Commit graph

18415 commits

Author SHA1 Message Date
Martin Hansson
e66fba53a7 Bug#46616: Assertion `!table->auto_increment_field_not_null' on
view manipulations
      
The bespoke flag was not properly reset after last call to 
fill_record. Fixed by resetting in caller mysql_update.

mysql-test/r/auto_increment.result:
  Bug#46616: Test result.
mysql-test/t/auto_increment.test:
  Bug#46616: Test case.
sql/sql_update.cc:
  Bug#46616: Fix.
2009-08-20 13:56:29 +02:00
Davi Arnaut
050c36c7de Bug#46013: rpl_extraColmaster_myisam fails on pb2
Bug#45243: crash on win in sql thread clear_tables_to_lock() -> free()
Bug#45242: crash on win in mysql_close() -> free()
Bug#45238: rpl_slave_skip, rpl_change_master failed (lost connection) for STOP SLAVE
Bug#46030: rpl_truncate_3innodb causes server crash on windows
Bug#46014: rpl_stm_reset_slave crashes the server sporadically in pb2

When killing a user session on the server, it's necessary to
interrupt (notify) the thread associated with the session that
the connection is being killed so that the thread is woken up
if waiting for I/O. On a few platforms (Mac, Windows and HP-UX)
where the SIGNAL_WITH_VIO_CLOSE flag is defined, this interruption
procedure is to asynchronously close the underlying socket of
the connection.

In order to enable this schema, each connection serving thread
registers its VIO (I/O interface) so that other threads can
access it and close the connection. But only the owner thread of
the VIO might delete it as to guarantee that other threads won't
see freed memory (the thread unregisters the VIO before deleting
it). A side note: closing the socket introduces a harmless race
that might cause a thread attempt to read from a closed socket,
but this is deemed acceptable.

The problem is that this infrastructure was meant to only be used
by server threads, but the slave I/O thread was registering the
VIO of a mysql handle (a client API structure that represents a
connection to another server instance) as a active connection of
the thread. But under some circumstances such as network failures,
the client API might destroy the VIO associated with a handle at
will, yet the VIO wouldn't be properly unregistered. This could
lead to accesses to freed data if a thread attempted to kill a
slave I/O thread whose connection was already broken.

There was a attempt to work around this by checking whether
the socket was being interrupted, but this hack didn't work as
intended due to the aforementioned race -- attempting to read
from the socket would yield a "bad file descriptor" error.

The solution is to add a hook to the client API that is called
from the client code before the VIO of a handle is deleted.
This hook allows the slave I/O thread to detach the active vio
so it does not point to freed memory.

server-tools/instance-manager/mysql_connection.cc:
  Add stub method required for linking.
sql-common/client.c:
  Invoke hook.
sql/client_settings.h:
  Export hook.
sql/slave.cc:
  Introduce hook that clears the active VIO before it is freed
  by the client API.
2009-08-13 17:07:20 -03:00
unknown
0d821fafe9 BUG#45516 SQL thread does not use database charset properly
Replication SQL thread does not set database default charset to 
thd->variables.collation_database properly, when executing LOAD DATA binlog.
This bug can be repeated by using "LOAD DATA" command in STATEMENT mode.
        
This patch adds code to find the default character set of the current database 
then assign it to thd->db_charset when slave server begins to execute a relay log.
The test of this bug is added into rpl_loaddata_charset.test
2009-08-12 11:54:05 +08:00
Davi Arnaut
c7163c630a Bug#45010: invalid memory reads during parsing some strange statements
The problem is that the lexer could inadvertently skip over the
end of a query being parsed if it encountered a malformed multibyte
character. A specially crated query string could cause the lexer
to jump up to six bytes past the end of the query buffer. Another
problem was that the laxer could use unfiltered user input as
a signed array index for the parser maps (having upper and lower
bounds 0 and 256 respectively).

The solution is to ensure that the lexer only skips over well-formed
multibyte characters and that the index value of the parser maps
is always a unsigned value.

mysql-test/r/ctype_recoding.result:
  Update test case result: ending backtick is not skipped over anymore.
sql/sql_lex.cc:
  Characters being analyzed must be unsigned as they can be
  used as indexes for the parser maps. Only skip over if the
  string is a valid multi-byte sequence.
tests/mysql_client_test.c:
  Add test case for Bug#45010
2009-08-07 23:32:01 -03:00
Ignacio Galarza
a791f20089 Bug #27535 Installing Windows service with --defaults-file option - quotation marks issues
- Remove offensive quotes.
2009-08-06 10:24:28 -04:00
Ignacio Galarza
09877515f2 Bug#17270 - mysql client tool could not find ../share/charsets folder and fails.
- Define and pass compile time path variables as pre-processor definitions to 
  mimic the makefile build.
- Set new CMake version and policy requirements explicitly.
- Changed DATADIR to MYSQL_DATADIR to avoid conflicting definition in 
  Platform SDK header ObjIdl.h which also defines DATADIR.
2009-07-31 15:22:02 -04:00
Davi Arnaut
e265609834 Bug#46385: [Warning] option 'max_join_size': unsigned value 18446744073709551615 adjusted t
The maximum value of the max_join_size variable is set by converting
a signed type (long int) with negative value (-1) to a wider unsigned
type (unsigned long long), which yields the largest possible value of
the wider unsigned type -- as per the language conversion rules. But,
depending on build options, the type of the max_join_size might be a
shorter type (ha_rows - unsigned long) which causes the warning to be
thrown once the large value is truncated to fit.

The solution is to ensure that the maximum value of the variable is
always set to the maximum value of integer type of max_join_size.

Furthermore, it would be interesting to always have a fixed type for
this variable, but this would incur in a change of behavior which is
not acceptable for a GA version. See Bug#35346.

sql/mysqld.cc:
  Set max value for type.
2009-07-27 20:31:48 -03:00
Alexey Kopytov
bac18522e6 Automerge. 2009-07-28 23:14:04 +04:00
Alexey Kopytov
baefaa1e58 Bug #45031: invalid memory reads in my_real_read using protocol
compression 
 
Since uint3korr() may read 4 bytes depending on build flags and 
platform, allocate 1 extra "safety" byte in the network buffer 
for cases when uint3korr() in my_real_read() is called to read
last 3 bytes in the buffer. 
 
It is practically hard to construct a reliable and reasonably 
small test case for this bug as that would require constructing 
input stream such that a certain sequence of bytes in a 
compressed packet happens to be the last 3 bytes of the network 
buffer. 


sql/net_serv.cc:
  Allocate 1 extra "safety" byte in the network buffer for cases 
  when uint3korr() is used to read last 3 bytes in the buffer.
2009-07-28 22:35:55 +04:00
Satya B
e8a97ae267 merging with mysql-5.0-bugteam 2009-07-27 11:49:28 +05:30
Gleb Shchepa
dc0a87fdc2 Bug #38816: kill + flush tables with read lock + stored
procedures causes crashes!

The problem of that bugreport was mostly fixed by the
patch for bug 38691.
However, attached test case focused on another crash or
valgrind warning problem: SHOW PROCESSLIST query accesses
freed memory of SP instruction that run in a parallel
connection.

Changes of thd->query/thd->query_length in dangerous
places have been guarded with the per-thread
LOCK_thd_data mutex (the THD::LOCK_delete mutex has been
renamed to THD::LOCK_thd_data).


sql/ha_myisam.cc:
  Bug #38816: kill + flush tables with read lock + stored
              procedures causes crashes!
  
  Modification of THD::query/query_length has been guarded
  with the a THD::set_query() method call/LOCK_thd_data
  mutex.
  Unnecessary locking with the global LOCK_thread_count
  mutex has been removed.
sql/log_event.cc:
  Bug #38816: kill + flush tables with read lock + stored
              procedures causes crashes!
  
  Modification of THD::query/query_length has been guarded
  with the THD::set_query()) method call/LOCK_thd_data
  mutex.
sql/slave.cc:
  Bug #38816: kill + flush tables with read lock + stored
              procedures causes crashes!
  
  Modification of THD::query/query_length has been guarded
  with the THD::set_query() method call/LOCK_thd_data mutex.
  
  The THD::LOCK_delete mutex has been renamed to
  THD::LOCK_thd_data.
sql/sp_head.cc:
  Bug #38816: kill + flush tables with read lock + stored
              procedures causes crashes!
  
  Modification of THD::query/query_length has been guarded
  with the a THD::set_query() method call/LOCK_thd_data
  mutex.
sql/sql_class.cc:
  Bug #38816: kill + flush tables with read lock + stored
              procedures causes crashes!
  
  The new THD::LOCK_thd_data mutex and THD::set_query()
  method has been added to guard modifications of THD::query/
  THD::query_length fields, also the Statement::set_statement()
  method has been overloaded in the THD class.
  
  The THD::LOCK_delete mutex has been renamed to
  THD::LOCK_thd_data.
sql/sql_class.h:
  Bug #38816: kill + flush tables with read lock + stored
              procedures causes crashes!
  
  The new THD::LOCK_thd_data mutex and THD::set_query()
  method has been added to guard modifications of THD::query/
  THD::query_length fields, also the Statement::set_statement()
  method has been overloaded in the THD class.
  
  The THD::LOCK_delete mutex has been renamed to
  THD::LOCK_thd_data.
sql/sql_insert.cc:
  Bug #38816: kill + flush tables with read lock + stored
              procedures causes crashes!
  
  Modification of THD::query/query_length has been guarded
  with the a THD::set_query() method call/LOCK_thd_data
  mutex.
sql/sql_parse.cc:
  Bug #38816: kill + flush tables with read lock + stored
              procedures causes crashes!
  
  Modification of THD::query/query_length has been guarded
  with the a THD::set_query() method call/LOCK_thd_data mutex.
sql/sql_repl.cc:
  Bug #38816: kill + flush tables with read lock + stored
              procedures causes crashes!
  
  The THD::LOCK_delete mutex has been renamed to
  THD::LOCK_thd_data.
sql/sql_show.cc:
  Bug #38816: kill + flush tables with read lock + stored
              procedures causes crashes!
  
  Inter-thread read of THD::query/query_length field has
  been protected with a new per-thread LOCK_thd_data
  mutex in the mysqld_list_processes function.
2009-07-24 20:58:58 +05:00
Alexey Kopytov
85c97e6c69 Automerge. 2009-07-24 16:13:31 +04:00
Alexey Kopytov
885292e424 Bug #46075: Assertion failed: 0, file .\protocol.cc, line 416
In create_myisam_from_heap() mark all errors as fatal except 
HA_ERR_RECORD_FILE_FULL for a HEAP table.

Not doing so could lead to problems, e.g. in a case when a
temporary MyISAM table gets overrun due to its MAX_ROWS limit
while executing INSERT/REPLACE IGNORE ... SELECT. 
The SELECT execution was aborted, but the error was 
converted to a warning due to IGNORE clause, so neither 'ok' 
nor 'error' packet could be sent back to the client. This 
condition led to hanging client when using 5.0 server, or 
assertion failure in 5.1.


mysql-test/r/insert_select.result:
  Added a test case for bug #46075.
mysql-test/t/insert_select.test:
  Added a test case for bug #46075.
sql/sql_select.cc:
  In create_myisam_from_heap() mark all errors as fatal except 
  HA_ERR_RECORD_FILE_FULL for a HEAP table.
2009-07-24 15:50:45 +04:00
Satya B
559e2f1c1e merge to mysql-5.0-bugteam 2009-07-24 11:15:31 +05:30
Staale Smedseng
1e32574c65 Bug #45770 errors reading server SSL files are printed, but
not logged
        
Errors encountered during initialization of the SSL subsystem
are printed to stderr, rather than to the error log.
        
This patch adds a parameter to several SSL init functions to
report the error (if any) out to the caller. The function
init_ssl() in mysqld.cc is moved after the initialization of
the log subsystem, so that any error messages can be logged to
the error log. Printing of messages to stderr has been 
retained to get diagnostic output in a client context.


include/violite.h:
  Adding an enumeration for the various errors that can
  occur during initialization of the SSL module.
sql/mysqld.cc:
  Adding more logging of SSL init errors, and moving
  init_ssl() till after initialization of logging 
  subsystem.
vio/viosslfactories.c:
  Define error strings, provide an access method for these
  strings, and maintain an error parameter in several funcs
  to return the error (if any) to the caller.
2009-07-23 13:38:11 +02:00
Evgeny Potemkin
dbe855d0e3 Merged corrected fix for the bug#46051. 2009-07-18 18:11:33 +04:00
Evgeny Potemkin
5032380084 Bug#46051: Incorrectly market field caused wrong result.
When during the optimization an item is moved to the upper select
the item's context left unchanged. This caused wrong result in the 
PS/SP mode.
The Item_ident::remove_dependence_processor now sets the context
of the select to which the item is moved to.

mysql-test/r/subselect.result:
  The test case for the bug#46051 is adjusted.
mysql-test/t/subselect.test:
  The test case for the bug#46051 is adjusted.
sql/item.cc:
  Bug#46051: Incorrectly market field caused wrong result.
  The Item_ident::remove_dependence_processor now sets the context
  of the select to which the item is moved to.
2009-07-18 18:09:56 +04:00
Evgeny Potemkin
a50270a912 Merged fix for the bug#46051. 2009-07-17 18:45:32 +04:00
Satya B
342553252f Fix for BUG#18828 - If InnoDB runs out of undo slots,
it returns misleading 'table is full'

Innodb returns a misleading error message "table is full" 
when the number of active concurrent transactions is greater
than 1024.

Fixed by adding errorcode "ER_TOO_MANY_CONCURRENT_TRXS" to the
error codes. Innodb should return HA_TOO_MANY_CONCURRENT_TRXS
to mysql which is then mapped to ER_TOO_MANY_CONCURRENT_TRXS


Note: testcase is not written as this was reproducible only by
      changing innodb code.

extra/perror.c:
  Add error number and message for HA_ERR_TOO_MANY_CONCURRENT_TRXS
include/my_base.h:
  Add error number and message for HA_ERR_TOO_MANY_CONCURRENT_TRXS
sql/ha_innodb.cc:
  Return HA_ERR_TOO_MANY_CONCURRENT_TRXS to mysql server
sql/handler.cc:
  Add error number and message for HA_ERR_TOO_MANY_CONCURRENT_TRXS
sql/share/errmsg.txt:
  Add error message for ER_TOO_MANY_CONCURRENT_TRXS
2009-07-17 14:13:53 +05:30
Evgeny Potemkin
63e6a59d73 Bug#46051: Incorrectly market field caused wrong result.
In a subselect all fields from outer selects are marked as dependent on
selects they are belong to. In some cases optimizer substitutes it for an
equivalent expression. For example "a_field IN (SELECT outer_field)" is
substituted with "a_field = outer_field". As we moved the outer_field to the
upper select it's not really outer anymore. But it was left marked as outer.
If exists an index over a_field optimizer choose wrong execution plan and thus
return wrong result.

Now the Item_in_subselect::single_value_transformer function removes dependent
marking from fields when a subselect is optimized away.

mysql-test/r/subselect.result:
  Added a test case for the bug#46051.
mysql-test/t/subselect.test:
  Added a test case for the bug#46051.
sql/item_subselect.cc:
  Bug#46051: Incorrectly market field caused wrong result.
  Now the Item_in_subselect::single_value_transformer function removes dependent
  marking from fields when a subselect is optimized away.
2009-07-16 19:43:46 +04:00
Georgi Kodinov
7a91bf8c91 Bug #46003 and bug #46034: backported the fixes from azalea. 2009-07-16 15:19:22 +03:00
Georgi Kodinov
5beae1f8dc Bug #46080: group_concat(... order by) crashes server when
sort_buffer_size cannot allocate

The NULL return from tree_insert() (on low memory) was not
checked for in Item_func_group_concat::add(). As a result
on low memory conditions a crash happens.

Fixed by properly checking the return code.
2009-07-10 15:00:34 +03:00
Georgi Kodinov
097c7b38c8 Bug #45287: phase 2 : 5.0 64 bit compilation warnings
Fixed various compilation warnings when compiling on a 
 64 bit windows.
2009-07-16 15:37:38 +03:00
Georgi Kodinov
b7445ff687 automerge 2009-07-15 17:00:26 +03:00
Georgi Kodinov
45b687c087 Bug #45287: phase 1 : 32 bit compilation warnings
Fixed the following problems:
1. cmake 2.6 warning because of a changed default on
how the dependencies to libraries with a specified 
path are resolved.
Fixed by requiring cmake 2.6.
2. Removed an obsolete pre-NT4 hack including defining
Windows system defines to alter the behavior of windows.h.
3. Disabled warning C4065 on compiling sql_yacc.cc because
of a know incompatibility in some of the newer bison binaries.
2009-07-15 16:46:25 +03:00
Anurag Shekhar
c77b836ab8 Bug#37740 Server crashes on execute statement with full text search and
match against.


Server crashes when executing prepared statement with duplicating
MATCH() function calls in SELECT and ORDER BY expressions, e.g.:
SELECT MATCH(a) AGAINST('test') FROM t1 ORDER BY MATCH(a) AGAINST('test')

This query gets optimized by the server, so the value returned
by MATCH() from the SELECT list is reused for ORDER BY purposes.
To make this optimization server is comparing items from
SELECT and ORDER BY lists. We were getting server crash because
comparision function for MATCH() item is not intended to be called
at this point of execution.

In 5.0 and 5.1 this problem is workarounded by resetting MATCH()
item to the state as it was during PREPARE.

In 6.0 correct comparision function will be implemented and
duplicating MATCH() items from the ORDER BY list will be
optimized.

mysql-test/r/fulltext.result:
  Updated with the test case for Bug#37740
mysql-test/t/fulltext.test:
  A test case for Bug#37740.
sql/item_func.h:
  True initialization of 'table' happens in ::fix_fields(). As
  Item_func_match::eq() may be called before ::fix_fields(), it is
  expected that 'table' is initialized to 0 when it is reused.
  
  This is mostly affecting prepared statements, when the same item
  doesn't get destroyed, but rather cleaned up and reused.
2009-07-15 15:00:58 +05:30
Georgi Kodinov
7cf4e36f2d automerge 2009-07-14 11:47:22 +03:00
Georgi Kodinov
410e1a72b9 Bug #40113: Embedded SELECT inside UPDATE or DELETE can timeout
without error

When using quick access methods for searching rows in UPDATE or 
DELETE there was no check if a fatal error was not already sent 
to the client while evaluating the quick condition.
As a result a false OK (following the error) was sent to the 
client and the error was thus transformed into a warning.

Fixed by checking for errors sent to the client during 
SQL_SELECT::check_quick() and treating them as real errors.

Fixed a wrong test case in group_min_max.test
Fixed a wrong return code in mysql_update() and mysql_delete()

mysql-test/r/bug40113.result:
  Bug #40013: test case
mysql-test/r/group_min_max.result:
  Bug #40013: fixed a wrong test case
mysql-test/t/bug40113-master.opt:
  Bug #40013: test case
mysql-test/t/bug40113.test:
  Bug #40013: test case
mysql-test/t/group_min_max.test:
  Bug #40013: fixed a wrong test case
sql/sql_delete.cc:
  Bug #40113: check for errors evaluating the quick select
sql/sql_update.cc:
  Bug #40113: check for errors evaluating the quick select
2009-07-13 18:11:16 +03:00
Sergey Glukhov
2dd7094681 Bug#45806 crash when replacing into a view with a join!
The crash happend because for views which are joins
we have table_list->table == 0 and 
table_list->table->'any method' call leads to crash.
The fix is to perform table_list->table->file->extra()
method for all tables belonging to view.


mysql-test/r/view.result:
  test result
mysql-test/t/view.test:
  test case
sql/sql_insert.cc:
  added prepare_for_positional_update() function
  which updates extra info about primary key for
  tables belonging to view.
2009-07-03 13:35:00 +05:00
Staale Smedseng
3cd431d553 Bug #45790 Potential DoS vector: Writing of user input to log
without proper formatting
      
The problem is that a suitably crafted database identifier
supplied to COM_CREATE_DB or COM_DROP_DB can cause a SIGSEGV,
and thereby a denial of service. The database name is printed
to the log without using a format string, so potential
attackers can control the behavior of my_b_vprintf() by
supplying their own format string. A CREATE or DROP privilege
would be required.
      
This patch supplies a format string to the printing of the
database name. A test case is added to mysql_client_test.


sql/sql_parse.cc:
  Added format strings.
tests/mysql_client_test.c:
  Added new test case.
2009-07-01 14:09:44 +02:00
Staale Smedseng
6777150883 Merge from 5.0-bt 2009-06-29 15:17:01 +02:00
Satya B
faaa9e0855 Applying InnoDB snashot 5.0-ss5406, part 2. Fixes BUG#40565
BUG#40565 - Update Query Results in "1 Row Affected" But Should Be "Zero Rows"

Detailed revision comments:

r5232 | marko | 2009-06-03 14:31:04 +0300 (Wed, 03 Jun 2009) | 21 lines
branches/5.0: Merge r3590 from branches/5.1 in order to fix Bug #40565
(Update Query Results in "1 Row Affected" But Should Be "Zero Rows").

Also, add a test case for Bug #40565.

rb://128 approved by Heikki Tuuri
  ------------------------------------------------------------------------
  r3590 | marko | 2008-12-18 15:33:36 +0200 (Thu, 18 Dec 2008) | 11 lines

  branches/5.1: When converting a record to MySQL format, copy the default
  column values for columns that are SQL NULL.  This addresses failures in
  row-based replication (Bug #39648).

  row_prebuilt_t: Add default_rec, for the default values of the columns in
  MySQL format.

  row_sel_store_mysql_rec(): Use prebuilt->default_rec instead of
  padding columns.

  rb://64 approved by Heikki Tuuri
  ------------------------------------------------------------------------
2009-06-25 15:20:26 +05:30
Staale Smedseng
37d2019d17 Bug #32223 SETting max_allowed_packet variable
Inconsistent behavior of session variable max_allowed_packet 
(and net_buffer_length); only assignment to the global variable 
has any effect, without this being obvious to the user.
      
The patch for Bug#22891 is backported to 5.0, making the two
session variables read-only. As this is a backport to GA 
software, the error used when trying to assign to the read-
only variable is ER_UNKNOWN_ERROR. The error message is the 
same as in 5.1+.

mysql-test/t/variables.test:
  Tests are changed to account for the new semantics, and assignment to the read-only variables is added to test 
  the emission of the correct error message.
sql/set_var.cc:
  Both max_allowed_packet and net_buffer_length are changed 
  to be of type sys_var_thd_ulong_session_readonly. ER_UNKNOWN_ERROR is used to indicate an attempt to assign 
  to an instance of a read-only variable.
sql/set_var.h:
  Class sys_var_thd_ulong_session_readonly is added.
2009-06-19 11:27:19 +02:00
Alfranio Correia
544147417a auto-merge mysql-5.0-bugteam (local) --> mysql-5.0-bugteam 2009-06-18 18:28:47 +01:00
Staale Smedseng
3b0e6e4109 Bug #43414 Parenthesis (and other) warnings compiling MySQL
with gcc 4.3.2
      
Compiling MySQL with gcc 4.3.2 and later produces a number of 
warnings, many of which are new with the recent compiler
versions.
                  
This bug will be resolved in more than one patch to limit the
size of changesets. This is the second patch, fixing more
of the warnings.
2009-06-17 15:54:01 +02:00
Georgi Kodinov
6df6c8ee95 Bug #44810: index merge and order by with low sort_buffer_size
crashes server!

The problem affects the scenario when index merge is followed by a filesort
and the sort buffer is not big enough for all the sort keys.
In this case the filesort function will read the data to the end through the 
index merge quick access method (and thus closing the cursor etc), 
but will leave the pointer to the quick select method in place.
It will then create a temporary file to hold the results of the filesort and
will add it as a sort output file (in sort.io_cache).
Note that filesort will copy the original 'sort' structure in an automatic
variable and restore it after it's done.
As a result at exiting filesort() we have a sort.io_cache filled in and 
nothing else (as a result of close of the cursors at end of reading data 
through index merge).
Now create_sort_index() will note that there is a select and will clean it up
(as it's been used already by filesort() reading the data in). While doing that
a special case in the index merge destructor will clean up the sort.io_cache,
assuming it's an output of the index merge method and is not needed anymore.
As a result the code that tries to read the data back from the filesort output 
will get no data in both memory and disk and will crash.
      
Fixed similarly to how filesort() does it : by copying the sort.io_cache structure
to a local variable, removing the pointer to the io_cache (so that it's not freed 
by QUICK_INDEX_MERGE_SELECT::~QUICK_INDEX_MERGE_SELECT) and restoring the original 
structure (together with the valid pointer) after the cleanup is done.
This is a safe thing to do because all the structures are already cleaned up by
hitting the end of the index merge's read method (QUICK_INDEX_MERGE_SELECT::get_next()) 
and the cleanup code being written in a way that tolerates repeating cleanups.

mysql-test/r/index_merge.result:
  Bug #44810: test case
mysql-test/t/index_merge.test:
  Bug #44810: test case
sql/sql_select.cc:
  Bug #44810: preserve the io_cache produced by filesort while cleaning up
  the index merge quick access method (QUICK_INDEX_MERGE_SELECT).
2009-06-15 16:38:15 +03:00
Georgi Kodinov
3e82a86ed2 Bug #45386: Wrong query result with MIN function in field list,
WHERE and GROUP BY clause

Loose index scan may use range conditions on the argument of 
the MIN/MAX aggregate functions to find the beginning/end of 
the interval that satisfies the range conditions in a single go.
These range conditions may have open or closed minimum/maximum 
values. When the comparison returns 0 (equal) the code should 
check the type of the min/max values of the current interval 
and accept or reject the row based on whether the limit is 
open or not.
There was a wrong composite condition on checking this and it was
not working in all cases.
Fixed by simplifying the conditions and reversing the logic.

mysql-test/r/group_min_max.result:
  Bug #45386: test case
mysql-test/t/group_min_max.test:
  Bug #45386: test case
sql/opt_range.cc:
  Bug #45386: fix the check whether to use the value if on the
  interval boundry
2009-06-12 15:38:55 +03:00
Alfranio Correia
dd59815f59 BUG#34687 Error in bin-log after shutdown restart binlog was not closed properly
While reading a binary log that is being used by a master or was not properly
closed, most likely due to a crash, the following warning message is being
printed out: "Warning: this binlog was not closed properly. Most probably mysqld
crashed writing it.". This was scaring our users as the message was not taking
into account the possibility of the file is being just used by the master.

To avoid unnecessarily scaring our users, we replace the original message by the
following one: Warning: "this binlog is either is use or was not closed properly.".
2009-06-11 02:08:40 +01:00
Staale Smedseng
a073ee45c2 Bug #43414 Parenthesis (and other) warnings compiling MySQL
with gcc 4.3.2
      
Compiling MySQL with gcc 4.3.2 and later produces a number of 
warnings, many of which are new with the recent compiler
versions.
      
This bug will be resolved in more than one patch to limit the
size of changesets. This is the first patch, fixing a number 
of the warnings, predominantly "suggest using parentheses 
around && in ||", and empty for and while bodies.
2009-06-09 18:11:21 +02:00
Tatiana A. Nurnberg
c533e47714 auto-merge 2009-06-05 23:29:37 +02:00
Tatiana A. Nurnberg
e34085fe13 Bug#32149: Long semaphore wait for adaptive hash latch
Holding on to the temporary inno hash index latch is an optimization in
many cases, but a pessimization in some others.

Release temporary latches for those corner cases we (or rather, or customers,
thanks!) have identified, that is, when we are about to do something that
might take a really long time, like REPAIR or filesort.

sql/ha_myisam.cc:
  Let go of (inno, for now) latch when doing MyISAM-repair.
  (optimize passes through repair.) ("Stuck" in "Repair with
  keycache".)
sql/sql_insert.cc:
  Let go of (inno, for now) latch when doing CREATE...SELECT
  in select_insert::send_data() -- it might take a while.
  ("stuck" in "Sending data")
sql/sql_select.cc:
  Release temporary (inno, for now) latch on
  - free_tmp_table() (this can take surprisingly long, "removing tmp table")
  - create_myisam_from_heap() (HEAP table overflowing onto disk as MyISAM,
    "converting HEAP to MyISAM")
2009-06-05 00:23:08 +02:00
Georgi Kodinov
a037071a75 Bug #36995: valgrind error in remove_const during subquery executions
When copying the Item class one must copy its attributes as well.

mysql-test/r/innodb_mysql.result:
  Bug #36995: test case
mysql-test/t/innodb_mysql.test:
  Bug #36995: test case
sql/item.cc:
  Bug #36995: copy attributes in the copy constructor
2009-06-04 12:52:40 +03:00
Sergey Glukhov
8041311e24 Bug#44798 MySQL engine crashes when creating stored procedures with execute_priv=N
The crash happens because of uninitialized
lex->ssl_cipher, lex->x509_subject, lex->x509_issuer variables.
The fix is to add initialization of these variables for
stored procedures&functions.


mysql-test/r/sp_notembedded.result:
  test result
mysql-test/t/sp_notembedded.test:
  test case
sql/sql_acl.cc:
  The crash happens because of uninitialized
  lex->ssl_cipher, lex->x509_subject, lex->x509_issuer variables.
  The fix is to add initialization of these variables for
  stored procedures&functions.
2009-06-04 10:28:45 +05:00
Sergey Glukhov
33734e956f Bug#45152 crash with round() function on longtext column in a derived table
The crash happens due to wrong max_length value which is set on
Item_func_round::fix_length_and_dec() stage. The value is set to
args[0]->max_length which is too big in case of LONGTEXT(LONGBLOB) fields.
The fix is to set max_length using float_length() function.



mysql-test/r/func_math.result:
  test result
mysql-test/t/func_math.test:
  test case
sql/item_func.cc:
  The crash happens due to wrong max_length value which is set on
  Item_func_round::fix_length_and_dec() stage. The value is set to
  args[0]->max_length which is too big in case of LONGTEXT(LONGBLOB) fields.
  The fix is to set max_length using float_length() function.
2009-06-02 11:38:13 +05:00
Alexey Kopytov
47b334a642 Automerge. 2009-06-01 16:42:24 +04:00
He Zhenxing
5dd1abae7d BUG#43263 BEGIN skipped in some replicate-do-db cases
BEGIN/COMMIT/ROLLBACK was subject to replication db rules, and
caused the boundary of a transaction not recognized correctly 
when these queries were ignored by the rules.

Fixed the problem by skipping replication db rules for these
statements.


sql/log_event.cc:
  Skip checking replication db rules for BEGIN/COMMIT/ROLLBACK statements
2009-05-31 11:26:58 +08:00
Sergey Glukhov
f54beb2dcc Bug#41212 crash after race condition between merge table and table_cache evictions
On 64-bit Windows: querying MERGE table with keys may cause
server crash.The problem is generic and may affect any statement
accessing MERGE table cardinality values.
When MERGE engine was copying cardinality statistics, it was
using incorrect size of element in cardinality statistics array
(sizeof(ptr)==8 instead of sizeof(ulong)==4), causing access
of memory beyond of the allocated bounds.


sql/ha_myisam.cc:
  When copying rec_per_key array (an array of ulong) use proper
  size of element, that is sizeof(ulong).
sql/ha_myisammrg.cc:
  When copying rec_per_key array (an array of ulong) use proper
  size of element, that is sizeof(ulong).
sql/table.cc:
  When allocating rec_per_key array (an array of ulong) use proper
  size of element, that is sizeof(ulong).
2009-05-27 15:34:21 +05:00
Alexey Kopytov
1b8322c3c6 Bug #44767: invalid memory reads in password() and
old_password() functions   
The PASSWORD() and OLD_PASSWORD() functions could lead to   
memory reads outside of an internal buffer when used with BLOB   
arguments.   
  
String::c_ptr() assumes there is at least one extra byte  
in the internally allocated buffer when adding the trailing  
'\0'.  This, however, may not be the case when a String object  
was initialized with externally allocated buffer.  
  
The bug was fixed by adding an additional "length" argument to  
make_scrambled_password_323() and make_scrambled_password() in  
order to avoid String::c_ptr() calls for  
PASSWORD()/OLD_PASSWORD().  
  
However, since the make_scrambled_password[_323] functions are  
a part of the client library ABI, the functions with the new  
interfaces were implemented with the 'my_' prefix in their  
names, with the old functions changed to be wrappers around  
the new ones to maintain interface compatibility.  

mysql-test/r/func_crypt.result:
  Added a test case for bug #44767.
mysql-test/t/func_crypt.test:
  Added a test case for bug #44767.
sql/item_strfunc.cc:
  Use the new my_make_scrambled_password*() to avoid 
  String::c_ptr().
sql/item_strfunc.h:
  Changed Item_func[_old]_password::alloc() interfaces so that
  we can use the new my_make_scrambled_password*() functions.
sql/mysql_priv.h:
  Added declarations for the new my_make_scrambled_password*() 
  functions.
sql/password.c:
  Added new my_make_scrambled_password*() functions with an
  additional "length" argument. Changed ones to be wrappers
  around the new ones to maintain interface compatibility.
sql/sql_yacc.yy:
  Utilize the new password hashing functions with additional length
  argument.
2009-05-27 14:20:57 +04:00
Luis Soares
8e589d1d06 BUG#41725: slave crashes when inserting into temporary table after
stop/start slave
      
When stopping and restarting the slave while it is replicating
temporary tables, the server would crash or raise an assertion
failure. This was due to the fact that although temporary tables are
saved between slave threads restart, the reference to the thread in
use (table->in_use) was not being properly updated when the restart
happened (it would still reference the old/invalid thread instead of
the new one).
      
This patch addresses this issue by resetting the reference to the new
slave thread on slave thread restart.

mysql-test/r/rpl_temporary.result:
  Result file.
mysql-test/t/rpl_temporary.test:
  Test case that checks that both failures go away.
sql/slave.cc:
  Changed slave.cc to reset sql_thd reference in temporary tables.
2009-05-23 00:15:21 +01:00
Alexey Kopytov
336028da76 Automerge. 2009-05-21 16:15:25 +04:00