case
mysql-test/t/query_cache.test:
Bug #31157: test case
sql/item_func.cc:
Bug #31157: The uncacheable flag should be set at
fix_fields() stage.
sql/item_func.h:
Bug #31157: The uncacheable flag should be set at
fix_fields() stage.
into lambda.hsd1.co.comcast.net.:/home/malff/TREE/mysql-5.1-rt-merge
client/mysqltest.c:
Auto merged
mysql-test/r/udf.result:
Auto merged
mysql-test/t/mysqltest.test:
Auto merged
mysql-test/t/udf.test:
Auto merged
sql/item_func.cc:
Auto merged
sql/mysql_priv.h:
Auto merged
sql/udf_example.c:
Auto merged
sql/udf_example.def:
Auto merged
into lambda.hsd1.co.comcast.net.:/home/malff/TREE/mysql-5.1-rt-merge
client/mysqlcheck.c:
Auto merged
client/mysqltest.c:
Auto merged
libmysql/libmysql.c:
Auto merged
mysql-test/include/mix1.inc:
Auto merged
mysql-test/r/innodb_mysql.result:
Auto merged
mysql-test/r/udf.result:
Auto merged
mysql-test/t/udf.test:
Auto merged
sql/item.cc:
Auto merged
sql/item_func.cc:
Auto merged
sql/mysql_priv.h:
Auto merged
sql/set_var.cc:
Auto merged
sql/sql_class.cc:
Auto merged
sql/sql_lex.h:
Auto merged
sql/sql_select.cc:
Auto merged
tests/mysql_client_test.c:
Auto merged
