1. 15 Dec, 2010 4 commits
  2. 14 Dec, 2010 13 commits
    • Gleb Shchepa's avatar
      automerge 5.1-bugteam --> 5.5-bugteam · 935ca4b3
      Gleb Shchepa authored
      935ca4b3
    • Gleb Shchepa's avatar
    • Gleb Shchepa's avatar
      backport of bug #54476 fix from 5.1-bugteam to 5.0-bugteam. · 086130e3
      Gleb Shchepa authored
      Original revid: alexey.kopytov@sun.com-20100723115254-jjwmhq97b9wl932l
      
       > Bug #54476: crash when group_concat and 'with rollup' in
       >                      prepared statements
       >
       > Using GROUP_CONCAT() together with the WITH ROLLUP modifier
       > could crash the server.
       >
       > The reason was a combination of several facts:
       >
       > 1. The Item_func_group_concat class stores pointers to ORDER
       > objects representing the columns in the ORDER BY clause of
       > GROUP_CONCAT().
       >
       > 2. find_order_in_list() called from
       > Item_func_group_concat::setup() modifies the ORDER objects so
       > that their 'item' member points to the arguments list
       > allocated in the Item_func_group_concat constructor.
       >
       > 3. In some cases (e.g. in JOIN::rollup_make_fields) a copy of
       > the original Item_func_group_concat object could be created by
       > using the Item_func_group_concat::Item_func_group_concat(THD
       > *thd, Item_func_group_concat *item) copy constructor. The
       > latter essentially creates a shallow copy of the source
       > object. Memory for the arguments array is allocated on
       > thd->mem_root, but the pointers for arguments and ORDER are
       > copied verbatim.
       >
       > What happens in the test case is that when executing the query
       > for the first time, after a copy of the original
       > Item_func_group_concat object has been created by
       > JOIN::rollup_make_fields(), find_order_in_list() is called for
       > this new object. It then resolves ORDER BY by modifying the
       > ORDER objects so that they point to elements of the arguments
       > array which is local to the cloned object. When thd->mem_root
       > is freed upon completing the execution, pointers in the ORDER
       > objects become invalid. Those ORDER objects, however, are also
       > shared with the original Item_func_group_concat object which is
       > preserved between executions of a prepared statement. So the
       > first call to find_order_in_list() for the original object on
       > the second execution tries to dereference an invalid pointer.
       >
       > The solution is to create copies of the ORDER objects when
       > copying Item_func_group_concat to not leave any stale pointers
       > in other instances with different lifecycles.
      
      
      mysql-test/r/func_gconcat.result:
        Test case for bug #54476.
      mysql-test/t/func_gconcat.test:
        Test case for bug #54476.
      sql/item_sum.cc:
        Copy the ORDER objects pointed to by the elements of the
        'order' array in the copy constructor of
        Item_func_group_concat.
      sql/table.h:
        Removed the unused 'item_copy' member of the ORDER class.
      086130e3
    • Luis Soares's avatar
      BUG 46697 · f8a701e8
      Luis Soares authored
      Automerging mysql-5.1-bugteam into mysql-5.5-bugteam.
      f8a701e8
    • Luis Soares's avatar
      BUG#46697 · 74a54b0d
      Luis Soares authored
      Autmoerging into latest mysql-5.1-bugteam.
      74a54b0d
    • Luis Soares's avatar
      BUG 46697 · 92a0463e
      Luis Soares authored
      Addressing review comments.
      92a0463e
    • Luis Soares's avatar
      4d314248
    • Sergey Glukhov's avatar
      0cdc8007
    • Sergey Glukhov's avatar
      Bug#57818 string conversion function died · 76627d5f
      Sergey Glukhov authored
      Bug#57913 large negative number to string conversion functions crash
      String object which is used as result container of the item
      has uninitialized 'str_charset' field. This object
      might be used later to preform some internal operations
      and str_charset field is involved in these operations.
      It leads to crash.
      The fix is to intialize str_charset in my_decimal2string() func.
      
      
      mysql-test/r/func_str.result:
        test case
      mysql-test/t/func_str.test:
        test case
      sql/my_decimal.cc:
        intialize str_charset field for result string
        in my_decimal2string() func.
      76627d5f
    • Mattias Jonsson's avatar
      merge · a0a63b31
      Mattias Jonsson authored
      a0a63b31
    • Mattias Jonsson's avatar
      merge · 26a36d89
      Mattias Jonsson authored
      26a36d89
    • Mattias Jonsson's avatar
      Bug#45717: A few test cases are disabled due to closed Bug#30577 · 21c146d5
      Mattias Jonsson authored
      Backport from 5.5. OK from Anitha G. to push to 5.1.
      
      Removed floor(float_col) tests, enabled floor(decimal_col) tests
      21c146d5
    • Sergey Glukhov's avatar
      Fixed following problems: · fcb83cbf
      Sergey Glukhov authored
      --Bug#52157 various crashes and assertions with multi-table update, stored function
      --Bug#54475 improper error handling causes cascading crashing failures in innodb/ndb
      --Bug#57703 create view cause Assertion failed: 0, file .\item_subselect.cc, line 846
      --Bug#57352 valgrind warnings when creating view
      --Recently discovered problem when a nested materialized derived table is used
        before being populated and it leads to incorrect result
      
      We have several modes when we should disable subquery evaluation.
      The reasons for disabling are different. It could be
      uselessness of the evaluation as in case of 'CREATE VIEW'
      or 'PREPARE stmt', or we should disable subquery evaluation
      if tables are not locked yet as it happens in bug#54475, or
      too early evaluation of subqueries can lead to wrong result
      as it happened in Bug#19077.
      Main problem is that if subquery items are treated as const
      they are evaluated in ::fix_fields(), ::fix_length_and_dec()
      of the parental items as a lot of these methods have
      Item::val_...() calls inside.
      We have to make subqueries non-const to prevent unnecessary
      subquery evaluation. At the moment we have different methods
      for this. Here is a list of these modes:
      
      1. PREPARE stmt;
      We use UNCACHEABLE_PREPARE flag.
      It is set during parsing in sql_parse.cc, mysql_new_select() for
      each SELECT_LEX object and cleared at the end of PREPARE in
      sql_prepare.cc, init_stmt_after_parse(). If this flag is set
      subquery becomes non-const and evaluation does not happen.
      
      2. CREATE|ALTER VIEW, SHOW CREATE VIEW, I_S tables which
         process FRM files
      We use LEX::view_prepare_mode field. We set it before
      view preparation and check this flag in
      ::fix_fields(), ::fix_length_and_dec().
      Some bugs are fixed using this approach,
      some are not(Bug#57352, Bug#57703). The problem here is
      that we have a lot of ::fix_fields(), ::fix_length_and_dec()
      where we use Item::val_...() calls for const items.
      
      3. Derived tables with subquery = wrong result(Bug19077)
      The reason of this bug is too early subquery evaluation.
      It was fixed by adding Item::with_subselect field
      The check of this field in appropriate places prevents
      const item evaluation if the item have subquery.
      The fix for Bug19077 fixes only the problem with
      convert_constant_item() function and does not cover
      other places(::fix_fields(), ::fix_length_and_dec() again)
      where subqueries could be evaluated.
      
      Example:
      CREATE TABLE t1 (i INT, j BIGINT);
      INSERT INTO t1 VALUES (1, 2), (2, 2), (3, 2);
      SELECT * FROM (SELECT MIN(i) FROM t1
      WHERE j = SUBSTRING('12', (SELECT * FROM (SELECT MIN(j) FROM t1) t2))) t3;
      DROP TABLE t1;
      
      4. Derived tables with subquery where subquery
         is evaluated before table locking(Bug#54475, Bug#52157)
      
      Suggested solution is following:
      
      -Introduce new field LEX::context_analysis_only with the following
       possible flags:
       #define CONTEXT_ANALYSIS_ONLY_PREPARE 1
       #define CONTEXT_ANALYSIS_ONLY_VIEW    2
       #define CONTEXT_ANALYSIS_ONLY_DERIVED 4
      -Set/clean these flags when we perform
       context analysis operation
      -Item_subselect::const_item() returns
       result depending on LEX::context_analysis_only.
       If context_analysis_only is set then we return
       FALSE that means that subquery is non-const.
       As all subquery types are wrapped by Item_subselect
       it allow as to make subquery non-const when
       it's necessary.
      
      
      mysql-test/r/derived.result:
        test case
      mysql-test/r/multi_update.result:
        test case
      mysql-test/r/view.result:
        test case
      mysql-test/suite/innodb/r/innodb_multi_update.result:
        test case
      mysql-test/suite/innodb/t/innodb_multi_update.test:
        test case
      mysql-test/suite/innodb_plugin/r/innodb_multi_update.result:
        test case
      mysql-test/suite/innodb_plugin/t/innodb_multi_update.test:
        test case
      mysql-test/t/derived.test:
        test case
      mysql-test/t/multi_update.test:
        test case
      mysql-test/t/view.test:
        test case
      sql/item.cc:
        --removed unnecessary code
      sql/item_cmpfunc.cc:
        --removed unnecessary checks
        --THD::is_context_analysis_only() is replaced with LEX::is_ps_or_view_context_analysis()
      sql/item_func.cc:
        --refactored context analysis checks
      sql/item_row.cc:
        --removed unnecessary checks
      sql/item_subselect.cc:
        --removed unnecessary code
        --added DBUG_ASSERT into Item_subselect::exec()
          which asserts that subquery execution can not happen
          if LEX::context_analysis_only is set, i.e. at context
          analysis stage.
        --Item_subselect::const_item()
          Return FALSE if LEX::context_analysis_only is set.
          It prevents subquery evaluation in ::fix_fields &
          ::fix_length_and_dec at context analysis stage.
      sql/item_subselect.h:
        --removed unnecessary code
      sql/mysql_priv.h:
        --Added new set of flags.
      sql/sql_class.h:
        --removed unnecessary code
      sql/sql_derived.cc:
        --added LEX::context_analysis_only analysis intialization/cleanup
      sql/sql_lex.cc:
        --init LEX::context_analysis_only field
      sql/sql_lex.h:
        --New LEX::context_analysis_only field
      sql/sql_parse.cc:
        --removed unnecessary code
      sql/sql_prepare.cc:
        --removed unnecessary code
        --added LEX::context_analysis_only analysis intialization/cleanup
      sql/sql_select.cc:
        --refactored context analysis checks
      sql/sql_show.cc:
        --added LEX::context_analysis_only analysis intialization/cleanup
      sql/sql_view.cc:
        --added LEX::context_analysis_only analysis intialization/cleanup
      fcb83cbf
  3. 13 Dec, 2010 3 commits
    • Tor Didriksen's avatar
      Bug #58426 Crashing tests not failing as they are supposed to on Solaris 10 debug · fda62900
      Tor Didriksen authored
        
      On this platform we seem to get lots of other signals
      while waiting for SIGKILL to be delivered.
      
      Solution: use sigsuspend(<all signals blocked>)
      
      
      
      dbug/dbug.c:
        New function _db_suicide_() which does kill(myself, -9) and then waits forever.
      include/my_dbug.h:
        Let DBUG_SUICE wait forever until the KILL signal is delivered, and process dies.
      fda62900
    • Sergey Glukhov's avatar
      Bug#39828 : Autoinc wraps around when offset and increment > 1 · 1faf910e
      Sergey Glukhov authored
      Auto increment value wraps when performing a bulk insert with
      auto_increment_increment and auto_increment_offset greater than
      one.
      The fix:
      If overflow happened then return MAX_ULONGLONG value as an
      indication of overflow and check this before storing the
      value into the field in update_auto_increment().
      
      
      
      mysql-test/r/auto_increment.result:
        test case
      mysql-test/suite/innodb/r/innodb-autoinc.result:
        test case fix
      mysql-test/suite/innodb/t/innodb-autoinc.test:
        test case fix
      mysql-test/suite/innodb_plugin/r/innodb-autoinc.result:
        test case fix
      mysql-test/suite/innodb_plugin/t/innodb-autoinc.test:
        test case fix
      mysql-test/t/auto_increment.test:
        test case
      sql/handler.cc:
        If overflow happened then return MAX_ULONGLONG value as an
        indication of overflow and check this before storing the
        value into the field in update_auto_increment().
      1faf910e
    • Sergey Glukhov's avatar
      Bug#58396 group_concat and explain extended are still crashy · 6330815a
      Sergey Glukhov authored
      Explain fails at fix_fields stage and some items are left unfixed,
      particulary Item_group_concat. Item_group_concat::orig_args field
      is uninitialized in this case and Item_group_concat::print call 
      leads to crash.
      The fix:
      move the initialization of Item_group_concat::orig_args
      into constructor.
      
      
      mysql-test/r/func_gconcat.result:
        test case
      mysql-test/t/func_gconcat.test:
        test case
      sql/item_sum.cc:
        move the initialization of Item_group_concat::orig_args
        into constructor.
      6330815a
  4. 09 Dec, 2010 2 commits
    • Mattias Jonsson's avatar
      Bug#58831: large_tests.alter_table crashes the server · e7ef1c5c
      Mattias Jonsson authored
      The tests generates 4 Billion rows which timeouts.
      
      Removed the test from the default weekly run.
      e7ef1c5c
    • Ramil Kalimullin's avatar
      Fix for bug#48451: my_seek and my_tell ignore MY_WME flag · 0137e028
      Ramil Kalimullin authored
       my_seek() and my_tell() functions now honour MY_WME flag.
      
      
      include/mysys_err.h:
        Fix for bug#48451: my_seek and my_tell ignore MY_WME flag
          - EE_CANT_SEEK added, used in my_seek() and my_tell() functions.
      mysys/errors.c:
        Fix for bug#48451: my_seek and my_tell ignore MY_WME flag
          - EE_CANT_SEEK added, used in my_seek() and my_tell() functions.
      mysys/my_seek.c:
        Fix for bug#48451: my_seek and my_tell ignore MY_WME flag
          - my_seek() and my_tell() handle MY_WME flag.
      mysys/my_symlink.c:
        Fix for bug#48451: my_seek and my_tell ignore MY_WME flag
          - __attribute__((unused)) removed, as myf MyFlags is
        actually used in the my_realpath() function.
      storage/myisam/ha_myisam.cc:
        Fix for bug#48451: my_seek and my_tell ignore MY_WME flag
          - check my_seek() result.
      0137e028
  5. 08 Dec, 2010 1 commit
  6. 14 Dec, 2010 3 commits
  7. 13 Dec, 2010 4 commits
  8. 10 Dec, 2010 3 commits
    • Davi Arnaut's avatar
      63cf028a
    • Dmitry Shulga's avatar
      c99ed993
    • Dmitry Shulga's avatar
      Fixed bug#54486 - assert in my_seek, concurrent · 5ca6880d
      Dmitry Shulga authored
      DROP/CREATE SCHEMA, CREATE TABLE, REPAIR.
      
      The cause of assert was concurrent execution of
      DROP DATABASE and REPAIR TABLE where first statement
      deleted table's file .TMD at the same time as
      REPAIR TABLE tried to read file details from the old file
      that was just removed.
      
      Additionally was fixed trouble when DROP TABLE try delete
      all files belong to table being dropped at the same time
      when REPAIR TABLE statement has just deleted .TMD file.
      
      No regression test added because this would require adding a
      sync point to mysys/my_redel.c. Since this bug is not present in
      5.5+, adding test coverage was considered unnecessary.
      The patch has been verified using RQG testing.
      
      
      sql/sql_db.cc:
        mysql_rm_known_files() modified: ignore possible ENOENT error
        when trying delete all table's files. Such aggressive 
        algorithm permits skip already deleted (in another thread)
        files.
        
        Installation of Drop_table_error_handler as internal error handler
        moved from mysql_rm_db() to mysql_rm_knowns_files() near to place
        where source of possible errors (call to mysql_rm_table_part2) located.
      storage/myisam/mi_check.c:
        mi_repair() was modified: set param->retry_repair= 0
        in order to don't call following failover procedure
        in ha_myisam::repair().
      5ca6880d
  9. 09 Dec, 2010 7 commits