1. 07 Apr, 2014 2 commits
  2. 04 Apr, 2014 1 commit
  3. 03 Apr, 2014 1 commit
  4. 14 Mar, 2014 1 commit
  5. 12 Mar, 2014 1 commit
  6. 06 Mar, 2014 2 commits
  7. 28 Feb, 2014 1 commit
  8. 25 Feb, 2014 2 commits
  9. 17 Feb, 2014 2 commits
  10. 12 Feb, 2014 2 commits
    • Vamsikrishna Bhagi's avatar
      Bug #18186103 BUFFER OVERFLOW IN CLIENT · c187840b
      Vamsikrishna Bhagi authored
      Problem: While printing the Server version, mysql client
               doesn't check for the buffer overflow in a
               String variable.
      
      Solution: Used a different print function which checks the
                allocated length before writing into the string.
      c187840b
    • Neeraj Bisht's avatar
      Bug#17075846 - UNQUOTED FILE NAMES FOR VARIABLE VALUES ARE · a3123b84
      Neeraj Bisht authored
      	       ACCEPTED BUT PARSED INCORRECTLY
      
      When we are setting the value in a system variable, 
      We can set it like 
      
      set sys_var="Iden1.Iden2";		//1
      set sys_var='Iden1.Iden2';		//2
      set sys_var=Iden1.Iden2;		//3
      set sys_var=.ident1.ident2; 		//4
      set sys_var=`Iden1.Iden2`;		//5
      
      
      While parsing, for case 1(when ANSI_QUOTES is enable) and 2,
      we will take as string literal(we will make item of type Item_string).
      for case 3 & 4, taken as Item_field, where Iden1 is a table name and
      iden2 is a field name.
      for case 5, again Item_field type, where iden1.iden2 is taken as
      field name.
      
      
      Now in case 1, when we are assigning some value to system variable
      (which can take string or enumerate type data), we are setting only 
      field part.
      This means only iden2 value will be set for system variable. This 
      result in wrong result.
      
      Solution:
      
      (for string type) We need to Document that we are not allowed to set 
      system variable which takes string as identifier, otherwise result 
      in unexpected behaviour.
      
      (for enumerate type)
      if we pass iden1.iden2, we will give an error ER_WRONG_TYPE_FOR_VAR
      (Incorrect argument type to variable).
      a3123b84
  11. 11 Feb, 2014 3 commits
  12. 10 Feb, 2014 1 commit
    • Thirunarayanan B's avatar
      Bug #14049391 INNODB MISCALCULATES AUTO-INCREMENT AFTER DECREASING · 7c12a9e5
      Thirunarayanan B authored
                              AUTO_INCREMENT_INCREMENT
      Problem:
      =======
      When auto_increment_increment system variable decreases,
      immediate next value of auto increment column is not affected.
      
      Solution:
      ========
      	Get the previous inserted value of auto increment column by
      subtracting the previous auto_increment_increment from next
      auto increment value. After that calculate the current autoinc value
      using newly changed auto_increment_increment variable.
      
      	Approved by Sunny [rb#4394]
      7c12a9e5
  13. 06 Feb, 2014 2 commits
    • Murthy Narkedimilli's avatar
    • Anirudh Mangipudi's avatar
      Bug#14211271 ISSUES WITH SSL ON DEBIAN WHEEZY I386 AND KFREEBSD-I386 · 1747a456
      Anirudh Mangipudi authored
      Problem:
      It was reported that on Debian and KFreeBSD platforms, i386 architecture 
      machines certain SSL tests are failing. main.ssl_connect  rpl.rpl_heartbeat_ssl
      rpl.rpl_ssl1 rpl.rpl_ssl main.ssl_cipher, main.func_encrypt were the tests that
       were reportedly failing (crashing). The reason for the crashes are said to be
      due to the assembly code of yaSSL.
      
      Solution:
      There was initially a workaround suggested i.e., to enable 
      -DTAOCRYPT_DISABLE_X86ASM flag which would prevent the crash, but at an expense
       of 4X reduction of speed. Since this was unacceptable, the fix was the 
      functions using assembly, now input variables from the function call using 
      extended inline assembly on GCC instead of relying on direct assembly code.
      1747a456
  14. 04 Feb, 2014 2 commits
  15. 03 Feb, 2014 1 commit
  16. 31 Jan, 2014 2 commits
    • 's avatar
      Merge from mysql-5.5.36-release · 1db027f3
      authored
      1db027f3
    • Praveenkumar Hulakund's avatar
      Bug#14117012 - CHILD PROCESS MYSQL UTILITIES PICKING UP LOCAL · ff4040ee
      Praveenkumar Hulakund authored
                     CONFIG FILES CAUSES TEST
      
      Utility as "mysql_upgrade" forks "mysql"/"mysqlcheck". Attaching
      "mysql_upgrade" shows following calls after forking "mysql" or
      "mysql_check" when configuration file information is passed as
      first argument to "mysql_upgrade".
      
      strace -f ./mysql_upgrade --defaults-file=../pdb/my.cnf --socket=../pdb/mysql.sock -f
      
      [pid  6254] stat("/etc/my.cnf", 0x7fff8e772680) = -1 ENOENT (No such file or directory)
      [pid  6254] stat("/etc/mysql/my.cnf", 0x7fff8e772680) = -1 ENOENT (No such file or directory)
      [pid  6254] stat("/usr/local/mysql/etc/my.cnf", 0x7fff8e772680) = -1 ENOENT (No such file or directory)
      [pid  6254] stat("/home/user_name/.my.cnf", {st_mode=S_IFREG|0664, st_size=19, ...}) = 0
      [pid  6254] open("/home/user_name/.my.cnf", O_RDONLY) = 3
      
      
      But when tool forks "mysqlcheck"/"mysql", "--no-defaults" is passed
      as first argument. Before forking, in function "find_tool" of
      "mysql_upgrade", check is made to verify whether tool can be
      executable or not by calling "mysqlcheck --help" and "mysql --help".
      But argument "--no-defaults", "--defaults-file" or
      "defaults-extra-file" is not passed to "mysql" and "mysqlcheck".
      So my.cnf is searched in default paths.
      
      Fix:
      ------
      Modified code to pass "--no-defaults" as first argument to "mysql"
      and "mysqlcheck" while checking tool can be executed or not.
      ff4040ee
  17. 30 Jan, 2014 2 commits
    • Ritheesh Vedire's avatar
      Bug#16814264: FILTER OUT THE PERFORMANCE_SCHEMA RELAY LOG EVENTS FROM RELAY LOG · 44c56d37
      Ritheesh Vedire authored
        Performance schema tables are local to a server and they should not
        be allowed to be executed by the slave from the relay log.
        From 5.6.10, P_S events are not written into the binary log.
        But prior to that, from mysql 5.5 onwards, P_S events are written 
        to the binary log by master.
        The following are problematic scenarios:
            
        1. Master 5.5 -> Slave 5.5
           ========================
          A) RBR: Slave crashes
          B) SBR: P_S statements are replicated.
            
        2.Master 5.5 -> Slave 5.6
          ========================
          A) RBR: SQL thd generates error
          B) SBR : P_S statements are replicated
            
        3. 5.5 binlog executed on a server 5.5 using mysqlbinlog|mysql
           =================================================================
           A) RBR: Server crash  (because of BINLOG'... statement)
           B) SBR: P_S statements are executed
            
        4. 5.5 binlog executed on server 5.6 using mysqlbinlog|mysql
           ================================================================
           A) RBR: SQL error (because of BINLOG'... statement)
           B) SBR: P_S statements are executed.
            
            
          The generalized behaviour should be:
          a) Slave SQL thread should certainly ignore P_S events read from
             the relay log.
          b) mysqlbinlog|mysql should replay the binlog succesfully.
            
      44c56d37
    • Annamalai Gurusami's avatar
      Bug #14668683 ASSERT REC_GET_DELETED_FLAG(REC, PAGE_IS_COMP(PAGE)) · 761735d9
      Annamalai Gurusami authored
      Problem:
      
      The function row_upd_changes_ord_field_binary() is used to decide whether to
      use row_upd_clust_rec_by_insert() or row_upd_clust_rec().  The function
      row_upd_changes_ord_field_binary() does not make use of charset information.
      Based on binary comparison it decides that r1 and r2 differ in their ordering
      fields.
      
      In the function row_upd_clust_rec_by_insert(), an update is done by delete +
      insert.  These operations internally make use of cmp_dtuple_rec_with_match()
      to compare records r1 and r2.  This comparison takes place with the use of
      charset information.
      
      This means that it is possible for the deleted record to be reused in the
      subsequent insert.  In the given scenario, the characters 'a' and 'A' are
      considered equal in the my_charset_latin1.  When this happens, the ownership
      information of externally stored blobs are not correctly handled.
      
      Solution:
      
      When an update is done by delete followed by insert, disown the relevant
      externally stored fields during the delete marking itself (within the same
      mtr).  If the insert succeeds, then nothing with respect to blob ownership
      needs to be done.  If the insert fails, then the disown done earlier will be
      removed when the operation is rolled back.
      
      rb#4479 approved by Marko.
      761735d9
  18. 24 Jan, 2014 1 commit
    • bin.x.su@oracle.com's avatar
      BUG 18117322 - DEFINE INNODB_THREAD_SLEEP_DELAY MAX VALUE · de6cdc79
      bin.x.su@oracle.com authored
      The maximum value for innodb_thread_sleep_delay is 4294967295 (32-bit) or
      18446744073709551615 (64-bit) microseconds. This is way too big, since
      the max value of innodb_thread_sleep_delay is limited by
      innodb_adaptive_max_sleep_delay if that value is set to non-zero value
      (its default is 150,000).
      
      Solution
      The maximum value of innodb_thread_sleep_delay should be the same as
      the maximum value of innodb_adaptive_max_sleep_delay, which is 1000000.
      
      Approved by Jimmy, rb#4429
      de6cdc79
  19. 23 Jan, 2014 1 commit
    • Tor Didriksen's avatar
      Backport of Bug#16809055 MYSQL 5.6 AND 5.7 STILL USE LIBMYSQLCLIENT.SO.18 · 2bdffb1d
      Tor Didriksen authored
      Backported only the softlink part of the patch,
      *not* the bumping of library version.
      
      With this patch, the libmysql/ directory contains:
      libmysqlclient.a
      libmysqlclient_r.a -> libmysqlclient.a
      libmysqlclient_r.so -> libmysqlclient.so*
      libmysqlclient_r.so.18 -> libmysqlclient.so.18*
      libmysqlclient_r.so.18.0.0 -> libmysqlclient.so.18.0.0*
      libmysqlclient.so -> libmysqlclient.so.18*
      libmysqlclient.so.18 -> libmysqlclient.so.18.0.0*
      libmysqlclient.so.18.0.0*
      2bdffb1d
  20. 16 Jan, 2014 2 commits
  21. 13 Jan, 2014 1 commit
    • Thayumanavar's avatar
      BUG#18054998 - BACKPORT FIX FOR BUG#11765785 to 5.5 · c7ca708f
      Thayumanavar authored
      This is a backport of the patch of bug#11765785. Commit message
      by Prabakaran Thirumalai from bug#11765785 is reproduced below:
      Description:
      ------------
      Global Query ID (global_query_id ) is not incremented for PING and 
      statistics command. These two query types are filtered before 
      incrementing the global query id. This causes race condition and 
      results in duplicate query id for different queries originating from 
      different connections.
            
      Analysis:
      ---------
      sqlparse.cc::dispath_command() is the only place in code which sets 
      thd->query_ id to global_query_id and then increments it based on the 
      query type. In all other places it is incremented first and then 
      assigned to thd->query_id.
            
      This is done such that global_query_id is not incremented for PING 
      and statistics commands in dispatch_command() function.
            
      Fix:
      ----
      As per suggestion from Serg, "There is no reason to skip query_id for 
      the PING and STATISTICS command.", removing the check which filters 
      PING and statistics commands.
            
      Instead of using get_query_id() and next_query_id() which can still 
      cause race condition if context switch happens soon after executing 
      get_query_id(), changing the code to use next_query_id() instead of 
      get_query_id() as it is done in other parts of code which deals with 
      global_query_id.
            
      Removed get_query_id() function and forced next_query_id() caller 
      to use the return value by specifying warn_unused_result attribute.
      c7ca708f
  22. 11 Jan, 2014 1 commit
    • Venkata Sidagam's avatar
      Bug #17760379 COLLATIONS WITH CONTRACTIONS BUFFER-OVERFLOW THEMSELVES IN THE FOOT · ff061486
      Venkata Sidagam authored
      Description: A typo in create_tailoring() causes the "contraction_flags" to be written
      into cs->contractions in the wrong place. This causes two problems:
      (1) Anyone relying on `contraction_flags` to decide "could this character be
      part of a contraction" is 100% broken.
      (2) Anyone relying on `contractions` to determine the weight of a contraction
      is mostly broken
      
      Analysis: When we are preparing the contraction in create_tailoring(), we are corrupting the 
      cs->contractions memory location which is supposed to store the weights(8k) + contraction information(256 bytes). We started storing the contraction information after the 4k location. This is because of logic flaw in the code.
      
      Fix: When we create the contractions, we need to calculate the contraction with (char*) (cs->contractions + 0x40*0x40) from ((char*) cs->contractions) + 0x40*0x40. This makes the "cs->contractions" to move to 8k bytes and stores the contraction information from there. Similarly when we are calculating it for like range queries we need to calculate it from the 8k bytes onwards, this can be done by changing the logic to (const char*) (cs->contractions + 0x40*0x40). And for ucs2 charsets we need to modify the my_cs_can_be_contraction_head() and my_cs_can_be_contraction_tail() to point to 8k+ locations.
      ff061486
  23. 10 Jan, 2014 1 commit
    • Sujatha Sivakumar's avatar
      Bug#17081415:>=4GB ROW EVENT CRASHES SERVER WITH WILD MEMCPY · 605aa82f
      Sujatha Sivakumar authored
      OF ROW DATA
      
      Problem:
      ========
      Inserting a row larger than 4G when server uses RBR leads
      to crash.
      
      Analysis:
      ========
      Row-based binary logging logs changes in individual table
      rows. During the execution of DML statements in RBR the
      actual row data will be stored within "m_rows_buf" buffer
      and this buffer contents will be written to binary log.
      "m_rows_buf" is prepared within the following function
      "Rows_log_event::do_add_row_data".
      
      When a huge row is specified as in this bug scenario where
      row size is 4294971520 > UINT_MAX (4294967295) then the
      "m_rows_buf" is reallocated to accommodate the row data and
      then the row is copied to the buffer. During this realloc
      call, the length is getting type casted to "uint" which
      results in overflow. Because of the overflow the reallocated
      memory happens to be incorrect than what was requested
      and it results in a crash during copy of rowdata to buffer.
      
      Hence rows of size > 4GB cannot be written to binary log.
      By default the event_length can be stored within 4 bytes
      which in turn restricts an event's size to grow. Hence large
      rows cannot be replicated using row based replication.
      
      Fix:
      ===
      An error is generated if the row size exceeds 4GB value.
      605aa82f
  24. 09 Jan, 2014 4 commits
  25. 08 Jan, 2014 1 commit
    • Aditya A's avatar
      Bug#16287752 INNODB_DATA_FILE_PATH MINIMUM SIZE · 657ffcd7
      Aditya A authored
                      IN DOCUMENTATION
      Problem 
      -------
      The documentation says that we support 'K' prefix 
      while specifiying size for innodb datafile in the
      server variable for innodb_data_file_path ,but the
      function srv_parse_megabytes() only handles only 
      'M' (megabytes) and 'G' (gigabytes) .
      
      Fix
      ---
      Modify srv_parse_megabytes() to handle Kilobytes. 
      
      Add in documentation that while specifying size 
      in KB it should be mentioned in multiples of 1024
      other wise they will be rounded off to nearest
      MB (megabyte) boundry .(eg if size mentioned
      as 2313KB will be considered as 2 MB ).
      
      [ Approved by Marko #rb 2387 ]
      657ffcd7