Commit graph

2857 commits

Author SHA1 Message Date
Yuchen Pei
671f80c738
Merge branch '10.5' into 10.6 2024-12-17 11:06:09 +11:00
Yuchen Pei
77c9917663
MDEV-34716 Fix mysql.servers socket max length too short
The limit of socket length on unix according to libc is 108, see
sockaddr_un::sun_path, but in the table it is a string of max length
64, which results in truncation of socket and failure to connect by
plugins using servers such as spider.
2024-12-17 10:40:57 +11:00
Lena Startseva
aa49770d79 MDEV-31005: Make working cursor-protocol
Excluded cases in main./secure_file_priv_win

Fix for v.10.5
2024-12-16 10:08:56 +00:00
Sergei Golubchik
17cb65593a MDEV-22964: archive.archive and main.mysqlbinlog_{row,stmt}_compressed)
zlib-ng results in different compression length. The compression
length isn't that important as the test output examines the uncompressed
results.

fixes for zlib-ng

backport of 75488a57f2
2024-12-16 10:04:07 +11:00
Oleg Smirnov
d98ac8511e MDEV-26247 MariaDB Server SEGV on INSERT .. SELECT
This problem occured for statements like `INSERT INTO t1 SELECT 1`,
which do not have tables in the SELECT part. In such scenarios
SELECT_LEX::insert_tables was not properly set at `setup_tables()`,
and this led to either incorrect execution or a crash

Reviewer: Oleksandr Byelkin <sanja@mariadb.com>
2024-12-14 14:04:21 +07:00
Oleg Smirnov
e640373389 Revert "MDEV-26427 MariaDB Server SEGV on INSERT .. SELECT"
This reverts commit 49e14000ee
as it introduces regression MDEV-29935 and has to be reconsidered
in general
2024-12-14 13:08:17 +07:00
Alexander Barkov
d1f42fc80f MDEV-21589 AddressSanitizer: memcpy-param-overlap in Static_binary_string::q_append or String::append
Item_func_concat_ws::val_str():
- collects the result into the string "str" passed as a parameter.
- calls val_str(&tmp_buffer) to get arguments.

At some point due to heuristic it decides to swap the buffers:
- collect the result into &tmp_buffer
- call val_str(str) to get arguments

Item_func_password::val_str_ascii() returns a String pointing to its
member tmp_value[SCRAMBLED_PASSWORD_CHAR_LENGTH+1].

As a result, it's possible that both str and tmp_buffer in
Item_func_concat_ws::val_str() point to Item_func_password::tmp_value.
Then, memcmp() called on overlapping memory fragrments.

Fixing Item_func_password::val_str_ascii() to use Item::copy()
instead of Item::set().
2024-12-13 11:09:29 +01:00
Alexander Barkov
0b7fa4c267 MDEV-31219 Assertion `fixed' failed in Item_func_hybrid_field_type / Frame_positional_cursor
add_special_frame_cursors() did not check the return
value offset_func->fix_fields(). It can return an error
if the data type does not support the operator "minus".
2024-12-13 09:40:31 +01:00
Yuchen Pei
432856c473
MDEV-35571 Check for LIMIT ROWS EXAMINED exceeded in UNION ALL
When UNION ALL is used with LIMIT ROWS EXAMINED, and when the limit is
exceeded for a SELECT that is not the last in the UNION, interrupt the
execution and call end_eof on the result. This makes sure that the
results are sent, and the query result status is conclusive rather
than empty, which would cause an assertion failure.
2024-12-13 15:44:01 +11:00
Julius Goryavsky
155203c352 Merge branch '10.5' into '10.6' 2024-12-13 01:45:35 +01:00
Daniel Black
6dcd9de2a9 MDEV-34669: ER_NEED_REPREPARE on SELECT DEFAULT(name) FROM table1_containing_sequence
A prepared SELECT statement because of CF_REEXECUTION_FRAGILE needs to
check the table is the same definition as previously otherwise a
re-prepare of the statement can occur.

When running many 'SELECT DEFAULT(name) FROM table1_containing_sequence'
in parallel the TABLE_LIST::is_the_same_definition may be called when
m_table_ref_type is TABLE_REF_NULL because it hasn't been checked yet.

In this case populate the TABLE_LIST with the values determined by the
TABLE_SHARE and allow the execution to continue.

As a result of this, the main.ps_ddl test doesn't need to reprepare
as the defination hasn't changed. This is another case where
TABLE_LIST::is_the_same_definition is called when m_table_ref_type is
TABLE_REF_NULL, but that doesn't mean that the defination is different.
2024-12-13 08:07:00 +11:00
Alexander Barkov
ab9182470d MDEV-31366 Assertion `thd->start_time' failed in bool LOGGER::slow_log_print(THD*, const char*, size_t, ulonglong)
Fixing a wrong DBUG_ASSERT.

thd->start_time and thd->start_time_sec_part cannot be 0 at the same time.

But thd->start_time can be 0 when thd->start_time_sec_part is not 0,
e.g. after:

SET timestamp=0.99;
2024-12-12 20:32:56 +01:00
Marko Mäkelä
ddd7d5d8e3 MDEV-24035 Failing assertion: UT_LIST_GET_LEN(lock.trx_locks) == 0 causing disruption and replication failure
Under unknown circumstances, the SQL layer may wrongly disregard an
invocation of thd_mark_transaction_to_rollback() when an InnoDB
transaction had been aborted (rolled back) due to one of the following errors:
* HA_ERR_LOCK_DEADLOCK
* HA_ERR_RECORD_CHANGED (if innodb_snapshot_isolation=ON)
* HA_ERR_LOCK_WAIT_TIMEOUT (if innodb_rollback_on_timeout=ON)

Such an error used to cause a crash of InnoDB during transaction commit.
These changes aim to catch and report the error earlier, so that not only
this crash can be avoided but also the original root cause be found and
fixed more easily later.

The idea of this fix is from Michael 'Monty' Widenius.

HA_ERR_ROLLBACK: A new error code that will be translated into
ER_ROLLBACK_ONLY, signalling that the current transaction
has been aborted and the only allowed action is ROLLBACK.

trx_t::state: Add TRX_STATE_ABORTED that is like
TRX_STATE_NOT_STARTED, but noting that the transaction had been
rolled back and aborted.

trx_t::is_started(): Replaces trx_is_started().

ha_innobase: Check the transaction state in various places.
Simplify the logic around SAVEPOINT.

ha_innobase::is_valid_trx(): Replaces ha_innobase::is_read_only().

The InnoDB logic around transaction savepoints, commit, and rollback
was unnecessarily complex and might have contributed to this
inconsistency. So, we are simplifying that logic as well.

trx_savept_t: Replace with const undo_no_t*. When we rollback to
a savepoint, all we need to know is the number of undo log records
that must survive.

trx_named_savept_t, DB_NO_SAVEPOINT: Remove. We can store undo_no_t
directly in the space allocated at innobase_hton->savepoint_offset.

fts_trx_create(): Do not copy previous savepoints.

fts_savepoint_rollback(): If a savepoint was not found, roll back
everything after the default savepoint of fts_trx_create().
The test innodb_fts.savepoint is extended to cover this code.

Reviewed by: Vladislav Lesin
Tested by: Matthias Leich
2024-12-12 18:02:00 +02:00
Kristian Nielsen
0166c89e02 Merge 10.5 -> 10.6
Signed-off-by: Kristian Nielsen <knielsen@knielsen-hq.org>
2024-12-05 09:20:36 +01:00
Kristian Nielsen
2ab10fbec2 MDEV-24959: ER_BINLOG_ROW_LOGGING_FAILED (1534: Writing one row to the row-based binary log failed)
The Write_rows_log_event originally allocated the m_rows_buf up-front, and
thus is_valid() checks that the buffer is allocated correctly. But at some
point this was changed to allocate the buffer lazily on demand. This means
that a a valid event can now have m_rows_buf==NULL. The is_valid() code was
not changed, and thus is_valid() could return false on a valid event.

This caused a bug for REPLACE INTO t() VALUES(), () which generates a
write_rows event with no after image; then the m_rows_buf was never
allocated and is_valid() incorrectly returned false, causing an error in
some other parts of the code.

Also fix a couple of missing special cases in the code for mysqlbinlog to
correctly decode (in comments) row events with missing after image.

Signed-off-by: Kristian Nielsen <knielsen@knielsen-hq.org>
2024-12-05 08:17:35 +01:00
Kristian Nielsen
daea59a81d MDEV-31761: mariadb-binlog prints fractional timestamp part incorrectly
Fractional part < 100000 microseconds was printed without leading zeros,
causing such timestamps to be applied incorrectly in mariadb-binlog | mysql

Signed-off-by: Kristian Nielsen <knielsen@knielsen-hq.org>
2024-12-05 08:17:35 +01:00
Jason Cu
2bf9f0d422 MDEV-32395: update_depend_map_for_order: SEGV at /mariadb-11.3.0/sql/sql_select.cc:16583
MDEV-32329 (patch) pushdown from having into where: Server crashes at sub_select

When generating an Item_equal with a Item_ref that refers to a field
outside of a subselect, remove_item_direct_ref() causes the dependency
(depended_from) on the outer select to be lost, which causes trouble
for code downstream that can no longer determine the scope of the Item.
Not calling remove_item_direct_ref() retains the Item's dependency.

Test cases from MDEV-32395 and MDEV-32329 are included.

Some fixes from other developers:

Monty:
- Fixed wrong code in Item_equal::create_pushable_equalities()
  that could cause wrong item to be used if there was no matching items.
Daniel Black:
- Added test cases from MDEV-32329
Igor Babaev:
- Provided fix for removing call to remove_item_direct_ref() in
  eliminate_item_equal()

MDEV-32395: update_depend_map_for_order: SEGV at /mariadb-11.3.0/sql/sql_select.cc:16583

Include test cases from MDEV-32329.
2024-12-04 13:22:45 +02:00
Julius Goryavsky
cefdc3e67d Merge branch '10.5' into '10.6' 2024-12-03 13:08:12 +01:00
Aleksey Midenkov
13f93da1f6 MDEV-33783 CREATE SERVER segfaults on wrong mysql.servers
Do basic checking of mysql.servers compatibility.
2024-12-03 13:49:43 +03:00
Aleksey Midenkov
27c25ceedb MDEV-31030 Assertion `!error' failed in ha_partition::update_row on UPDATE
Removing wrong assertion as division by zero was caused by valid
input.
2024-12-03 13:49:42 +03:00
Alexander Barkov
3de412fbe8 MDEV-25593 Assertion `0' failed in Type_handler_temporal_result::Item_get_date on double EXECUTE
When binding to NULL, DEFAULT or IGNORE from an Item value, Item_param did not
change m_type_handler, so its value remained from the previous bind.
Thid led to DBUG_ASSERTs in Item_param::get_date() and
Timestamp_or_zero_datetime_native_null.

Fix:

Set Item_param::m_type_handler to &type_handler_null when
binding from an Item returning NULL.

This patch also fixes MDEV-35427.
2024-12-02 11:19:12 +01:00
Marko Mäkelä
7d4077cc11 Merge 10.5 into 10.6 2024-11-29 12:37:46 +02:00
Alexander Barkov
fdb6db6b47 MDEV-29462 ASAN: heap-use-after-free in Binary_string::copy on DO CONVERT
Item_char_typecast::val_str_generic() uses Item::str_value as a buffer.
Item::val_str_ascii() also used Item::str_value as a buffer.
As a result, str_value tried to copy to itself.

Fixing val_str_ascii() to use a local buffer instead of str_value.
2024-11-28 16:34:32 +04:00
Monty
f09020b3bb Fixed bug in subselect3.inc (not notable) 2024-11-26 14:23:31 +02:00
Alexander Barkov
225c17d35c MDEV-34090 Client allows to set character set to utf32 and crashes on the next command
Disallowing character sets with mbminlen>1 in the client.
2024-11-26 13:57:55 +04:00
Alexander Barkov
425d2521ec MDEV-33472 Assertion `0' failed in Item_row::illegal_method_call on CREATE EVENT
Do not accept rows as event parameters.
2024-11-25 18:29:13 +04:00
Alexander Barkov
20eba06d9b MDEV-35489 Assertion `!ldate->neg' or unexpected result upon extracting unit from invalid value
The patch for MDEV-23687 easlier fixed this problem. Adding tests only.
2024-11-25 16:13:16 +04:00
Alexander Barkov
2e404c9850 MDEV-21029 Incorrect result for expression with the <=> operator and IS NULL
Item_func_equal erroneously derived is_null() from the parent class.
Overriding it to return false because <=> can never return NULL.
2024-11-25 10:37:02 +04:00
Alexander Barkov
3997d28f48 MDEV-16698 ASAN: heap-use-after-free in field_longstr::uncompress
This bug was earlier fixed by MDEV-16699. Adding tests only.
2024-11-22 15:46:36 +04:00
Alexander Barkov
95df7ea33a MDEV-31881 ASAN: unknown-crash in check_ulonglong (sql/sql_analyse.cc) on SELECT ... FROM ... PROCEDURE ANALYSE()
Fixing a wrong condition which made the code read 1 byte behind the buffer.
2024-11-22 14:54:08 +04:00
Alexander Barkov
39f1f30f68 MDEV-23687 Assertion `is_valid_value_slow()' failed in Datetime::Datetime upon EXTRACT under mode ZERO_DATE_TIME_CAST
Item_{date|datetime}_typecase::get_date() erroneously passed the
TIME_INTERVAL_DAY flag from the caller to args[0] which made
CAST('100000:00:00' AS DATETIME) parse '100000:00:00' as TIME
rather that DATETIME.
Suppressing this flag.
2024-11-22 12:15:03 +04:00
Daniel Black
b414eca98d Correct cursor protocol tests main.{loaddata,grant_plugin} & innodb_fts.fulltext
Cursor protocol cannot handle select... into.

Disable this on loaddata.

For the grant_plugin/innodb_fts.fulltext changed
the tests to use a temporary table rather than a
user variable.
2024-11-21 21:43:44 +11:00
Daniel Black
2c89fe7ea6 main.stack view protocol - correct test result
View protocol requires expressions include a simple alias.
2024-11-21 21:43:44 +11:00
Monty
0de9e40f4b Added status variable "stack_usable" to be able to check stack usage 2024-11-19 19:02:45 +02:00
Alexander Barkov
ae0cbfe934 MDEV-28001 greatest/least with bigint unsigned maxium has unexpected results compared to 0
LEAST() and GREATEST() erroneously calcucalted the result as signed
for BIGINT UNSIGNED arguments.

Adding a new method for unsigned arguments:
  Item_func_min_max::val_uint_native()
2024-11-19 14:26:39 +04:00
Alexander Barkov
74184074a0 MDEV-28652 SUBSTRING(str,pos,len) returns incorrect result in view (returns an empty string)
Item_func_substr::fix_length_and_dec() incorrecltly calculated its max_length
to 0 when a huge number was passed as the third argument:
  substring('hello', 1, 4294967295)
Fixing this.
2024-11-19 12:35:00 +04:00
Alexander Barkov
09fe74c7fd MDEV-25174 DOUBLE columns do not accept large hex hybrids
Limit only signed integer fields fields to LONGLONG_MAX.
Double and decimal fields do not need this limit, as they
can store integers up to ULONGLONG_MAX without problems.
2024-11-19 11:50:12 +04:00
Alexander Barkov
70dbd63e02 MDEV-24337 Server crash in DTCollation::set_repertoire_from_charset
The loop in Item_func_in::get_func_mm_tree incorrectly used array->count
in the loop. Fixing it to array->used_count.
2024-11-19 10:57:14 +04:00
Alexander Barkov
b65504b8db MDEV-23138 Odd behavior of character_set variables set to utf16 (when allowed)
Sys_var_typelib did not work when assigned to an expression
with character sets with mbminlen>1.
Using val_str_ascii() instead of val_str() to fix this.
2024-11-18 11:34:13 +04:00
Sergey Vojtovich
ed72eadfb8 MDEV-35421 - main.mysql_upgrade fails without unix_socket plugin
Fixed main.mysql_upgrade to pass when unix_socket plugin is unavailable.

Also don't redefine _GNU_SOURCE, which was previously defined by command
line/environment. This fixes silent auth_socket build failure with
MYSQL_MAINTAINER_MODE=ERR.
2024-11-18 14:26:17 +11:00
Alexander Barkov
c4843c10a3 MDEV-35416 CONV(1<<63, 10, -2) fails with --view-protocol
Item_func_conv::fix_length_and_dec() incorrectly set maximum
length as 64 character. But for negative numbers it can
return up to 65 charcters (including the sign).
2024-11-14 17:05:31 +04:00
Alexander Barkov
3b20045071 MDEV-35393 ASAN unknown-crash in Field_varstring::reset when inserting NULL value to a table with filename charset
Also fixes
MDEV-35392 Assertion `!__asan_region_is_poisoned((vo id*) dest,templ->mysql_col_len)' failed in void row_sel_field_store_in_mysql_format_func(byte *, const mysql_row_templ_t *, const byte *, ulint)

Conversion from CHAR to VARCHAR must be done before the call
for create_length_to_internal_length_string().
Moving the conversion code from Column_definition::prepare_blob_field()
to Column_definition::prepare_stage1_string().
2024-11-14 16:06:04 +04:00
Alexander Barkov
13a14c0d78 MDEV-33987 Server crashes at Item_func_as_wkt::val_str_ascii
Item_func_boundary::val_str() did not set null_value when
it could not construct a geomery object from the input.
2024-11-14 13:27:22 +04:00
Alexander Barkov
25be7da202 MDEV-32755 Stack-Buffer-Overflow at /mariadb-11.3.0/strings/int2str.c:122
The buffer ans[65] in Item_func_conv::val_str() was too small.
Fixing it to ans[66].
Thanks to Kristian Nielsen for the analysis.
2024-11-13 14:32:03 +04:00
Daniel Black
cad881ab10 MDEV-35088 main.timezone failing - MEST vs CET time zone difference
Reported in Debian bug #1084293, from the tzdata changelog:

  * Upstream obsoleted the System V names CET, CST6CDT, EET, EST*, HST, MET,
    MST*, PST8PDT, and WET. They are symlinks now. Move those zones to
    tzdata-legacy and update /etc/localtime on package update to the new names.
    Please use Etc/GMT* in case you want to avoid DST changes.

As such the timezone output started to output CET (or CEST) as the
current timezone. Due to the way the test was written, its only
possible to hit this error when running mtr from a package. The
internals of MTR fix the timezone so this will never be hit in a build.

As such, added Europe/Budapest as the Central Europe Standard Time
(per sql/win_tzname_data.h and its derived unicode.org source) as timezone,
hard fixed by timezone.opt file so it will always run. The
have_cet_timezone is there to check the zonedata is installed
(was absent on buildbot Ubuntu 22.04 and Windows).

As replace result to the CET output and treat MET/MEST as the
same while its on its way out.

Thanks Santiago Vila for the bug report and Otto for forwarding it.
2024-11-13 17:39:47 +11:00
Alexander Barkov
b9f9d804f2 MDEV-28686 Assertion `0' in Type_handler_string_result::make_sort_key or unexpected result
The code in the can_eval_in_optimize() branch in
Item_func_pad::fix_length_and_dec() did not take into account
that the constant can be negative. So the function will return NULL.

This later crashed on DBUG_ASSERT() because a NOT NULL function returned NULL.

Adding set_maybe_null() into this branch if the constant is negative.
2024-11-06 15:45:59 +04:00
Vladislav Vaintroub
37b7986467 Merge branch '10.5' into 10.6 2024-11-05 21:02:22 +01:00
Alexander Barkov
7741065936 MDEV-23895 Server crash, ASAN heap-buffer-overflow or Valgrind Invalid write in Item_func_rpad::val_str
Item_cache_int::val_str() and Item_cache_real::val_str() erroneously
used default_charset(). Fixing to return my_charset_numeric instead.
2024-11-05 12:36:08 +04:00
Alexander Barkov
eb41c1171e MDEV-33942 View cuts off the end of string with the utf8 character set in INSERT function
Item_func_insert::fix_length_and_dec() incorrectly calculated max_length
when its collation.collation evaluated to my_charset_bin.

Fixing the code to calculate max_length in terms of octets rather
than in terms of characters when collation.collation is my_charset_bin.
2024-11-05 11:16:10 +04:00
Alexander Barkov
c2bf1d4781 MDEV-29552 LEFT and RIGHT with big value for parameter 'len' >0 return empty value in view
The code in max_length_for_string() erroneously returned 0
for huge numbers like 4294967295.

Rewriting the code in a more straightforward way.
2024-11-05 09:19:05 +04:00