1. 20 Mar, 2013 1 commit
  2. 19 Mar, 2013 2 commits
  3. 18 Mar, 2013 3 commits
    • unknown's avatar
      MDEV-4269 fix. · e5eba74a
      unknown authored
      Item_default_value inherited form Item_field so should create temporary table field similary.
      e5eba74a
    • Alexey Botchkov's avatar
      MDEV-4252 geometry query crashes server. · 9a618771
      Alexey Botchkov authored
          Additional fixes for possible overflows in length-related
          calculations in 'spatial' implementations.
          Checks added to the ::get_data_size() methods.
          max_n_points decreased to occupy less 2G size. An
          object of that size is practically inoperable anyway.
      9a618771
    • Sergei Golubchik's avatar
      MDEV-4289 Assertion `0' fails in make_sortkey with GROUP_CONCAT, MAKE_SET, GROUP BY · 374e83d8
      Sergei Golubchik authored
      Item_func_make_set wasn't taking into account the first argument when
      calculating maybe_null.
      
      sql/item_strfunc.cc:
        rewrite Item_func_make_set, removing separate storage of the first argument
      sql/item_strfunc.h:
        rewrite Item_func_make_set, removing separate storage of the first argument
      374e83d8
  4. 10 Mar, 2013 1 commit
    • Alexey Botchkov's avatar
      MDEV-4252 geometry query crashes server. · 975f63f7
      Alexey Botchkov authored
            The bug was found by Alyssa Milburn.
            If the number of points of a geometry feature read from
            binary representation is greater than 0x10000000, then
            the (uint32) (num_points * 16) will cut the higher byte,
            which leads to various errors.
            Fixed by additional check if (num_points > max_n_points).
      975f63f7
  5. 28 Feb, 2013 3 commits
    • Sergei Golubchik's avatar
      a simpler fix for · 3251e454
      Sergei Golubchik authored
      MySQL Bug #12408412: GROUP_CONCAT + ORDER BY + INPUT/OUTPUT SAME USER VARIABLE = CRASH
      and
      MySQL Bug#14664077 SEVERE PERFORMANCE DEGRADATION IN SOME CASES WHEN USER VARIABLES ARE USED
      
      
      sql/item_func.cc:
        don't use anything from Item_func_set_user_var::fix_fields()
        in Item_func_set_user_var::save_item_result()
      sql/sql_class.cc:
        Call suv->save_item_result(item) *before* doing suv->fix_fields(), because
        the former evaluates the item (and caches its value), while the latter marks
        the user variable as non-const. The problem is that the item was fix_field'ed
        when the user variable was const, and it doesn't expect it to change to non-const
        in the middle of the execution.
      3251e454
    • Michael Widenius's avatar
    • Sergei Golubchik's avatar
      mysql-5.1 merge · 33fa69d3
      Sergei Golubchik authored
      mysys/errors.c:
        revert upstream's fix. use a much simpler one
      mysys/my_write.c:
        revert upstream's fix. use a simpler one
      sql/item_xmlfunc.cc:
        useless, but ok
      sql/mysqld.cc:
        simplify upstream's fix
      storage/heap/hp_delete.c:
        remove upstream's fix.
        we'll use a much less expensive approach.
      33fa69d3
  6. 26 Feb, 2013 1 commit
  7. 21 Feb, 2013 1 commit
  8. 14 Feb, 2013 1 commit
  9. 31 Jan, 2013 1 commit
    • unknown's avatar
      Fix bug MDEV-641 · 5bf6f6dd
      unknown authored
      Analysis:
      Range analysis discoveres that the query can be executed via loose index scan for GROUP BY.
      Later, GROUP BY analysis fails to confirm that the GROUP operation can be computed via an
      index because there is no logic to handle duplicate field references in the GROUP clause.
      As a result the optimizer produces an inconsistent plan. It constructs a temporary table,
      but on the other hand the group fields are not set to point there.
          
      Solution:
      Make loose scan analysis work in sync with order by analysis. In the case of duplicate
      columns loose scan will not be applicable. This limitation will be lifted in 10.0 by
      removing duplicate columns.
      5bf6f6dd
  10. 25 Jan, 2013 2 commits
  11. 21 Jan, 2013 3 commits
    • Igor Babaev's avatar
      Merge. · 9458e282
      Igor Babaev authored
      9458e282
    • Igor Babaev's avatar
      Fixed bug mdev-4063 (bug #56927). · 3cecaef4
      Igor Babaev authored
      This bug could result in returning 0 for the expressions of the form 
      <aggregate_function>(distinct field) when the system variable  
      max_heap_table_size was set to a small enough number.
      It happened because the method Unique::walk() did not support
      the case when more than one pass was needed to merge the trees
      of distinct values saved in an external file.
      
      Backported a fix in grant_lowercase.test from mariadb 5.5.
      3cecaef4
    • Sergei Golubchik's avatar
      MDEV-4029 SELECT on information_schema using a subquery locks up the... · a5b670b5
      Sergei Golubchik authored
      MDEV-4029 SELECT on information_schema using a subquery locks up the information_schema table due to incorrect mutexes handling
        
      Early evaluation of subqueries in the WHERE conditions on I_S.*_STATUS tables,
      otherwise the subquery on this same table will try to acquire LOCK_status twice.
      a5b670b5
  12. 09 Jan, 2013 1 commit
  13. 08 Jan, 2013 1 commit
  14. 07 Jan, 2013 2 commits
  15. 04 Jan, 2013 2 commits
    • Satya Bodapati's avatar
      Post Fix to Bug#14628410 - ASSERTION `! IS_SET()' FAILED IN · 8ff3e9cb
      Satya Bodapati authored
      			    DIAGNOSTICS_AREA::SET_OK_STATUS
      
      Test fails on 5.1 valgrind build. This is because of close(-1)
      system call.
      
      Fixed by adding extra checks for valid file descriptor.
      
      Approved by Vasil(Calvin). rb#1792
      8ff3e9cb
    • Nirbhay Choubey's avatar
      Bug#16066243 PB2 FAILURES I_MAIN.BUG15912213 AND · 899a70bd
      Nirbhay Choubey authored
          I_MAIN.CTYPE_UTF8 FOR MACOSX10.6 FOR 5.1
      
      While converting directory name to filename, a
      file separator (FN_LIBCHAR) might get appended
      to the resulting file name. This can result in
      off-by-one error when length of the input string
      is equal to FN_REFLEN. In this case, the terminating
      '\0' gets written beyond the buffer allocated to store
      the result.
      
      Fixed by incrementing the dst buffer size by 1. As
      extra safety, switched to strnmov() and added a debug
      assert to check the length of the input file name.
      
      No test case added as the scenario is already
      covered by the test cases added for bugs in
      the description.
      899a70bd
  16. 02 Jan, 2013 1 commit
    • Venkatesh Duggirala's avatar
      BUG#11753923-SQL THREAD CRASHES ON DISK FULL · 07947aab
      Venkatesh Duggirala authored
      Problem:If Disk becomes full while writing into the binlog,
      then the server instance hangs till someone frees the space.
      After user frees up the disk space, mysql server crashes
      with an assert (m_status != DA_EMPTY)
      
      Analysis: wait_for_free_space is being called in an
      infinite loop i.e., server instance will hang until
      someone frees up the space. So there is no need to
      set status bit in diagnostic area.
      
      Fix: Replace my_error/my_printf_error with
      sql_print_warning() which prints the warning in error log.
      
      include/my_sys.h:
        Provision to call sql_print_warning from mysys files
      mysys/errors.c:
        Replace my_error/my_printf_error with
        sql_print_warning() which prints the warning in error log.
      mysys/my_error.c:
        implementation of my_printf_warning
      mysys/my_write.c:
        Adding logic to break infinite loop in the simulation
      sql/mysqld.cc:
        Provision to call sql_print_warning from mysys files
      07947aab
  17. 01 Jan, 2013 1 commit
  18. 29 Dec, 2012 1 commit
  19. 28 Dec, 2012 1 commit
    • Venkatesh Duggirala's avatar
      BUG#14726272- BACKPORT FIX FOR BUG 11746142 TO 5.5 AND 5.1 · ba97bcae
      Venkatesh Duggirala authored
      Details of BUG#11746142: CALLING MYSQLD WHILE ANOTHER 
      INSTANCE IS RUNNING, REMOVES PID FILE
      Fix: Before removing the pid file, ensure it was created
      by the same process, leave it intact otherwise.
      
      sql/mysqld.cc:
        delete_pid_file() introduced, which checks that the pid file
                belongs to the process before removing it
      ba97bcae
  20. 27 Dec, 2012 2 commits
  21. 26 Dec, 2012 2 commits
    • Chaithra Gopalareddy's avatar
      Bug#12347040: MEMORY LEAK IN CONVERT_TZ COULD POSSIBLY CAUSE · cfb9a819
      Chaithra Gopalareddy authored
                          DOS ATTACKS
            
      Problem:
      For detailed description, see Bug#42502. This bug is a duplicate
      of Bug#42502. The complete fix for Bug#42502 was not made as
      proposed. Hence the bug still persists.
            
      Fix:
      Make the changes as proposed originally for the bugfix of 42502.
      Which is to remove the allocation of the memory before we actually
      check for any errors.
      
      sql/tztime.cc:
        Remove the double allocation for tz_info
      cfb9a819
    • unknown's avatar
      Merge from mysql-5.1.67-release · 1960c57c
      unknown authored
      1960c57c
  22. 24 Dec, 2012 2 commits
    • Annamalai Gurusami's avatar
      Fixing a pb2 issue. There is some difference in the output in my local... · db0c4414
      Annamalai Gurusami authored
      Fixing a pb2 issue.  There is some difference in the output in my local machine and pb2 machines in the explain output.  
      db0c4414
    • Chaithra Gopalareddy's avatar
      Bug#11757005: UNION CONVERTS UNSIGNED MEDIUMINT AND BIGINT · ac305e7d
      Chaithra Gopalareddy authored
                    TO SIGNED
      Problem:
      When we are joining types (of fields) in case of a union, we usually
      upgrade the datatypes to the largest present in the query.
      In case of mediumint, it is not happening.
      Analysis:
      When joined with types LONG and LONGLONG, mediumint should get
      upgraded to LONG and LONGLONG respectively.
      W.r.t the given query, constant '1' will be created as a LONGLONG
      internally and SIGNED flag is enabled. As a result, while combining
      types for the field, LONGLONG along with MEDIUMINT gets converted
      to LONG first. LONG with MEDIUMINT(of the third select) gets converted
      to MEDIUMINT. SIGNED FLAG would be that of the first field's.
      As a result, the final result would be SIGNED MEDIUMINT.
      Fix:
      While joining types, MEDIUMINT with LONGLONG and MEDIUMINT with LONG
      is converted to LONGLONG and LONG respectively. Also, made some 
      changes for FLOAT and DOUBLE.
      
      
      sql/field.cc:
        Changed merge types for MEDIUMINT.
      ac305e7d
  23. 20 Dec, 2012 1 commit
  24. 21 Dec, 2012 1 commit
    • prabakaran thirumalai's avatar
      Bug#14627287 THREAD CACHE - BYPASSES PRIVILEGES · 581ab7aa
      prabakaran thirumalai authored
      Analysis:
      When thread cache is enabled, it does not properly initialize
      thd->start_utime when a thread is picked from the thread cache.
      This breaks the quota management mechanism. 
      THD::time_out_user_resource_limits() resets 
      m_user_connect->conn_per_hour to 0 based on thd->start_utime
      
      Fix:
      Initialize start_utime when cached thread is reused.
      
      Notes:
      Enabled back tests which were disabled because of this issue.
      581ab7aa
  25. 18 Dec, 2012 3 commits
    • Vasil Dimov's avatar
      Fix Bug#16000909 MEMORY LEAK, MYSQL_INPLACE_ALTER_TABLE · 036079fb
      Vasil Dimov authored
      This is a followup to the fix of
      Bug#14628410 ASSERTION `! IS_SET()' FAILED IN DIAGNOSTICS_AREA::SET_OK_STATUS
      (satya.bodapati@oracle.com-20121213132316-5joz4phltx9yhjs7)
      
      In innobase_mysql_tmpfile(): allocate/open the file after
      the return(-1); statement.
      036079fb
    • Ahmad Abdullateef's avatar
      BUG#14727815 - CRASH IN PTHREAD_RWLOCK_WRLOCK/SRW_UNLOCK · e4a2755f
      Ahmad Abdullateef authored
                                   IN QUERY CACHE CODE
      
      DESCRIPTION:
      MySQL Server crashes sporadically when Query Caching is on and
      the server has high contention among clients. 
      
      
      ANALYSIS :
      
      Scenario 1:
      In Query_cache::move_by_type() when handling RESULT or its related blocks,
      Write Lock is acquired on its parent Query block. However the next and prev
      pointers are cached in local variables before lock acquisition. In an extremely
      high contention scenario there exists a possibility that
      Query_cache::append_result_data() is operating on the same query block
      and as a consequence might append a new Result block to the end of Result
      blocks Linked List of the Query. This would manipulate the next, prev pointers
      of the Block being processed in move_by_type(), however the local pointers
      still point to previous nodes there by causing Data Corruption leading to crash.
      
      FIX :
      
      Scenario 1:
      The next, prev pointers are now accessed only after Lock acquisition in 
      Query_cache::move_by_type().
      e4a2755f
    • Vasil Dimov's avatar
      Fix Bug#13463493 INNODB PLUGIN WERE CHANGED, BUT STILL USE THE · 0273c0d0
      Vasil Dimov authored
      SAME VERSION NUMBER 1.0.17
      
      Now that InnoDB/InnoDB Plugin is no longer separately developed and
      distributed from the MySQL server it does not need its own version number.
      Thus use the MySQL version instead.
      
      "Removing" the version altogether is not feasible because the config
      variable 'innodb_version' cannot be removed in GA branches.
      
      Reviewed by:	Marko (rb#1751)
      0273c0d0