- 18 Mar, 2013 5 commits
-
-
Sujatha Sivakumar authored
-
Sujatha Sivakumar authored
Problem: ======= Found using AddressSanitizer testing. The mysqlbinlog utility may result in out-of-bound heap buffer reads and thus, undefined behaviour, when processing RBR events in the old (pre-5.1 GA) format. The following code in process_event() would only be correct if Rows_log_event was the base class for Write,Update,Delete_rows_log_event_old classes: case PRE_GA_WRITE_ROWS_EVENT: case PRE_GA_DELETE_ROWS_EVENT: case PRE_GA_UPDATE_ROWS_EVENT: ... Rows_log_event *e= (Rows_log_event*) ev; Table_map_log_event *ignored_map= print_event_info->m_table_map_ignored.get_table(e->get_table_id()); ... if (e->get_flags(Rows_log_event::STMT_END_F)) { ... } However, Rows_log_event is only the base class for the Write,Update_Delete_rows_event family of classes, but not for their *_old counterparts. So the above typecasts are incorrect for the old-format RBR events and may result (and do result according to AddressSanitizer reports) in reading memory outside of the previously allocated on heap buffer. Fix: === The above mentioned invalid type cast has been replaced with appropriate old counterpart. Note:The above mentioned issue is present only mysql-5.1 and 5.5. This is fixed in mysql-5.6 and above as part of Bug#55790. Hence few of the relevant changes of Bug#55790 are being back ported to fix the current issue.
-
Neeraj Bisht authored
Backport the changes for bug#14786792 which is regression of fix for bug#11761854.So backported both changes.
-
Nirbhay Choubey authored
-
Nirbhay Choubey authored
INTERACTIVE MODE In interactive mode, libedit/readline allocates memory for every new line entered & later the allocated memory never gets freed. Fixed by freeing the allocated memory blocks appropriately.
-
- 15 Mar, 2013 2 commits
-
-
Venkatesh Duggirala authored
Null merge from mysql-5.1
-
Venkatesh Duggirala authored
Back porting fix from mysql-5.5
-
- 14 Mar, 2013 3 commits
-
-
Tor Didriksen authored
We need to take 'n_sum_items' into the calculation when allocating the ref_ptr_array.
-
Sergey Glukhov authored
-
Sergey Glukhov authored
Item_func_group_concat::copy_or_same() creates a copy of original object. It also creates a copy of ORDER structure because ORDER struct elements may be modified in find_order_in_list() called from Item_func_group_concat::setup(). As ORDER copy is created using memcpy, ORDER::next elements point to original ORDER structs. Thus find_order_in_list() called from EXECUTE stmt modifies ordinal ORDER item pointers so they point to runtime items, these items are freed after execution, so original ORDER structure becomes invalid. The fix is to properly update ORDER::next fields so that they point to new ORDER elements.
-
- 13 Mar, 2013 5 commits
-
-
Venkatesh Duggirala authored
COLUMNS ARE USED INSIDE A STORED PROCEDURE Merging post-push fix from mysql-5.1
-
Venkatesh Duggirala authored
COLUMNS ARE USED INSIDE A STORED PROCEDURE Post-push fix. String::operator=() in client/sql_string.h also needs to be updated with fix.
-
Aditya A authored
FREED LOCK ANALYIS ------- In 5.5 code the lock_rec_block_validate() is called after releasing the kernel mutex. There is a chance that the lock might be invalid so, we are getting the valgrind error on invalid read on lock->index. FIX --- Fix would be to copy the lock->index when we are holding the kernel mutex and then pass it to the lock_rec_block_validate(). This implementation is present in 5.1 code. [ Approved by sunny rb.no.oracle.com/rb/r/2152/ ]
-
Harin Vadodaria authored
Description: Null merge from 5.1.
-
mysql-builder@oracle.com authored
No commit message
-
- 12 Mar, 2013 6 commits
-
-
Venkatesh Duggirala authored
COLUMNS ARE USED INSIDE A STORED PROCEDURE Problem: When 'SET' type columns are used in a DML inside a stored procedure and a NULL value is passed to that column, replication is breaking. Analysis: All stored procedure variables used inside a DML will be substituted with NAME_CONST functions. While NAME_CONST are used in this particular scenario, i.e., when NULL value is passed then charset is copied from 'empty_set_string' member of Field_set class. The operator '=' overload method inside 'String' class is not coping str_charset from R.H.S object to L.H.S object. Hence charset is wrongly copied in the string assignment Fix: Handle coping str_charset member in operator '=' overload method.
-
Venkatesh Duggirala authored
COLUMNS ARE USED INSIDE A STORED PROCEDURE Problem: The operator '=' overload method inside 'String' class is not coping str_charset member from R.H.S object to L.H.S object. Hence charset is wrongly set while using string assignments Analaysis: The above mentioned problem is identified while doing the analaysis of bug#14593883. Though the test scenario mentioned in the bug page is not an issue in mysql-5.1 code, the actual root cause ie., "str_charset member is not copied" exists in the mysql-5.1 code base. Fix: Handle coping str_charset member in operator '=' overload method.
-
Marko Mäkelä authored
IBUF, FREE SPACE MANAGEMENT ibuf_merge_or_delete_for_page(): Declare the user index page latched for UNIV_SYNC_DEBUG after opening the change buffer cursor. This should avoid the bogus latching order violation. ibuf_delete_rec(): Add assertions to the callers, checking that the mini-transaction was committed when the function returned TRUE. This is a non-functional change, just clarifying the code. rb#2136 approved by Kevin Lewis
-
Marko Mäkelä authored
-
Marko Mäkelä authored
For a fresh insert, page_zip_available() was counting some fields twice. In the worst case, the compressed page size grows by PAGE_ZIP_DIR_SLOT_SIZE plus the size of the record that is being inserted. The size of the record already includes the fields that will be stored in the uncompressed portion of the compressed page. page_zip_get_trailer_len(): Remove the output parameter entry_size, because no caller is interested in it. page_zip_max_ins_size(), page_zip_available(): Assume that the page grows by PAGE_ZIP_DIR_SLOT_SIZE and the record size (which includes the fields that would be stored in the uncompressed portion of the page). rb#2169 approved by Sunny Bains
-
mysql-builder@oracle.com authored
No commit message
-
- 11 Mar, 2013 2 commits
-
-
Tor Didriksen authored
The check for unsigned time_t failed, on all platforms, due to missing #include. from CMakeFiles/CMakeError.log with this patch: error: size of array array is negative without this patch: error: time_t undeclared (first use in this function)
-
mysql-builder@oracle.com authored
No commit message
-
- 08 Mar, 2013 1 commit
-
-
mysql-builder@oracle.com authored
No commit message
-
- 07 Mar, 2013 1 commit
-
-
Aditya A authored
MEM_HEAP_CREATE_BLOCK() PROBLEM ------- If we give start mysqld with the option --innodb_log_buffer_size=50GB ,then mem_area_alloc() function fails to allocate memory and returns NULL.In debug version we assert at this point,but there is no check in release version and we get a segmentation fault. FIX --- Added a log message saying that we are unable to allocate memory. After this message we assert. [Approved by Kevin http://rb.no.oracle.com/rb/r/2065 ]
-
- 05 Mar, 2013 1 commit
-
-
murthy.narkedimilli@oracle.com authored
-
- 01 Mar, 2013 1 commit
-
-
Tor Didriksen authored
Don't use CMAKE_OSX_ARCHITECTURES to determine DEFAULT_MACHINE if it is not defined. If we're 64bit, then use "x86_64" rather than "x86"
-
- 07 Mar, 2013 1 commit
-
-
Ashish Agarwal authored
PROBLEM: If multiple statements are sent by a single request then only the last statement was getting logged. An attacker can bypass the audit log just by sending two comsecutive statements in one request. SOLUTION: Each statements from a single request are logged.
-
- 06 Mar, 2013 2 commits
-
-
Annamalai Gurusami authored
INSERT WITH SAME VALUES Problem: When a transaction is in READ COMMITTED isolation level, gap locks are still taken in the secondary index, when row is inserted. This happens when the secondary index is scanned for duplicate. The function row_ins_scan_sec_index_for_duplicate() always calls the function row_ins_set_shared_rec_lock() with LOCK_ORDINARY irrespective of the transaction isolation level. Solution: The function row_ins_scan_sec_index_for_duplicate() calls the function row_ins_set_shared_rec_lock() with LOCK_ORDINARY or LOCK_REC_NOT_GAP based on the transaction isolation level. rb://2035 approved by Krunal and Marko
-
murthy.narkedimilli@oracle.com authored
-
- 05 Mar, 2013 2 commits
-
-
Inaam Rana authored
Approved by: Marko Makela (patch in bug report) Reduce the number of debug buf_validate() calls
-
ramesh.maddali@oracle.com authored
-
- 01 Mar, 2013 2 commits
-
-
Marc Alff authored
-
Venkatesh Duggirala authored
Fixing post push issue Simulator name used needs to be changed to make it work properly. Analysis: Debug control list addition (ListAddDel function dbug.c file) code was written in such a way that if new element is subset of already existing element, then the new element is not added. i.e., set @@global.debug = '+d,abcd', is existing in the list then you cannot add "a" or "ab" or "abc" in the list.
-
- 28 Feb, 2013 5 commits
-
-
Jon Olav Hauglid authored
PROBLEM AFTER MYSQL_HA_FIND This problem occured if a prepared statement tried to create a table for which there already existed a view with the same name while a SQL handler was opened. Before DDL statements are executed, mysql_ha_rm_tables() is called to remove any matching tables from the internal list of opened SQL handler tables. This match was done on TABLE_LIST::db and TABLE_LIST::table_name. This is problematic for views (which use TABLE_LIST::view_db and TABLE_LIST::view_name) and anonymous derived tables. This patch fixes the problem by skipping TABLE_LISTs representing anonymous derived tables and using get_db_name()/get_table_name() which handles views when looking for SQL handler tables to remove.
-
Marc Alff authored
Before this fix, the command SHOW ENGINE PERFORMANCE_SCHEMA STATUS could report wrong amount of memory allocated, when the amount of memory used exceeds 4GB. The problem is that size computations are not done using size_t, so that overflows do occur, truncating the results. This fix compute memory sizes properly with size_t. Tested manually. No test script provided, as the script would need to allocate too much memory for the test.
-
mysql-builder@oracle.com authored
No commit message
-
mysql-builder@oracle.com authored
No commit message
-
mysql-builder@oracle.com authored
No commit message
-
- 27 Feb, 2013 1 commit
-
-
Gleb Shchepa authored
-