1. 19 Mar, 2013 2 commits
  2. 18 Mar, 2013 3 commits
    • unknown's avatar
      MDEV-4269 fix. · 2cd7cf8f
      unknown authored
      Item_default_value inherited form Item_field so should create temporary table field similary.
      2cd7cf8f
    • Alexey Botchkov's avatar
      MDEV-4252 geometry query crashes server. · 589247ae
      Alexey Botchkov authored
          Additional fixes for possible overflows in length-related
          calculations in 'spatial' implementations.
          Checks added to the ::get_data_size() methods.
          max_n_points decreased to occupy less 2G size. An
          object of that size is practically inoperable anyway.
      589247ae
    • Sergei Golubchik's avatar
      MDEV-4289 Assertion `0' fails in make_sortkey with GROUP_CONCAT, MAKE_SET, GROUP BY · a4a18e0c
      Sergei Golubchik authored
      Item_func_make_set wasn't taking into account the first argument when
      calculating maybe_null.
      
      sql/item_strfunc.cc:
        rewrite Item_func_make_set, removing separate storage of the first argument
      sql/item_strfunc.h:
        rewrite Item_func_make_set, removing separate storage of the first argument
      a4a18e0c
  3. 10 Mar, 2013 1 commit
    • Alexey Botchkov's avatar
      MDEV-4252 geometry query crashes server. · 511b9432
      Alexey Botchkov authored
            The bug was found by Alyssa Milburn.
            If the number of points of a geometry feature read from
            binary representation is greater than 0x10000000, then
            the (uint32) (num_points * 16) will cut the higher byte,
            which leads to various errors.
            Fixed by additional check if (num_points > max_n_points).
      511b9432
  4. 28 Feb, 2013 3 commits
    • Sergei Golubchik's avatar
      a simpler fix for · 027e34e1
      Sergei Golubchik authored
      MySQL Bug #12408412: GROUP_CONCAT + ORDER BY + INPUT/OUTPUT SAME USER VARIABLE = CRASH
      and
      MySQL Bug#14664077 SEVERE PERFORMANCE DEGRADATION IN SOME CASES WHEN USER VARIABLES ARE USED
      
      
      sql/item_func.cc:
        don't use anything from Item_func_set_user_var::fix_fields()
        in Item_func_set_user_var::save_item_result()
      sql/sql_class.cc:
        Call suv->save_item_result(item) *before* doing suv->fix_fields(), because
        the former evaluates the item (and caches its value), while the latter marks
        the user variable as non-const. The problem is that the item was fix_field'ed
        when the user variable was const, and it doesn't expect it to change to non-const
        in the middle of the execution.
      027e34e1
    • Michael Widenius's avatar
    • Sergei Golubchik's avatar
      mysql-5.1 merge · 08ba2578
      Sergei Golubchik authored
      mysys/errors.c:
        revert upstream's fix. use a much simpler one
      mysys/my_write.c:
        revert upstream's fix. use a simpler one
      sql/item_xmlfunc.cc:
        useless, but ok
      sql/mysqld.cc:
        simplify upstream's fix
      storage/heap/hp_delete.c:
        remove upstream's fix.
        we'll use a much less expensive approach.
      08ba2578
  5. 26 Feb, 2013 1 commit
  6. 21 Feb, 2013 1 commit
  7. 14 Feb, 2013 1 commit
  8. 31 Jan, 2013 1 commit
    • unknown's avatar
      Fix bug MDEV-641 · 768b62fe
      unknown authored
      Analysis:
      Range analysis discoveres that the query can be executed via loose index scan for GROUP BY.
      Later, GROUP BY analysis fails to confirm that the GROUP operation can be computed via an
      index because there is no logic to handle duplicate field references in the GROUP clause.
      As a result the optimizer produces an inconsistent plan. It constructs a temporary table,
      but on the other hand the group fields are not set to point there.
          
      Solution:
      Make loose scan analysis work in sync with order by analysis. In the case of duplicate
      columns loose scan will not be applicable. This limitation will be lifted in 10.0 by
      removing duplicate columns.
      768b62fe
  9. 25 Jan, 2013 2 commits
  10. 21 Jan, 2013 3 commits
    • Igor Babaev's avatar
      Merge. · 82fe8a4e
      Igor Babaev authored
      82fe8a4e
    • Igor Babaev's avatar
      Fixed bug mdev-4063 (bug #56927). · fade3647
      Igor Babaev authored
      This bug could result in returning 0 for the expressions of the form 
      <aggregate_function>(distinct field) when the system variable  
      max_heap_table_size was set to a small enough number.
      It happened because the method Unique::walk() did not support
      the case when more than one pass was needed to merge the trees
      of distinct values saved in an external file.
      
      Backported a fix in grant_lowercase.test from mariadb 5.5.
      fade3647
    • Sergei Golubchik's avatar
      MDEV-4029 SELECT on information_schema using a subquery locks up the... · 43c6953f
      Sergei Golubchik authored
      MDEV-4029 SELECT on information_schema using a subquery locks up the information_schema table due to incorrect mutexes handling
        
      Early evaluation of subqueries in the WHERE conditions on I_S.*_STATUS tables,
      otherwise the subquery on this same table will try to acquire LOCK_status twice.
      43c6953f
  11. 09 Jan, 2013 1 commit
  12. 08 Jan, 2013 1 commit
  13. 07 Jan, 2013 2 commits
  14. 04 Jan, 2013 2 commits
    • Satya Bodapati's avatar
      Post Fix to Bug#14628410 - ASSERTION `! IS_SET()' FAILED IN · eab9f8f4
      Satya Bodapati authored
      			    DIAGNOSTICS_AREA::SET_OK_STATUS
      
      Test fails on 5.1 valgrind build. This is because of close(-1)
      system call.
      
      Fixed by adding extra checks for valid file descriptor.
      
      Approved by Vasil(Calvin). rb#1792
      eab9f8f4
    • Nirbhay Choubey's avatar
      Bug#16066243 PB2 FAILURES I_MAIN.BUG15912213 AND · 1ef420b8
      Nirbhay Choubey authored
          I_MAIN.CTYPE_UTF8 FOR MACOSX10.6 FOR 5.1
      
      While converting directory name to filename, a
      file separator (FN_LIBCHAR) might get appended
      to the resulting file name. This can result in
      off-by-one error when length of the input string
      is equal to FN_REFLEN. In this case, the terminating
      '\0' gets written beyond the buffer allocated to store
      the result.
      
      Fixed by incrementing the dst buffer size by 1. As
      extra safety, switched to strnmov() and added a debug
      assert to check the length of the input file name.
      
      No test case added as the scenario is already
      covered by the test cases added for bugs in
      the description.
      1ef420b8
  15. 02 Jan, 2013 1 commit
    • Venkatesh Duggirala's avatar
      BUG#11753923-SQL THREAD CRASHES ON DISK FULL · 39323920
      Venkatesh Duggirala authored
      Problem:If Disk becomes full while writing into the binlog,
      then the server instance hangs till someone frees the space.
      After user frees up the disk space, mysql server crashes
      with an assert (m_status != DA_EMPTY)
      
      Analysis: wait_for_free_space is being called in an
      infinite loop i.e., server instance will hang until
      someone frees up the space. So there is no need to
      set status bit in diagnostic area.
      
      Fix: Replace my_error/my_printf_error with
      sql_print_warning() which prints the warning in error log.
      
      include/my_sys.h:
        Provision to call sql_print_warning from mysys files
      mysys/errors.c:
        Replace my_error/my_printf_error with
        sql_print_warning() which prints the warning in error log.
      mysys/my_error.c:
        implementation of my_printf_warning
      mysys/my_write.c:
        Adding logic to break infinite loop in the simulation
      sql/mysqld.cc:
        Provision to call sql_print_warning from mysys files
      39323920
  16. 01 Jan, 2013 1 commit
  17. 29 Dec, 2012 1 commit
  18. 28 Dec, 2012 1 commit
    • Venkatesh Duggirala's avatar
      BUG#14726272- BACKPORT FIX FOR BUG 11746142 TO 5.5 AND 5.1 · ec70b93e
      Venkatesh Duggirala authored
      Details of BUG#11746142: CALLING MYSQLD WHILE ANOTHER 
      INSTANCE IS RUNNING, REMOVES PID FILE
      Fix: Before removing the pid file, ensure it was created
      by the same process, leave it intact otherwise.
      
      sql/mysqld.cc:
        delete_pid_file() introduced, which checks that the pid file
                belongs to the process before removing it
      ec70b93e
  19. 27 Dec, 2012 2 commits
  20. 26 Dec, 2012 2 commits
    • Chaithra Gopalareddy's avatar
      Bug#12347040: MEMORY LEAK IN CONVERT_TZ COULD POSSIBLY CAUSE · fa61c049
      Chaithra Gopalareddy authored
                          DOS ATTACKS
            
      Problem:
      For detailed description, see Bug#42502. This bug is a duplicate
      of Bug#42502. The complete fix for Bug#42502 was not made as
      proposed. Hence the bug still persists.
            
      Fix:
      Make the changes as proposed originally for the bugfix of 42502.
      Which is to remove the allocation of the memory before we actually
      check for any errors.
      
      sql/tztime.cc:
        Remove the double allocation for tz_info
      fa61c049
    • unknown's avatar
      Merge from mysql-5.1.67-release · 5cf9e193
      unknown authored
      5cf9e193
  21. 24 Dec, 2012 2 commits
    • Annamalai Gurusami's avatar
      Fixing a pb2 issue. There is some difference in the output in my local... · 76059a4a
      Annamalai Gurusami authored
      Fixing a pb2 issue.  There is some difference in the output in my local machine and pb2 machines in the explain output.  
      76059a4a
    • Chaithra Gopalareddy's avatar
      Bug#11757005: UNION CONVERTS UNSIGNED MEDIUMINT AND BIGINT · 259a5a30
      Chaithra Gopalareddy authored
                    TO SIGNED
      Problem:
      When we are joining types (of fields) in case of a union, we usually
      upgrade the datatypes to the largest present in the query.
      In case of mediumint, it is not happening.
      Analysis:
      When joined with types LONG and LONGLONG, mediumint should get
      upgraded to LONG and LONGLONG respectively.
      W.r.t the given query, constant '1' will be created as a LONGLONG
      internally and SIGNED flag is enabled. As a result, while combining
      types for the field, LONGLONG along with MEDIUMINT gets converted
      to LONG first. LONG with MEDIUMINT(of the third select) gets converted
      to MEDIUMINT. SIGNED FLAG would be that of the first field's.
      As a result, the final result would be SIGNED MEDIUMINT.
      Fix:
      While joining types, MEDIUMINT with LONGLONG and MEDIUMINT with LONG
      is converted to LONGLONG and LONG respectively. Also, made some 
      changes for FLOAT and DOUBLE.
      
      
      sql/field.cc:
        Changed merge types for MEDIUMINT.
      259a5a30
  22. 20 Dec, 2012 1 commit
  23. 21 Dec, 2012 1 commit
    • prabakaran thirumalai's avatar
      Bug#14627287 THREAD CACHE - BYPASSES PRIVILEGES · 98aaf18b
      prabakaran thirumalai authored
      Analysis:
      When thread cache is enabled, it does not properly initialize
      thd->start_utime when a thread is picked from the thread cache.
      This breaks the quota management mechanism. 
      THD::time_out_user_resource_limits() resets 
      m_user_connect->conn_per_hour to 0 based on thd->start_utime
      
      Fix:
      Initialize start_utime when cached thread is reused.
      
      Notes:
      Enabled back tests which were disabled because of this issue.
      98aaf18b
  24. 18 Dec, 2012 3 commits
    • Vasil Dimov's avatar
      Fix Bug#16000909 MEMORY LEAK, MYSQL_INPLACE_ALTER_TABLE · 0dd066cb
      Vasil Dimov authored
      This is a followup to the fix of
      Bug#14628410 ASSERTION `! IS_SET()' FAILED IN DIAGNOSTICS_AREA::SET_OK_STATUS
      (satya.bodapati@oracle.com-20121213132316-5joz4phltx9yhjs7)
      
      In innobase_mysql_tmpfile(): allocate/open the file after
      the return(-1); statement.
      0dd066cb
    • Ahmad Abdullateef's avatar
      BUG#14727815 - CRASH IN PTHREAD_RWLOCK_WRLOCK/SRW_UNLOCK · febe03c2
      Ahmad Abdullateef authored
                                   IN QUERY CACHE CODE
      
      DESCRIPTION:
      MySQL Server crashes sporadically when Query Caching is on and
      the server has high contention among clients. 
      
      
      ANALYSIS :
      
      Scenario 1:
      In Query_cache::move_by_type() when handling RESULT or its related blocks,
      Write Lock is acquired on its parent Query block. However the next and prev
      pointers are cached in local variables before lock acquisition. In an extremely
      high contention scenario there exists a possibility that
      Query_cache::append_result_data() is operating on the same query block
      and as a consequence might append a new Result block to the end of Result
      blocks Linked List of the Query. This would manipulate the next, prev pointers
      of the Block being processed in move_by_type(), however the local pointers
      still point to previous nodes there by causing Data Corruption leading to crash.
      
      FIX :
      
      Scenario 1:
      The next, prev pointers are now accessed only after Lock acquisition in 
      Query_cache::move_by_type().
      febe03c2
    • Vasil Dimov's avatar
      Fix Bug#13463493 INNODB PLUGIN WERE CHANGED, BUT STILL USE THE · 7bdd8b48
      Vasil Dimov authored
      SAME VERSION NUMBER 1.0.17
      
      Now that InnoDB/InnoDB Plugin is no longer separately developed and
      distributed from the MySQL server it does not need its own version number.
      Thus use the MySQL version instead.
      
      "Removing" the version altogether is not feasible because the config
      variable 'innodb_version' cannot be removed in GA branches.
      
      Reviewed by:	Marko (rb#1751)
      7bdd8b48
  25. 14 Dec, 2012 1 commit
    • Ramil Kalimullin's avatar
      Fix for BUG#15948580 UPDATE_XML() CRASHES THE SERVER. · 0fa867fd
      Ramil Kalimullin authored
      Problem: tag's buffer overflow leads to a problem.
      Fix: bound check added.
      
      
      sql/item_xmlfunc.cc:
        Fix for BUG#15948580 UPDATE_XML() CRASHES THE SERVER.
        
          - XML tag/attribute level shouldn't exceed MAX_LEVEL as we use a
        static buffer to store them in the MY_XML_USER_DATA.
      0fa867fd