Shared variables of Delayed_insert may be updated without mutex protection
when delayed insert thread gets an error.
Re-acquire mutex earlier, so that shared variables are protected.
Fix get_quick_keys(): When building range tree from a condition
in form
keypart1=const AND (keypart2 < 0 OR keypart2>=0)
the SEL_ARG for keypart2 represents an interval (-inf, +inf).
However, the logic that sets UNIQUE_RANGE flag fails to recognize
this, and sets UNIQUE_RANGE flag if (keypart1, keypart2) covered
a unique key.
As a result, range access executor assumes the interval can have
at most one row and only reads the first row from it.
-LONGLONG_MIN is the undefined behavior in C.
longlong2decimal() used to do this:
int longlong2decimal(longlong from, decimal_t *to) {
if ((to->sign= from < 0))
return ull2dec(-from, to);
return ull2dec(from, to);
and later in ull2dec() (DIG_BASE is 1000000000):
static int ull2dec(ulonglong from, decimal_t *to) {
for (intg1=1; from >= DIG_BASE; intg1++, from/=DIG_BASE) {}
this breaks in gcc-5 at -O3. Here ull2dec is inlined into
longlong2decimal. And gcc-5 believes that 'from' in the
inlined ull2dec is always a positive integer (indeed, if it was
negative, then -from was used instead). So gcc-5 uses
*signed* comparison with DIG_BASE.
Fix: make a special case for LONGLONG_MIN, don't negate it
State column of SHOW PROCESSLIST can have NULL values for being initialized
threads (between new connection was acknowledged and waiting for network data).
Fixed test case to handle such cases by waiting for State to become empty
string.
Analysis: row_drop_table_for_mysql did not allow dropping
referenced table even in case when actual creating of the
referenced table was not successfull if foreign_key_checks=1.
Fix: Allow dropping referenced table even if foreign_key_checks=1
if actual table create returned error.
and
MDEV-10250 InnoDB: Error: File (unknown): 'close' returned OS error 209. Cannot continue operation"
after a failed connect() feedback plugin was continuing with the
file descriptor, trying to send the data (which failed) and
closing it at the end. Even though this fd might've been reused for
something else already.
shutdown)
There was race condition between shutdown thread and event worker threads.
Shutdown thread waits for thread_count to become 0 in close_connections(). It
may happen so that event worker thread was started but didn't increment
thread_count by this time. In this case shutdown thread may miss wait for this
working thread and continue deinitialization. Worker thread in turn may continue
execution and crash on deinitialized data.
Fixed by incrementing thread_count before thread is actually created like it is
done for connection threads.
Also let event scheduler not to inc/dec running threads counter for symmetry
with other "service" threads.
MYSQL-5.5
The bug asks for a backport of bug#1463594 and bug#20682959. This
is required because of the fact that if replication is enabled, master
transaction can commit whereas slave can't commit due to not exact
'enviroment'. This manifestation is seen in bug#22024200.
Fix the assertion failure by setting the struct to 0. This can not be
done using a macro due to different definitions of mutexes on various
OS-es.
Afterwards we call toku_mutex_init and completely initialize the locks.
Fix is a backport of BUG#18518216/72230 to MySQL 5.5 and 5.6.
Will also resolve:
BUG#23605713/81384 LIBMYSQLCLIENT.SO.18 MISSING FROM MYSQL 5.7
as mysql-community-libs-5.5 or mysql-community-libs-5.6 can
installed on EL6 system with libmysqlclient.16 (from MySQL 5.1)
libmysqlclient.20 (from MySQL 5.7) by doing:
$ rpm --oldpackage -ivh mysql-community-libs-5.5.50-2.el6.x86_64.rpm
Providing a way to have several versions of libmysqlclient installed
on the same system.
and help:
BUG#23088014/80981 LIBS-COMPAT RPMS SHOULD BE INDEPENDENT OF ALL OTHER SUBPACKAGES
due to less strict coupling between -libs-compat and -common package.
DESCRIPTION
===========
Buffer overflow is reported in Regex library. This can be
triggered when the data corresponding to argv[1] is >=
512 bytes resutling in abnormal behaviour.
ANALYSIS
========
Its a straight forward case of SEGFAULT where the target
buffer is smaller than the source string to be copied.
A simple pre-copy validation should do.
FIX
===
A check is added before doing strcpy() to ensure that the
target buffer is big enough to hold the to-be copied data.
If the check fails, the program aborts.
Fixed wrong calculation of buffer sizes. ulong datatype was used wrongly,
as were the casts to ulong. Buffer sizes should be of type size_t,
not ulong, or bad things happen on 64 bit Windows.
This patch changes pagecache struct to use size_t/ssize_t
where long/ulong were previously used. Also, removed several casts.
Both aria and myisam storage engines feature a logic path in
thr_find_all_keys that leads to undefined behaviour by bypassing the
initialization code of variables after my_thread_init().
By refactoring the nested logic into a separate function, this problem
is resolved.
Fix a bug in testhash.c that caused an out of bounds memory access
when command line parameters specified 0 records to be inserted
in the hashtable.
Signed-off-by: Vicențiu Ciorbaru <vicentiu@mariadb.org>
