In UNION if we use last SELECT without braces and this
SELECT have ORDER BY clause, such clause belongs to
global UNION. It is parsed like last SELECT
part and used further as 'unit->global_parameters->order_list' value.
During DESCRIBE EXTENDED we call select_lex->print_order() for
last SELECT where order fields refer to tmp table
which already freed. It leads to crash.
The fix is clean up global_parameters->order_list
instead of fake_select_lex->order_list.
mysql-test/r/union.result:
test result
mysql-test/t/union.test:
test case
sql/sql_union.cc:
In UNION if we use last SELECT without braces and this
SELECT have ORDER BY clause, such clause belongs to
global UNION. It is parsed like last SELECT
part and used further as 'unit->global_parameters->order_list' value.
During DESCRIBE EXTENDED we call select_lex->print_order() for
last SELECT where order fields refer to tmp table
which already freed. It leads to crash.
The fix is clean up global_parameters->order_list
instead of fake_select_lex->order_list.
Problem: using LOAD_FILE() in some cases we pass a file name string
without a trailing '\0' to fn_format() which relies on that however.
That may lead to valgrind warnings.
Fix: add a trailing '\0' to the file name passed to fn_format().
mysql-test/r/func_str.result:
Fix for bug#44774: load_file function produces valgrind warnings
- test result.
mysql-test/t/func_str.test:
Fix for bug#44774: load_file function produces valgrind warnings
- test case.
sql/item_strfunc.cc:
Fix for bug#44774: load_file function produces valgrind warnings
- passing a file name to fn_format(), file_name->c_ptr() replaced
with file_name->c_ptr_safe() to ensure we have a trailing '\0'.
Problem: storing "SELECT ... INTO @var ..." results in variables we used val_xxx()
methods which returned results of the current row.
So, in some cases (e.g. SELECT DISTINCT, GROUP BY or HAVING) we got data
from the first row of a new group (where we evaluate a clause) instead of
data from the last row of the previous group.
Fix: use val_xxx_result() counterparts to get proper results.
mysql-test/r/distinct.result:
Fix for bug#42009: SELECT into variable gives different results to direct SELECT
- results adjusted.
mysql-test/r/user_var.result:
Fix for bug#42009: SELECT into variable gives different results to direct SELECT
- test result.
mysql-test/t/user_var.test:
Fix for bug#42009: SELECT into variable gives different results to direct SELECT
- test case.
sql/item_func.cc:
Fix for bug#42009: SELECT into variable gives different results to direct SELECT
- Item_func_set_user_var::save_item_result() added to evaluate and store
an item's result into a user variable.
sql/item_func.h:
Fix for bug#42009: SELECT into variable gives different results to direct SELECT
- Item_func_set_user_var::save_item_result() added to evaluate and store
an item's result into a user variable.
sql/sql_class.cc:
Fix for bug#42009: SELECT into variable gives different results to direct SELECT
- use Item_func_set_user_var::save_item_result() to store results into user
variables.
with seg fault
Multiple-table DELETE from a table joined to itself may cause
server crash. This was originally discovered with MEMORY engine,
but may affect other engines with different symptoms.
The problem was that the server violated SE API by performing
parallel table scan in one handler and removing records in
another (delete on the fly optimization).
mysql-test/r/heap_btree.result:
Updated test result after adding new test for this bug.
mysql-test/t/heap_btree.test:
Updated test result after adding new test for the bug report.
sql/sql_delete.cc:
Updated to check if the files in delete list appears in join list and disable
delete while scanning, if it appears.
EXPLAIN EXTENDED of nested query containing a error:
1054 Unknown column '...' in 'field list'
may cause a server crash.
Parse error like described above forces a call to
JOIN::destroy() on malformed subquery.
That JOIN::destroy function closes and frees temporary
tables. However, temporary fields of these tables
may be listed in st_select_lex::group_list of outer
query, and that st_select_lex may not cleanup them
properly. So, after the JOIN::destroy call that
st_select_lex::group_list may have Item_field
objects with dangling pointers to freed temporary
table Field objects. That caused a crash.
mysql-test/r/subselect3.result:
Added test case for bug #37362.
mysql-test/t/subselect3.test:
Added test case for bug #37362.
sql/sql_select.cc:
Bug #37362: Crash in do_field_eq
The JOIN::destroy function has been modified to
cleanup temporary table column items.
The issue of the current bug is unguarded access to mi->slave_running
by the shutdown thread calling end_slave() that is bug#29968
(alas happened not to be cross-linked with the current bug)
Fixed:
with removing the unguarded read of the running status
and perform reading it in terminate_slave_thread()
at time run_lock is taken (mostly bug#29968 backporting, still with some
improvements over that patch - see the error reporting from
terminate_slave_thread()).
Issue of bug#38716 is fixed here for 5.0 branch as well.
Note:
There has been a separate artifact identified -
a race condition between init_slave() and end_slave() -
reported as Bug#44467.
mysql-test/r/rpl_bug38694.result:
a new results file is added.
mysql-test/t/rpl_bug38694-slave.opt:
simulating delay at slave threads shutdown.
mysql-test/t/rpl_bug38694.test:
A new test to check if a delay at the termination phase of slave threads
could cause any issue.
sql/slave.cc:
The unguarded read of the running status is removed. Its reading is done in
terminate_slave_thread() at time run_lock is taken;
Calling terminate_slave_threads(skip_lock := !need_slave_mutex) in the failing branch of start_slave_threads() which is bug#38716 issue.
sql/slave.h:
removing terminate_slave_thread() out of the global interface scope.
the Point() and Linestring() functions create WKB representation of an
object instead of an real geometry object.
That produced bugs when these were inserted into tables.
GIS tests fixed accordingly.
per-file messages:
mysql-test/r/gis-rtree.result
Bug#38990 Arbitrary data input plus GIS functions causes mysql server crash
test result
mysql-test/r/gis.result
Bug#38990 Arbitrary data input plus GIS functions causes mysql server crash
test result
mysql-test/t/gis-rtree.test
Bug#38990 Arbitrary data input plus GIS functions causes mysql server crash
test fixed - GeomFromWKB invocations removed
mysql-test/t/gis.test
Bug#38990 Arbitrary data input plus GIS functions causes mysql server crash
test fixed - AsWKB invocations added
sql/item_geofunc.cc
Bug#38990 Arbitrary data input plus GIS functions causes mysql server crash
Point() and similar functions to create a proper object
Bug #40925: Equality propagation takes non indexed attribute
Query execution plans and execution time of queries like
select a, b, c from t1
where a > '2008-11-21' and b = a limit 10
depended on the order of equality operator parameters:
"b = a" and "a = b" are not same.
An equality propagation algorithm has been fixed:
the substitute_for_best_equal_field function should not
substitute a field for an equal field if both fields belong
to the same table.
mysql-test/r/select.result:
Added test case for bug #40925.
mysql-test/t/select.test:
Added test case for bug #40925.
sql/item.cc:
Bug #40925: Equality propagation takes non indexed attribute
An equality propagation algorithm has been fixed:
the substitute_for_best_equal_field function should not
substitute a field for an equal field if both fields belong
to the same table.
for indexes of InnoDB table
Fixes by replacing the PRNG that is used to pick random pages with a
better one.
Also adds a configuration option "innodb_use_legacy_cardinality_algorithm"
to enable the fix only when the option is set.
This patch is from http://bugs.mysql.com/file.php?id=11789
to wrong results
3 problems found with DES_ENCRYPT/DES_DECRYPT :
1. The max length was not calculated properly. Fixed in fix_length_and_dec()
2. DES_ENCRYPT had a side effect of sometimes reallocating and changing
the value of its argument. Fixed by explicitly pre-allocating the necessary
space to pad the argument with trailing '*' (stars) when calculating the
DES digest.
3. in DES_ENCRYPT the string buffer for the result value was not
reallocated to the correct size and only string length was assigned to it.
Fixed by making sure there's enough space to hold the result.
information schema tables are based on internal tmp tables which are removed
after each statement execution. So HANDLER comands can not be used with
information schema.
mysql-test/r/handler.result:
test result
mysql-test/t/handler.test:
test case
sql/sql_handler.cc:
information schema tables are based on internal tmp tables which are removed
after each statement execution. So HANDLER comands can not be used with
information schema.
routine does not exist
There is an inconsistency with DROP DATABASE IF EXISTS, DROP TABLE IF
EXISTS and DROP VIEW IF EXISTS: those are binlogged even if the DB or
TABLE does not exist, whereas DROP PROCEDURE IF EXISTS does not. It
would be nice or at least consistent if DROP PROCEDURE/STATEMENT
worked the same too.
Fixed DROP PROCEDURE|FUNCTION IF EXISTS by adding a call to
mysql_bin_log.write in mysql_execute_command. Checked also if all
documented "DROP (...) IF EXISTS" get binlogged.
NOTE: This is a 5.0 backport patch as requested by support.
mysql-test/r/rpl_drop_if_exists.result:
Result file for test case added.
mysql-test/r/rpl_sp.result:
Updated result file for existing test case that has now extra events in
binary log (the ones from drop if exists procedure/function).
mysql-test/t/rpl_drop_if_exists.test:
Added test case for asserting validity of proposed patch.
sql/sql_parse.cc:
Added call mysql_bin_log.write when lex has drop_if_exists enabled for
stored procedures.
The crash happens due to wrong 'digits' variable value(0),
'digits' can not be 0, so the fix is use 1 as min allowed value.
mysql-test/r/insert.result:
test result
mysql-test/t/insert.test:
test case
sql/field.cc:
The crash happens due to wrong 'digits' variable value(0),
'digits' can not be 0, so the fix is use 1 as min allowed value.
The problem is that a SELECT .. FOR UPDATE statement might open
a table and later wait for a impeding global read lock without
noticing whether it is holding a table that is being waited upon
the the flush phase of the process that took the global read
lock.
The same problem also affected the following statements:
LOCK TABLES .. WRITE
UPDATE .. SET (update and multi-table update)
TRUNCATE TABLE ..
LOAD DATA ..
The solution is to make the above statements wait for a impending
global read lock before opening the tables. If there is no
impending global read lock, the statement raises a temporary
protection against global read locks and progresses smoothly
towards completion.
Important notice: the patch does not try to address all possible
cases, only those which are common and can be fixed unintrusively
enough for 5.0.
mysql-test/r/lock_multi.result:
Add test case result for Bug#43230
mysql-test/t/lock_multi.test:
Add test case for Bug#43230
sql/sql_lex.cc:
Initialize flag.
sql/sql_lex.h:
Add a flag to the lexer.
sql/sql_parse.cc:
Wait for the global read lock is a write lock is going to be
taken. The wait is done before opening tables.
sql/sql_yacc.yy:
Protect against the GRL if its a SELECT .. FOR UPDATE or LOCK TABLES
.. WRITE statement.
Original commentary:
Bug #37348: Crash in or immediately after JOIN::make_sum_func_list
The optimizer pulls up aggregate functions which should be aggregated in
an outer select. At some point it may substitute such a function for a field
in the temporary table. The setup_copy_fields function doesn't take this
into account and may overrun the copy_field buffer.
Fixed by filtering out the fields referenced through the specialized
reference for aggregates (Item_aggregate_ref).
Added an assertion to make sure bugs that cause similar discrepancy
don't go undetected.
mysql-test/r/func_group.result:
Backport bug #37348 fix 5.1 --> 5.0.
mysql-test/t/func_group.test:
Backport bug #37348 fix 5.1 --> 5.0.
sql/item.cc:
Backport bug #37348 fix 5.1 --> 5.0.
sql/item.h:
Backport bug #37348 fix 5.1 --> 5.0.
sql/sql_select.cc:
Backport bug #37348 fix 5.1 --> 5.0.
updates
Attempt to execute trigger or stored function with multi-UPDATE
which used - but didn't update - a table that was also used by
the calling statement led to an error. Read-only reference to
tables used in the calling statement should be allowed.
This problem was caused by the fact that check for conflicting
use of tables in SP/triggers was performed in open_tables(),
and in case of multi-UPDATE we didn't know exact lock type at
this stage.
We solve the problem by moving this check to lock_tables(), so
it can be performed after exact lock types for tables used by
multi-UPDATE are determined.
mysql-test/r/trigger.result:
Results for the added test case is added.
mysql-test/t/trigger.test:
A new test case is added, verifying correct table multi-update
conflict resolution, both read-only and write.
sql/sql_base.cc:
The check for conflicting use of tables in SP/triggers is moved
to lock_tables(), to be performed after the exact lock types
have been determined. Also, an assert is added to open_ltable()
to ensure this func is not used in a prelocked context.
UNION could convert fixed-point FLOAT(M,D)/DOUBLE(M,D) columns
to FLOAT/DOUBLE when aggregating data types from the SELECT
substatements. While there is nothing particularly wrong with
this behavior, especially when M is greater than the hardware
precision limits, it could be confusing in cases when all
SELECT statements in a union have the same
FLOAT(M,D)/DOUBLE(M,D) columns with equal precision
specifications listed in the same position.
Since the manual is quite vague on what data type should be
returned in such cases, the bug was fixed by implementing the
most 'expected' behavior: do not convert FLOAT(M,D)/DOUBLE(M,D)
to anything else if all SELECT statements in a UNION have the
same precision for that column.
mysql-test/r/union.result:
Added a test case for bug #43432.
mysql-test/t/union.test:
Added a test case for bug #43432.
sql/field.cc:
Replaced FLT_DIG+6 and DBL_DIG+7 with a symbolic constant.
sql/item.cc:
Do not convert FLOAT(M,D)/DOUBLE(M,D)
to anything else if all SELECT statements in a UNION have the
same precision for that column.
sql/mysql_priv.h:
Added a symbolic constant for FLT_DIG+6 and DBL_DIG+7.
Problem: commit doesn't delete savepoints if there are no changes
in the transaction.
Fix: delete them in such cases.
mysql-test/r/innodb_mysql.result:
Fix for bug #26288: savepoint not deleted, comit on empty transaction
- test result.
mysql-test/t/innodb_mysql.test:
Fix for bug #26288: savepoint not deleted, comit on empty transaction
- test case.
sql/handler.cc:
Fix for bug #26288: savepoint not deleted, comit on empty transaction
- call transaction.cleanup() even if nht is 0 to delete
possible savepoints.
When the thread executing a DDL was killed after finished its
execution but before writing the binlog event, the error code in
the binlog event could be set wrongly to ER_SERVER_SHUTDOWN or
ER_QUERY_INTERRUPTED.
This patch fixed the problem by ignoring the kill status when
constructing the event for DDL statements.
This patch also included the following changes in order to
provide the test case.
1) modified mysqltest to support variable for connection command
2) modified mysql-test-run.pl, add new variable MYSQL_SLAVE to
run mysql client against the slave mysqld.
When add an aliase name after NAME_CONST, the aliase name will be overwrite.
NAME_CONST will re-set the field's name only if there isn't an aliase in the
function fix-fields().
If there is an aliase, NAME_CONST doesn't re-set the field's name and keeps the old
name.
mysql-test/r/func_misc.result:
Test result.
mysql-test/r/rpl_name_const.result:
Test case.
mysql-test/t/func_misc.test:
Add NAME_CONST test.
mysql-test/t/rpl_name_const.test:
Test result.
sql/item.cc:
Re-set field's name if the name is autogenerated, that mean without aliase.
due to name_const substitution
Problem:
"In general, statements executed within a stored procedure
are written to the binary log using the same rules that
would apply were the statements to be executed in standalone
fashion. Some special care is taken when logging procedure
statements because statement execution within procedures
is not quite the same as in non-procedure context".
For example, each reference to a local variable in SP's
statements is replaced by NAME_CONST(var_name, var_value).
Queries like
"CREATE TABLE ... SELECT FUNC(local_var ..."
are logged as
"CREATE TABLE ... SELECT FUNC(NAME_CONST("local_var", var_value) ..."
that leads to differrent field names and
might result in "Incorrect column name" if var_value is long enough.
Fix: in 5.x we'll issue a warning in such a case.
In 6.0 we should get rid of NAME_CONST().
Note: this issue and change should be described in the documentation
("Binary Logging of Stored Programs").
mysql-test/r/binlog.result:
Fix for bug#35383: binlog playback and replication breaks
due to name_const substitution
- test result.
mysql-test/t/binlog.test:
Fix for bug#35383: binlog playback and replication breaks
due to name_const substitution
- test case.
sql/sp_head.cc:
Fix for bug#35383: binlog playback and replication breaks
due to name_const substitution
- set thd->query_name_consts if there's NAME_CONST()
substitution(s).
sql/sql_parse.cc:
Fix for bug#35383: binlog playback and replication breaks
due to name_const substitution
- issue a warning if there's NAME_CONST() substitution and
binary logging is on for "CREATE TABLE ... SELECT ...".
Fine-tuning. Broke out comparison into method by
suggestion of Davi. Clarified comments. Reverting
test-case which I find too brittle; proper test
case in 5.1+.
(Pushing for Azundris)
We allow security-contexts with NULL users (for
system-threads and for unauthenticated users).
If a non-SUPER-user tried to KILL such a thread,
we tried to compare the user-fields to see whether
they owned that thread. Comparing against NULL was
not a good idea.
If KILLer does not have SUPER-privilege, we
specifically check whether both KILLer and KILLee
have a non-NULL user before testing for string-
equality. If either is NULL, we reject the KILL.
mysql-test/r/rpl_temporary.result:
Try to have a non-SUPER user KILL a system thread.
mysql-test/t/rpl_temporary.test:
Try to have a non-SUPER user KILL a system thread.
sql/sql_parse.cc:
Make sure security contexts of both KILLer *and*
KILLee are non-NULL before testing for string-equality!
When do 'insert delayed' operation, the time_zone info doesn't be keeped in the row info.
So when we do insert sometime later, time_zone didn't write into binlog.
This will cause wrong result for timestamp column in slave.
Our solution is that adding time_zone info with the delayed-row and
restoring time_zone from row-info when execute that row in the furture by another thread.
So we can write correct time_zone info into binlog and got correct result in slave.
mysql-test/r/rpl_timezone.result:
Test result
mysql-test/t/rpl_timezone.test:
Add test for bug#41719
sql/sql_insert.cc:
Add time_zone info in the delayed-row and restore time_zone when execute the row in the furture by another thread.
functions
Unknown timezone specifications are properly rejected
by the server, but are copied into tz_storage before
rejection, and hence is retained until end of server
life. With sufficiently large bogus timezone specs,
it is easy to exhaust system memory.
Allocation of memory for a copy of the timezone
name is delayed until after verification of validity,
at the cost of a memcpy of the timezone info. This
only happens once, future lookups will hit the cached
structure.
Don't throw an error after checking the first and the second arguments.
Continue with checking the third and higher arguments and if some of
them is stronger according to coercibility rules,
then this argument's collation is set as result collation.
mysql-test/r/ctype_collate.result:
test result
mysql-test/t/ctype_collate.test:
test case
sql/item.cc:
Don't throw an error after checking the first and the second arguments.
Continue with checking the third and higher arguments and if some of
them is stronger according to coercibility rules,
then this argument's collation is set as result collation.
seems to become negative
THD::start_time has a dual meaning : it's either the time since the process
entered a given state or is the transaction time returned by e.g. NOW().
This causes problems, as sometimes THD::start_time may be set to a value
that is correct and needed when used as a base for NOW(), but these times
may be arbitrary (SET @@timestamp) or non-local (coming from the master
through the replication feed).
If one such non-local time is set there's no way to return a correct value
for e.g. SHOW PROCESSLIST or SELECT ... FROM INFORMATION_SCHEMA.PROCESSLIST.
Fixed by making the Time column in SHOW PROCESSLIST SIGNED LONG instead of
UNSIGNED LONG and doing the correct conversions.
Note that no reliable test suite can be constructed, since it would require
knowing the local time and can't be achieved by the means of the current test
suite.
sql/sql_show.cc:
Bug #22047: make the Time in SHOW PROCESSLIST LONG from
LONG UNSIGNED
Took the Xfree implementation (based on the same rewrite as the NDB one)
and added it instead of the current implementation.
Added a macro to make the calls to MD5 more streamlined.
client/mysqlmanager-pwgen.c:
Bug #42434: changed to call the macro
include/my_md5.h:
Bug #42434: use the Xfree implementation
mysys/md5.c:
Bug #42434: use the Xfree implementation
sql/item_strfunc.cc:
Bug #42434: changed to call the macro
sql/table.cc:
Bug #42434: changed to call the macro
tools/mysqlmanager.c:
Bug #42434: changed to call the macro
The copy of the original arguments of a aggregate function was not
initialized until after fix_fields().
Sometimes (e.g. when there's an error processing the statement)
the print() can be called with no corresponding fix_fields() call.
Fixed by adding a check if the Item is fixed before using the arguments
copy.
mysql-test/r/explain.result:
Bug #43354: test case
mysql-test/t/explain.test:
Bug #43354: test case
sql/item_sum.cc:
Bug #43354: use the argument list copy only if it's initialized
This is a back port from 5.1 to 5.0.
Fix for BUG 20023: mysql_change_user() resets the value
of SQL_BIG_SELECTS.
The bug was that SQL_BIG_SELECTS was not properly set
in COM_CHANGE_USER.
The fix is to update SQL_BIG_SELECTS properly.
sql/sql_class.cc:
Update THD::options with the respect to SQL_BIG_SELECTS
in COM_CHANGE_USER.
tests/mysql_client_test.c:
Add a test case BUG#20023.
Bug #18828: If InnoDB runs out of undo slots, it returns misleading 'table is full'
This is a backport of code already in 5.1+. The error message change referred
to in the detailed revision comments is still pending.
Detailed revision comments:
r3937 | calvin | 2009-01-15 03:11:56 +0200 (Thu, 15 Jan 2009) | 17 lines
branches/5.0:
Backport the fix for Bug#18828. Return DB_TOO_MANY_CONCURRENT_TRXS
when we run out of UNDO slots in the rollback segment. The backport
is requested by MySQL under bug#41529 - Safe handling of InnoDB running
out of undo log slots.
This is a partial fix since the MySQL error code requested to properly
report the error condition back to the client has not yet materialized.
Currently we have #ifdef'd the error code translation in ha_innodb.cc.
This will have to be changed as and when MySQl add the new requested
code or an equivalent code that we can then use.
Given the above, currently we will get the old behavior, not the
"fixed" and intended behavior.
Approved by: Heikki (on IM)
