ASSERTION `0' FAILED ON SELECT AREA
Problem:
Optimizer tries to get the points to calculate area without
checking the return value of uint4korr for 0 "points". As a
result server exits.
Solution:
Check the return value from uint4korr().
-LONGLONG_MIN is the undefined behavior in C.
longlong2decimal() used to do this:
int longlong2decimal(longlong from, decimal_t *to) {
if ((to->sign= from < 0))
return ull2dec(-from, to);
return ull2dec(from, to);
and later in ull2dec() (DIG_BASE is 1000000000):
static int ull2dec(ulonglong from, decimal_t *to) {
for (intg1=1; from >= DIG_BASE; intg1++, from/=DIG_BASE) {}
this breaks in gcc-5 at -O3. Here ull2dec is inlined into
longlong2decimal. And gcc-5 believes that 'from' in the
inlined ull2dec is always a positive integer (indeed, if it was
negative, then -from was used instead). So gcc-5 uses
*signed* comparison with DIG_BASE.
Fix: make a special case for LONGLONG_MIN, don't negate it
MY_TOSORT_UTF32
This patch is specific for mysql-5.5
ISSUE: When a charater that is larger than possible to
handle is passed to function my_tosort_utf32(), it results
in segmentation fault. In the scenario mentioned in the bug
AES_ENCRYPT function is used which returns large value.
This value is further passed to my_tosort_utf32 function.
This causes to cross array bound for array uni_plane,
resulting in segment violation.
SOLUTION:
This issue has got addressed in 5.6 onward releases
through worklog 2673.
The fix is similar backport of that.
Check for maximum character before accessing the array
uni_plane. In addition to function my_tosort_utf32, the
same potential problem is also present in functions
my_tolower_utf16, my_toupper_utf16, my_tosort_utf16,
my_tolower_utf32, my_toupper_utf32, my_tosort_unicode,
my_tolower_utf8mb4 and my_toupper_utf8mb4.
Fixed these functions as well.
Permanently removed test case perfschema.aggregate.
The Performance Schema is generally lock-free, allowing for
race conditions that might arise from multi-threaded operation
which occasionally results in temporary and/or minor variances
when aggregating statistics. This test needs to be redesigned
to accommodate such variances.
State column of SHOW PROCESSLIST can have NULL values for being initialized
threads (between new connection was acknowledged and waiting for network data).
Fixed test case to handle such cases by waiting for State to become empty
string.
Analysis: row_drop_table_for_mysql did not allow dropping
referenced table even in case when actual creating of the
referenced table was not successfull if foreign_key_checks=1.
Fix: Allow dropping referenced table even if foreign_key_checks=1
if actual table create returned error.
and
MDEV-10250 InnoDB: Error: File (unknown): 'close' returned OS error 209. Cannot continue operation"
after a failed connect() feedback plugin was continuing with the
file descriptor, trying to send the data (which failed) and
closing it at the end. Even though this fd might've been reused for
something else already.
shutdown)
There was race condition between shutdown thread and event worker threads.
Shutdown thread waits for thread_count to become 0 in close_connections(). It
may happen so that event worker thread was started but didn't increment
thread_count by this time. In this case shutdown thread may miss wait for this
working thread and continue deinitialization. Worker thread in turn may continue
execution and crash on deinitialized data.
Fixed by incrementing thread_count before thread is actually created like it is
done for connection threads.
Also let event scheduler not to inc/dec running threads counter for symmetry
with other "service" threads.
MYSQL-5.5
The bug asks for a backport of bug#1463594 and bug#20682959. This
is required because of the fact that if replication is enabled, master
transaction can commit whereas slave can't commit due to not exact
'enviroment'. This manifestation is seen in bug#22024200.
Fix the assertion failure by setting the struct to 0. This can not be
done using a macro due to different definitions of mutexes on various
OS-es.
Afterwards we call toku_mutex_init and completely initialize the locks.
Fix is a backport of BUG#18518216/72230 to MySQL 5.5 and 5.6.
Will also resolve:
BUG#23605713/81384 LIBMYSQLCLIENT.SO.18 MISSING FROM MYSQL 5.7
as mysql-community-libs-5.5 or mysql-community-libs-5.6 can
installed on EL6 system with libmysqlclient.16 (from MySQL 5.1)
libmysqlclient.20 (from MySQL 5.7) by doing:
$ rpm --oldpackage -ivh mysql-community-libs-5.5.50-2.el6.x86_64.rpm
Providing a way to have several versions of libmysqlclient installed
on the same system.
and help:
BUG#23088014/80981 LIBS-COMPAT RPMS SHOULD BE INDEPENDENT OF ALL OTHER SUBPACKAGES
due to less strict coupling between -libs-compat and -common package.
DESCRIPTION
===========
Buffer overflow is reported in Regex library. This can be
triggered when the data corresponding to argv[1] is >=
512 bytes resutling in abnormal behaviour.
ANALYSIS
========
Its a straight forward case of SEGFAULT where the target
buffer is smaller than the source string to be copied.
A simple pre-copy validation should do.
FIX
===
A check is added before doing strcpy() to ensure that the
target buffer is big enough to hold the to-be copied data.
If the check fails, the program aborts.
Fixed wrong calculation of buffer sizes. ulong datatype was used wrongly,
as were the casts to ulong. Buffer sizes should be of type size_t,
not ulong, or bad things happen on 64 bit Windows.
This patch changes pagecache struct to use size_t/ssize_t
where long/ulong were previously used. Also, removed several casts.
Both aria and myisam storage engines feature a logic path in
thr_find_all_keys that leads to undefined behaviour by bypassing the
initialization code of variables after my_thread_init().
By refactoring the nested logic into a separate function, this problem
is resolved.
Fix a bug in testhash.c that caused an out of bounds memory access
when command line parameters specified 0 records to be inserted
in the hashtable.
Signed-off-by: Vicențiu Ciorbaru <vicentiu@mariadb.org>
bytes are possibly lost
Timer thread of threadpool is created "joinable", but they're not "joined" on
completion. This causes memory leaks around thread local storage.
Fixed by joining timer thread.
`--help` is a perfectly valid parameter and both `mysqladmin` and
`mysql_waitpid` should exit with success (zero errror code).
Signed-off-by: Vicențiu Ciorbaru <vicentiu@mariadb.org>
The combination of --remove_file and --write_file on .expect file creates
a race condition which can be hit by MTR which reads the file in a loop.
Instead, .expect file should be changed with --append_file.
It was fixed in 10.x, but in 5.5 the sporadic failure still affected buildbot.
Fixed 3 test files which use the problematic combination
Aria service threads are created "joinable", but they're not "joined" on
completion. This causes memory leaks around thread local storage.
Fixed by joining service thread. Simplified relevant code and cleaned up
relevant valgrind suppressions.