The root cause of the crash is that a TranxNode is freed before it is used.
A TranxNode is allocated and inserted into the active list each time
a log event is written and flushed into the binlog file.
The memory for TranxNode is allocated with thd_alloc and will be freed
at the end of the statement. The after_commit/after_rollback callback
was supposed to be called before the end of each statement and remove the node from
the active list. However this assumption is not correct in all cases(e.g. call
'CREATE TEMPORARY TABLE myisam_t SELECT * FROM innodb_t' in a transaction
and delete all temporary tables automatically when a session closed),
and can cause the memory allocated for TranxNode be freed
before it was removed from the active list. So The TranxNode pointer in the active
list would become a wild pointer and cause the crash.
After this patch, We have a class called a TranxNodeAllocate which manages the memory
for allocating and freeing TranxNode. It uses my_malloc to allocate memory.
sql/rpl_handler.cc:
params are not initialized.
REVOKE/GRANT; ALTER EVENT.
The following statements support the CURRENT_USER() where a user is needed.
DROP USER
RENAME USER CURRENT_USER() ...
GRANT ... TO CURRENT_USER()
REVOKE ... FROM CURRENT_USER()
ALTER DEFINER = CURRENT_USER() EVENT
but, When these statements are binlogged, CURRENT_USER() just is binlogged
as 'CURRENT_USER()', it is not expanded to the real user name. When slave
executes the log event, 'CURRENT_USER()' is expand to the user of slave
SQL thread, but SQL thread's user name always NULL. This breaks the replication.
After this patch, All above statements are rewritten when they are binlogged.
The CURRENT_USER() is expanded to the real user's name and host.
Fixed 2 problems :
1. test_if_order_by_key() was continuing on the primary key
as if it has a primary key suffix (as the secondary keys do).
This leads to crashes in ORDER BY <pk>,<pk>.
Fixed by not treating the primary key as the secondary one
and not depending on it being clustered with a primary key.
2. The cost calculation was trying to read the records
per key when operating on ORDER BYs that order on all of the
secondary key + some of the primary key.
This leads to crashes because of out-of-bounds array access.
Fixed by assuming we'll find 1 record per key in such cases.
The auto-inc unsafe warning makes sense even though it's just
one auto-inc table could be involved via a trigger or a stored
function.
However its content was not updated by bug@45677 fixes continuing to mention
two tables whereas the fixes refined semantics of replication of auto_increment
in stored routine.
Fixed with updating the error message, renaming the error and an internal unsafe-condition
constants.
A documentation notice
======================
Inserting into an autoincrement column in a stored function or a trigger
is unsafe for replication.
Even with just one autoincrement column, if the routine is invoked more than
once slave is not guaranteed to execute the statement graph same way as
the master.
And since it's impossible to estimate how many times a routine can be invoked at
the query pre-execution phase (see lock_tables), the statement is marked
pessimistically unsafe.
mysql-test/suite/binlog/r/binlog_stm_unsafe_warning.result:
results updated to include the expected unsafe warning.
mysql-test/suite/binlog/t/binlog_stm_unsafe_warning.test:
regression test for bug#50192 to diplaying the unsafe warning comes out to the user warning stack.
sql/share/errmsg-utf8.txt:
Updating the auto-inc unsafe message to correspond to bug@45677 fixes' new sematics.
sql/share/errmsg.txt:
Updating the auto-inc unsafe message to correspond to bug@45677 fixes' new sematics.
sql/sql_base.cc:
changing a symbolic name to correspond to updated by bug@45677 fixes new sematics.
sql/sql_lex.cc:
changing a symbolic name to correspond to updated by bug@45677 fixes new sematics.
sql/sql_lex.h:
changing a symbolic name to correspond to updated by bug@45677 fixes new sematics
and description comments.
column is used for ORDER BY
Problem: filesort isn't meant for null length sort data
(e.g. char(0)), that leads to a server crash.
Fix: disregard sort order if sort data record length is 0 (nothing
to sort).
mysql-test/r/select.result:
Fix for bug#49897: crash in ptr_compare when char(0) NOT NULL
column is used for ORDER BY
- test result.
mysql-test/t/select.test:
Fix for bug#49897: crash in ptr_compare when char(0) NOT NULL
column is used for ORDER BY
- test case.
sql/filesort.cc:
Fix for bug#49897: crash in ptr_compare when char(0) NOT NULL
column is used for ORDER BY
- assert added as filesort cannot handle null length sort data.
sql/sql_select.cc:
Fix for bug#49897: crash in ptr_compare when char(0) NOT NULL
column is used for ORDER BY
- don't sort null length data e.g. in case of ORDER BY CHAR(0).
- Added tests for innodb and semisync plugin
- Modified existing tests to include variable values in I_S tables
- Updated the all_vars test to include optional checkes for INNODB and semisync plugin
if loaded
mysql-test/suite/sys_vars/r/innodb_adaptive_flushing_basic.result:
New result file
mysql-test/suite/sys_vars/r/innodb_adaptive_hash_index_basic.result:
New result file
mysql-test/suite/sys_vars/r/innodb_change_buffering_basic.result:
New result file
mysql-test/suite/sys_vars/r/innodb_file_format_basic.result:
New result file
mysql-test/suite/sys_vars/r/innodb_file_format_check_basic.result:
New result file
mysql-test/suite/sys_vars/r/innodb_io_capacity_basic.result:
New result file
mysql-test/suite/sys_vars/r/innodb_old_blocks_pct_basic.result:
New result file
mysql-test/suite/sys_vars/r/innodb_old_blocks_time_basic.result:
New result file
mysql-test/suite/sys_vars/r/innodb_read_ahead_threshold_basic.result:
New result file
mysql-test/suite/sys_vars/r/innodb_read_io_threads_basic.result:
New result file
mysql-test/suite/sys_vars/r/innodb_replication_delay_basic.result:
New result file
mysql-test/suite/sys_vars/r/innodb_spin_wait_delay_basic.result:
New result file
mysql-test/suite/sys_vars/r/innodb_stats_on_metadata_basic.result:
New result file
mysql-test/suite/sys_vars/r/innodb_stats_sample_pages_basic.result:
New result file
mysql-test/suite/sys_vars/r/innodb_strict_mode_basic.result:
New result file
mysql-test/suite/sys_vars/r/innodb_thread_sleep_delay_basic.result:
Updated result file
mysql-test/suite/sys_vars/r/innodb_use_sys_malloc_basic.result:
New result file
mysql-test/suite/sys_vars/r/innodb_version_basic.result:
New result file
mysql-test/suite/sys_vars/r/innodb_write_io_threads_basic.result:
New result file
mysql-test/suite/sys_vars/r/last_insert_id_basic.result:
Updated result file
mysql-test/suite/sys_vars/r/lc_messages_basic.result:
Updated result file
mysql-test/suite/sys_vars/r/log_slow_queries_basic.result:
Updated result file
mysql-test/suite/sys_vars/r/lower_case_file_system_basic.result:
Updated result file
mysql-test/suite/sys_vars/r/lower_case_table_names_basic.result:
Updated result file
mysql-test/suite/sys_vars/r/max_join_size_basic.result:
Updated result file
mysql-test/suite/sys_vars/r/old_alter_table_basic.result:
Updated result file
mysql-test/suite/sys_vars/r/optimizer_switch_basic.result:
Updated result file
mysql-test/suite/sys_vars/r/profiling_basic.result:
Updated result file
mysql-test/suite/sys_vars/r/profiling_history_size_basic.result:
Updated result file
mysql-test/suite/sys_vars/r/pseudo_thread_id_basic.result:
Updated result file
mysql-test/suite/sys_vars/r/rand_seed1_basic.result:
Updated result file
mysql-test/suite/sys_vars/r/rand_seed2_basic.result:
Updated result file
mysql-test/suite/sys_vars/r/relay_log_recovery_basic.result:
Updated result file
mysql-test/suite/sys_vars/r/rpl_semi_sync_master_enabled_basic.result:
New result file
mysql-test/suite/sys_vars/r/rpl_semi_sync_master_timeout_basic.result:
New result file
mysql-test/suite/sys_vars/r/rpl_semi_sync_master_trace_level_basic.result:
New result file
mysql-test/suite/sys_vars/r/rpl_semi_sync_master_wait_no_slave_basic.result:
New result file
mysql-test/suite/sys_vars/r/rpl_semi_sync_slave_enabled_basic.result:
New result file
mysql-test/suite/sys_vars/r/rpl_semi_sync_slave_trace_level_basic.result:
New result file
mysql-test/suite/sys_vars/r/sql_log_update_basic.result:
Added check for variable values in I_S tables
mysql-test/suite/sys_vars/r/sql_max_join_size_basic.result:
Added check for variable values in I_S tables
mysql-test/suite/sys_vars/r/sql_select_limit_basic.result:
Added check for variable values in I_S tables
mysql-test/suite/sys_vars/r/thread_cache_size_basic.result:
Added check for variable values in I_S tables
mysql-test/suite/sys_vars/t/all_vars-master.opt:
Added opt file for all_vars.test
mysql-test/suite/sys_vars/t/all_vars.test:
Modified test to check for semisync plugin and innodb
mysql-test/suite/sys_vars/t/innodb_adaptive_flushing_basic.test:
Added test for innodb variable
mysql-test/suite/sys_vars/t/innodb_adaptive_hash_index_basic.test:
Added test for innodb variable
mysql-test/suite/sys_vars/t/innodb_change_buffering_basic.test:
Added test for innodb variable
mysql-test/suite/sys_vars/t/innodb_file_format_basic.test:
Added test for innodb variable
mysql-test/suite/sys_vars/t/innodb_file_format_check_basic.test:
Added test for innodb variable
mysql-test/suite/sys_vars/t/innodb_io_capacity_basic.test:
Added test for innodb variable
mysql-test/suite/sys_vars/t/innodb_old_blocks_pct_basic.test:
Added test for innodb variable
mysql-test/suite/sys_vars/t/innodb_old_blocks_time_basic.test:
Added test for innodb variable
mysql-test/suite/sys_vars/t/innodb_read_ahead_threshold_basic.test:
Added test for innodb variable
mysql-test/suite/sys_vars/t/innodb_read_io_threads_basic.test:
Added test for innodb variable
mysql-test/suite/sys_vars/t/innodb_replication_delay_basic.test:
Added test for innodb variable
mysql-test/suite/sys_vars/t/innodb_spin_wait_delay_basic.test:
Added test for innodb variable
mysql-test/suite/sys_vars/t/innodb_stats_on_metadata_basic.test:
Added test for innodb variable
mysql-test/suite/sys_vars/t/innodb_stats_sample_pages_basic.test:
Added test for innodb variable
mysql-test/suite/sys_vars/t/innodb_strict_mode_basic.test:
Added test for innodb variable
mysql-test/suite/sys_vars/t/innodb_thread_sleep_delay_basic.test:
Added test for innodb variable
mysql-test/suite/sys_vars/t/innodb_use_sys_malloc_basic.test:
Added test for innodb variable
mysql-test/suite/sys_vars/t/innodb_version_basic.test:
Added test for innodb variable
mysql-test/suite/sys_vars/t/innodb_write_io_threads_basic.test:
Added test for innodb variable
mysql-test/suite/sys_vars/t/last_insert_id_basic.test:
Added check for variable values in I_S tables
mysql-test/suite/sys_vars/t/lc_messages_basic.test:
Added check for variable values in I_S tables
mysql-test/suite/sys_vars/t/log_slow_queries_basic.test:
Added check for variable values in I_S tables
mysql-test/suite/sys_vars/t/lower_case_file_system_basic.test:
Added check for variable values in I_S tables
mysql-test/suite/sys_vars/t/lower_case_table_names_basic.test:
Added check for variable values in I_S tables
mysql-test/suite/sys_vars/t/max_join_size_basic.test:
Added check for variable values in I_S tables
mysql-test/suite/sys_vars/t/old_alter_table_basic.test:
Added check for variable values in I_S tables
mysql-test/suite/sys_vars/t/optimizer_switch_basic.test:
Added check for variable values in I_S tables
mysql-test/suite/sys_vars/t/profiling_basic.test:
Added check for variable values in I_S tables
mysql-test/suite/sys_vars/t/profiling_history_size_basic.test:
Added check for variable values in I_S tables
mysql-test/suite/sys_vars/t/pseudo_thread_id_basic.test:
Added check for variable values in I_S tables and check for session variable
being numeric
mysql-test/suite/sys_vars/t/rand_seed1_basic.test:
Added check for variable values in I_S tables
mysql-test/suite/sys_vars/t/rand_seed2_basic.test:
Added check for variable values in I_S tables
mysql-test/suite/sys_vars/t/relay_log_recovery_basic.test:
Added check for variable values in I_S tables
mysql-test/suite/sys_vars/t/rpl_semi_sync_master_enabled_basic-master.opt:
Added option file for semisync variable test
mysql-test/suite/sys_vars/t/rpl_semi_sync_master_enabled_basic.test:
Added test file for semisync variable
mysql-test/suite/sys_vars/t/rpl_semi_sync_master_timeout_basic-master.opt:
Added option file for semisync variable test
mysql-test/suite/sys_vars/t/rpl_semi_sync_master_timeout_basic.test:
Added test file for semisync variable
mysql-test/suite/sys_vars/t/rpl_semi_sync_master_trace_level_basic-master.opt:
Added option file for semisync variable test
mysql-test/suite/sys_vars/t/rpl_semi_sync_master_trace_level_basic.test:
Added test file for semisync variable
mysql-test/suite/sys_vars/t/rpl_semi_sync_master_wait_no_slave_basic-master.opt:
Added option file for semisync variable test
mysql-test/suite/sys_vars/t/rpl_semi_sync_master_wait_no_slave_basic.test:
Added test file for semisync variable
mysql-test/suite/sys_vars/t/rpl_semi_sync_slave_enabled_basic-master.opt:
Added option file for semisync variable test
mysql-test/suite/sys_vars/t/rpl_semi_sync_slave_enabled_basic.test:
Added test file for semisync variable
mysql-test/suite/sys_vars/t/rpl_semi_sync_slave_trace_level_basic-master.opt:
Added option file for semisync variable test
mysql-test/suite/sys_vars/t/rpl_semi_sync_slave_trace_level_basic.test:
Added test file for semisync variable
mysql-test/suite/sys_vars/t/sql_log_update_basic.test:
Added check for variable values in I_S tables and check for ON/OFF value changes
mysql-test/suite/sys_vars/t/sql_max_join_size_basic.test:
Added check for variable values in I_S tables
mysql-test/suite/sys_vars/t/sql_select_limit_basic.test:
Added check for variable values in I_S tables
mysql-test/suite/sys_vars/t/thread_cache_size_basic.test:
Added check for variable values in I_S tables
- main.outfile_loaddata @solaris due to Bug#46895
- main.signal_demo3 @solaris due to Bug#47791
- main.sp @solaris due to Bug#47791
- rpl.rpl_slave_load_remove_tmpfile @windows due to Bug#50474
The problem was that a DROP TRIGGER statement inside a stored
procedure could cause a crash in subsequent invocations. This
was due to the addition, on the first execution, of a temporary
table reference to the stored procedure query table list. In
a subsequent invocation, there would be a attempt to reinitialize
the temporary table reference, which by then was already gone.
The solution is to backup and reset the query table list each
time a trigger needs to be dropped. This ensures that any temp
changes to the query table list are discarded. It is safe to
do so at this time as drop trigger is restricted from more
complicated scenarios (ie, not allowed within stored functions,
etc).
mysql-test/r/sp-bugs.result:
Add test case result for Bug#50423
mysql-test/t/sp-bugs.test:
Add test case for Bug#50423
sql/sql_trigger.cc:
Backup and reset the query table list.
Remove now unnecessary manual reset of the query table list.
Server crashes when accessing ARCHIVE table with missing
.ARZ file.
When opening a table, ARCHIVE didn't properly pass through
error code from lower level azopen() to higher level open()
method.
mysql-test/r/archive.result:
A test case for BUG#48757.
mysql-test/t/archive.test:
A test case for BUG#48757.
storage/archive/ha_archive.cc:
Pass through error code from azopen().
Bulk REPLACE or bulk INSERT ... ON DUPLICATE KEY UPDATE may
break dynamic record MyISAM table.
The problem is limited to bulk REPLACE and INSERT ... ON
DUPLICATE KEY UPDATE, because only these operations may
be done via UPDATE internally and may request write cache.
When flushing write cache, MyISAM may write remaining
cached data at wrong position. Fixed by requesting write
cache to seek to a correct position.
mysql-test/r/myisam.result:
A test case for BUG#49628.
mysql-test/t/myisam.test:
A test case for BUG#49628.
storage/myisam/mi_dynrec.c:
delete_dynamic_record() may change data file position.
IO cache must be notified as it may still have cached
data, which has to be flushed later.
table and view...
Invalid memory reads after a query referencing MyISAM table
multiple times with write lock. Invalid memory reads may
lead to server crash, valgrind warnings, incorrect values
in INFORMATION_SCHEMA.TABLES.{TABLE_ROWS, DATA_LENGTH,
INDEX_LENGTH, ...}.
This may happen when one of the table instances gets closed
after a query, e.g. out of slots in open tables cache. UNION,
MERGE and VIEW are irrelevant.
The problem was that MyISAM didn't restore state info
pointer to default value.
myisam/mi_locking.c:
When a query is referencing MyISAM table multiple times
with a write lock, all table instances share the same
state info, pointing to MI_INFO::save_state of
"primary" table instance.
When lock is released, state pointer was restored only
for the primary table instance. Secondary table instances
are still pointing to save_state of primary table
instance.
Primary table instance may get closed, leaving secondary
table instances state pointer pointing to freed memory.
That's mostly ok, since next lock will update state info
pointer to correct value. But there're some cases, when
this secondary table instance state info is accessed
without a lock, e.g. INFORMATION_SCHEMA, MERGE (in 5.1
and up), MyISAM itself for DBUG purposes.
Restore default value of state pointer unconditionally,
for both primary and secondary table instances.
mysql-test/r/myisam.result:
A test case for BUG#48438.
mysql-test/t/myisam.test:
A test case for BUG#48438.
In case of 'CREATE VIEW' subselect transformation does not happen(see JOIN::prepare).
During fix_fields Item_row may call is_null() method for its arugmens which
leads to item calculation(wrong subselect in our case as
transformation did not happen before). This is_null() call
does not make sence for 'CREATE VIEW'.
Note:
Only Item_row is affected because other items don't call is_null()
during fix_fields() for arguments.
mysql-test/r/view.result:
test case
mysql-test/t/view.test:
test case
sql/item_row.cc:
skip is_null() call in case of 'CREATE VIEW' as unnecessary.
SHOW CREATE TABLE on a view (v1) that contains a function whose
statement uses another view (v2), could trigger a infinite loop
if the view referenced within the function causes a warning to
be raised while opening the said view (v2).
The problem was a infinite loop over the stack of internal error
handlers. The problem would be triggered if the stack contained
two or more handlers and the first two handlers didn't handle the
raised condition. In this case, the loop variable would always
point to the second handler in the stack.
The solution is to correct the loop variable assignment so that
the loop is able to iterate over all handlers in the stack.
mysql-test/r/view.result:
Add test case result for Bug#48449.
mysql-test/std_data/bug48449.frm:
Add a incomplete view definition that causes a warning to be
issued.
mysql-test/t/view.test:
Add test case for Bug#48449
sql/sql_class.cc:
Iterate over all handlers in the stack.
in multitable delete/subquery
SQL_BUFFER_RESULT should not have an effect on non-SELECT
statements according to our documentation.
Fixed by not passing it through to multi-table DELETE (similarly
to how it's done for multi-table UPDATE).
