Commit graph

39332 commits

Author SHA1 Message Date
Gleb Shchepa
b591793496 Bug #39844: Query Crash Mysql Server 5.0.67
Server crashed during a sort order optimization
of a dependent subquery:

SELECT
    (SELECT t1.a FROM t1, t2
      WHERE t1.a = t2.b AND t2.a = t3.c
      ORDER BY t1.a)
  FROM t3;


Bitmap of tables, that the reference to outer table
column uses, in addition to the regular table bit
has the OUTER_REF_TABLE_BIT bit set.
The only_eq_ref_tables function traverses this map
bit by bit simultaneously with join->map2table list.
Obviously join->map2table never contains an entry
for the OUTER_REF_TABLE_BIT pseudo-table, so the
server crashed there.


The only_eq_ref_tables function has been modified
to traverse regular table bits only like the
update_depend_map function (resetting of the
OUTER_REF_TABLE_BIT there is enough, but
resetting of the whole set of PSEUDO_TABLE_BITS
is used there for sure).


mysql-test/r/order_by.result:
  Added test case for bug #39844.
mysql-test/t/order_by.test:
  Added test case for bug #39844.
sql/sql_select.cc:
  Bug #39844: Query Crash Mysql Server 5.0.67
  
  The only_eq_ref_tables function has been modified
  to traverse regular table bits only like the
  update_depend_map function (resetting of the
  OUTER_REF_TABLE_BIT there is enough, but
  resetting of the whole set of PSEUDO_TABLE_BITS
  is used there for sure).
2008-10-16 21:37:17 +05:00
Davi Arnaut
3ad228d7fb Bug#37075: offset of limit clause might be truncated on 32-bits server w/o big tables
The problem is that the offset argument of the limit clause
might be truncated on a 32-bits server built without big
tables support. The truncation was happening because the
original 64-bits long argument was being cast to a 32-bits
(ha_rows) offset counter.

The solution is to check if the conversing resulted in value
truncation and if so, the offset is set to the maximum possible
value that can fit on the type.

mysql-test/r/limit.result:
  Add test case result for Bug#37075
mysql-test/t/limit.test:
  Add test case for Bug#37075
sql/sql_lex.cc:
  Check for truncation of the offset value. If value was
  truncated, set to the maximum possible value.
2008-10-15 18:34:51 -03:00
Davi Arnaut
017307f216 Bug#38823: Invalid memory access when a SP statement does wildcard expansion
The problem is that field names constructed due to wild-card
expansion done inside a stored procedure could point to freed
memory if the expansion was performed after the first call to
the stored procedure.

The problem was solved by patch for Bug#38691. The solution
was to allocate the database, table and field names in the
in the statement memory instead of table memory.

mysql-test/r/sp.result:
  Add test case result for Bug#38823
mysql-test/t/sp.test:
  Add test case for Bug#38823
sql/item.cc:
  Remark that this also impacts wildcard expansion inside SPs.
2008-10-14 11:04:36 -03:00
Georgi Kodinov
9b6347f0ab merged 5.0-main -> 5.0-bugteam 2008-10-10 17:27:16 +03:00
Gleb Shchepa
097b60bd06 Bug #37894: Assertion in init_read_record_seq in handler.h line 1444
Select with a "NULL NOT IN" condition containing complex
subselect from the same table as in the outer select failed
with an assertion.


The failure was caused by a concatenation of circumstances:
1) an inner select was optimized by make_join_statistics to use
   the QUICK_RANGE_SELECT access method (that implies an index
   scan of the table);
2) a subselect was independent (constant) from the outer select;
3) a condition was pushed down into inner select.

During the evaluation of a constant IN expression an optimizer
temporary changed the access method from index scan to table
scan, but an engine handler was already initialized for index
access by make_join_statistics. That caused an assertion.


Unnecessary index initialization has been removed from
the QUICK_RANGE_SELECT::init method (QUICK_RANGE_SELECT::reset
reinvokes this initialization).


mysql-test/r/subselect3.result:
  Added test case for bug #37894.
mysql-test/t/subselect3.test:
  Added test case for bug #37894.
sql/opt_range.cc:
  Bug #37894: Assertion in init_read_record_seq in handler.h line 1444
  
  Unnecessary index initialization has been removed from
  the QUICK_RANGE_SELECT::init method (QUICK_RANGE_SELECT::reset
  reinvokes this initialization).
2008-10-10 15:27:58 +05:00
Gleb Shchepa
8bfbcbd981 Bug #39283: Date returned as VARBINARY to client for queries
with COALESCE and JOIN

The server returned to a client the VARBINARY column type
instead of the DATE type for a result of the COALESCE,
IFNULL, IF, CASE, GREATEST or LEAST functions if that result
was filesorted in an anonymous temporary table during
the query execution.

For example:
  SELECT COALESCE(t1.date1, t2.date2) AS result
    FROM t1 JOIN t2 ON t1.id = t2.id ORDER BY result;


To create a column of various date/time types in a
temporary table the create_tmp_field_from_item() function
uses the Item::tmp_table_field_from_field_type() method
call. However, fields of the MYSQL_TYPE_NEWDATE type were
missed there, and the VARBINARY columns were created
by default.
Necessary condition has been added.


mysql-test/r/metadata.result:
  Added test case for bug #39283.
mysql-test/t/metadata.test:
  Added test case for bug #39283.
sql/sql_select.cc:
  Bug #39283: Date returned as VARBINARY to client for queries
              with COALESCE and JOIN
  
  To create a column of various date/time types in a
  temporary table the create_tmp_field_from_item() function
  uses the Item::tmp_table_field_from_field_type() method
  call. However, fields of the MYSQL_TYPE_NEWDATE type were
  missed there, and the VARBINARY columns were created
  by default.
  Necessary condition has been added.
2008-10-10 15:13:12 +05:00
Gleb Shchepa
a83f5b18ef Bug#38499: flush tables and multitable table update with
derived table cause crash

When a multi-UPDATE command fails to lock some table, and
subsequently succeeds, the tables need to be reopened if
they were altered. But the reopening procedure failed for
derived tables.

Extra cleanup has been added.


mysql-test/r/lock_multi.result:
  Added test case for bug #38499.
mysql-test/t/lock_multi.test:
  Added test case for bug #38499.
sql/sql_union.cc:
  Bug#38499: flush tables and multitable table update with
             derived table cause crash
  
  Obsolete assertion has been removed.
sql/sql_update.cc:
  Bug#38499: flush tables and multitable table update with
             derived table cause crash
  
  Extra cleanup for derived tables has been added:
  1) unit.cleanup(),
  2) unit->reinit_exec_mechanism().
2008-10-09 20:24:31 +05:00
Georgi Kodinov
7b628ade5f merged 5.0-5.1.29-rc -> 5.0-bugteam 2008-10-08 11:36:24 +03:00
Gleb Shchepa
f48b42e776 Bug #38691: segfault/abort in ``UPDATE ...JOIN'' while
``FLUSH TABLES WITH READ LOCK''

Concurrent execution of 1) multitable update with a
NATURAL/USING join and 2) a such query as "FLUSH TABLES
WITH READ LOCK" or "ALTER TABLE" of updating table led
to a server crash.


The mysql_multi_update_prepare() function call is optimized
to lock updating tables only, so it postpones locking to
the last, and if locking fails, it does cleanup of modified
syntax structures and repeats a query analysis.  However,
that cleanup procedure was incomplete for NATURAL/USING join
syntax data: 1) some Field_item items pointed into freed
table structures, and 2) the TABLE_LIST::join_columns fields
was not reset.

Major change:
  short-living Field *Natural_join_column::table_field has
  been replaced with long-living Item*.


mysql-test/r/lock_multi.result:
  Added test case for bug #38691.
mysql-test/t/lock_multi.test:
  Added test case for bug #38691.
sql/item.cc:
  Bug #38691: segfault/abort in ``UPDATE ...JOIN'' while
            ``FLUSH TABLES WITH READ LOCK''
  
  The Item_field constructor has been modified to allocate
  and copy original database/table/field names always (not
  during PS preparation/1st execution only), because
  an initialization of Item_field items with a pointer to
  short-living Field structures is a common practice.
sql/sql_base.cc:
  Bug #38691: segfault/abort in ``UPDATE ...JOIN'' while
            ``FLUSH TABLES WITH READ LOCK''
  
  1) Type adjustment for Natural_join_column::table_field
     (Field to Item_field);
  2) The setup_natural_join_row_types function has been
     updated to take into account new
     first_natural_join_processing flag to skip unnecessary
     reinitialization of Natural_join_column::join_columns
     during table reopening after lock_tables() failure
     (like the 'first_execution' flag for PS).
sql/sql_lex.cc:
  Bug #38691: segfault/abort in ``UPDATE ...JOIN'' while
            ``FLUSH TABLES WITH READ LOCK''
  
  Initialization of the new
  st_select_lex::first_natural_join_processing flag has
  been added.
sql/sql_lex.h:
  Bug #38691: segfault/abort in ``UPDATE ...JOIN'' while
            ``FLUSH TABLES WITH READ LOCK''
  
  The st_select_lex::first_natural_join_processing flag
  has been added to skip unnecessary rebuilding of
  NATURAL/USING JOIN structures during table reopening
  after lock_tables failure.
sql/sql_update.cc:
  Bug #38691: segfault/abort in ``UPDATE ...JOIN'' while
            ``FLUSH TABLES WITH READ LOCK''
  
  Extra cleanup calls have been added to reset
  Natural_join_column::table_field items.
sql/table.cc:
  Bug #38691: segfault/abort in ``UPDATE ...JOIN'' while
            ``FLUSH TABLES WITH READ LOCK''
  
  Type adjustment for Natural_join_column::table_field
  (Field to Item_field).
sql/table.h:
  Bug #38691: segfault/abort in ``UPDATE ...JOIN'' while
            ``FLUSH TABLES WITH READ LOCK''
  
  Type of the Natural_join_column::table_field field has
  been changed from Field that points into short-living
  TABLE memory to long-living Item_field that can be
  linked to (fixed) reopened table.
2008-10-08 02:34:00 +05:00
Georgi Kodinov
5a3086221d merged 5.0-5.1.29-rc -> 5.0-bugteam 2008-10-07 18:24:25 +03:00
Chad MILLER
41a1b7cead Fix autoconf substitution and evaluation of a string inside single quotes
so that if the substitution contains single-quotes, the program will fail.
2008-10-06 11:35:21 -04:00
Chad MILLER
3507dc77fb Merge fix for bug 11122. 2008-10-06 09:52:27 -04:00
Chad MILLER
159b33719c Remove part of comment for b-g#11122 that is no longer true. 2008-10-06 09:49:50 -04:00
Chad MILLER
494d2a2357 Merge fix for join-testcase failure. 2008-10-06 08:24:14 -04:00
Chad MILLER
468cacec4f Fix for test for b-g#35754 which fails based on hostname ?= "localhost". 2008-10-06 08:18:13 -04:00
Matthias Leich
7c0b007e64 Merge of fixes for Bug#38427 and Bug#38762 into actual tree
(no conflicts)
2008-10-04 17:13:43 +02:00
Chad MILLER
aa1a69222f Merge fix for Bug#35754. 2008-10-03 10:19:02 -04:00
Chad MILLER
a1e94cc676 Bug#11122: Server won't always start when cold-booting after a crash
The grep expression that finds a running "mysqld" program fails if the
"mysqld_safe" is running with the same PID.

Now, excise "ps" output that has the word " grep" or "mysqld_safe" in 
it, to be a little more certain that the matched process is not a false 
positive hit.  This will fail when the path to mysqld contains either
of those two names, which should be acceptable.

Additionally, some text to search could be truncated if very long.  
Expand the number of lines "ps" emits.
2008-10-02 12:25:52 -04:00
Vladislav Vaintroub
f140575e8a merge 2008-10-02 17:48:37 +02:00
Vladislav Vaintroub
42e48bc46d Bug #38629
mysql-test-run.pl --start-and-exit starts but does not exit
Instead, it hangs with ActiveState perl. The error is
believed to be a bug in ActiveState implementation.
Workaround is using POSIX::_exit, as described here
http://www.perlmonks.org/?node_id=334610

Thanks to Philip Stoev for the idea of the patch.
2008-10-02 16:29:41 +02:00
Sergey Glukhov
d51e2c0760 Bug#35924 DEFINER should be stored 'quoted' in I_S
The '@' symbol can not be used in the host name according to rfc952.
The fix:
added function check_host_name(LEX_STRING *str)
which checks that all symbols in host name string are valid and
host name length is not more than max host name length
(just moved check_string_length() function from the parser into check_host_name()).


mysql-test/r/create.result:
  test result
mysql-test/t/create.test:
  test case
sql/mysql_priv.h:
  added function check_host_name(LEX_STRING *str)
sql/sql_parse.cc:
  added function check_host_name(LEX_STRING *str)
  which checks that all symbols in host name string are valid and
  host name length is not more than max host name length(HOSTNAME_LENGTH).
sql/sql_yacc.yy:
  using newly added function check_host_name()
2008-10-02 16:57:52 +05:00
Matthias Leich
14f372c966 Fix for Bug#38427 "Data too long" in some configurations,
tests "<ENGINE>_func_view" fail
2008-10-02 13:47:16 +02:00
Matthias Leich
342235aec8 Fix for Bug#38762 main.federated_bug_25714 fails sporadically 2008-10-02 13:04:29 +02:00
Sergey Glukhov
7e60f71001 Bug#22763 Disrepancy between SHOW CREATE VIEW and I_S.VIEWS
The problem:
I_S views table does not check the presence of SHOW_VIEW_ACL|SELECT_ACL
privileges for a view. It leads to discrepancy between SHOW CREATE VIEW
and I_S.VIEWS.
The fix:
added appropriate check.


mysql-test/r/information_schema_db.result:
  test result
mysql-test/t/information_schema_db.test:
  test case
sql/sql_show.cc:
  The problem:
  I_S views table does not check the presence of SHOW_VIEW_ACL|SELECT_ACL
  privileges for a view. It leads to discrepancy between SHOW CREATE VIEW
  and I_S.VIEWS.
  The fix:
  added appropriate check.
2008-10-02 14:37:07 +05:00
Ramil Kalimullin
1ce81aac15 merge 2008-10-02 13:10:06 +05:00
Georgi Kodinov
eb3c08069d Bug#37943: Reproducible mysqld crash/sigsegv in sel_trees_can_be_ored
When analyzing the possible index use cases the server was re-using an internal structure.
This is wrong, as this internal structure gets updated during the analysis.
Fixed by making a copy of the internal structure for every place it needs to be used.
Also stopped the generation of empty SEL_TREE structures that unnecessary 
complicate the analysis.

mysql-test/r/index_merge.result:
  Bug#37943: test case
mysql-test/t/index_merge.test:
  Bug#37943: test case
sql/opt_range.cc:
  Bug#37943: 
   - Make copy constructors for SEL_TREE and sub-structures and use them when OR-ing trees.
   - don't generate empty SEL_TREEs. Return NULL instead.
2008-10-01 18:50:55 +03:00
Georgi Kodinov
652565d362 fixed a failure in symlink.test caused by replacing rm with remove_file 2008-10-01 15:53:11 +03:00
Ramil Kalimullin
d3e317d16b Fix for bug#39182: Binary log producing incompatible character set query
from stored procedure. 

Problem: we replace all references to local variables in stored procedures     
with NAME_CONST(name, value) logging to the binary log. However, if the
value's collation differs we might get an 'illegal mix of collation'           
error as we don't pass the collation to the function.

Fix: pass the value's collation to NAME_CONST().

Note: actually we should pass to NAME_CONST() the value's derivation as well.
It's impossible without the parser modifying. Now we always set the 
derivation to DERIVATION_IMPLICIT, the same as local variables have.


mysql-test/r/binlog.result:
  Fix for bug#39182: Binary log producing incompatible character set query
  from stored procedure.
    - test result.
mysql-test/r/ctype_cp932_binlog.result:
  Fix for bug#39182: Binary log producing incompatible character set query
  from stored procedure.
    - results adjusted.
mysql-test/r/rpl_sp.result:
  Fix for bug#39182: Binary log producing incompatible character set query
  from stored procedure.
    - results adjusted.
mysql-test/t/binlog.test:
  Fix for bug#39182: Binary log producing incompatible character set query
  from stored procedure.
    - test case.
sql/item.cc:
  Fix for bug#39182: Binary log producing incompatible character set query
  from stored procedure.
    - allow NAME_CONST() to get _charset'foo' COLLATE 'bar' strings
  (see Item_func_set_collation).
sql/sp_head.cc:
  Fix for bug#39182: Binary log producing incompatible character set query
  from stored procedure. 
    - pass the value's collation to NAME_CONST().
2008-10-01 14:48:47 +05:00
Georgi Kodinov
ab5b7ceb97 fixed a wrong directory in distinct.test 2008-10-01 12:45:02 +03:00
Georgi Kodinov
3f8e1edc31 merged 5.0-main -> 5.0-bugteam 2008-10-01 12:42:45 +03:00
Georgi Kodinov
dca2c113c6 merged 5.0-5.1.29-rc into 5.0-bugteam 2008-10-01 12:41:13 +03:00
Patrick Crews
006b940a27 Bug#38311 Some tests use 'rm' which is not portable
Repush of change to fix tests on Pushbuild.
2008-09-30 20:54:06 -04:00
Patrick Crews
e97a45fdd3 automerge 2008-09-30 16:23:04 -04:00
Patrick Crews
8c33da076e Automerge 2008-09-30 12:56:12 -04:00
Gleb Shchepa
3c9d4ea821 Fixed bug #17823: 'arc' directories inside database directories.
Server created "arc" directories inside database directories and
maintained there useless copies of .frm files.

Creation and renaming procedures of those copies as well as
creation of "arc" directories has been discontinued.
Removal procedure has been kept untouched to be able to
cleanup existent database directories by the DROP DATABASE
query. Also view renaming procedure has been updated to remove
these directories.


sql/parse_file.cc:
  Fixed bug #17823: 'arc' directories inside database directories.
  View/table creation and renaming procedures maintained
  backup copies of .frm files. Those copies are unused yet,
  so this feature was incomplete and unnecessary.
  
  1. Unwanted code has been hidden by FRM_ARCHIVE ifdefs
  (the FRM_ARCHIVE macro is not defined).
  
  2. Renaming procedure has been modified to remove obsolete
  "arc" directories.
sql/parse_file.h:
  Fixed bug #17823: 'arc' directories inside database directories.
  The "thd" parameter has been added to the rename_in_schema_file()
  function.
sql/sql_db.cc:
  Fixed bug #17823: 'arc' directories inside database directories.
  Scope of the mysql_rm_arc_files() function has been changed to
  global for use from the parse_file.cc file.
sql/sql_view.cc:
  Fixed bug #17823: 'arc' directories inside database directories.
  Added the "thd" argument to rename_in_schema_file() calls.
2008-09-30 17:50:28 +05:00
Alexey Botchkov
ce64a16b75 Bug#37949 Crash if argument to SP is a subquery that returns more than one row
JOIN for the subselect wasn't cleaned if we came upon an error
     during sub_select() execution. That leads to the assertion failure
     in close_thread_tables()

     part of the 6.0 code backported

per-file comments:
  mysql-test/r/sp-error.result
Bug#37949 Crash if argument to SP is a subquery that returns more than one row 
    test result

  mysql-test/t/sp-error.test
Bug#37949 Crash if argument to SP is a subquery that returns more than one row 
    test case

  sql/sp_head.cc
Bug#37949 Crash if argument to SP is a subquery that returns more than one row 
    lex->unit.cleanup() call added if not substatement
2008-09-29 19:11:34 +05:00
Chad MILLER
392ff10eac Bug#35754: mysql_install_db does not work if no hostname is set
Machines with hostname set to "localhost" cause uniqueness errors in 
the SQL bootstrap data.

Now, insert zero lines for cases where the (lowercased) hostname is 
the same as an already-inserted 'localhost' name.  Also, fix a few tests 
that expect certain local accounts to have a certain host name.
2008-09-24 08:59:56 -04:00
Patrick Crews
f5c1c9af8e Bug#38311 - Fix of some cruft from remove_files in ndb_autodiscover.test, clean up of distinct.test,
and replacing error numbers with error names.
2008-09-23 05:24:32 -04:00
Kristofer Pettersson
119c5aaeba Automerge 2008-09-20 16:45:39 +02:00
Kristofer Pettersson
f0352e346a Bug#38469 invalid memory read and/or crash with utf8 text field, stored procedure, uservar
A stored procedure involving substrings could crash the server on certain
platforms because of invalid memory reads.
          
During storing the new blob-field value, the cached value's address range
overlapped that of the new field value. This caused problems when the 
cached value storage was reallocated to provide access for a new 
characater set representation. The patch checks the address ranges, and if
they overlap, the new field value is copied to a new storage before it is
converted to the new character set.


mysql-test/r/sp.result:
  Added result set
mysql-test/t/sp.test:
  Added test case
sql/field.cc:
  The source and destination address ranges of a character conversion must not overlap or the 'from' address will be invalidated as the temporary value-
  object is re-allocated to fit the new character set.
sql/field.h:
  Added comments
2008-09-20 10:51:03 +02:00
Davi Arnaut
fa490eb933 Restore team tree name. 2008-09-20 03:56:33 -03:00
Patrick Crews
404e4b802c Bug#38311 Some tests use 'rm' which is not portable
Substituted use of MTR's remove_file function in the tests
Started with 5.0 tree and will clean up any offenders discovered during upmerge.
2008-09-20 02:21:28 -04:00
unknown
34acfc1e6a Raise version number after cloning 5.0.70 2008-09-19 15:48:46 +02:00
Georgi Kodinov
bf09a809a6 merged 5.0-5.1.29-rc into B39353 tree 2008-09-19 14:31:51 +03:00
Matthias Leich
24fe747024 Merge actual tree -> local tree
no conflicts
2008-09-18 15:32:06 +02:00
Georgi Kodinov
71fe190172 Bug #39353: Multiple conditions on timestamp column crashes server
The fix for bug 31887 was incomplete : it assumes that all the 
field types returned by the IS_NUM macro are descendants of 
Item_num and tries to zero-fill the values before doing constant
substitution with such fields when they are compared to constant string
values.
The only exception to this is Field_timestamp : it's in the IS_NUM
macro, but is not a descendant of Field_num.
Fixed by excluding timestamp fields (Field_timestamp) when zero-filling
when converting the constant to compare with to a string.
Note that this will not exclude the timestamp columns from const 
propagation.

mysql-test/r/compare.result:
  Bug #39353: test case
mysql-test/t/compare.test:
  Bug #39353: test case
sql/item.cc:
  Bug #39353: don't zero-fill timestamp fields when const propagating
  to a string : they'll be converted to a string in a date/time format
  and not as an integer.
2008-09-18 15:55:36 +03:00
Tatiana A. Nurnberg
654db75dfb Bug#37114: sql_mode NO_BACKSLASH_ESCAPES does not work properly with LOAD DATA Bug#37114: sql_mode NO_BACKSLASH_ESCAPES does not work properly with LOAD DATA INFILE
tweaked test to make embedded server happy
2008-09-18 11:24:50 +02:00
Tatiana A. Nurnberg
8d10051b9a auto-merge 2008-09-17 17:44:15 +02:00
Tatiana A. Nurnberg
2f082d9d42 Bug#37114: sql_mode NO_BACKSLASH_ESCAPES does not work properly with LOAD DATA INFILE
NO_BACKSLASH_ESCAPES was not heeded in LOAD DATA INFILE
and SELECT INTO OUTFILE.  It is now.

mysql-test/r/loaddata.result:
  Show that SQL-mode NO_BACKSLASH_ESCAPES is heeded in
  INFILE/OUTFILE, and that dump/restore cycles work!
mysql-test/t/loaddata.test:
  Show that SQL-mode NO_BACKSLASH_ESCAPES is heeded in
  INFILE/OUTFILE, and that dump/restore cycles work!
sql/sql_class.cc:
  Add function to enquire whether ESCAPED BY was given.
  When doing SELECT...OUTFILE, use ESCAPED BY if specifically
  given; otherwise use sensible default value depending on
  SQL-mode features NO_BACKSLASH_ESCAPES.
sql/sql_class.h:
  Add function to enquire whether ESCAPED BY was given.
sql/sql_load.cc:
  When doing LOAD DATA INFILE, use ESCAPED BY if specifically
  given; otherwise use sensible default value depending on
  SQL-mode features NO_BACKSLASH_ESCAPES.
2008-09-17 08:34:00 +02:00
Matthias Leich
635887dcee Fix for Bug#38184 : main.federated fails sporadically
Details:
- backport of some improvements which prevent sporadic
  failures from 5.1 to 5.0
- @@GLOBAL.CONCURRENT_INSERT= 0 also for slave server
- --sorted_result before all selects which have result
  sets with more than one row
- Replace error numbers by error names
2008-09-16 19:05:30 +02:00