Fix race condition which could result in freeing a struct that is
still in use by another thread.
Detailed revision comments:
r2537 | inaam | 2008-07-15 20:46:03 +0300 (Tue, 15 Jul 2008) | 12 lines
branches/5.1 issue# 4
Fixed a timing hole where a thread dropping an index can free the
in-memory index struct while another thread is still using
that structure to remove entries from adaptive hash index belonging
to one of the pages that belongs to the index being dropped.
The fix is to have a reference counter in the index struct and to
wait for this counter to drop to zero beforing freeing the struct.
Reviewed by: Heikki
r2543 | inaam | 2008-07-22 18:57:43 +0300 (Tue, 22 Jul 2008) | 7 lines
branches/5.1:
Removed UNIV_INLINE qualifier from btr_search_info_get_ref_count().
Otherwise compilation failed on non-debug builds.
Pointed by: Vasil
Bug #36149: Read buffer overflow in srv0start.c found during "make test"
Detailed revision comments:
r2485 | vasil | 2008-05-28 16:01:14 +0300 (Wed, 28 May 2008) | 9 lines
branches/5.1:
Fix Bug#36149 Read buffer overflow in srv0start.c found during "make test"
Use strncmp(3) instead of memcmp(3) to avoid reading past end of the string
if it is empty (*str == '\0'). This bug is _not_ a buffer overflow.
Discussed with: Sunny (via IM)
Bug #36819: ut_usectime does not handle errors from gettimeofday
Detailed revision comments:
r2480 | vasil | 2008-05-27 11:40:07 +0300 (Tue, 27 May 2008) | 11 lines
branches/5.1:
Fix Bug#36819 ut_usectime does not handle errors from gettimeofday
by retrying gettimeofday() several times if it fails in ut_usectime().
If it fails on all calls then return error to the caller to be handled
at higher level.
Update the variable innodb_row_lock_time_max in SHOW STATUS output only
if ut_usectime() was successful.
Bug #11894: innodb_file_per_table crashes w/ Windows .sym symbolic link hack
Detailed revision comments:
r2466 | calvin | 2008-05-20 01:37:14 +0300 (Tue, 20 May 2008) | 12 lines
branches/5.1:
Fix Bug#11894 innodb_file_per_table crashes w/ Windows .sym symbolic
link hack
The crash was due to un-handled error 3 (path not found). In the case
of file per table, change the call to os_file_handle_error_no_exit()
from os_file_handle_error(). Also, checks for full path pattern during
table create (Windows only), which is used in symbolic link and temp
table creation.
Approved by: Heikki
Changes to plug.in structure, some INNODB_CFLAGS improvements for better
maintenance, and some comments and whitespace changes.
Detailed revision comments:
r2433 | vasil | 2008-04-30 12:02:35 +0300 (Wed, 30 Apr 2008) | 5 lines
branches/5.1:
Add vim modeline to hint it that plug.in is a config file
so it can be colorized.
r2429 | vasil | 2008-04-30 11:19:06 +0300 (Wed, 30 Apr 2008) | 10 lines
branches/5.1:
* Use INNODB_CFLAGS insead of cluttering CFLAGS with InnoDB specific
flags. CFLAGS are used to compile every file in the MySQL source tree.
* Add INNODB_DYNAMIC_CFLAGS to the flags of the dynamic plugin and use
-prefer-non-pic to make the dynamic plugin faster on i386.
Approved by: Sunny
r2430 | vasil | 2008-04-30 11:48:35 +0300 (Wed, 30 Apr 2008) | 8 lines
branches/5.1:
Use CFLAGS instead of INNODB_CFLAGS to avoid having incompatible flags
inserted in CFLAGS and INNODB_CFLAGS and to avoid compiling mysql and
innodb with different flags.
Discussed with: Sunny
r2431 | vasil | 2008-04-30 11:54:49 +0300 (Wed, 30 Apr 2008) | 4 lines
branches/5.1:
Fix r2430, it should be CFLAGS="$CFLAGS ..." not CFLAGS="..."
r2432 | vasil | 2008-04-30 11:58:38 +0300 (Wed, 30 Apr 2008) | 4 lines
branches/5.1:
Non-functional change: use tabs for indentation in plug.in.
r2436 | vasil | 2008-04-30 19:15:46 +0300 (Wed, 30 Apr 2008) | 7 lines
branches/5.1:
Non-functional white space change in Makefile.am:
Use tabs for indentation and be consistent about spaces around the
equal sign.
Bug #36169: create innodb compressed table with too large row size crashed
Revision comments:
r2422 | vasil | 2008-04-24 16:00:30 +0300 (Thu, 24 Apr 2008) | 11 lines
branches/5.1:
Fix Bug#36169 create innodb compressed table with too large row size crashed
Sometimes it is possible that
row_drop_table_for_mysql(index->table_name, trx, FALSE); is invoked in
row_create_index_for_mysql() when the index object is freed so copy the
table name to a safe place beforehand and use the copy.
Approved by: Sunny
Bug #35537: Innodb doesn't increment handler_update and handler_delete
Detailed revision comments:
r2388 | vasil | 2008-03-27 14:02:34 +0200 (Thu, 27 Mar 2008) | 7 lines
branches/5.1:
Swap the order in which mysql_thd, mysql_query_str and *mysql_query_str
are checked for non-NULL.
Suggested by: Marko
r2421 | calvin | 2008-04-24 15:32:30 +0300 (Thu, 24 Apr 2008) | 6 lines
branches/5.1: Fix bug#35537 - Innodb doesn't increment handler_update
and handler_delete
Add the calls to ha_statistic_increment() in ha_innobase::delete_row()
and ha_innobase::update_row().
branches/5.0 bug#39483 InnoDB hang on adaptive hash because of out
of order ::open() call by MySQL
Under some conditions MySQL calls ::open with search_latch leading
to a deadlock as we try to acquire dict_sys->mutex inside ::open
breaking the latching order. The fix is to release search_latch.
Reviewed by: Heikki
This fixes Bug#36149: Read buffer overflow in srv0start.c found during "make
test"
Per-revision comments:
r2484 | vasil | 2008-05-28 15:32:48 +0300 (Wed, 28 May 2008) | 9 lines
Fix Bug#36149 Read buffer overflow in srv0start.c found during "make test"
Use strncmp(3) instead of memcmp(3) to avoid reading past end of the string
if it is empty (*str == '\0'). This bug is _not_ a buffer overflow.
Discussed with: Sunny (via IM)
r2538 | inaam | 2008-07-15 21:24:02 +0300 (Tue, 15 Jul 2008) | 15 lines
Fix of issue# 4
Fixed a timing hole where a thread dropping an index can free the
in-memory index struct while another thread is still using
that structure to remove entries from adaptive hash index belonging
to one of the pages that belongs to the index being dropped.
The fix is to have a reference counter in the index struct and to
wait for this counter to drop to zero beforing freeing the struct.
Reviewed by: Heikki
r2544 | inaam | 2008-07-22 18:58:11 +0300 (Tue, 22 Jul 2008) | 8 lines
Removed UNIV_INLINE qualifier from btr_search_info_get_ref_count().
Otherwise compilation failed on non-debug builds.
Pointed by: Vasil
not handle errors from gettimeofday".
r2475 | vasil | 2008-05-22 19:35:30 +0300 (Thu, 22 May 2008) | 13 lines
Fix by retrying gettimeofday() several times if it fails in ut_usectime().
If it fails on all calls then return error to the caller to be handled
at higher level.
Update the variable innodb_row_lock_time_max in SHOW STATUS output only
if ut_usectime() was successful.
The test
1. did not verify that CREATE FUNCTION shall fails in a case of active binlog
and @@log_bin_trust_function_creators is zero if there is no DETERMINISTIC qualifier
and super user privilege;
2. contained an explit warning on that CREATE FUNCTION actually succeeded whereas
it was supposed to fail;
3. did not demand the bin-log be set ON even though it has contained the opt file
explictily setting the name for the binlog file.
Fixed 1-3 with modifying the test accordingly.
IF(..., CAST(longtext AS UNSIGNED), signed_val)
(was: LEFT JOIN on inline view crashes server)
Select from a LONGTEXT column wrapped with an expression
like "IF(..., CAST(longtext_column AS UNSIGNED), smth_signed)"
failed an assertion or crashed the server. IFNULL function was
affected too.
LONGTEXT column item has a maximum length of 32^2-1 bytes,
at the same time this is a maximum possible length of any
MySQL item. CAST(longtext_column AS UNSIGNED) returns some
unsigned numeric result of length 32^2-1, so the result of
IF/IFNULL function of this number and some other signed number
will have text length of (32^2-1)+1=32^2 (one byte for the
minus sign) - there is integer overflow, and the length is
equal to zero. That caused assert/crash.
CAST AS UNSIGNED function has been modified to limit maximal
length of resulting number to 67 (maximal length of DECIMAL
and two characters for minus sign and dot).
The test explicitly warned on existence of a bug in its 27th part.
The expected values of prepare and commit counters changed, corrected, by
fixes to bug#40221.
Notice, that binlog does not have to register for a statement with
the statement binlog-format because the statement rollback does not need
to do anything in that mode. It's not so with the ROW format which was
bug#40221 concern.
Fixed with correcting the expected values of the mentioned counters and
explained that with comments in the test.
IF(..., CAST(longtext AS UNSIGNED), signed_val)
(was: LEFT JOIN on inline view crashes server)
Select from a LONGTEXT column wrapped with an expression
like "IF(..., CAST(longtext_column AS UNSIGNED), smth_signed)"
failed an assertion or crashed the server. IFNULL function was
affected too.
LONGTEXT column item has a maximum length of 32^2-1 bytes,
at the same time this is a maximum possible length of any
MySQL item. CAST(longtext_column AS UNSIGNED) returns some
unsigned numeric result of length 32^2-1, so the result of
IF/IFNULL function of this number and some other signed number
will have text length of (32^2-1)+1=32^2 (one byte for the
minus sign) - there is integer overflow, and the length is
equal to zero. That caused assert/crash.
The bug has been fixed by the same solution as in the CASE
function implementation.
Fix parsing of mysql client commands, especially in relation to
single-line comments when --comments was specified.
This is a little tricky, because we need to allow single-line
comments in the middle of statements, but we don't want to allow
client commands in the middle of statements. So in
comment-preservation mode, we go ahead and send single-line
comments to the server immediately when we encounter them on their
own.
This is still slightly flawed, in that it does not handle a
single-line comment with leading spaces, followed by a client-side
command when --comment has been enabled. But this isn't a new
problem, and it is quite an edge condition. Fixing it would require
a more extensive overall of how the mysql client parses commands.
Bug#37671 crash on prepared statement + cursor + geometry + too many open files!
if mysql_execute_command() returns error then free materialized_cursor object.
is_rnd_inited is added to satisfy rnd_end() assertion
(handler may be uninitialized in some cases)
Removed values with more than 15 significant digits from the test case. Results of
reading/printing such values using system library functions depend on implementation
and thus are not portable.
Problem:
XML syntax parser allowed to use quoted strings as attribute names,
and tried to put them into parser state stack instead of identifiers.
After that parser failed, if quoted string contained some slash characters.
Fix:
- Disallowing quoted strings in regular tags.
- Allowing quoted string in DOCTYPE declararion, but
don't push it into parse state stack (just skip it).
