1. 24 Apr, 2019 6 commits
    • Sergei Golubchik's avatar
      bugfix: multi-update checked privileges on views incorrectly · 5057d463
      Sergei Golubchik authored
      it always required UPDATE privilege on views, not being able to detect
      when a views was not actually updated in multi-update.
      
      fix: instead of marking all tables as "updating" by default,
      only set "updating" on tables that will actually be updated
      by multi-update. And mark the view "updating" if any of the
      view's tables is.
      5057d463
    • Sergei Golubchik's avatar
      MDEV-18241 Downgrade from 10.4 to 10.3 crashes · 822071ca
      Sergei Golubchik authored
      privilege tables can never be views or temporary tables,
      don't even try to open them, if they are.
      822071ca
    • Sergei Golubchik's avatar
      cleanup · 66099b8f
      Sergei Golubchik authored
      66099b8f
    • Sergei Golubchik's avatar
      MDEV-18923 Assertion `!lex_string_cmp(system_charset_info,... · 81a8d8be
      Sergei Golubchik authored
      MDEV-18923 Assertion `!lex_string_cmp(system_charset_info, fk_info->referenced_table, &table->s->table_name)' failed in fk_truncate_illegal_if_parent
      
      don't assert the correctness of FK constraints, as it can be
      broken under `SET FOREIGN_KEY_CHECKS= OFF`
      81a8d8be
    • Thirunarayanan Balathandayuthapani's avatar
      MDEV-15772 Potential list overrun during XA recovery · d5da8ae0
      Thirunarayanan Balathandayuthapani authored
      InnoDB could return the same list again and again if the buffer
      passed to trx_recover_for_mysql() is smaller than the number of
      transactions that InnoDB recovered in XA PREPARE state.
      
      We introduce the transaction state TRX_PREPARED_RECOVERED, which
      is like TRX_PREPARED, but will be set during trx_recover_for_mysql()
      so that each transaction will only be returned once.
      
      Because init_server_components() is invoking ha_recover() twice,
      we must reset the state of the transactions back to TRX_PREPARED
      after returning the complete list, so that repeated traversals
      will see the complete list again, instead of seeing an empty list.
      Without this tweak, the test main.tc_heuristic_recover would hang
      in MariaDB 10.1.
      d5da8ae0
    • Sujatha Sivakumar's avatar
      MDEV-17260: Memory leaks in mysqlbinlog · cb8d888c
      Sujatha Sivakumar authored
      Problem:
      ========
      The mysqlbinlog tool is leaking memory, causing failures in various tests when
      compiling and testing with AddressSanitizer or LeakSanitizer like this:
      
      cmake -DCMAKE_BUILD_TYPE=Debug -DWITH_ASAN:BOOL=ON /path/to/source
      make -j$(nproc)
      cd mysql-test
      ASAN_OPTIONS=abort_on_error=1 ./mtr --parallel=auto rpl.rpl_row_mysqlbinlog
      
      CURRENT_TEST: rpl.rpl_row_mysqlbinlog
      
      Direct leak of 112 byte(s) in 1 object(s) allocated from:
      #0 0x4eff87 in __interceptor_malloc (/dev/shm/5.5/client/mysqlbinlog+0x4eff87)
      #1 0x60eaab in my_malloc /mariadb/5.5/mysys/my_malloc.c:41:10
      #2 0x5300dd in Log_event::read_log_event(char const*, unsigned int, char const**,
         Format_description_log_event const*, char) /mariadb/5.5/sql/log_event.cc:1568:
      #3 0x564a9c in dump_remote_log_entries(st_print_event_info*, char const*)
      /mariadb/5.5/client/mysqlbinlog.cc:1978:17
      
      Analysis:
      ========
      'mysqlbinlog' tool is being used to read binary log events from a remote server.
      While reading binary log, if a fake rotate event is found following actions are
      taken.
      
      If 'to-last-log' option is specified, then fake rotate event is processed.
      In the absence of 'to-last-log' skip the fake rotate event.
      
      In this skipped case the fake rotate event object is not getting cleaned up
      resulting in memory leak.
      
      Fix:
      ===
      Cleanup the fake rotate event.
      
      This issues is already fixed in MariaDB 10.0.23 and higher versions as part of
      commit c3018b0f
      cb8d888c
  2. 23 Apr, 2019 2 commits
  3. 04 Apr, 2019 1 commit
  4. 27 Mar, 2019 1 commit
    • Sujatha Sivakumar's avatar
      MDEV-14784: Slave crashes in show_status_array upon running a trigger with · f2d549d8
      Sujatha Sivakumar authored
      select from I_S
      
      Problem:
      ========
      When applier thread tries to access 'variable_name' of
      INFORMATION_SCHEMA.SESSION_VARIABLES table through triggers, it results in an
      abnormal exit of slave server.
      
      Analysis:
      ========
      At the time of replication of stored routines and triggers, their associated
      security context will be sent by the master. The applier thread on the slave
      server will use this information to set the required security context for the
      execution of stored routines and triggers. This is achieved as follows.
      
      ->The stored routine object has a member named 'm_security_ctx' which holds the
        security context received from master.
      ->The applier thread's security_ctx is stored into a 'backup' object.
      
      ->Set the applier thread's security_ctx to 'm_security_ctx'.
      
      ->Upon the completion of stored routine execution restore the original security
        context of applier thread from the backup.
      
      During the above process the 'm_security_ctx' object is not initialized
      properly. Hence the 'external_user' of 'm_security_ctx' has invalid value for
      this variable and accessing this variable results in abnormal exit of server.
      
      Fix:
      ===
      Invoke the Security_context::init() call from the constructor of stored routine
      so that 'm_security_ctx' gets initialized properly.
      f2d549d8
  5. 25 Mar, 2019 2 commits
  6. 24 Mar, 2019 1 commit
  7. 22 Mar, 2019 2 commits
  8. 21 Mar, 2019 1 commit
  9. 15 Mar, 2019 1 commit
    • Igor Babaev's avatar
      MDEV-18896 Crash in convert_join_subqueries_to_semijoins · 0dd12b4f
      Igor Babaev authored
      If an IN-subquery is used in a table-less select the current code
      should never consider it as candidate for semi-join optimizations.
      Yet the function check_and_do_in_subquery_rewrites() improperly
      checked the property "to be a table-less select". As a result
      such select in IN subquery was used in INSERT .. SELECT then
      the IN subquery by mistake was registered as a semi-join subquery
      and convert_subq_to_sj() was called for it. However the code of
      this function does not assume that the parent select of the subquery
      could be a table-less select.
      0dd12b4f
  10. 07 Mar, 2019 1 commit
    • Marko Mäkelä's avatar
      MDEV-18272 InnoDB fails to rollback after exceeding FOREIGN KEY recursion depth · 8024f8c6
      Marko Mäkelä authored
      row_mysql_handle_errors(): Correct the wrong error handling for
      the code DB_FOREIGN_EXCEED_MAX_CASCADE that was introduced in
      
      https://github.com/mysql/mysql-server/commit/c0923d396aef46799883390e9dcf7bbf173e4a03
      
          commit 35f5429e
          Author: Jimmy Yang <jimmy.yang@oracle.com>
          Date:   Wed Oct 6 06:55:34 2010 -0700
      
              Manual port Bug #Bug #54582 "stack overflow when opening many tables
              linked with foreign keys at once" from mysql-5.1-security to
              mysql-5.5-security again.
      
              rb://391 approved by Heikki
      
      No known test case exists for repeating the bug before MariaDB 10.2.
      The scenario should be that DB_FOREIGN_EXCEED_MAX_CASCADE is returned,
      then InnoDB wrongly skips the rollback to the start of the current
      row operation, and finally the SQL layer commits the transaction.
      Normally the SQL layer would roll back either the entire transaction or
      to the start of the statement. In the faulty scenario, InnoDB would
      leave the transaction in an inconsistent state, and the SQL layer could
      commit the transaction.
      8024f8c6
  11. 28 Feb, 2019 2 commits
  12. 07 Feb, 2019 1 commit
  13. 30 Jan, 2019 2 commits
  14. 29 Jan, 2019 1 commit
  15. 28 Jan, 2019 1 commit
  16. 27 Jan, 2019 2 commits
    • Sergei Golubchik's avatar
      Crude "auto-load-data-local-infile" mode · 2175bfce
      Sergei Golubchik authored
      Disable LOAD DATA LOCAL INFILE suport by default and
      auto-enable it for the duration of one query, if the query
      string starts with the word "load". In all other cases the application
      should enable LOAD DATA LOCAL INFILE support explicitly.
      2175bfce
    • Vicențiu Ciorbaru's avatar
      MDEV-18360 Prevent set_max_open_files from allocating too many files · 21f90371
      Vicențiu Ciorbaru authored
      If the rlimit.rlim_cur value returned by getrlimit is not the
      RLIM_INFINITY magic constant, but a *very* large number, we can allocate
      too many open files. Restrict set_max_open_files to only return at most
      max_file_limit, as passed via its parameter.
      21f90371
  17. 23 Jan, 2019 6 commits
    • Eugene Kosov's avatar
      MDEV-16658 Memory leak in mysqltest on connect failure · ad220b96
      Eugene Kosov authored
      Close connection handler on connection failure. This fixes 14 failing tests in
      main suite under clang+ASAN build.
      
      ASAN report for main.connect looks like this:
      =================================================================
      ==25495==ERROR: LeakSanitizer: detected memory leaks
      
      Direct leak of 146280 byte(s) in 115 object(s) allocated from:
          #0 0x4fba47 in calloc /fun/cpp_projects/llvm_toolchain/llvm/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:138
          #1 0x5a7a02 in mysql_init /work/mariadb/libmariadb/libmariadb/mariadb_lib.c:977:26
          #2 0x570a7a in do_connect(st_command*) /work/mariadb/client/mysqltest.cc:6096:26
          #3 0x584c39 in main /work/mariadb/client/mysqltest.cc:9321:9
          #4 0x7fd15514db96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310
      
      Indirect leak of 7065600 byte(s) in 115 object(s) allocated from:
          #0 0x4fb80f in __interceptor_malloc /fun/cpp_projects/llvm_toolchain/llvm/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:129
          #1 0x637a83 in my_context_init /work/mariadb/libmariadb/libmariadb/ma_context.c:367:23
          #2 0x59fd16 in mysql_optionsv /work/mariadb/libmariadb/libmariadb/mariadb_lib.c:2738:9
          #3 0x5bc1d4 in mysql_options /work/mariadb/libmariadb/libmariadb/mariadb_lib.c:3242:10
          #4 0x570b94 in do_connect(st_command*) /work/mariadb/client/mysqltest.cc:6103:7
          #5 0x584c39 in main /work/mariadb/client/mysqltest.cc:9321:9
          #6 0x7fd15514db96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310
      
      Indirect leak of 940240 byte(s) in 115 object(s) allocated from:
          #0 0x4fb80f in __interceptor_malloc /fun/cpp_projects/llvm_toolchain/llvm/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:129
          #1 0x64386e in ma_init_dynamic_array /work/mariadb/libmariadb/libmariadb/ma_array.c:49:31
          #2 0x649ead in _hash_init /work/mariadb/libmariadb/libmariadb/ma_hash.c:52:7
          #3 0x5a3080 in mysql_optionsv /work/mariadb/libmariadb/libmariadb/mariadb_lib.c:2938:13
          #4 0x5bc20c in mysql_options4 /work/mariadb/libmariadb/libmariadb/mariadb_lib.c:3248:10
          #5 0x56f63b in connect_n_handle_errors(st_command*, st_mysql*, char const*, char const*, char const*, char const*, int, char const*) /work/mariadb/client/mysqltest.cc:5874:3
          #6 0x57146b in do_connect(st_command*) /work/mariadb/client/mysqltest.cc:6193:7
          #7 0x584c39 in main /work/mariadb/client/mysqltest.cc:9321:9
          #8 0x7fd15514db96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310
      ...
      
      Closes #809
      ad220b96
    • Sergei Golubchik's avatar
      MDEV-18059 `support-files/mysql.server.sh stop` must run as root · 94955928
      Sergei Golubchik authored
      don't run `su - mysql` is $USER is already mysql
      94955928
    • Sergei Golubchik's avatar
      a8da66f8
    • Sreeharsha Ramanavarapu's avatar
      Bug #28499924: INCORRECT BEHAVIOR WITH UNION IN SUBQUERY · b20d94da
      Sreeharsha Ramanavarapu authored
      Issue:
      ------
      When a subquery contains UNION the count of the number of
      subquery columns is calculated incorrectly. Only the first
      query block in the subquery's UNION is considered and an
      array indexing goes out-of-bounds, and this is caught by an
      assert.
      
      Solution:
      ---------
      Sum up the columns from all query blocks of the query
      expression.
      
      Change specific to 5.6/5.5:
      ---------------------------
      The "child" points to the last query block of the UNION
      (as opposed to 5.7+ where it points to the first member of
      UNION). So "child->master_unit()->first_select()" is used
      to reach the first query block of UNION.
      b20d94da
    • Aditya A's avatar
      Bug #28178776 COMPARISON OF UNINITAILIZED MEMORY IN LOG_IN_USE · 6de2928d
      Aditya A authored
      PROBLEM
      -------
      Memory sanitizer reports uninitialized comparisons
      in log_in_use(), because strings are compared with
      memcmp() instead of strncmp.
      
      FIX
      ---
      Use strncmp() to compare strings
      6de2928d
    • Marko Mäkelä's avatar
      MDEV-18349 InnoDB file size changes are not safe when file system crashes · 942a6bd0
      Marko Mäkelä authored
      fil_extend_space_to_desired_size(): Invoke fsync() after posix_fallocate()
      in order to durably extend the file in a crash-safe file system.
      942a6bd0
  18. 21 Jan, 2019 3 commits
  19. 19 Jan, 2019 1 commit
  20. 16 Jan, 2019 3 commits