1. 27 Oct, 2021 2 commits
    • Alexander Barkov's avatar
      MDEV-25402 Assertion `!str || str != Ptr' failed in String::copy · 2ed148c8
      Alexander Barkov authored
      The assert inside String::copy() prevents copying from from "str"
      if its own String::Ptr also points to the same memory.
      
      The idea of the assert is that copy() performs memory reallocation,
      and this reallocation can free (and thus invalidate) the memory pointed by Ptr,
      which can lead to further copying from a freed memory.
      
      The assert was incomplete: copy() can free the memory pointed by its Ptr
      only if String::alloced is true!
      
      If the String is not alloced, it is still safe to copy even from
      the location pointed by Ptr.
      
      This scenario demonstrates a safe copy():
        const char *tmp= "123";
        String str1(tmp, 3);
        String str2(tmp, 3);
        // This statement is safe:
        str2.copy(str1->ptr(), str1->length(), str1->charset(), cs_to, &errors);
      
      Inside the copy() the parameter "str" is equal to String::Ptr in this example.
      But it's still ok to reallocate the memory for str2, because str2
      was a constant before the copy() call. Thus reallocation does not
      make the memory pointed by str1->ptr() invalid.
      
      Adjusting the assert condition to allow copying for constant strings.
      2ed148c8
    • Marko Mäkelä's avatar
      Fix tests for PLUGIN_PARTITION=NO · 4b8340d8
      Marko Mäkelä authored
      4b8340d8
  2. 26 Oct, 2021 6 commits
  3. 25 Oct, 2021 4 commits
  4. 22 Oct, 2021 1 commit
  5. 21 Oct, 2021 10 commits
  6. 20 Oct, 2021 6 commits
    • Marko Mäkelä's avatar
    • Marko Mäkelä's avatar
      Update libmariadb · 69b3de83
      Marko Mäkelä authored
      69b3de83
    • Marko Mäkelä's avatar
      MDEV-22627 Failing assertion: dict_tf2_is_valid(flags, flags2) · b06e8167
      Marko Mäkelä authored
      create_table_info_t::innobase_table_flags(): Refuse to create
      a PAGE_COMPRESSED table with PAGE_COMPRESSION_LEVEL=0 if also
      innodb_compression_level=0.
      
      The parameter value innodb_compression_level=0 was only somewhat
      meaningful for testing or debugging ROW_FORMAT=COMPRESSED tables.
      For the page_compressed format, it never made any sense, and the
      check in dict_tf_is_valid_not_redundant() that was added in
      72378a25 (MDEV-12873) would cause
      the server to crash.
      b06e8167
    • Nikita Malyavin's avatar
      MDEV-22445 Crash on HANDLER READ NEXT after XA PREPARE · caebe151
      Nikita Malyavin authored
      The assertion is absolutely correct since no data access is possible after
      XA PREPARE.
      
      The check is added in mysql_ha_read.
      caebe151
    • Nikita Malyavin's avatar
      MDEV-26262 frm is corrupted after ER_EXPRESSION_REFERS_TO_UNINIT_FIELD · 1811fd51
      Nikita Malyavin authored
      This is a duplicate of MDEV-18278 89936f11, but I will add an
      additional assertion
      
      Description:
      
      The frm corruption should not be reported during CREATE TABLE. Normally
      it doesn't, and the data to fill TABLE is taken by open_table_from_share
      call. However, the vcol data is stored as SQL string in
      table->s->vcol_defs.str and is anyway parsed on each table open.
      It is impossible [or hard] to avoid, because it's hard to clone the
      expression tree in general (it's easier to parse).
      
      Normally parse_vcol_defs should only fail on semantic errors. If so,
      error_reported is set to true. Any other failure is not expected during
      table creation. There is either unhandled/unacknowledged error, or
      something went really wrong, like memory reject. This all should be
      asserted anyway.
      
      Solution:
      * Set *error_reported=true for the forward references check;
      * Assert for every unacknowledged error during table creation.
      1811fd51
    • Nikita Malyavin's avatar
  7. 19 Oct, 2021 2 commits
  8. 18 Oct, 2021 2 commits
    • Oleksandr Byelkin's avatar
      MDEV-26299: Some views force server (and mysqldump) to generate invalid SQL for their definitions · 27bf57fd
      Oleksandr Byelkin authored
      Do not print illegal table field names for non-top-level SELECT list,
      they will not be refered in any case but create problem for parsing
      of printed result.
      27bf57fd
    • Brandon Nesterenko's avatar
      MDEV-25284: Assertion `info->type == READ_CACHE || info->type == WRITE_CACHE' failed · 2291f8ef
      Brandon Nesterenko authored
      Problem:
      ========
      This patch addresses two issues.
      
      First, if a CHANGE MASTER command is issued and an error happens
      while locating the replica’s relay logs, the logs can be put into an
      invalid state where future updates fail and future CHANGE MASTER
      calls crash the server. More specifically, right before a replica
      purges the relay logs (part of the `CHANGE MASTER TO` logic), the
      relay log is temporarily closed with state LOG_TO_BE_OPENED. If the
      server errors in-between the temporary log closure and purge, i.e.
      during the function find_log_pos, the log should be closed.
      MDEV-25284 reveals the log is not properly closed.
      
      Second, upon issuing a RESET SLAVE ALL command, a slave’s GTID
      filters are not cleared (DO_DOMAIN_IDS, IGNORE_DOMIAN_IDS,
      IGNORE_SERVER_IDS). MySQL had a similar bug report, Bug #18816897,
      which fixed this issue to clear IGNORE_SERVER_IDS after issuing
      RESET SLAVE ALL in version 5.7.
      
      Solution:
      =========
      
      To fix the first problem, the CHANGE MASTER error handling logic was
      extended to transition the relay log state to LOG_CLOSED from
      LOG_TO_BE_OPENED.
      
      To fix the second problem, the RESET SLAVE ALL logic is extended to
      clear the domain_id filter and ignore_server_ids.
      
      Reviewed By:
      ============
      Andrei Elkin <andrei.elkin@mariadb.com>
      2291f8ef
  9. 15 Oct, 2021 2 commits
    • Alexander Barkov's avatar
      A clean-up patch for MDEV-23408: fixing test failure on Windows · 5f63f5dc
      Alexander Barkov authored
      Schema and table names in a veiw FRM files are:
      - in upper case on Linux
      - in lower case on Windows
      
      Using the LOWER() function when displaying an FRM file fragment,
      to avoid the OS-specific difference.
      5f63f5dc
    • Vicențiu Ciorbaru's avatar
      MDEV-17964: Assertion `status == 0' failed in add_role_user_mapping_action · 9e6c3838
      Vicențiu Ciorbaru authored
      This happens upon CREATE USER and DROP ROLE.
      
      The underlying problem is that our HASH implementation shuffles elements
      around when performing an update or delete. This means that when doing a
      scan through the HASH table by index, in search of elements to delete or
      update one must restart the scan to make sure nothing is missed if at least
      one delete / update happened.
      
      More specifically, what happened in this case:
      The hash has 131 element, DROP ROLE removes the element
      [119]. Its [119]->next was element [129], so [129] is moved to [119].
      Now we need to compact the hash, removing the last element [130]. It
      gets one bit off its hash value and becomes element [2]. The existing
      element [2] is moved to [129], and old [130] is moved to [2].
      
      We cannot simply move [130] to [129] and make [2]->next=130, it won't
      work if [2] is itself in the collision list and doesn't belong in [2].
      
      The handle_grant_struct code assumed that it is safe to continue by only
      reexamining the currently modified / deleted element index, but that is
      not true.
      
      Missing to delete an element in the hash triggered the assertion in
      the test case. DROP ROLE would not clear all necessary role->role or
      role->user mappings.
      
      To fix the problem we ensure that the scan is restarted, only if an
      element was deleted / updated, similar to how bubble-sort keeps sorting
      until it finds no more elements to swap.
      9e6c3838
  10. 14 Oct, 2021 1 commit
    • Alexander Barkov's avatar
      MDEV-23408 Wrong result upon query from I_S and further Assertion `!alias_arg... · a2a42f4e
      Alexander Barkov authored
      MDEV-23408 Wrong result upon query from I_S and further Assertion `!alias_arg || strlen(alias_arg->str) == alias_arg->length' failed with certain connection charset
      
      There were two independent problems which lead to the crash
      and to the non-relevant records returned in I_S queries:
      
      - The code in the I_S implementation was not secure
        about values with 0x00 bytes.
        It's fixed by using check_db_name() and check_table_name()
        inside make_table_name_list(), and by adding the test for
        0x00 inside check_table_name().
      
      - The code in Item_string::print() did not convert
        strings without introducers when restoring
        the CREATE VIEW statement from an Item tree.
        This made wrong literals inside the "query" line in the view FRM file
        in cases when the VIEW parse time
        character_set_client!=character_set_connection.
        That's fixed by adding a proper conversion.
      
        This change also fixed a similar problem in SHOW PROCEDURE CODE -
        the literals were displayed in wrong character set in SP instructions
        in cases when the SP parse time
        character_set_client!=character_set_connection.
      a2a42f4e
  11. 13 Oct, 2021 3 commits
  12. 12 Oct, 2021 1 commit