1. 06 Dec, 2012 1 commit
    • Harin Vadodaria's avatar
      Bug#15912213: BUFFER OVERFLOW IN ACL_GET() · fb137652
      Harin Vadodaria authored
            
      Description: A very large database name causes buffer
                   overflow in functions acl_get() and
                   check_grant_db() in sql_acl.cc. It happens
                   due to an unguarded string copy operation.
                   This puts required sanity checks before
                   copying db string to destination buffer.
      fb137652
  2. 05 Dec, 2012 2 commits
  3. 08 Nov, 2012 2 commits
    • Joerg Bruehe's avatar
      Building RPMs for ULN: · 918d2354
      Joerg Bruehe authored
      The patch "mysql-chain-certs.patch" needs to be adapted
      to code changes in "vio/viosslfactories.c" which were
      done in MySQL 5.5.
      918d2354
    • Joerg Bruehe's avatar
      Placement change: · de6db4bc
      Joerg Bruehe authored
      Top level "SPECIFIC-ULN/" was inappropriate,
      put the files to create RPMs for ULN into
      "packaging/rpm-uln/".
      
      de6db4bc
  4. 01 Nov, 2012 2 commits
  5. 31 Oct, 2012 3 commits
    • Venkata Sidagam's avatar
      BUG#13556441: CHECK AND REPAIR TABLE SHOULD BE MORE ROBUST [4] · 48cbd141
      Venkata Sidagam authored
      Problem description:
      mysql server crashes when we run repair table on currupted table.
      
      Analysis:
      The problem with this bug seem to be key_reflength out of bounds
      (186 according to debugger). We read this value from meta-data
      segment of .MYI file while doing mi_open().
      
      If you look into _mi_kpointer() you can see that the upper limit
      for key_reflength is 7.
      
      Solution:
      In mi_open() there is a line like:
        if (share->base.keystart > 65535 || share->base.rec_reflength > 8)
      we should verify key_reflength here as well.
      48cbd141
    • Ashish Agarwal's avatar
      BUG#14485479: Merge into mysql-5.5 branch · 23dc49cd
      Ashish Agarwal authored
      23dc49cd
    • Ashish Agarwal's avatar
      BUG#14485479: INSTALL AUDIT PLUGIN HANGS IF WE TRY TO · 147be51f
      Ashish Agarwal authored
                    DISABLE AND ENABLED DURING DDL OPERATION
      
      PROBLEM: Same thread trying to acquire the same mutex
               second time leads to hang/server crash.
               While [un]installing audit_log plugin
               a thread acquires the LOCK_plugin mutex
               and after successful initialization tries
               to write in mysql.plugin table. It holds
               this mutex for a long time. If some how
               plugin table is corrupted then a write to 
               plugin table will throw an error, thread try
               to log this error in the audit_log plugin,
               doing so it tries to acquire the mutex
               again and results is server hang/crash.
      
      SOLUTION: Releasing the LOCK_plugin mutex before
                writing in mysql.plugin table. We dont
                need to hold this mutex as thread already
                acquired a TL_WRITE lock on mysql.plugin
                table.
      147be51f
  6. 30 Oct, 2012 6 commits
    • Anirudh Mangipudi's avatar
      BUG#11754894: MYISAMCHK ERROR HAS INCORRECT REFERENCE · fa3e181d
      Anirudh Mangipudi authored
                    TO MYISAM_SORT_BUFFER_SIZE
      Null Merge from 5.1 to 5.5
      fa3e181d
    • Anirudh Mangipudi's avatar
      BUG#11754894: MYISAMCHK ERROR HAS INCORRECT REFERENCE · a7763496
      Anirudh Mangipudi authored
                    TO 'MYISAM_SORT_BUFFER_SIZE'
      Merging from 5.1 to 5.5
      a7763496
    • Anirudh Mangipudi's avatar
      BUG#11754894: MYISAMCHK ERROR HAS INCORRECT REFERENCE · 09180c63
      Anirudh Mangipudi authored
                    TO 'MYISAM_SORT_BUFFER_SIZE'
      Problem: 'myisam_sort_buffer_size' is a parameter used by 
      mysqld program only whereas 'sort_buffer_size' is used by
      mysqld and myisamchk programs. But the error message printed
      when myisamchk program is run with insufficient buffer size 
      is myisam_sort_buffer_size is too small which may mislead to the
      server parameter myisam_sort_buffer_size.
      SOLUTION: A parameter 'myisam_sort_buffer_size' is added as an
      alias for 'sort_buffer_size' and the 'sort_buffer_size' parameter
      is marked as deprecated. So myisamchk also has both the parameters
      with the same role.
      09180c63
    • Anirudh Mangipudi's avatar
      BUG#11754894: MYISAMCHK ERROR HAS INCORRECT REFERENCE · a034f52e
      Anirudh Mangipudi authored
                    TO 'MYISAM_SORT_BUFFER_SIZE'
      Problem: 'myisam_sort_buffer_size' is a parameter used by 
      mysqld program only whereas 'sort_buffer_size' is used by
      mysqld and myisamchk programs. But the error message printed
      when myisamchk program is run with insufficient buffer size 
      is myisam_sort_buffer_size is too small which may mislead to the
      server parameter myisam_sort_buffer_size.
      SOLUTION: A parameter 'myisam_sort_buffer_size' is added as an
      alias for 'sort_buffer_size' and the 'sort_buffer_size' parameter
      is marked as deprecated. So myisamchk also has both the parameters
      with the same role.
      a034f52e
    • Shivji Kumar Jha's avatar
    • Shivji Kumar Jha's avatar
      BUG#14659685 - main.mysqlbinlog_row_myisam and · 068478fb
      Shivji Kumar Jha authored
                     main.mysqlbinlog_row_innodb are skipped by mtr
      
      === Problem ===
      
      The following tests are wrongly placed in main suite and as a
      result these are not run with proper binlog format combinations.
      Some are always skipped by mtr.
      1) mysqlbinlog_row_myisam
      2) mysqlbinlog_row_innodb
      3) mysqlbinlog_row.test
      4) mysqlbinlog_row_trans.test
      5) mysqlbinlog-cp932
      6) mysqlbinlog2
      7) mysqlbinlog_base64
      
      === Background ===
      
      mtr runs the tests placed in main suite with binlog format=stmt.
      Those that need to be tested against binlog format=row or mixed
      or more than one binlog format and require only one mysql server
      are placed in binlog suite. mtr runs tests in binlog suite with
      all three binlog formats(stmt,row and mixed).
      
      === Fix ===
      
      
      1) Moved the test listed in problem section above to binlog suite.
      2) Added prefix "binlog_" to the name of each test case moved.
         Renamed the coresponding result files and option files accordingly. 
      068478fb
  7. 29 Oct, 2012 6 commits
  8. 24 Oct, 2012 1 commit
  9. 23 Oct, 2012 2 commits
  10. 22 Oct, 2012 2 commits
    • Marko Mäkelä's avatar
      Merge mysql-5.1 to mysql-5.5. · 51f3dddf
      Marko Mäkelä authored
      51f3dddf
    • Marko Mäkelä's avatar
      Backport from 5.6: Bug#14769820 ASSERT FLEN == LEN · 507ffd4a
      Marko Mäkelä authored
      IN ALTER TABLE ... ADD UNIQUE KEY
      
      A bogus debug assertion failure occurred when reporting a duplicate
      key on a column prefix of a CHAR column.
      
      This is a regression from Bug#14729221 IN-PLACE ALTER TABLE REPORTS ''
      INSTEAD OF REAL DUPLICATE VALUE FOR PREFIX KEYS. The assertion is only
      present when UNIV_DEBUG is defined (which it is in debug builds
      starting from MySQL 5.5). It is a case of overasserting.
      
      Fix approved by Inaam Rana on IM.
      507ffd4a
  11. 21 Oct, 2012 5 commits
  12. 19 Oct, 2012 4 commits
  13. 18 Oct, 2012 4 commits
    • Neeraj Bisht's avatar
      Bug#13726751 - 8 BYTE MEMORY LEAK IN DO_SAVE_BLOB · becab17a
      Neeraj Bisht authored
      Problem:-
      When we execute a query which has subquery with GROUP BY, ORDER BY and have a
      BLOB column,results a memory leak.
      
      Analysis:-
      In case of subquery, which have GROUP BY on BLOB and a ORDER BY on other field
      and BLOB is not a key. We allocate a tmp buffer to copy_field to take care of
      BLOB value.This copy_field value can have copies of its in two join(objects),
      so while freeing this copy_field we have to take care that it is
      not deleted twice.
      The double deletion of tmp_table_param.copy_field is handled by two patches.
      
      One by Kostja :
      revid:sp1r-konstantin@mysql.com-20050627101056-55153
      Fix the broken test suite in -debug build.
      
      and other by Oleksandr
      revid:sp1r-bell@sanja.is.com.ua-20060118114857-19905
      Excluded posibility of tmp_table_param.copy_field double deletion (BUG#14851).
      
      both of this patches are commited in different branch and while
      merging they both get placed,but there is no need for Kostja patch as Oleksandr
      patch handle this.
      becab17a
    • Neeraj Bisht's avatar
      Bug#13726751 - 8 BYTE MEMORY LEAK IN DO_SAVE_BLOB · 4aaadc12
      Neeraj Bisht authored
      Problem:-
      When we execute a query which has subquery with GROUP BY, ORDER BY and have a
      BLOB column,results a memory leak.
      
      Analysis:-
      In case of subquery, which have GROUP BY on BLOB and a ORDER BY on other field
      and BLOB is not a key. We allocate a tmp buffer to copy_field to take care of
      BLOB value.This copy_field value can have copies of its in two join(objects),
      so while freeing this copy_field we have to take care that it is
      not deleted twice.
      The double deletion of tmp_table_param.copy_field is handled by two patches.
      
      One by Kostja :
      revid:sp1r-konstantin@mysql.com-20050627101056-55153
      Fix the broken test suite in -debug build.
      
      and other by Oleksandr
      revid:sp1r-bell@sanja.is.com.ua-20060118114857-19905
      Excluded posibility of tmp_table_param.copy_field double deletion (BUG#14851).
      
      both of this patches are commited in different branch and while
      merging they both get placed,but there is no need for Kostja patch as Oleksandr
      patch handle this.
      4aaadc12
    • Marko Mäkelä's avatar
      Merge mysql-5.1 to mysql-5.5. · 2c3baab8
      Marko Mäkelä authored
      2c3baab8
    • Marko Mäkelä's avatar
      Bug#14758405: ALTER TABLE: ADDING SERIAL NULL DATATYPE: ASSERTION: · 48519303
      Marko Mäkelä authored
      LEN <= SIZEOF(ULONGLONG)
      
      This bug was caught in the WL#6255 ALTER TABLE...ADD COLUMN in MySQL
      5.6, but there is a bug in all InnoDB versions that support
      auto-increment columns.
      
      row_search_autoinc_read_column(): When reading the maximum value of
      the auto-increment column, and the column only contains NULL values,
      return 0. This corresponds to the case when the table is empty in
      row_search_max_autoinc().
      
      rb:1415 approved by Sunny Bains
      48519303