Commit graph

8846 commits

Author SHA1 Message Date
Sergei Golubchik
dc8b2fb03a MDEV-11896 thd_get_error_context_description race condition
Change the semantics of thd_get_error_context_description().
It no longer expects the caller to lock LOCK_thread_count
(no caller ever did that anyway), but takes care of it internally.
2017-07-20 20:13:28 +02:00
Sergei Golubchik
a02ba9c1c9 Merge branch '5.5' into 10.0 2017-06-28 10:10:31 +02:00
Sergei Golubchik
d5cd334504 MDEV-13187 incorrect backslash parsing in clients
cover ANSI_QUOTES and NO_BACKSLASH_ESCAPES in mysqltest
2017-06-27 14:00:37 +02:00
Sergei Golubchik
52aa200919 MDEV-12420 max_recursive_iterations did not prevent a stack-overflow and segfault
post-review fixes
* move pcre-specific variable out of mysys
* don't use current_thd
* move a commonly used macro to my_sys.h
* remove new sysvar
2017-05-15 22:23:10 +02:00
Daniel Black
602b5e4c49 WIP: global readonly variable pcre_frame_size 2017-05-15 22:23:10 +02:00
Sergei Golubchik
8d75a7533e Merge branch '5.5' into 10.0 2017-04-21 18:34:06 +02:00
Sergei Golubchik
4fe65ca33a MDEV-12230 include/my_sys.h:600:43: error: unknown type name ‘PSI_file_key’" when -DWITHOUT_SERVER=1
cherry-pick 2c2bd8c155 (MDEV-12261 build failure without P_S) from 10.0
2017-04-20 16:36:23 +02:00
Sergei Golubchik
663068c6ee Merge remote-tracking branch 'mysql/5.5' into 5.5 2017-04-11 10:18:04 -04:00
Sergei Golubchik
8971286a3c compiler warning 2017-03-16 14:03:17 +01:00
Sergei Golubchik
2c2bd8c155 MDEV-12261 build failure without P_S
restore mysql_file_delete_with_symlink() but let it use
new my_handler_delete_with_symlink() mysys helper.
2017-03-15 17:48:30 +01:00
Ramil Kalimullin
87e37ee06b BUG#25575605: SETTING --SSL-MODE=REQUIRED SENDS CREDENTIALS BEFORE VERIFYING SSL CONNECTION
Changed MYSQL_OPT_SSL_MODE to be the same as in 5.6 (ABI compatibility).

(cherry picked from commit 47bb4eb5df1629b5d5e30aebfa9d7a6d74388a5d)
2017-03-14 16:02:09 +05:30
Ramil Kalimullin
060b1eadf4 BUG#25575605: SETTING --SSL-MODE=REQUIRED SENDS CREDENTIALS BEFORE VERIFYING SSL CONNECTION
MYSQL_OPT_SSL_MODE option introduced.
It is set in case of --ssl-mode=REQUIRED and permits only SSL connection.

(cherry picked from commit 3b2d28578c526f347f5cfe763681eff365731f99)
2017-03-10 14:11:26 +05:30
Vicențiu Ciorbaru
3da916246f Revert "Add extra HA_ERR message that Percona introduced within TokuDB 5.6.35-80"
This reverts commit fa59ac5055.
2017-03-06 19:17:15 +02:00
Vicențiu Ciorbaru
fa59ac5055 Add extra HA_ERR message that Percona introduced within TokuDB 5.6.35-80 2017-03-05 02:01:49 +02:00
Vicențiu Ciorbaru
1acfa942ed Merge branch '5.5' into 10.0 2017-03-03 01:37:54 +02:00
Vladislav Vaintroub
d4baeca441 Windows : Fix server compile errors when compile with /Zc:strictStrings option 2017-02-28 12:57:33 +00:00
Sergei Golubchik
d72dbb4122 bugfix: remove my_delete_with_symlink()
it was race condition prone. instead use either a pair of my_delete()
calls with already resolved paths, or a safe high-level function
my_handler_delete_with_symlink(), like MyISAM and Aria already do.
2017-02-27 12:35:10 +01:00
Sergei Golubchik
93cb0246b8 race-condition safe implementation of mi_delete_table/maria_delete_table 2017-02-27 12:35:10 +01:00
Sergei Golubchik
b27fd90ad3 MDEV-11902 mi_open race condition
TOCTOU bug. The path is checked to be valid, symlinks are resolved.
Then the resolved path is opened. Between the check and the open,
there's a window when one can replace some path component with a
symlink, bypassing validity checks.

Fix: after we resolved all symlinks in the path, don't allow open()
to resolve symlinks, there should be none.

Compared to the old MyISAM/Aria code:
* fastpath. Opening of not-symlinked files is just one open(),
  no fn_format() and lstat() anymore.
* opening of symlinked tables doesn't do fn_format() and lstat() either.
  it also doesn't to realpath() (which was lstat-ing every path
  component), instead if opens every path component with O_PATH.
* share->data_file_name stores realpath(path) not readlink(path). So,
  SHOW CREATE TABLE needs to do lstat/readlink() now (see ::info()),
  and certain error messages (cannot open file "XXX") show the real
  file path with all symlinks resolved.
2017-02-27 12:35:10 +01:00
Sergei Golubchik
c826ac9d53 cleanup: mysys_test_invalid_symlink
Remove maria_test_invalid_symlink() and myisam_test_invalid_symlink(),
introduce mysys_test_invalid_symlink(). Other engines might need it too
2017-02-27 12:35:10 +01:00
Monty
5c9baf54e7 Fix for memory leak in applications, like QT,that calls
my_thread_global_init() + my_thrad_global_end() repeatadily.
This caused THR_KEY_mysys to be allocated multiple times.

Deletion of THR_KEY_mysys was originally in my_thread_global_end() but was
moved to my_end() as DBUG uses THR_KEY_mysys and DBUG is released after
my_thread_global_end() is called.

Releasing DBUG before my_thread_global_end() and move THR_KEY_mysys back
into my_thread_global_end() could be a solution, but as safe_mutex and other
things called by my_thread_global_end is using DBUG it may not be completely
safe.

To solve this, I used the simple solution to add a marker that THR_KEY_mysys
is created and not re-create it in my_thread_global_init if it already
exists.
2017-01-27 16:46:26 +02:00
vicentiu
e9aed131ea Merge remote-tracking branch 'origin/5.5' into 10.0 2017-01-06 17:09:59 +02:00
Balasubramanian Kandasamy
69bbf9efeb Updated copyright year in user visible text 2017-01-06 18:15:13 +05:30
Sergei Golubchik
c8e49f2f57 move check_user/set_user from mysqld.cc to mysys 2016-12-22 12:25:10 +01:00
Alexander Barkov
dd0ff30278 MDEV-11343 LOAD DATA INFILE fails to load data with an escape character followed by a multi-byte character
Partially backporting MDEV-9874 from 10.2 to 10.0

READ_INFO::read_field() raised the ER_INVALID_CHARACTER_STRING error
when reading an escape character followed by a multi-byte character.

Raising wellformedness errors in READ_INFO::read_field() was wrong,
because the main goal of READ_INFO::read_field() is to *unescape* the
data which was presumably escaped using mysql_real_escape_string(),
using the same character set with the one specified in
"LOAD DATA INFILE ... CHARACTER SET ..." (or assumed by default).

During LOAD DATA, multi-byte characters are not always scanned as a single
entity! In case of escaped data, parts of a multi-byte character can be
scanned on different loop iterations. So the old code erroneously tested
welformedness in the middle of a multi-byte character.

Moreover, the data after unescaping can go into a BLOB field, not a text field.
Wellformedness tests are meaningless in this case.

Ater this patch, wellformedness is only checked later, during
Field::store(str,length,cs) time. The loop that scans bytes only
makes sure to revert the changes made by mysql_real_escape_string().

Note, in some cases users can supply data which did not really go through
mysql_real_escape_string() and was escaped by some other means,
or was not escaped at all. The file reported in this MDEV contains
the string "\ä", which is an example of such improperly escaped data, as
- either there should be two backslashes:   "\\ä"
- or there should be no backslashes at all: "ä"
mysql_real_escape_string() could not generate "\ä".
2016-11-29 06:51:12 +04:00
Karthik Kamath
a63185e863 BUG#24437124: POSSIBLE BUFFER OVERFLOW ON CREATE TABLE
ANALYSIS:
=========
'CREATE TABLE' query with a large value for 'CONNECTION'
string reports an incorrect error.

The length of connection string is stored in .frm in two
bytes (max value= 65535). When the string length exceeds
the max value, the length is truncated to fit the two
bytes limit. Further processing leads to reading only a
part of the string as the length stored is incorrect. The
remaining part of the string is treated as engine type and
hence results in an error.

FIX:
====
We are now restricting the connection string length to 1024.
An appropriate error is reported if the length crosses this
limit.

NOTE:
=====
The 'PASSWORD' table option is documented as unused and
processed within a dead code. Hence it will not cause
similar issue with large strings.
2016-11-10 15:11:57 +05:30
Vladislav Vaintroub
82ab92bd66 MDEV-10951 Field_newdate::cmp access violation
The crash is caused by macro uint3korr() accessing memory (1 byte) past
the end of allocated page. The macro is written such it reads 4 bytes
instead of 3 and discards the value of the last byte.

However, it is not always guaranteed that all uint3korr accesses will be
valid (i.e that the caller allocates an extra byte after the value).

In particular, the tree in Item_func_group_concat does not account for
any extra bytes that it would need for comparison of keys in some cases
(Field_newdate::cmp, Field_medium::cmp)

The fix change uint3korr so it does not access extra bytes.
2016-10-25 22:35:35 +00:00
Sergei Golubchik
77ce4ead81 Merge branch '5.5' into 10.0 2016-09-27 09:21:19 +02:00
Sergei Golubchik
f620da194b MDEV-10725 Server 10.1.17 fails to build using clang with c++11
my_offsetof() returns a difference of two pointers, it must use the
appropriate return type (my_ptrdiff_t, not size_t)
2016-09-26 12:20:28 +02:00
Sergei Golubchik
347eeefbfc don't use my_copystat in the server
it was supposed to be used in command-line tools only.
Different fix for 4e5473862e:

Bug#24388746: PRIVILEGE ESCALATION AND RACE CONDITION USING CREATE TABLE
2016-09-12 16:42:05 +02:00
Monty
5932fa7890 Fixed "Packets out of order" warning message on stdout in clients,
compiled for debugging, when the server goes down

This happens in the following scenario:
- Server gets a shutdown message
- Servers sends error ER_CONNECTION_KILLED to the clients connection
- The client sends a query to the server, before the server has time to
  close the connection to the client
- Client reads the ER_CONNECTION_KILLED error message

In the above case, the packet number for the reply is one less than
what the client expected and the client prints "Packets out of order".

Fixed the following way:
- The client accepts now error packages with a packet number
  one less than expected.
- To ensure that this issue can be detected early in my_real_read(), error
  messages sent to the client are not compressed, even when compressed protocol is used.
2016-08-21 20:38:47 +03:00
Jon Olav Hauglid
033b119121 Bug#24388746: PRIVILEGE ESCALATION AND RACE CONDITION USING CREATE TABLE
During REPAIR TABLE of a MyISAM table, a temporary data file (.TMD)
is created. When repair finishes, this file is renamed to the original
.MYD file. The problem was that during this rename, we copied the
stats from the old file to the new file with chmod/chown. If a user
managed to replace the temporary file before chmod/chown was executed,
it was possible to get an arbitrary file with the privileges of the
mysql user.

This patch fixes the problem by not copying stats from the old
file to the new file. This is not needed as the new file was
created with the correct stats. This fix only changes server
behavior - external utilities such as myisamchk still does
chmod/chown.

No test case provided since the problem involves synchronization
with file system operations.
2016-08-19 09:09:07 +02:00
Vicențiu Ciorbaru
7d4a7d8c58 [MDEV-9127] Crash reporter often fails to show the query that crashed
Addreses are not necessarily between heap_start && heap_end. Malloc
calls using mmap can place pointers outside these bounds. In this case,
we'll warn the user that the query pointer is potentially invalid.
However, we'll attempt to print the data anyway after we're done
printing everything else.
2016-07-12 11:58:20 +03:00
Kailasnath Nagarkar
07a33cdcef Bug : HANDLE_FATAL_SIGNAL (SIG=11) IN
MY_TOSORT_UTF32

This patch is specific for mysql-5.5

ISSUE: When a charater that is larger than possible to
handle is passed to function my_tosort_utf32(), it results
in segmentation fault. In the scenario mentioned in the bug
AES_ENCRYPT function is used which returns large value.
This value is further passed to my_tosort_utf32 function.
This causes to cross array bound for array uni_plane,
resulting in segment violation.

SOLUTION:
This issue has got addressed in 5.6 onward releases
through worklog 2673.

The fix is similar backport of that.
Check for maximum character before accessing the array
uni_plane. In addition to function my_tosort_utf32, the
same potential problem is also present in functions
my_tolower_utf16, my_toupper_utf16, my_tosort_utf16,
my_tolower_utf32, my_toupper_utf32, my_tosort_unicode,
my_tolower_utf8mb4 and my_toupper_utf8mb4.
Fixed these functions as well.
2016-07-01 12:01:27 +05:30
Sergei Golubchik
c081c978a2 Merge branch '5.5' into bb-10.0 2016-06-21 14:11:02 +02:00
Vicențiu Ciorbaru
2b47832a2d Fixed compilation failure using clang
Both aria and myisam storage engines feature a logic path in
thr_find_all_keys that leads to undefined behaviour by bypassing the
initialization code of variables after my_thread_init().

By refactoring the nested logic into a separate function, this problem
is resolved.
2016-06-14 19:17:29 +03:00
Sergei Golubchik
c3c272cca4 MDEV-10166 probes_mysql_nodtrace.h is not provided anymore by mariadb-10.0.25
backport of

  commit bba3d42
  Author: Sergei Golubchik <serg@mariadb.org>
  Date:   Sat Apr 30 10:27:42 2016 +0200
    MDEV-9926 probes_mysql.h includes nonexisting files
    install private generated files
2016-06-14 13:59:55 +02:00
Sergei Golubchik
ae29ea2d86 Merge branch 'mysql/5.5' into 5.5 2016-06-14 13:55:28 +02:00
Vladislav Vaintroub
7adf04e237 MDEV-9366 : do_shutdown_server fails to detect server shutdown on Windows.
Fix test whether process is alive in mysqltest.

Also fix SHUT_RD definition on Windows to be SD_RECEIVE.
SD_BOTH  was used instead prior to this patch, and this would
occasionally make mysql_shutdown()  fail - when the socket for the current connection
is not able send the COM_SHUTDOWN response anymore.
2016-06-08 17:13:49 +00:00
Nisha Gopalakrishnan
6608f84158 BUG#22594514: HANDLE_FATAL_SIGNAL (SIG=11) IN
UNIQUE::~UNIQUE | SQL/UNIQUES.CC:355

Analysis
========

Enabling the sort_buffer_size with a large value
can cause operations utilizing the sort buffer
like DELETE as mentioned in the bug report to
fail. 5.5 and 5.6 versions reports OOM error
while in 5.7+, the server crashes.

While initializing the mem_root for the sort buffer
tree, the block size for the mem_root is determined
from the 'sort_buffer_size' value. This unsigned
long value is typecasted to unsigned int, hence
it becomes zero. Further block_size computation
while initializing the mem_root results in a very
large block_size value. Hence while trying to
allocate a block during the DELETE operation,
an OOM error is reported. In case of 5.7+, the PFS
instrumentation for memory allocation, overshoots
the unsigned value and allocates a block of just
one byte. While trying to free the block of the
mem_root, the original block_size is used. This
triggers the crash since the server tries to free
unallocated memory.

Fix:
====
In order to restrict usage of such unreasonable
sort_buffer_size, the typecast of block size
to 'unsigned int' is removed and hence reports
OOM error across all versions for sizes
exceeding unsigned int range.
2016-03-17 08:49:37 +05:30
iangilfillan
6befd84202 Update AskMonty and Atlassian references to MariaDB 2016-03-08 15:24:01 +02:00
Otto Kekäläinen
1777fd5f55 Fix spelling: occurred, execute, which etc 2016-03-04 02:09:37 +02:00
Ramil Kalimullin
b3e9211e48 WL#9072: Backport WL#8785 to 5.5 2016-02-19 23:31:10 +04:00
Sergei Golubchik
a4b2714968 Merge branch 'bb-10.0-serg' into 10.0 2016-02-17 21:42:57 +01:00
Sergei Golubchik
dc92263ab3 MDEV-9308 Fix build errors with recent gcc (isfinite)
"#include <math.h>" has "#define isfinite(X) ..."
while "#include <cmath>" does "#undef isfinite"

in -std=c++11 mode <cmath> is included, we need a workaround
to provide a usable isfinite()
2016-02-17 15:10:51 +01:00
Alexander Barkov
09b5865460 MDEV-9511 Valgrind warnings 'Invalid read' in Field_newdate::cmp and Field_newdate::val_str 2016-02-17 08:05:00 +04:00
Sergei Golubchik
271fed4106 Merge branch '5.5' into 10.0 2016-02-15 22:50:59 +01:00
Sergei Golubchik
95740bc5c5 dtrace in cmake
1. ignore generated dtrace files
2. don't rewrite probes_mysql_nodtrace.h in-place
2016-02-15 12:51:35 +01:00
Sergei Golubchik
a5d9597e97 better inline check
1. check that unused inline functions are removed
2. only allow compilation if they are or if the check if overridden
3. with CMAKE_GENERATOR=Makefiles, use all flags when testing
   (e.g. both CMAKE_C_FLAGS and CMAKE_C_FLAGS_DEBUG if
   CMAKE_BUILD_TYPE=Debug). This is because
 - on Solaris with the SunPro compiler, default CMAKE_C_FLAGS_xxx
   values contain -xO2 (for Release and RelWithDebInfo)
   and -g (for RelWithDebInfo and Debug)
 - proper inlining only works at -xO4 without -g
 - so if CMAKE_C_FLAGS has -xO4, inlining would work in
   configure.cmake (before this fix) and fail during actual compilation

also remove the outdated check for inline from myu_global.h
2016-02-15 12:51:35 +01:00
Sergei Golubchik
f3444df415 Merge branch 'mysql/5.5' into 5.5
reverted about half of commits as either not applicable or
outright wrong
2016-02-09 11:27:40 +01:00