The crash happens due to wrong max_length value which is set on
Item_func_round::fix_length_and_dec() stage. The value is set to
args[0]->max_length which is too big in case of LONGTEXT(LONGBLOB) fields.
The fix is to set max_length using float_length() function.
mysql-test/r/func_math.result:
test result
mysql-test/t/func_math.test:
test case
sql/item_func.cc:
The crash happens due to wrong max_length value which is set on
Item_func_round::fix_length_and_dec() stage. The value is set to
args[0]->max_length which is too big in case of LONGTEXT(LONGBLOB) fields.
The fix is to set max_length using float_length() function.
BEGIN/COMMIT/ROLLBACK was subject to replication db rules, and
caused the boundary of a transaction not recognized correctly
when these queries were ignored by the rules.
Fixed the problem by skipping replication db rules for these
statements.
sql/log_event.cc:
Skip checking replication db rules for BEGIN/COMMIT/ROLLBACK statements
Make the caller of Query_log_event, Execute_load_log_event
constructors and THD::binlog_query to provide the error code
instead of having the constructors to figure out the error code.
sql/log_event.cc:
Changed constructors of Query_log_event and Execute_load_log_event to accept the error code argument instead of figuring it out by itself
sql/log_event.h:
Changed constructors of Query_log_event and Execute_load_log_event to accept the error code argument
When doing ALTER TABLE, we forgot to point out that we actually have
ROW_FORMAT information (from the original table), so we dropped to
"sensible defaults". This affects both ALTER TABLE and OPTIMIZE TABLE
which may fall back on ALTER TABLE for InnoDB.
We now flag that we do indeed know the row-type, thereby preserving
compression-type etc.
No .test in 5.1 since we'd need a reasonable new plugin from InnoDB to
show this properly; in higher versions, maria can demonstrate this.
sql/sql_table.cc:
In mysql_alter_table() flag that we have row-type info
from old table. In compare_tables(), we must explicitly
check whether row-type has changed (rather than rely on
the flag which will always be set at this point now).
MySQL crashes if a user without proper privileges attempts to create a procedure.
The crash happens because more than one error state is pushed onto the Diagnostic
area. In this particular case the user is denied to implicitly create a new user
account with the implicitly granted privileges ALTER- and EXECUTE ROUTINE.
The new account is needed if the original user account contained a host mask.
A user account with a host mask is a distinct user account in this context.
An alternative would be to first get the most permissive user account which
include the current user connection and then assign privileges to that
account. This behavior change is considered out of scope for this bug patch.
The implicit assignment of privileges when a user creates a stored routine is a
considered to be a feature for user convenience and as such it is not
a critical operation. Any failure to complete this operation is thus considered
non-fatal (an error becomes a warning).
The patch back ports a stack implementation of the internal error handler interface.
This enables the use of multiple error handlers so that it is possible to intercept
and cancel errors thrown by lower layers. This is needed as a error handler already
is used in the call stack emitting the errors which needs to be converted.
mysql-test/r/grant.result:
* Added test case for bug44658
mysql-test/t/grant.test:
* Added test case for bug44658
sql/sp.cc:
* Removed non functional parameter no_error and my_error calls as all errors
from this function will be converted to a warning anyway.
* Change function return type from int to bool.
sql/sp.h:
* Removed non functional parameter no_error and my_error calls as all errors
from this function will be converted to a warning anyway.
* Changed function return value from int to bool
sql/sql_acl.cc:
* Removed the non functional no_error parameter from the function prototype.
The function is called from two places and in one of the places we now
ignore errors through error handlers.
* Introduced the parameter write_to_binlog
* Introduced an error handler to cancel any error state from mysql_routine_grant.
* Moved my_ok() signal from mysql_routine_grant to make it easier to avoid
setting the wrong state in the Diagnostic area.
* Changed the broken error state in sp_grant_privileges() to a warning
so that if "CREATE PROCEDURE" fails because "Password hash isn't a hexidecimal
number" it is still clear what happened.
sql/sql_acl.h:
* Removed the non functional no_error parameter from the function prototype.
The function is called from two places and in one of the places we now
ignore errors through error handlers.
* Introduced the parameter write_to_binlog
* Changed return type for sp_grant_privileges() from int to bool
sql/sql_class.cc:
* Back ported implementation of internal error handler from 6.0 branch
sql/sql_class.h:
* Back ported implementation of internal error handler from 6.0 branch
sql/sql_parse.cc:
* Moved my_ok() signal from mysql_routine_grant() to make it easier to avoid
setting the wrong state in the Diagnostic area.
Added a more detailed error message on calling an ambiguous missing function.
mysql-test/r/ps.result:
Bug #38159: fixed existing tests
mysql-test/r/sp-error.result:
Bug #38159: test case
mysql-test/t/ps.test:
Bug #38159: fixed existing tests
mysql-test/t/sp-error.test:
Bug #38159: test case
sql/item_func.cc:
Bug #38159: generate more detailed error message
sql/share/errmsg.txt:
Bug #38159: add a more detailed error message
sql/sql_derived.cc:
Bug #38159: treat the detailed error message the same way as the
generic one
sql/sql_lex.cc:
Bug #38159:
- detect if the token is ambiguous and print the appropriate error.
- backport is_lex_native_function() from 5.1
sql/sql_lex.h:
Bug #38159: detect if the token is ambiguous and print the appropriate error.
sql/sql_yacc.yy:
Bug #38159: generate more detailed error message
sql/table.cc:
Bug #38159: treat the detailed error message the same way as the
generic one
On 64-bit Windows: querying MERGE table with keys may cause
server crash.The problem is generic and may affect any statement
accessing MERGE table cardinality values.
When MERGE engine was copying cardinality statistics, it was
using incorrect size of element in cardinality statistics array
(sizeof(ptr)==8 instead of sizeof(ulong)==4), causing access
of memory beyond of the allocated bounds.
sql/ha_myisam.cc:
When copying rec_per_key array (an array of ulong) use proper
size of element, that is sizeof(ulong).
sql/ha_myisammrg.cc:
When copying rec_per_key array (an array of ulong) use proper
size of element, that is sizeof(ulong).
sql/table.cc:
When allocating rec_per_key array (an array of ulong) use proper
size of element, that is sizeof(ulong).
old_password() functions
The PASSWORD() and OLD_PASSWORD() functions could lead to
memory reads outside of an internal buffer when used with BLOB
arguments.
String::c_ptr() assumes there is at least one extra byte
in the internally allocated buffer when adding the trailing
'\0'. This, however, may not be the case when a String object
was initialized with externally allocated buffer.
The bug was fixed by adding an additional "length" argument to
make_scrambled_password_323() and make_scrambled_password() in
order to avoid String::c_ptr() calls for
PASSWORD()/OLD_PASSWORD().
However, since the make_scrambled_password[_323] functions are
a part of the client library ABI, the functions with the new
interfaces were implemented with the 'my_' prefix in their
names, with the old functions changed to be wrappers around
the new ones to maintain interface compatibility.
mysql-test/r/func_crypt.result:
Added a test case for bug #44767.
mysql-test/t/func_crypt.test:
Added a test case for bug #44767.
sql/item_strfunc.cc:
Use the new my_make_scrambled_password*() to avoid
String::c_ptr().
sql/item_strfunc.h:
Changed Item_func[_old]_password::alloc() interfaces so that
we can use the new my_make_scrambled_password*() functions.
sql/mysql_priv.h:
Added declarations for the new my_make_scrambled_password*()
functions.
sql/password.c:
Added new my_make_scrambled_password*() functions with an
additional "length" argument. Changed ones to be wrappers
around the new ones to maintain interface compatibility.
sql/sql_yacc.yy:
Utilize the new password hashing functions with additional length
argument.
The problem is that the server failed to follow the rule that
every X509 object retrieved using SSL_get_peer_certificate()
must be explicitly freed by X509_free(). This caused a memory
leak for builds linked against OpenSSL where the X509 object
is reference counted -- improper counting will prevent the
object from being destroyed once the session containing the
peer certificate is freed.
The solution is to explicitly free every X509 object used.
mysql-test/r/openssl_1.result:
Add test case result for Bug#42158
mysql-test/t/openssl_1.test:
Add test case for Bug#42158
sql/sql_acl.cc:
Deallocate X509 objects.
HAVING
When calculating GROUP BY the server caches some expressions. It does
that by allocating a string slot (Item_copy_string) and assigning the
value of the expression to it. This effectively means that the result
type of the expression can be changed from whatever it was to a string.
As this substitution takes place after the compile-time result type
calculation for IN but before the run-time type calculations,
it causes the type calculations in the IN function done at run time
to get unexpected results different from what was prepared at compile time.
In the CASE ... WHEN ... THEN ... statement there was a similar problem
and it was solved by artificially adding a STRING argument to the set of
types of the IN/CASE arguments at compile time, so if any of the
arguments of the CASE function changes its type to a string it will
still be covered by the information prepared at compile time.
mysql-test/include/mix1.inc:
Bug #44399: extended the test to cover the different types
mysql-test/r/func_in.result:
Bug #44399: test case
mysql-test/r/innodb_mysql.result:
Bug #44399: extended the test to cover the different types
mysql-test/t/func_in.test:
Bug #44399: test case
sql/item.cc:
Bug #44399: Implement typed caching for GROUP BY
sql/item.h:
Bug #44399: Implement typed caching for GROUP BY
sql/item_cmpfunc.cc:
Bug #44399: remove the special case
sql/sql_select.cc:
Bug #44399: Implement typed caching for GROUP BY
stop/start slave
When stopping and restarting the slave while it is replicating
temporary tables, the server would crash or raise an assertion
failure. This was due to the fact that although temporary tables are
saved between slave threads restart, the reference to the thread in
use (table->in_use) was not being properly updated when the restart
happened (it would still reference the old/invalid thread instead of
the new one).
This patch addresses this issue by resetting the reference to the new
slave thread on slave thread restart.
mysql-test/r/rpl_temporary.result:
Result file.
mysql-test/t/rpl_temporary.test:
Test case that checks that both failures go away.
sql/slave.cc:
Changed slave.cc to reset sql_thd reference in temporary tables.
assertion .\filesort.cc, line 797
A query with the "ORDER BY @@some_system_variable" clause,
where @@some_system_variable is NULL, causes assertion
failure in the filesort procedures.
The reason of the failure is in the value of
Item_func_get_system_var::maybe_null: it was unconditionally
set to false even if the value of a variable was NULL.
mysql-test/r/variables.result:
Added test case for bug #42778.
mysql-test/suite/sys_vars/r/innodb_data_home_dir_basic.result:
Updated test case for bug #42778:
system variables were NOT NULL, now they are nullable.
mysql-test/suite/sys_vars/r/innodb_flush_method_basic.result:
Updated test case for bug #42778:
system variables were NOT NULL, now they are nullable.
mysql-test/suite/sys_vars/r/rpl_init_slave_func.result:
Updated test case for bug #42778:
system variables were NOT NULL, now they are nullable.
mysql-test/suite/sys_vars/r/ssl_capath_basic.result:
Updated test case for bug #42778:
system variables were NOT NULL, now they are nullable.
mysql-test/suite/sys_vars/r/ssl_cipher_basic.result:
Updated test case for bug #42778:
system variables were NOT NULL, now they are nullable.
mysql-test/suite/sys_vars/t/innodb_data_home_dir_basic.test:
Updated test case for bug #42778:
system variables were NOT NULL, now they are nullable.
mysql-test/suite/sys_vars/t/innodb_flush_method_basic.test:
Updated test case for bug #42778:
system variables were NOT NULL, now they are nullable.
mysql-test/suite/sys_vars/t/ssl_capath_basic.test:
Updated test case for bug #42778:
system variables were NOT NULL, now they are nullable.
mysql-test/suite/sys_vars/t/ssl_cipher_basic.test:
Updated test case for bug #42778:
system variables were NOT NULL, now they are nullable.
mysql-test/t/variables.test:
Added test case for bug #42778.
sql/item.cc:
Bug #42778: delete order by null global variable causes
assertion .\filesort.cc, line 797
The longlong_from_string_with_check function has been modified
to skip unwanted warnings: now it uses the THD::no_errors
flag to suppress warnings.
The Item_func_get_system_var::update_null_value method
sets the no_error flag.
sql/item_func.cc:
Bug #42778: delete order by null global variable causes
assertion .\filesort.cc, line 797
1. The Item_func_get_system_var::fix_length_and_dec method
has been modified to make system variables truly nullable.
2. The Item_func_get_system_var::update_null_value method
method has been overloaded with a simple wrapper (like
Item_field::update_null_value) to suppress unwanted warnings
from Item_func_get_system_var::val_int() calls on non-numeric
variable values: the Item_func_get_system_var::update_null_value
method sets and restores THD::no_errors flag for a nested
call of the longlong_from_string_with_check function.
sql/item_func.h:
Bug #42778: delete order by null global variable causes
assertion .\filesort.cc, line 797
The Item_func_get_system_var::update_null_value method
method has been overloaded.
bug#44766: valgrind error when using convert() in a subquery
Problem: input and output buffers may be the same
converting a string to some charset.
That may lead to wrong results/valgrind warnings.
Fix: use different buffers.
mysql-test/r/cast.result:
Fix for bug#44743: Join in combination with concat does not always work
bug#44766: valgrind error when using convert() in a subquery
- test result.
mysql-test/r/func_concat.result:
Fix for bug#44743: Join in combination with concat does not always work
bug#44766: valgrind error when using convert() in a subquery
- test result.
mysql-test/t/cast.test:
Fix for bug#44743: Join in combination with concat does not always work
bug#44766: valgrind error when using convert() in a subquery
- test case.
mysql-test/t/func_concat.test:
Fix for bug#44743: Join in combination with concat does not always work
bug#44766: valgrind error when using convert() in a subquery
- test case.
sql/item.cc:
Fix for bug#44743: Join in combination with concat does not always work
bug#44766: valgrind error when using convert() in a subquery
- comment added.
sql/item_strfunc.cc:
Fix for bug#44743: Join in combination with concat does not always work
bug#44766: valgrind error when using convert() in a subquery
- '&args[0]->str_value' used as a parameter of args[0]->val_str(),
as 'str' may be equal to 'str_value' which we use as the output buffer
converting strings.
sql/sql_string.cc:
Fix for bug#44743: Join in combination with concat does not always work
bug#44766: valgrind error when using convert() in a subquery
- input and output buffers must NOT be the same.
warnings after uncompressed_length
UNCOMPRESSED_LENGTH() did not validate its argument. In
particular, if the argument length was less than 4 bytes,
an uninitialized memory value was returned as a result.
Since the result of COMPRESS() is either an empty string or
a 4-byte length prefix followed by compressed data, the bug was
fixed by ensuring that the argument of UNCOMPRESSED_LENGTH() is
either an empty string or contains at least 5 bytes (as done in
UNCOMPRESS()). This is the best we can do to validate input
without decompressing.
mysql-test/r/func_compress.result:
Added a test case for bug #44796.
mysql-test/t/func_compress.test:
Added a test case for bug #44796.
sql/item_strfunc.cc:
Make sure that the argument of UNCOMPRESSED_LENGTH() contains
at least 5 bytes (as done in UNCOMPRESS()).
Change the warning message to 'Statement may not be safe to log in
statement format' to indicate that the decision on whether a
statement is safe or not is heuristic, and we are conservative.
with a "HAVING" clause though query works
SELECT from views defined like:
CREATE VIEW v1 (view_column)
AS SELECT c AS alias FROM t1 HAVING alias
fails with an error 1356:
View '...' references invalid table(s) or column(s)
or function(s) or definer/invoker of view lack rights
to use them
CREATE VIEW form with a (column list) substitutes
SELECT column names/aliases with names from a
view column list.
However, alias references in HAVING clause was
not substituted.
The Item_ref::print function has been modified
to write correct aliased names of underlying
items into VIEW definition generation/.frm file.
mysql-test/r/view.result:
Added test file for bug #40825.
mysql-test/t/view.test:
Added test file for bug #40825.
sql/item.cc:
Bug#40825: Error 1356 while selecting from a view
with a "HAVING" clause though query works
The Item_ref::print function has been modified
to write correct aliased names of underlying
items into VIEW definition generation/.frm file.
The RAND(N) function where the N is a field of "constant" table
(table of single row) failed with a SIGFPE.
Evaluation of RAND(N) rely on constant status of its argument.
Current server "seeded" random value for each constant argument
only once, in the Item_func_rand::fix_fields method.
Then the server skipped a call to seed_random() in the
Item_func_rand::val_real method for such constant arguments.
However, non-constant state of an argument may be changed
after the call to fix_fields, if an argument is a field of
"constant" table. Thus, pre-initialization of random value
in the fix_fields method is too early.
Initialization of random value by seed_random() has been
removed from Item_func_rand::fix_fields method.
The Item_func_rand::val_real method has been modified to
call seed_random() on the first evaluation of this method
if an argument is a function.
mysql-test/r/func_math.result:
Added test case for bug #44768.
mysql-test/t/func_math.test:
Added test case for bug #44768.
sql/item_func.cc:
Bug #44768: SIGFPE crash when selecting rand from a view containing null
1. Initialization of random value by seed_random() has been
removed from Item_func_rand::fix_fields method.
2. The Item_func_rand::val_real method has been modified to
call seed_random() on the first evaluation of this method
if an argument is a function.
sql/item_func.h:
Bug #44768: SIGFPE crash when selecting rand from a view containing null
1. The Item_func_rand::first_eval has been added to trace
the first evaluation of the val_real method.
2. The Item_func_rand::cleanup method has been added to
cleanup the first_eval flag.
always rollsback.
The global variable max_binlog_cache_size cannot be set more than 4GB on
32 bit systems, limiting transactions of all storage engines to 4G of changes.
The problem is max_binlog_cache_size is declared as ulong which is 4 bytes
on 32 bit and 8 bytes on 64 bit machines.
Fixed by using ulonglong for max_binlog_cache_size which is 8bytes on 32
and 64 bit machines.The range for max_binlog_cache_size on 32 bit and 64 bit
systems is 4096-18446744073709547520 bytes.
mysql-test/r/variables.result:
Result file for BUG#10206
mysql-test/t/variables.test:
Testcase for BUG#10206
sql/mysql_priv.h:
change the extern declaration of max_binlog_cache_size to ulonglong
sql/mysqld.cc:
change the declaration of max_binlog_cache_size to ulonglong and the option is fixed to extend the range of max_binlog_cache_size
sql/set_var.cc:
change the variable declaration of max_binlog_cache_size to ulonglong
Field_time::get_time() did not initialize some members of
MYSQL_TIME which led to valgrind warnings when those members
were accessed in Protocol_simple::store_time().
It is unlikely that this bug could result in wrong data
being returned, since Field_time::get_time() initializes the
'day' member of MYSQL_TIME to 0, so the value of 'day'
in Protocol_simple::store_time() would be 0 regardless
of the values for 'year' and 'month'.
mysql-test/r/type_time.result:
Added a test case for bug #44792.
mysql-test/t/type_time.test:
Added a test case for bug #44792.
sql/field.cc:
Field_time::get_time() did not initialize some members of
MYSQL_TIME which led to valgrind warnings when those members
were accessed in Protocol_simple::store_time().
In UNION if we use last SELECT without braces and this
SELECT have ORDER BY clause, such clause belongs to
global UNION. It is parsed like last SELECT
part and used further as 'unit->global_parameters->order_list' value.
During DESCRIBE EXTENDED we call select_lex->print_order() for
last SELECT where order fields refer to tmp table
which already freed. It leads to crash.
The fix is clean up global_parameters->order_list
instead of fake_select_lex->order_list.
mysql-test/r/union.result:
test result
mysql-test/t/union.test:
test case
sql/sql_union.cc:
In UNION if we use last SELECT without braces and this
SELECT have ORDER BY clause, such clause belongs to
global UNION. It is parsed like last SELECT
part and used further as 'unit->global_parameters->order_list' value.
During DESCRIBE EXTENDED we call select_lex->print_order() for
last SELECT where order fields refer to tmp table
which already freed. It leads to crash.
The fix is clean up global_parameters->order_list
instead of fake_select_lex->order_list.
