During creation of the table list of
processed tables hidden I_S table 'VARIABLES'
is erroneously added into the table list.
it leads to ER_UNKNOWN_TABLE error in
TABLE_LIST::add_table_to_list() function.
The fix is to skip addition of hidden I_S
tables into the table list.
mysql-test/r/information_schema.result:
test case
mysql-test/t/information_schema.test:
test case
sql/sql_show.cc:
The fix is to skip addition of hidden I_S
tables into the table list.
require O(#scans) memory
When an index merge operation was restarted, it would
re-allocate the Unique object controlling the duplicate row
ID elimination. Fixed by making the Unique object a member
of QUICK_INDEX_MERGE_SELECT and thus reusing it throughout
the lifetime of this object.
ha_innobase::create(): Add the local variable row_type = form->s->row_type.
Adjust it to ROW_TYPE_COMPRESSED when ROW_FORMAT is not specified or inherited
but KEY_BLOCK_SIZE is. Observe the inherited ROW_FORMAT even when it is not
explicitly specified.
innodb_bug54679.test: New test, to test the bug and to ensure that there are
no regressions. (The only difference in the test result without the patch
applied is that the first ALTER TABLE changes ROW_FORMAT to Compact.)
file .\filesort.cc, line 149 (part II)
Problem: the server didn't disregard sort order
for some zero length tuples.
Fix: skip sort order in such a case
(zero length NOT NULL string functions).
mysql-test/r/select.result:
Fix for bug #54459: Assertion failed: param.sort_length,
file .\filesort.cc, line 149 (part II)
- test result.
mysql-test/t/select.test:
Fix for bug #54459: Assertion failed: param.sort_length,
file .\filesort.cc, line 149 (part II)
- test case.
sql/sql_select.cc:
Fix for bug #54459: Assertion failed: param.sort_length,
file .\filesort.cc, line 149 (part II)
- disregard sort order for zero length NOT NULL string functions
along with zero length NOT NULL fields.
strict aliasing violations.
Post-merge fix: include my_compiler.h before my_attribute.h
as the latter will undef __attribute__ if the compiler is not
GCC. Based on the compiler version, in my_compiler.h we know
for sure whether the aligned attribute is supported. Furthermore,
undefining attribute might cause bugs if some system header
uses it.
include/my_compiler.h:
Drop aligned attribute support from Sun Studio C++ compiler
as its not clear exactly which version of it supports the
attribute.
strict aliasing violations.
Another rather noisy violation of strict aliasing rules
is the spatial code which makes use of stack-based memory
(of type Geometry_buffer) to provide placement for Geometry
objects. Although a placement new is allowed to dynamically
change the type of a object, the object returned by the
new placement was being ignored and the original stack-based
object was being casted to the new type, thus violating strict
aliasing rules.
The solution is to reorganize the code so that the object
returned by the new placement is used instead of casting the
original object. Also, to ensure that the stack-based object
is properly aligned with respect to the objects it provides
placement for, a set of compiler-dependent macros and types
are introduced so that the alignment of objects can be inquired
and specified.
include/Makefile.am:
Add new header.
include/my_compiler.h:
Add new header.
include/my_global.h:
Remove now-unnecessary macros.
sql/spatial.cc:
Make object creation functions return the object whose type
was dynamically changed by the new placement.
Move static method from the header in order to avoid having
to access a forward declaration.
sql/spatial.h:
Object creation callbacks now take a array of chars as the
storage area.
Move create_by_typeid to a source file as to not access the
forward declaration of Geometry_buffer.
Ensure that Geometry_buffer is properly aligned.
sql/sql_show.cc:
Use newly added aligned storage helper.
Backport fixes from ndb: Rework the constructors of some static
object's to not call dbug functions since the constructors will
be called before main, and consequently, before the dbug library
is initialized.
and reverse() function
3 problems fixed :
1. The reported problem : caused by incorrect parsing of
the file as ucs data resulting in wrong length of the parsed
string. Fixed by truncating the invalid trailing bytes
(non-complete multibyte characters) when reading from the file
2. LOAD DATA when reading from a proper UCS2 file wasn't
recognizing the new line characters. Fixed by first looking
if a byte is a new line (or any other special) character before
reading it as a part of a multibyte character.
3. When using user variables to hold the column data in LOAD
DATA the character set of the user variable was set incorrectly
to the database charset. Fixed by setting it to the charset
specified by LOAD DATA (if any).
bytes_received/bytes_sent are ulonglong so they cannot be handled by the
ulong handling code in add_to_status/add_diff_to_status().
Fixed by adding code to handle these two variables in
add_to_status()/add_diff_to_status() and making sure they are not a subject
to the ulong handling code.
> ------------------------------------------------------------
> revno: 3392.1.1
> revision-id: gshchepa@mysql.com-20100521184732-0jvpzinv0uwyvr2d
> parent: sven.sandberg@sun.com-20100520153801-yyhujm1qqa4eyfn0
> committer: Gleb Shchepa <gshchepa@mysql.com>
> branch nick: 53804-5.1
> timestamp: Fri 2010-05-21 22:47:32 +0400
> message:
> Bug #53804: serious flaws in the alter database .. upgrade
> data directory name command
>
> The check_db_name function has been modified to validate tails of
> #mysql50#-prefixed database names for compliance with MySQL 5.0
> database name encoding rules (the check_table_name function call
> has been reused).
> ------------------------------------------------------------
> revno: 3386
> revision-id: sergey.glukhov@sun.com-20100518082821-yajhvbv1ghmlpu1n
> parent: aelkin@mysql.com-20100516170332-x8priwrdjwolc065
> committer: Sergey Glukhov <Sergey.Glukhov@sun.com>
> branch nick: mysql-5.1-bugteam
> timestamp: Tue 2010-05-18 13:28:21 +0500
> message:
> Bug#48729 SELECT ... FROM INFORMATION_SCHEMA.ROUTINES causes memory to grow
> Analysis showed that in case of accessing I_S table
> ROUTINES we perform unnecessary allocations
> with get_field() function for every processed row that
> in their turn causes significant memory growth.
> the fix is to avoid use of get_field().
> ------------------------------------------------------------
> revno: 3367 [merge]
> revision-id: joro@sun.com-20100504140328-srxf3c088j2twnq6
> parent: kristofer.pettersson@sun.com-20100503172109-f9hracq5pqsaomb1
> parent: joro@sun.com-20100503151651-nakknn8amrapmdp7
> committer: Georgi Kodinov <joro@sun.com>
> branch nick: B53371-5.1-bugteam
> timestamp: Tue 2010-05-04 17:03:28 +0300
> message:
> Bug #53371: COM_FIELD_LIST can be abused to bypass table level grants.
>
> This is the 5.1 merge and extension of the fix.
> The server was happily accepting paths in table name in all places a table
> name is accepted (e.g. a SELECT). This allowed all users that have some
> privilege over some database to read all tables in all databases in all
> mysql server instances that the server file system has access to.
> Fixed by :
> 1. making sure no path elements are allowed in quoted table name when
> constructing the path (note that the path symbols are still valid in table names
> when they're properly escaped by the server).
> 2. checking the #mysql50# prefixed names the same way they're checked for
> path elements in mysql-5.0.
> ------------------------------------------------------------
> Use --include-merges or -n0 to see merged revisions.
- Fixed memory leaks in mysqldump
- Fixed printf of NULL which caused crashes on OpenSolaris when using --debug
- Fixed realloc() problem that caused out of memory when running mysqldump.test on OpenSolaris
client/mysqldump.c:
Fixed memory leaks
Fixed printf of NULL which caused crashes on OpenSolaris when using --debug
client/mysqltest.cc:
Fixed printf of NULL which caused crashes on OpenSolaris when using --debug
include/my_global.h:
Added simple macro val_or_null() to simplify detecting of NULL strings for printf
sql/handler.cc:
Fixed printf of NULL which caused crashes on OpenSolaris when using --debug
sql/sql_db.cc:
Fixed printf of NULL which caused crashes on OpenSolaris when using --debug
Removed testing of 'new_db_name' as this is guranteed never NULL
sql/sql_show.cc:
Fixed printf of NULL which caused crashes on OpenSolaris when using --debug
storage/csv/ha_tina.cc:
Fixed realloc() problem that caused out of memory when running mysqldump.test on OpenSolaris
(OpenSolaris default malloc() can't handle a lot of reallocs() of strings that are growing one byte at a time)
This did speed up logging to cvs with a magnitude for large strings.
> ------------------------------------------------------------
> revno: 3351.41.1
> revision-id: alexey.kopytov@sun.com-20100430111048-jdls6ofn4kkmpt09
> parent: sergey.glukhov@sun.com-20100329134249-03wyhzp5k92dzhcb
> committer: Alexey Kopytov <Alexey.Kopytov@Sun.com>
> branch nick: my51-bug48419
> timestamp: Fri 2010-04-30 15:10:48 +0400
> message:
> Bug #48419: another explain crash..
>
> WHERE predicates containing references to empty tables in a
> subquery were handled incorrectly by the optimizer when
> executing EXPLAIN. As a result, the optimizer could try to
> evaluate such predicates rather than just stop with
> "Impossible WHERE noticed after reading const tables" as
> it would do in a non-subquery case. This led to valgrind
> errors and crashes.
>
> Fixed the code checking the above condition so that subqueries
> are not excluded and hence are handled in the same way as top
> level SELECTs.
> ------------------------------------------------------------
> revno: 1810.3987.14
> revision-id: davi.arnaut@sun.com-20100429132816-ictyul6d75itek22
> parent: ramil@mysql.com-20100429044232-f0pkyx8fnpszf142
> committer: Davi Arnaut <Davi.Arnaut@Sun.COM>
> branch nick: 50974-5.0
> timestamp: Thu 2010-04-29 10:28:16 -0300
> message:
> Bug#50974: Server keeps receiving big (> max_allowed_packet) packets indefinitely.
>
> The server could be tricked to read packets indefinitely if it
> received a packet larger than the maximum size of one packet.
> This problem is aggravated by the fact that it can be triggered
> before authentication.
>
> The solution is to no skip big packets for non-authenticated
> sessions. If a big packet is sent before a session is authen-
> ticated, a error is returned and the connection is closed.
> ------------------------------------------------------------
> revno: 3363 [merge]
> revision-id: davi.arnaut@sun.com-20100429231819-i3anwzrdasjmezvt
> parent: davi.arnaut@sun.com-20100401131522-895y8uzvv8ag44gs
> parent: davi.arnaut@sun.com-20100429132816-ictyul6d75itek22
> committer: Davi Arnaut <Davi.Arnaut@Sun.COM>
> branch nick: mysql-5.1-bugteam
> timestamp: Thu 2010-04-29 20:18:19 -0300
> message:
> Manual merge.
> ------------------------------------------------------------
> Use --include-merges or -n0 to see merged revisions.
> ------------------------------------------------------------
> revno: 1810.3987.13
> revision-id: ramil@mysql.com-20100429044232-f0pkyx8fnpszf142
> parent: alexey.kopytov@sun.com-20100426200600-op06qy98llzpzgl1
> committer: Ramil Kalimullin <ramil@mysql.com>
> branch nick: b53237-5.0-bugteam
> timestamp: Thu 2010-04-29 08:42:32 +0400
> message:
> Fix for bug #53237: mysql_list_fields/COM_FIELD_LIST stack smashing
>
> Problem: "COM_FIELD_LIST is an old command of the MySQL server, before there was real move to only
> SQL. Seems that the data sent to COM_FIELD_LIST( mysql_list_fields() function) is not
> checked for sanity. By sending long data for the table a buffer is overflown, which can
> be used deliberately to include code that harms".
>
> Fix: check incoming data length.
The patch did not apply cleanly:
- Line numbers are completely off, roughly it is 2030 -> 1313
- What is called "pend" in the patch, is "arg_end" in the source.
> ------------------------------------------------------------
> revno: 3351.14.47
> revision-id: marko.makela@oracle.com-20100421095033-0acvzxb8um8cms0a
> parent: marko.makela@oracle.com-20100421094032-ir4glqk46qvg2ywn
> committer: Marko Mäkelä <marko.makela@oracle.com>
> branch nick: 5.1-innodb
> timestamp: Wed 2010-04-21 12:50:33 +0300
> message:
> dtuple_convert_big_rec(): Store locally any fields whose maximum length
> is less than 256 bytes. (Bug #52745)
> Add related comments and debug assertions to the "offsets"
> functions in rem0rec.c.
> Approved by Sunny Bains
> ------------------------------------------------------------
> revno: 3351.14.50
> revision-id: marko.makela@oracle.com-20100421185359-8qaxoa2yyrpzwdd7
> parent: marko.makela@oracle.com-20100421102723-0i80uezbyu0ekj5d
> committer: Marko Mäkelä <marko.makela@oracle.com>
> branch nick: 5.1-innodb
> timestamp: Wed 2010-04-21 21:53:59 +0300
> message:
> btr_page_split_and_insert(): Avoid an infinite loop. (Bug #52964)
>
> btr_page_tuple_smaller(): New function, refactored from
> btr_page_split_and_insert().
>
> btr_page_get_split_rec(): Renamed from btr_page_get_sure_split_rec().
> Note that a NULL return may mean that the tuple is to be inserted into
> either the lower or upper page, to be determined by btr_page_tuple_smaller().
>
> btr_page_split_and_insert(): When btr_page_get_split_rec() returns NULL,
> invoke btr_page_tuple_smaller() to determine which half-page the tuple
> belongs to.
>
> Reviewed by Sunny Bains
> ------------------------------------------------------------
> revno: 3362
> revision-id: davi.arnaut@sun.com-20100401131522-895y8uzvv8ag44gs
> parent: ramil@mysql.com-20100429045409-r7r5lcyiruis15v7
> committer: Davi Arnaut <Davi.Arnaut@Sun.COM>
> branch nick: 50755-5.1
> timestamp: Thu 2010-04-01 10:15:22 -0300
> message:
> Bug#50755: Crash if stored routine def contains version comments
>
> The problem was that a syntactically invalid trigger could cause
> the server to crash when trying to list triggers. The crash would
> happen due to a mishap in the backup/restore procedure that should
> protect parser items which are not associated with the trigger. The
> backup/restore is used to isolate the parse tree (and context) of
> a statement from the load (and parsing) of a trigger. In this case,
> a error during the parsing of a trigger could cause the improper
> backup/restore sequence.
>
> The solution is to properly restore the original statement context
> before the parser is exited due to syntax errors in the trigger body.
Incorrect handling of NULL arguments could lead to a crash on
the IN or CASE operations when either NULL arguments were
passed explicitly as arguments (IN) or implicitly generated by
the WITH ROLLUP modifier (both IN and CASE).
Item_func_case::find_item() assumed all necessary comparators
to be instantiated in fix_length_and_dec(). However, in the
presence of WITH ROLLUP modifier, arguments could be
substituted with an Item_null leading to an "unexpected"
STRING_RESULT comparator being invoked.
In addition to the problem identical to the above,
Item_func_in::val_int() could crash even with explicitly passed
NULL arguments due to an optimization in fix_length_and_dec()
leading to NULL arguments being ignored during comparators
creation.
mysql-test/r/func_in.result:
Test cases for bug#54477.
mysql-test/t/func_in.test:
Test cases for bug#54477.
sql/item_cmpfunc.cc:
Added additional checks for Item_nulls in
Item_func_case::find_item() and Item_func_in::val_int().
when renaming tables
Allocate the table name using ut_malloc() instead of table->heap because
the latter cannot be freed.
Adjust dict_sys->size calculations all over the code.
Change dict_table_t::name from const char* to char* because we need to
ut_malloc()/ut_free() it.
Reviewed by: Inaam, Marko, Heikki (rb://384)
Approved by: Heikki (rb://384)
