- 30 Apr, 2013 2 commits
-
-
michael.izioumtchenko@oracle.com authored
eliminate a race condition over recv_sys->n_addrs which might result in a database corruption in recovery, without reporting a recovery error. recv_recover_page_func(): move the code segment that decrements recv_sys->n_addrs to the end of the function, after the call to mtr_commit() rb://2282 approved by Inaam
-
Neeraj Bisht authored
GROUP BY, MYISAM Problem:- In a query, where we are using loose index scan optimization and we have MIN() causes segmentation fault(where table row length is less then key_length). Analysis: While using loose index scan for MIN(), we call key_copy(), to copy the key data from record. This function is using temporary record buffer to store key data from the record buffer.But in case where the key length is greater then the buffer length, this will cause a segmentation fault. Solution: Give a proper buffer to store a key record.
-
- 24 Apr, 2013 2 commits
-
-
mysql-builder@oracle.com authored
No commit message
-
Annamalai Gurusami authored
OPENING MISSING PARTITION In the ha_innobase::open() call, for normal tables, there is no retry logic. But for partitioned tables, there is a retry logic introduced as fix for: http://bugs.mysql.com/bug.php?id=33349 https://support.mysql.com/view.php?id=21080 The Bug#33349, does not provide sufficient information to analyze the original problem. The original problem reported by bug#33349 is also minor (just an annoyance and no loss of functionality). Most importantly, the retry logic has been introduced without any associated test case. So we are removing the retry logic for partitioned tables. When the original problem occurs, a different solution will be explored.
-
- 22 Apr, 2013 1 commit
-
-
murthy.narkedimilli@oracle.com authored
-
- 20 Apr, 2013 1 commit
-
-
Neeraj Bisht authored
Problem: In query like select 1 from .. order by match .. against ...; causes a debug assert failue. Analysis: In union type query like (select * from order by a) order by b; or (select * from order by a) union (select * from order by b); We skip resolving of order by a for 1st query and order by of a and b in 2nd query. This means that, in case when our order by have Item_func_match class, we skip resolving it. But we maintain a ft_func_list and at the time of optimization, when we Perform FULLTEXT search before all regular searches on the bases of the list we call Item_func_match::init_search() which will cause debug assert as the item is not resolved. Solution: We will skip execution if the item is not fixed and we will not fix index(Item_func_match::fix_index()) for which Item_func_match::fix_field() is not called so that on later changes we can check the dependency on fix field.
-
- 16 Apr, 2013 1 commit
-
-
Murthy Narkedimilli authored
-
- 14 Apr, 2013 1 commit
-
-
Chaithra Gopalareddy authored
!TABLES->NEXT_NAME_RESOLUTION_TABLE) || !TAB Problem: The context info of select query gets corrupted when a query with group_concat having order by is present in an order by clause of the select query. As a result, server crashes with an assert. Analysis: While parsing order by for group_concat, it is presumed that it is always present before the actual order by for the select query. As a result, parser uses select->order_list to populate the order by items of group_concat and creates a select->gorder_list to which select->order_list is copied onto. Once this is done, it empties the select->order_list. In the case presented in the bugpage, as order by is already parsed when group_concat's order by is encountered, parser presumes that it is the second order by in the select query and creates fake_lex_unit which results in the change of context info. Solution: Make group_concat's order by parsing independent of the select
-
- 09 Apr, 2013 1 commit
-
-
Nirbhay Choubey authored
-
- 08 Apr, 2013 2 commits
-
-
mysql-builder@oracle.com authored
No commit message
-
mysql-builder@oracle.com authored
No commit message
-
- 02 Apr, 2013 2 commits
-
-
Tor Didriksen authored
This is a backport of the fix for Bug#13966809 CRASH IN COPY_FUNCS WHEN GROUPING BY OUTER QUERY BLOB FIELD IN SUBQUERY
-
mysql-builder@oracle.com authored
No commit message
-
- 01 Apr, 2013 1 commit
-
-
mysql-builder@oracle.com authored
No commit message
-
- 31 Mar, 2013 1 commit
-
-
Chaithra Gopalareddy authored
Bug #16347343 : CRASH, GROUP_CONCAT, DERIVED TABLES Problem: A select query inside a group_concat function having an outer reference results in a crash. Analysis: In function Item_group_concat::add, we do not check if return value of get_tmp_table_field can be NULL for a non-const item. This can happen for a query with a outer reference. While resolving the outer reference in the query present inside group_concat function, we set the "const_item_cache" to false. As a result in the call to const_item() from Item_func_group_concat::add, it returns false and goes on to check if this can be NULL resulting in the crash. get_tmp_table_field does not return NULL for Items of type Item_field, Item_result_field and Item_ref. For all other items, it returns NULL. Solution: Check for the return value of get_tmp_table_field before we access field contents.
-
- 29 Mar, 2013 2 commits
-
-
Annamalai Gurusami authored
TABLE/KEY RELATIONS The DICT_FK_MAX_RECURSIVE_LOAD was reduced from 250 to 33 in rb#2058. But in optimized build, this recursive depth is still too deep and resulted in stack overflow. So reducing this depth to 20 now.
-
mysql-builder@oracle.com authored
No commit message
-
- 28 Mar, 2013 4 commits
-
-
Georgi Kodinov authored
Fixed the get_data_size() methods for multi-point features to check properly for end of their respective data arrays. Extended the point checking function to take a 3d optional argument so cases where there's additional data in each array element (besides the point data itself) can be covered by the helper function. Fixed the 3 cases where such offset was present to use the proper checking helper function. Test cases added. Fixed review comments.
-
Nisha Gopalakrishnan authored
REGULAR SQL VS PREPARED STATEMENT Analysis: --------- When passing user variables as parameters to the prepared statements, the IF() function evaluation turns out to be incorrect. Consider the example: SET @var1='0.038687'; SELECT @var1 , IF( @var1 = 0 , 1 ,@var1 ) AS sqlif ; +----------+----------+ | @var1 | sqlif | +----------+----------+ | 0.038687 | 0.038687 | +----------+----------+ Executing a prepared statement where the parameters are supplied: PREPARE fail_stmt FROM "SELECT ? , IF( ? = 0 , 1 , ? ) AS ps_if_fail" ; EXECUTE fail_stmt USING @var1 ,@var1 , @var1 ; +----------+------------+ | ? | ps_if_fail | +----------+------------+ | 0.038687 | 1 | +----------+------------+ 1 row in set (0.00 sec) In the regular statement or while executing the prepared statements without passing parameters, the decimal precision is set for the user variable of type string. The comparison function used for evaluation considered the precision while comparing the values. But while executing the prepared statement with the parameters supplied, the decimal precision was not set. Thus the comparison function chosen was different which looked at the absolute values for comparison. Fix: ---- The fix is to set 'decimals' field of Item_param to the default value which is nothing but the maximum number of decimals(NOT_FIXED_DEC). This is set for cases where the strings are converted to the numeric form within certain functions. Thus the value is not rounded off during comparison, ensuring correct evaluation.
-
Sujatha Sivakumar authored
NO ERRORS REPORTED Problem: ======= Errors from my_b_fill are ignored. MYSQL_BIN_LOG::write_cache code assumes that 0 returned from my_b_fill always means end-of-cache, but that is incorrect. It can result in error and the error is ignored. Other callers of my_b_fill don't check for error: my_b_copy_to_file, maybe my_b_gets. Fix: === An error handler is already present to check the "cache" error that is reported during "MYSQL_BIN_LOG::write_cache" call. Hence error handlers are added for "my_b_copy_to_file" and "my_b_gets". During my_b_fill() function call, when the cache read fails info->error= -1 is set. Hence a check for "info->error" is added for the above to callers upon their return.
-
Annamalai Gurusami authored
TABLE/KEY RELATIONS Problem: When there are many tables, linked together through the foreign key constraints, then loading one table will recursively open other tables. This can sometimes lead to thread stack overflow. In such situations the server will exit. I see the stack overflow problem when the thread_stack is 196608 (the default value for 32-bit systems). I don't see the problem when the thread_stack is set to 262144 (the default value for 64-bit systems). Solution: Currently, in InnoDB, there is a macro DICT_FK_MAX_RECURSIVE_LOAD which defines the maximum number of tables that will be loaded recursively because of foreign key relations. This is currently set to 250. We can reduce this number to 33 (anything more than 33 does not solve the problem for the default value). We can keep it small enough so that thread stack overflow does not happen for the default values. Reducing the DICT_FK_MAX_RECURSIVE_LOAD will not affect the functionality of InnoDB. The tables will eventually be loaded. rb#2058 approved by Marko
-
- 27 Mar, 2013 3 commits
-
-
Georgi Kodinov authored
The GIS WKB reader was checking for the presence of enough data by first multiplying the number read (where it could overflow) and only then comparing it to the number of bytes available. This can overflow and effectively turn off the check. Fixed by: 1. Introducing a new function that does division only so no overflow is possible. 2. Using the proper macros and parenthesizing them. 3. Doing an in-line division check in the only place where the boundary check is done over a data structure other than a dense points array.
-
Nuno Carvalho authored
Fixed possible uninitialized variable.
-
Sujatha Sivakumar authored
--BINLOG-IGNORE-DB AND FULLY QUALIFIED TABLE Problem: ======= An ALTER TABLE statement is not written to binlog if server started with "--binlog-ignore-db some database" and 'fully qualified' table names are used in the ALTER TABLE statement altering table different from current database context. Analysis: ======== The above mentioned problem not only affects "ALTER TABLE" statements but also to all kind of statements. Once the current default database becomes "NULL" none of the statements will be binlogged. The current behaviour is such that if the user has specified restrictions on which database needs to be replicated and the default db is not specified, then do not replicate. This means that "NULL" is considered to be equivalent to everything (default db = null implied ignore don't log the statement). Fix: === "NULL" should not be considered as equivalent to everything. Since the filtering criteria is not equal to "NULL" the statement should be logged into binlog.
-
- 26 Mar, 2013 3 commits
-
-
Andrei Elkin authored
-
Andrei Elkin authored
At logging a first Query referring a user var, the slave missed to log the user var. It appears that at execution of a Uservar event the slaver applier thought of the variable as already logged. The reason of misjudgement is in coincidence of query id:s: of one that the thread holds at Uservar execution and another one that the thread sees at the Query applying. While the two are naturally different in the regular execution branch (as two computational events are separated as individual events), in the deferred applying case the User var execution effectively belongs to its Query processing. Fixed with storing the Uservar parsing time (where desicion to defer is taken) query id to temporarily substitute with it the actual query id at the Uservar execution time (along with its query). Such manipulation mimics behaviour of the regular applying branch.
-
Tor Didriksen authored
Bug#13243248 CHECK FOR "STACK OVERRUN" DOESN'T WORK WITH GCC-4.6, SERVER CRASHES The existing check for stack direction may give wrong results for new versions of gcc at high optimization levels. Solution: Backport the stack-direction check from 5.5
-
- 22 Mar, 2013 2 commits
-
-
Nirbhay Choubey authored
-
Nirbhay Choubey authored
-
- 21 Mar, 2013 1 commit
-
-
Nirbhay Choubey authored
As current size limit of 'url' field of help_topic table is no longer sufficient for the contents of the fill_help_tables-5.1.sql. So, loading the contents in the table might result in warning (or error with stricter modes). Updated the type for 'url' field of help_topic as well as help_category tables from char(128) to text.
-
- 20 Mar, 2013 1 commit
-
-
Murthy Narkedimilli authored
-
- 19 Mar, 2013 2 commits
-
-
Murthy Narkedimilli authored
-
Murthy Narkedimilli authored
-
- 18 Mar, 2013 2 commits
-
-
Sujatha Sivakumar authored
Problem: ======= Found using AddressSanitizer testing. The mysqlbinlog utility may result in out-of-bound heap buffer reads and thus, undefined behaviour, when processing RBR events in the old (pre-5.1 GA) format. The following code in process_event() would only be correct if Rows_log_event was the base class for Write,Update,Delete_rows_log_event_old classes: case PRE_GA_WRITE_ROWS_EVENT: case PRE_GA_DELETE_ROWS_EVENT: case PRE_GA_UPDATE_ROWS_EVENT: ... Rows_log_event *e= (Rows_log_event*) ev; Table_map_log_event *ignored_map= print_event_info->m_table_map_ignored.get_table(e->get_table_id()); ... if (e->get_flags(Rows_log_event::STMT_END_F)) { ... } However, Rows_log_event is only the base class for the Write,Update_Delete_rows_event family of classes, but not for their *_old counterparts. So the above typecasts are incorrect for the old-format RBR events and may result (and do result according to AddressSanitizer reports) in reading memory outside of the previously allocated on heap buffer. Fix: === The above mentioned invalid type cast has been replaced with appropriate old counterpart. Note:The above mentioned issue is present only mysql-5.1 and 5.5. This is fixed in mysql-5.6 and above as part of Bug#55790. Hence few of the relevant changes of Bug#55790 are being back ported to fix the current issue.
-
Nirbhay Choubey authored
INTERACTIVE MODE In interactive mode, libedit/readline allocates memory for every new line entered & later the allocated memory never gets freed. Fixed by freeing the allocated memory blocks appropriately.
-
- 15 Mar, 2013 1 commit
-
-
Venkatesh Duggirala authored
Back porting fix from mysql-5.5
-
- 14 Mar, 2013 1 commit
-
-
Sergey Glukhov authored
Item_func_group_concat::copy_or_same() creates a copy of original object. It also creates a copy of ORDER structure because ORDER struct elements may be modified in find_order_in_list() called from Item_func_group_concat::setup(). As ORDER copy is created using memcpy, ORDER::next elements point to original ORDER structs. Thus find_order_in_list() called from EXECUTE stmt modifies ordinal ORDER item pointers so they point to runtime items, these items are freed after execution, so original ORDER structure becomes invalid. The fix is to properly update ORDER::next fields so that they point to new ORDER elements.
-
- 13 Mar, 2013 2 commits
-
-
Venkatesh Duggirala authored
COLUMNS ARE USED INSIDE A STORED PROCEDURE Post-push fix. String::operator=() in client/sql_string.h also needs to be updated with fix.
-
mysql-builder@oracle.com authored
No commit message
-
- 12 Mar, 2013 1 commit
-
-
Venkatesh Duggirala authored
COLUMNS ARE USED INSIDE A STORED PROCEDURE Problem: The operator '=' overload method inside 'String' class is not coping str_charset member from R.H.S object to L.H.S object. Hence charset is wrongly set while using string assignments Analaysis: The above mentioned problem is identified while doing the analaysis of bug#14593883. Though the test scenario mentioned in the bug page is not an issue in mysql-5.1 code, the actual root cause ie., "str_charset member is not copied" exists in the mysql-5.1 code base. Fix: Handle coping str_charset member in operator '=' overload method.
-