Commit graph

61752 commits

Author SHA1 Message Date
Sergei Golubchik
82e9f6d948 Merge remote-tracking branch 'mysql/5.5' into 5.5 2015-10-08 22:54:24 +02:00
Sergei Golubchik
c8d511293a MDEV-8796 Delete with sub query with information_schema.TABLES deletes too many rows
make_cond_for_info_schema() does preserve outer fields
2015-10-08 10:01:43 +02:00
Oleksandr Byelkin
504802f333 MDEV-7846: postreview fix 2015-10-06 13:12:58 +02:00
Oleksandr Byelkin
54b998173b MDEV-7846: Server crashes in Item_subselect::fix_fields or fails with Thread stack overrun
Substitute into transformed subselects original left expression and than register its change in case it was substituted.
2015-10-06 13:12:58 +02:00
Oleksandr Byelkin
0ab93fd6f3 MDEV-7445:Server crash with Signal 6
MDEV-7565: Server crash with Signal 6 (part 2)

followup test suite and its fix.
2015-10-06 13:12:58 +02:00
Oleksandr Byelkin
2e3e818048 MDEV-7445: Server crash with Signal 6
Problem was in rewriting left expression which had 2 references on it. Solved with making subselect reference main.

Item_in_optimized can have not Item_in_subselect reference in left part so type casting with no check is dangerous.

Item::cols() should be checked after Item::fix_fields().
2015-10-06 13:12:58 +02:00
Oleksandr Byelkin
7ccde2cbd5 MDEV-7565: Server crash with Signal 6 (part 2)
Preparation of subselect moved earlier (before checks which needs it prepared).
2015-10-06 13:12:58 +02:00
Sreeharsha Ramanavarapu
130b5fbf91 Bug #19894161: FATAL SIGNAL 11 IN
CONVERT_CHARSET_PARTITION_CONSTANT:
               SQL/SQL_PARTITION..CC:202

Issue:
-----
This problem happens under the following conditions:
1) A table partitioned with a character column as the key.
2) The expressions specified in the partition definition
   requires a charset conversion. This can happen when the
   server's default collation is different from the
   expression's collation.
3) INSERT DELAYED is used to insert data into the table.

SOLUTION:
---------
While creating the delayed_insert object, initialize it
with the relevant select_lex.
2015-10-06 07:09:36 +05:30
Sreeharsha Ramanavarapu
415faa122b Bug #19434916: FATAL_SIGNAL IN ADD_KEY_EQUAL_FIELDS() WITH
UPDATE VIEW USING OUTER SUBQUERY

Issue:
-----
While resolving a column which refers to a table/view in an
outer query, it's respecitve item object is marked with the
outer query's select_lex object. But when the column refers
to a view or if the column is part of a subquery in the
HAVING clause, an Item_ref object is created. While the
reference to the outer query is stored by the Item_ref
object, the same is not stored in it's real_item.

This creates a problem with the IN-TO-EXISTS optmization.
When there is an index over the column in the inner query,
it will be considered since the column's real_item object
will be mistaken for a local field. This will lead to a
crash.

SOLUTION:
---------
Under the current design, the only way to fix this issue is
to check the reginfo.join_tab for a NULL value. If yes, the
query should not be worrying about the key use.

The testcase and comments added as part of the fix for
Bug#17766653 have been backported.
2015-10-01 07:45:27 +05:30
Oleksandr Byelkin
02a38fd27e MDEV-8624: MariaDB hangs on query with many logical condition
Made no_rows_in_result()/restore_to_before_no_rows_in_result() not looking
annecessary deep with walk() method.
2015-09-28 11:56:33 +02:00
Oleksandr Byelkin
5cc149feba The compiler warnings fixed. 2015-09-24 10:28:47 +02:00
Aditya A
ea9dbef661 Bug#20755615 CREATING INDEX ON A RENAMED COLUMN WITH CASE CRASH .FRM
FILE

PROBLEM

In 5.5 when doing doing a rename of a column ,we ignore the case between
old and new column names while comparing them,so if the change is just
the case then we don't even mark the field FIELD_IS_RENAMED ,we just update
the frm file ,but don't recreate the table as is the norm when alter is
used.This leads to inconsistency in the innodb data dictionary which causes
index creation to fail.

FIX

According to the documentation any innodb column rename should trigger
rebuild of the table. Therefore for innodb tables we will do a strcmp()
between the column names and if there is case change in column name
we will trigger a rebuild.
2015-09-22 16:52:18 +05:30
Arun Kuruvila
86375f7fa6 Bug #21370329 : FLUSH DES_KEY_FILE MAY NOT WORK
Description: The command FLUSH DES_KEY_FILE is expected to
reload the DES keys from the file that was specified with
the "--des-key-file" option at server startup. But it is not
behaving as expected.

Analysis: The des file reload is defined within a wrong
conditional directive, rendering the command ineffective.
Macro "OPENSSL" was used instead of "HAVE_OPENSSL" macro.

Fix: "OPENSSL" macro is changed to "HAVE_OPENSSL".
2015-09-22 14:51:48 +05:30
Sreeharsha Ramanavarapu
4acc7615ee Bug #19929406: HANDLE_FATAL_SIGNAL (SIG=11) IN
__MEMMOVE_SSSE3_BACK FROM STRING::COPY

Issue:
-----
While using row comparators, the store_value functions call
val_xxx functions in the prepare phase. This can cause
valgrind issues.

SOLUTION:
---------
Setting up of the comparators should be done by
alloc_comparators in the prepare phase. Also, make sure
store_value will be called only during execute phase.

This is a backport of the fix for Bug#17755540.
2015-09-18 07:34:32 +05:30
Oleksandr Byelkin
29ac245dd0 MDEV-8473: mysqlbinlog -v does not properly decode DECIMAL values in an RBR log
Backport of upstream patch. revno: 5696
2015-09-07 13:13:52 +02:00
Oleksandr Byelkin
102a85f9f3 MDEV-8663: IF Statement returns multiple values erroneously (or Assertion `!null_value' failed in Item::send(Protocol*, String*))
Postreview addons by Bar

Fix: keeping contract: NULL value mean NULL pointer in val_str and val_deciman.
2015-09-04 15:56:58 +02:00
Nisha Gopalakrishnan
e414cbffad BUG#20449914: HANDLE_FATAL_SIGNAL (SIG=11) IN
FIELD_ITERATOR_TABLE::END_OF_FIELDS

Note: This a backport of the patch for bug#19894987
      to MySQL-5.5
2015-08-25 14:25:46 +05:30
Arun Kuruvila
f4ff086abe Bug#20198490 : LOWER_CASE_TABLE_NAMES=0 ON WINDOWS LEADS TO
PROBLEMS

Description:- Server variable "--lower_case_tables_names"
when set to "0" on windows platform which does not support
case sensitive file operations leads to problems. A warning
message is printed in the error log while starting the
server with "--lower_case_tables_names=0". Also according to
the documentation, seting "lower_case_tables_names" to "0"
on a case-insensitive filesystem might lead to index
corruption.

Analysis:- The problem reported in the bug is:-
Creating an INNODB table 'a' and executing a query, "INSERT
INTO a SELECT a FROM A;" on a server started with
"--lower_case_tables_names=0" and running on a
case-insensitive filesystem leads innodb to flat spin.
Optimizer thinks that "a" and "A" are two different tables
as the variable "lower_case_table_names" is set to "0". As a
result, optimizer comes up with a plan which does not need a
temporary table. If the same table is used in select and
insert, a temporary table is needed. This incorrect
optimizer plan leads to infinite insertions.

Fix:- If the server is started with
"--lower_case_tables_names" set to 0 on a case-insensitive
filesystem, an error, "The server option
'lower_case_table_names'is configured to use case sensitive
table names but the data directory is on a case-insensitive
file system which is an unsupported combination. Please
consider either using a case sensitive file system for your
data directory or switching to a case-insensitive table name
mode.", is printed in the server error log and the server
exits.
2015-08-21 08:35:42 +05:30
Shishir Jaiswal
ee02650bac Bug #16171518 - LOAD XML DOES NOT HANDLE EMPTY ELEMENTS
DESCRIPTION
===========
Inability of mysql LOAD XML command to handle empty XML
tags i.e. <row><tag/></row>. Also the behaviour is wrong
and (different than above) when there is a space in empty
tag i.e. <row><tag /></row>

ANALYSIS
========
In read_xml() the case where we encounter a close tag ('/')
we're decreasing the 'level' blindly which is wrong.
Actually when its an without-space-empty-tag (succeeding
char is '>'), we need to skip the decrement. In other words
whenever we hit a close tag ('/'), decrease the 'level'
only when (i) It's not an (without space) empty tag i.e.
<tag/> or, (ii) It is of format <row col="val" .../>

FIX
===
The switch case for '/' is modified. We've removed the
blind decrement of 'level'. We do it only when its not an
without-space-empty-tag. Also we are setting 'in_tag' to
false to let program know that we're done reading current
tag (required in the case of format <row col="val" .../>)
2015-08-18 12:24:27 +05:30
Mithun C Y
8fe0708808 Merge branch 'mysql-5.1' into mysql-5.5 2015-08-17 15:26:01 +05:30
Mithun C Y
557a57f3a2 Bug #21350175: SUBQUERIES IN PROCEDURE CLAUSE OF SELECT STATEMENT CAUSES SERVER FAILURES.
Analysis :
==========
During JOIN::prepare of sub-query which creates the
derived tables we call setup_procedure. Here we call
fix_fields for parameters of procedure clause. Calling
setup_procedure at this point may cause issue. If
sub-query is one of parameter being fixed it might
lead to complicated dependencies on derived tables
being prepared.

SOLUTION :
==========
In 5.6 with WL#6242, we have made procedure clause
parameters can only be NUM, so sub-queries are not
allowed as parameters. So in 5.5 we can block
sub-queries in procedure clause parameters.
This eliminates above conflicting dependencies.
2015-08-17 15:23:47 +05:30
Ajo Robert
552b1c8ab6 Merge branch 'mysql-5.1' into mysql-5.5 2015-08-07 16:27:48 +05:30
Ajo Robert
f3dce250f4 Bug #20760261 mysqld crashed in materialized_cursor::
send_result_set_metadata

Analysis
--------
Cursor inside trigger accessing NEW/OLD row leads server exit.

The reason for the bug was that implementation of function
create_tmp_table() was not considering Item::TRIGGER_FIELD_ITEM
as possible alternative for type of class being instantiated.
This was resulting in a mismatch between a number of columns
in result list and temp table definition. This mismatch leads
to the failure of assertion
DBUG_ASSERT(send_result_set_metadata.elements == item_list.elements)
in the method Materialized_cursor::send_result_set_metadata
in debug mode.

Fix:
---
Added code to consider Item::TRIGGER_FIELD_ITEM as valid
type while creating fields.
2015-08-07 16:26:10 +05:30
Sergei Golubchik
fa51f70dc6 correct the NULL-pointer test 2015-08-04 23:42:44 +02:00
Mithun C Y
c20911dbe0 Merge branch 'mysql-5.1' into mysql-5.5 2015-08-04 12:28:56 +05:30
Mithun C Y
c28626d0af Bug #21096444: MYSQL IS TRYING TO PERFORM A CONSISTENT READ BUT THE READ VIEW IS NOT ASSIGNED!
Issue: A select for update subquery in having clause
resulted deadlock and its transaction was rolled back
by innodb. val_XXX interfaces do not handle errors and
it do not propogate errors to its caller. sub_select
did not see this error when it called
evaluate_join_record and later made a call to innodb.
As transaction is rolled back innodb asserted.

Fix: Now evaluate_join_record checks if there is any
error reported and then return the same to its caller.
2015-08-04 11:45:02 +05:30
Sergei Petrunia
877de3af28 MDEV-8554: Server crashes in base_list_iterator::next_fast ...
THD::>save_prep_leaf_list was set to true by multi-table update
statements with mergeable selects and never reset.

Make every statement reset it at start.
2015-08-03 20:42:08 +03:00
Sreeharsha Ramanavarapu
9372c9ebd2 Bug #20909518: HANDLE_FATAL_SIGNAL (SIG=11) IN
FIND_USED_PARTITIONS | SQL/OPT_RANGE.CC:3884

Post-push fix.
2015-08-03 10:08:46 +05:30
Sreeharsha Ramanavarapu
b2df544886 Merge branch 'mysql-5.1' into mysql-5.5 2015-08-03 08:17:27 +05:30
Sreeharsha Ramanavarapu
8006ad8053 Bug #20909518: HANDLE_FATAL_SIGNAL (SIG=11) IN
FIND_USED_PARTITIONS | SQL/OPT_RANGE.CC:3884

Issue:
-----
During partition pruning, first we identify the partition
in which row can reside and then identify the subpartition.
If we find a partition but not the subpartion then we hit
a debug assert. While finding the subpartition we check
the current thread's error status in part_val_int()
function after some operation. In this case the thread's
error status is already set to an error (multiple rows
returned) so the function returns no partition found and
results in incorrect behavior.

SOLUTION:
---------
Currently any error encountered in part_val_int is
considered a "partition not found" type error. Instead of
an assert, a check needs to be done and a valid error
returned.
2015-08-03 08:15:59 +05:30
Sergei Golubchik
6300f2f274 Merge tag 'mysql-5.5.45' into 5.5 2015-08-01 14:56:18 +02:00
Sergei Golubchik
96badb16af MDEV-7821 Server crashes in Item_func_group_concat::fix_fields on 2nd execution of PS
Correct fix for this bug.

The problem was that Item_func_group_concat() was calling
setup_order(), passing args as the second argument,
ref_pointer_array. While ref_pointer_array should have free
space at the end, as setup_order() can append elements to it.

In this particular case args[] elements were overwritten when
setup_order() was pushing new elements into ref_pointer_array.
2015-07-31 22:09:46 +02:00
Sergei Golubchik
409709ec7e compilation error on windows 2015-07-31 20:33:10 +02:00
Sergei Golubchik
79deefc4d7 MDEV-8340 Add "mysqlbinlog --binlog-row-event-max-size" support for MariaDB 5.5
Cherry-pick from 10.0:

  commit 126523d190
  Author: Sergei Golubchik <serg@mariadb.org>
  Date:   Mon Feb 23 20:53:41 2015 +0100

  MDEV-6703 Add "mysqlbinlog --binlog-row-event-max-size" support
2015-07-31 17:17:33 +02:00
Sergei Golubchik
4d5772c578 MDEV-7810 Wrong result on execution of a query as a PS (both 1st and further executions)
Alternative fix that doesn't cause view.test crash in --ps:
Remember when Item_ref was fixed right in the constructor
and did not have a full Item_ref::fix_fields() call. Later
in PS/SP, after Item_ref::cleanup, we use this knowledge
to avoid doing full fix_fields() for items that were never
supposed to be fix_field'ed.

Simplify the test case.
2015-07-31 17:17:33 +02:00
Sergey Vojtovich
1ad294e064 MDEV-7821 - Server crashes in Item_func_group_concat::fix_fields on 2nd
execution of PS

GROUP_CONCAT() with ORDER BY column position may crash server on PS reexecution.

The problem was that arguments array of GROUP_CONCAT() was adjusted to point to
temporary elements (resolved ORDER BY fields) during first execution.

This patch expands rev. 08763096cb to restore original arguments array as well.
2015-07-31 13:05:10 +04:00
Sergey Vojtovich
392df76bc3 MDEV-4017 - GET_LOCK() with negative timeouts has strange behavior
GET_LOCK() silently accepted negative values and NULL for timeout.
Fixed GET_LOCK() to issue a warning and return NULL in such cases.
2015-07-29 15:59:56 +04:00
Monty
e40bc65933 Fixed memory loss detected on P8. This can happen when we call after_flush but never call after_rollback() or after_commit().
The old code used pthread_setspecific() to store temporary data used by the thread.
This is not safe when used with thread pool, as the thread may change for the transaction.

The fix is to save the data in THD, which is guaranteed to be properly freed.
I also fixed the code so that we don't do a malloc() for every transaction.
2015-07-25 15:15:52 +03:00
Monty
7115341473 Fixed warnings and errors found by buildbot
field.cc
- Fixed warning about overlapping memory copy (backport from 10.0)

Item_subselect.cc
- Fixed core dump in main.view
- Problem was that thd->lex->current_select->master_unit()->item was not set, which caused crash in maxr_as_dependent

sql/mysqld.cc
- Got error on shutdown as we where freeing mutex before all THD objects was freed
  (~THD uses some mutex). Fixed by during shutdown freeing THD inside mutex.

sql/log.cc
- log_space_lock and LOCK_log where locked in inconsistenly. Fixed by not having a log_space_lock around purge_logs.

sql/slave.cc
- Remove unnecessary log_space_lock
- Move cond_broadcast inside lock to ensure we don't miss the signal
2015-07-25 15:15:52 +03:00
Nisha Gopalakrishnan
b5380e092c BUG#19886430: VIEW CREATION WITH NAMED COLUMNS, OVER UNION,
IS REJECTED.

Analysis
========

View creation with named columns over UNION is rejected.
Consider the following view definition:

CREATE VIEW v1 (fld1, fld2) AS SELECT 1 AS a, 2 AS b
UNION ALL SELECT 1 AS a, 1 AS a;

A 'duplicate column' error was reported due to the duplicate
alias name in the secondary SELECT. The VIEW column names
are either explicitly specified or determined from the
first SELECT (which can be auto generated if not specified).
Since a duplicate column name check was performed even
for the secondary SELECTs, an error was reported.

Fix
====

Check for duplicate column names only for the named
columns if specified or only for the first SELECT.
2015-07-23 10:47:58 +05:30
Monty
00d3b20fbb MDEV-8432 Slave cannot replicate signed integer-type values with high bit set to 1
The fix is that if the slave has a different integer size than
the master, then they will assume the master has the same signed/unsigned modifier
as the slave.

This means that one can safely change a coon the slave an int to a bigint
or an unsigned int to an unsigned int.  Changing an unsigned int to an
signed bigint will cause replication failures when the high bit of the
unsigned int is set.

We can't give an error if the signess is different on the master and slave
as the binary log doesn't contain the signess of the column on the master.
2015-07-17 00:06:27 +03:00
Sreeharsha Ramanavarapu
888fabd690 Bug #21143080: UPDATE ON VARCHAR AND TEXT COLUMNS PRODUCE
INCORRECT RESULTS

Issue:
-----
Updating varchar and text fields in the same update
statement can produce incorrect results. When a varchar
field is assigned to the text field and the varchar field
is then set to a different value, the text field's result
contains the varchar field's new value.

SOLUTION:
---------
Currently the blob type does not allocate space for the
string to be stored. Instead it contains a pointer to the
varchar string. So when the varchar field is changed as
part of the update statement, the value contained in the
blob also changes.

The fix would be to actually store the value by allocating
space for the blob's string. We can avoid allocating this
space when the varchar field is not being written into.
2015-07-16 07:56:39 +05:30
Sreeharsha Ramanavarapu
6fb2cdbc74 Bug #20777016: DELETE CHECKS PRIVILEGES ON THE WRONG
DATABASE WHEN USING TABLE ALIASES

Issue:
-----
When using table aliases for deleting, MySQL checks
privileges against the current database and not the
privileges on the actual table or database the table
resides.


SOLUTION:
---------
While checking privileges for multi-deletes,
correspondent_table should be used since it points to the
correct table and database.
2015-07-13 07:51:23 +05:30
Sreeharsha Ramanavarapu
c773b320ff Merge branch 'mysql-5.1' into mysql-5.5 2015-07-10 07:54:55 +05:30
Sreeharsha Ramanavarapu
33a2e5abd8 Bug #20238729: ILLEGALLY CRAFTED UTF8 SELECT PROVIDES NO
WARNINGS

Backporting to 5.1 and 5.5
2015-07-10 07:52:00 +05:30
Debarun Banerjee
359f102ad1 BUG#16613004 PARTITIONING DDL, CRASH IN FIELD_VARSTRING::CMP_MAX
Problem :
---------
The specific issue reported in this bug is with range/list column
value that is allocated and initialized by evaluating partition
expression(item tree) during execution. After evaluation the range
list value is marked fixed [part_column_list_val]. During next
execution, we don't re-evaluate the expression and use the old value
since it is marked fixed.

Solution :
----------
One way to solve the issue is to mark all column values as not fixed
during clone so that the expression is always re-evaluated once we
attempt partition_info::fix_column_value_functions() after cloning
the part_info object during execution of DDL on partitioned table.

Reviewed-by: Jimmy Yang <Jimmy.Yang@oracle.com>
Reviewed-by: Mattias Jonsson <mattias.jonsson@oracle.com>

RB: 9424
2015-07-08 10:00:53 +05:30
Praveenkumar Hulakund
7ce304dff0 Bug#18487951 - QUERY_CACHE_MIN_RES_UNIT SET TO ZERO, CRASHES IN QUERY_CACHE::FIND_BIN
Valid min value for query_cache_min_res_unit is 512. But attempt
to set value greater than or equal to the ULONG_MAX(max value) is
resulting query_cache_min_res_unit value to 0. This result in
crash while searching for memory block lesser than the valid
min value to store query results.

Free memory blocks in query cache are stored in bins according
to their size. The bins are stored in size descending order.
For the memory block request the appropriate bin is searched using
binary search algorithm. The minimum free memory block request
expected is 512 bytes. And the appropriate bin is searched for block
greater than or equals to 512 bytes.

Because of the bug the query_cache_min_res_unit is set to 0. Due
to which there is a chance of request for memory blocks lesser
than the minimum size in free memory block bins. Search for bin
for this invalid input size fails and returns garbage index.
Accessing bins array element with this index is causing the issue
reported.

The valid value range for the query_cache_min_res_unit is
512 to ULONG_MAX(when value is greater than the max allowed value,
max allowed value is used i.e ULONG_MAX). While setting result unit
block size (query_cache_min_res_unit), size is memory aligned by
using a macro ALIGN_SIZE. The ALIGN_SIZE logic is as below,

  (input_size + sizeof(double) - 1) & ~(sizeof(double) - 1)

For unsigned long type variable when input_size is greater than
equal to ULONG_MAX-(sizeof(double)-1), above expression is
resulting in value 0.

Fix:
-----
Comparing value set for query_cache_min_res_unit with max
aligned value which can be stored in ulong type variable.
If it is greater then setting it to the max aligned value for
ulong type variable.
2015-07-02 15:31:55 +05:30
Monty
bc300464f1 Fix for MDEV-8301; Statistics for a thread could be counted twice in SHOW STATUS while thread was ending
Fixed by adding a marker if we have added the thread statistics to the global counters.
2015-06-26 14:48:22 +03:00
Monty
67c56ab1e4 Simple cleanups
- Removing use of calls to current_thd
- More DBUG_PRINT
- Code style changes
- Made some local functions static
Ensure that calls to print_keyuse are locked with mutex to get all lines in same debug packet
2015-06-25 23:34:54 +03:00
Monty
8c815751c9 Problem was that for cases like:
SELECT ... WHERE XX IN (SELECT YY)
this was transformed to something like:
SELECT ... WHERE IF_EXISTS(SELECT ... HAVING XX=YY)

The bug was that for normal execution XX was fixed in the original outer SELECT context while in PS it was fixed in the sub query context and this confused the optimizer.

Fixed by ensuring that XX is always fixed in the outer context.
2015-06-25 23:26:29 +03:00