1. 22 Mar, 2013 3 commits
  2. 21 Mar, 2013 4 commits
    • Nirbhay Choubey's avatar
      27bce2a2
    • Nirbhay Choubey's avatar
      Bug#12671635 HELP-TABLEFORMAT DOESN'T MATCH HELP-FILES · f8f88bee
      Nirbhay Choubey authored
      As current size limit of 'url' field of help_topic
      table is no longer sufficient for the contents of
      the fill_help_tables-5.1.sql. So, loading the contents
      in the table might result in warning (or error with
      stricter modes).
      
      Updated the type for 'url' field of help_topic as well
      as help_category tables from char(128) to text.
      f8f88bee
    • Nirbhay Choubey's avatar
      Bug#16500013 : ADD VERSION CHECK TO MYSQL_UPGRADE · f5b4c8f1
      Nirbhay Choubey authored
      (Based on Sinisa's patch)
      
      Added a version checking facility to mysql_upgrade.
      The versions used for checking is the version of the
      server that mysql_upgrade is going to upgrade and the
      server version that mysql_upgrade was build/distributed
      with.
      Also added an option '--version-check' to enable/disable
      the version checking.
      f5b4c8f1
    • Annamalai Gurusami's avatar
      Bug #16051728 SERVER CRASHES IN ADD_IDENTIFIER ON CONCURRENT ALTER TABLE AND · 63dc91d7
      Annamalai Gurusami authored
      SHOW ENGINE INNOD
      
      Problem:
      
      The purpose of explain_filename() is to provide useful additional
      information regarding the partitions given the filename.  This function
      was returning an error when it was not able to parse the given filename.
      For example, within InnoDB, temporary files are created with #sql-
      prefix.  But this function was not able to parse it correctly.
      
      Solution:
      
      It is not an error, if explain_filename() could not parse the given
      filename.  If there is no partition information to explain, then silently
      return from the function.
      
      rb#1940 approved by mattiasj
      63dc91d7
  3. 20 Mar, 2013 3 commits
  4. 19 Mar, 2013 1 commit
  5. 20 Mar, 2013 1 commit
    • Jorgen Loland's avatar
      Bug#16394084: LOOSE INDEX SCAN WITH QUOTED INT PREDICATE · 015c320a
      Jorgen Loland authored
                    RETURNS RANDOM DATA
                       
      MySQL 5.5 specific version of bugfix.
            
      When Loose Index Scan Range access is used, MySQL execution needs
      to copy non-aggregated fields. end_send() checked if this was
      necessary by checking if join_tab->select->quick had type
      QS_TYPE_GROUP_MIN_MAX.
            
      In this bug, however, MySQL created a sort index to sort the rows
      read from this range access method. create_sort_index() deletes
      join_tab->select->quick which makes it impossible to inquire
      the join_tab if LIS has been used.
            
      The fix for MySQL 5.5 is to introduce a variable in JOIN_TAB
      that stores whether or not LIS has been used. There is no need
      for this variable in later MySQL versions because the relevant
      code has been refactored.
      015c320a
  6. 19 Mar, 2013 5 commits
  7. 18 Mar, 2013 1 commit
    • Vasil Dimov's avatar
      Fix Bug#16400412 UNNECESSARY DICT_UPDATE_STATISTICS DURING CONCURRENT · 90b3eefb
      Vasil Dimov authored
      UPDATES
      
      After checking that the table has changed too much in
      row_update_statistics_if_needed() and calling dict_update_statistics(),
      also check if the same condition holds after acquiring the table stats
      latch. This is to avoid multiple threads concurrently entering and
      executing the stats update code.
      
      Approved by:	Marko (rb:2186)
      90b3eefb
  8. 19 Mar, 2013 2 commits
  9. 18 Mar, 2013 5 commits
    • Sujatha Sivakumar's avatar
      merge from mysql-5.1 to mysql-5.5 · c4837b36
      Sujatha Sivakumar authored
      c4837b36
    • Sujatha Sivakumar's avatar
      Bug#14771299 OUT-OF-BOUND READS WRITE IN MYSQLBINLOG · ddc0cff3
      Sujatha Sivakumar authored
      Problem:
      =======
      Found using AddressSanitizer testing.
      
      The mysqlbinlog utility may result in out-of-bound heap
      buffer reads and thus, undefined behaviour, when processing
      RBR events in the old (pre-5.1 GA) format.
      
      The following code in process_event() would only be correct
      if Rows_log_event was the base class for
      Write,Update,Delete_rows_log_event_old classes:
      
          case PRE_GA_WRITE_ROWS_EVENT:
          case PRE_GA_DELETE_ROWS_EVENT:
          case PRE_GA_UPDATE_ROWS_EVENT:
      ...
              Rows_log_event *e= (Rows_log_event*) ev;
              Table_map_log_event *ignored_map=
                print_event_info->m_table_map_ignored.get_table(e->get_table_id());
      ...
              if (e->get_flags(Rows_log_event::STMT_END_F))
              {
      ...
              }
      
      However, Rows_log_event is only the base class for the
      Write,Update_Delete_rows_event family of classes, but not
      for their *_old counterparts. So the above typecasts are
      incorrect for the old-format RBR events and may result (and
      do result according to AddressSanitizer reports) in reading
      memory outside of the previously allocated on heap buffer.
      
      Fix:
      ===
      The above mentioned invalid type cast has been replaced with
      appropriate old counterpart.
      
      Note:The above mentioned issue is present only mysql-5.1 and
      5.5. This is fixed in mysql-5.6 and above as part of 
      Bug#55790. Hence few of the relevant changes of Bug#55790 are
      being back ported to fix the current issue.
      ddc0cff3
    • Neeraj Bisht's avatar
      Bug #16076289 : BACKPORT FIX FOR BUG #14786792 TO 5.5 · 913d6e23
      Neeraj Bisht authored
      	
      	Backport the changes for bug#14786792 which is regression 
      	of fix for bug#11761854.So backported both changes.
      913d6e23
    • Nirbhay Choubey's avatar
      fb401ad3
    • Nirbhay Choubey's avatar
      Bug#14685362 : MEMORY LEAKS IN MYSQL CLIENT IN · 78eb5818
      Nirbhay Choubey authored
        INTERACTIVE MODE
      
      In interactive mode, libedit/readline allocates memory
      for every new line entered & later the allocated memory
      never gets freed.
      
      Fixed by freeing the allocated memory blocks appropriately.
      78eb5818
  10. 15 Mar, 2013 2 commits
  11. 14 Mar, 2013 3 commits
    • Tor Didriksen's avatar
      Bug#16359402 CRASH WITH AGGREGATES: ASSERTION FAILED: N < M_SIZE · f4d2b576
      Tor Didriksen authored
      We need to take 'n_sum_items' into the calculation
      when allocating the ref_ptr_array.
      f4d2b576
    • Sergey Glukhov's avatar
      5.1 -> 5.5 merge · 17ee332d
      Sergey Glukhov authored
      17ee332d
    • Sergey Glukhov's avatar
      Bug#16075310 SERVER CRASH OR VALGRIND ERRORS IN ITEM_FUNC_GROUP_CONCAT::SETUP AND ::ADD · ca5caac1
      Sergey Glukhov authored
      Item_func_group_concat::copy_or_same() creates a copy of original object.
      It also creates a copy of ORDER structure because ORDER struct elements may
      be modified in find_order_in_list() called from Item_func_group_concat::setup().
      As ORDER copy is created using memcpy, ORDER::next elements point to original
      ORDER structs. Thus find_order_in_list() called from EXECUTE stmt modifies
      ordinal ORDER item pointers so they point to runtime items, these items are
      freed after execution, so original ORDER structure becomes invalid.
      The fix is to properly update ORDER::next fields so that they point to
      new ORDER elements.
      ca5caac1
  12. 13 Mar, 2013 5 commits
  13. 12 Mar, 2013 5 commits
    • Venkatesh Duggirala's avatar
      BUG#14593883-REPLICATION BREAKS WHEN SET DATA TYPE · e68bc5e8
      Venkatesh Duggirala authored
      COLUMNS ARE USED INSIDE A STORED PROCEDURE                                      
                                                                                      
      Problem: When 'SET' type columns are used in a DML                              
      inside a stored procedure and a NULL value is passed                            
      to that column, replication is breaking.                                        
                                                                                      
      Analysis: All stored procedure variables used inside                            
      a DML will be substituted with NAME_CONST functions.                            
      While NAME_CONST are used in this particular scenario,                          
      i.e., when NULL value is passed then charset is copied                          
      from 'empty_set_string' member of Field_set class.                              
      The operator '=' overload method inside 'String' class                          
      is not coping str_charset from R.H.S object to L.H.S object.                    
      Hence charset is wrongly copied in the string assignment                        
                                                                                      
      Fix: Handle coping str_charset member in operator '=' overload                  
      method.
      e68bc5e8
    • Venkatesh Duggirala's avatar
      BUG#14593883-REPLICATION BREAKS WHEN SET DATA TYPE · 5b523ee7
      Venkatesh Duggirala authored
      COLUMNS ARE USED INSIDE A STORED PROCEDURE                                      
                                                                                      
      Problem: The operator '=' overload method inside
      'String' class is not coping str_charset member from
      R.H.S object to L.H.S object. Hence charset is wrongly
      set while using string assignments
      
      Analaysis: The above mentioned problem is
      identified while doing the analaysis of bug#14593883.
      Though the test scenario mentioned in the bug page
      is not  an issue in mysql-5.1 code, the actual root cause
      ie., "str_charset member is not copied" exists in the 
      mysql-5.1 code base. 
      
      Fix: Handle coping str_charset member in operator '=' overload                  
      method.
      5b523ee7
    • Marko Mäkelä's avatar
      Bug#16409715 ASSERT SYNC_THREAD_LEVELS_G(ARRAY, LEVEL - 1, TRUE), · 37134f61
      Marko Mäkelä authored
      IBUF, FREE SPACE MANAGEMENT
      
      ibuf_merge_or_delete_for_page(): Declare the user index page latched
      for UNIV_SYNC_DEBUG after opening the change buffer cursor. This
      should avoid the bogus latching order violation.
      
      ibuf_delete_rec(): Add assertions to the callers, checking that the
      mini-transaction was committed when the function returned TRUE. This
      is a non-functional change, just clarifying the code.
      
      rb#2136 approved by Kevin Lewis
      37134f61
    • Marko Mäkelä's avatar
      Merge mysql-5.1 to mysql-5.5. · 7f9ddb84
      Marko Mäkelä authored
      7f9ddb84
    • Marko Mäkelä's avatar
      Bug#16463505 PESSIMISTIC PAGE_ZIP_AVAILABLE() MAY CAUSE INFINITE PAGE SPLIT · 1a2cb3de
      Marko Mäkelä authored
      For a fresh insert, page_zip_available() was counting some fields twice.
      In the worst case, the compressed page size grows by PAGE_ZIP_DIR_SLOT_SIZE
      plus the size of the record that is being inserted. The size of the record
      already includes the fields that will be stored in the uncompressed portion
      of the compressed page.
      
      page_zip_get_trailer_len(): Remove the output parameter entry_size,
      because no caller is interested in it.
      
      page_zip_max_ins_size(), page_zip_available(): Assume that the page grows
      by PAGE_ZIP_DIR_SLOT_SIZE and the record size (which includes the fields
      that would be stored in the uncompressed portion of the page).
      
      rb#2169 approved by Sunny Bains
      1a2cb3de