1. 25 Aug, 2008 4 commits
    • Davi Arnaut's avatar
      Merge Bug#36579 into mysql-5.1-bugteam · 54a2d225
      Davi Arnaut authored
      54a2d225
    • Davi Arnaut's avatar
      Bug#36579 Dumping information about locks in use may lead to a server crash · c568f7ac
      Davi Arnaut authored
      Dumping information about locks in use by sending a SIGHUP signal
      to the server or by invoking the "mysqladmin debug" command may
      lead to a server crash in debug builds or to undefined behavior in
      production builds.
      
      The problem was that a mutex that protects a lock object (THR_LOCK)
      might have been destroyed before the lock object was actually removed
      from the list of locks in use, causing a race condition with other
      threads iterating over the list. The solution is to destroy the mutex
      only after removing lock object from the list.
      
      mysys/thr_lock.c:
        Destroy the mutex that protects the lock object only after removing
        the lock object from the list of locks in use.
      c568f7ac
    • Sergey Glukhov's avatar
      null merge · 2b305351
      Sergey Glukhov authored
      2b305351
    • Sergey Glukhov's avatar
      Bug#37428 Potential security issue with UDFs - linux shellcode execution. · 43847871
      Sergey Glukhov authored
      plugin_dir option backported from 5.1
      
      mysql-test/r/udf.result:
        result fix
      sql/mysql_priv.h:
        opt_plugin_dir and opt_plugin_dir_ptr declared.
      sql/mysqld.cc:
        'plugin_dir' option added
      sql/set_var.cc:
        'plugin_dir' option added.
      sql/sql_udf.cc:
        opt_plugin_dir added to the udf->dl path. Warn if it's not specified.
      sql/unireg.h:
        PLUGINDIR defined.
      43847871
  2. 23 Aug, 2008 1 commit
  3. 22 Aug, 2008 1 commit
    • Alexey Botchkov's avatar
      Bug#32167 another privilege bypass with DATA/INDEX DIRECTORY. · 69aa70b6
      Alexey Botchkov authored
                  
                  test_if_data_home_dir fixed to look into real path.
                  Checks added to mi_open for symlinks into data home directory.
      
      per-file messages:
              include/my_sys.h
                Bug#32167 another privilege bypass with DATA/INDEX DIRECTORY.
                
                my_is_symlink interface added
              include/myisam.h
                Bug#32167 another privilege bypass with DATA/INDEX DIRECTORY.
                
                myisam_test_invalid_symlink interface added
              myisam/mi_check.c
                Bug#32167 another privilege bypass with DATA/INDEX DIRECTORY.
                
                mi_open_datafile calls modified
              myisam/mi_open.c
                Bug#32167 another privilege bypass with DATA/INDEX DIRECTORY.
                
                code added to mi_open to check for symlinks into data home directory.
                mi_open_datafile now accepts 'original' file path to check if it's
                an allowed symlink.
              myisam/mi_static.c
                Bug#32167 another privilege bypass with DATA/INDEX DIRECTORY.
                
                myisam_test_invlaid_symlink defined
              myisam/myisamchk.c
                Bug#32167 another privilege bypass with DATA/INDEX DIRECTORY.
                
                mi_open_datafile call modified
              myisam/myisamdef.h
                Bug#32167 another privilege bypass with DATA/INDEX DIRECTORY.
                
                mi_open_datafile interface modified - 'real_path' parameter added
              mysql-test/r/symlink.test
                Bug#32167 another privilege bypass with DATA/INDEX DIRECTORY.
                
                error codes corrected as some patch now rejected pointing inside datahome
              mysql-test/r/symlink.result
                Bug#32167 another privilege bypass with DATA/INDEX DIRECTORY.
                
                error messages corrected in the result
              mysys/my_symlink.c
                Bug#32167 another privilege bypass with DATA/INDEX DIRECTORY.
                
                my_is_symlink() implementsd
                my_realpath() now returns the 'realpath' even if a file isn't a symlink
              sql/mysql_priv.h
                Bug#32167 another privilege bypass with DATA/INDEX DIRECTORY.
                
                test_if_data_home_dir interface
              sql/mysqld.cc
                Bug#32167 another privilege bypass with DATA/INDEX DIRECTORY.
                
                myisam_test_invalid_symlik set with the 'test_if_data_home_dir'
              sql/sql_parse.cc
                Bug#32167 another privilege bypass with DATA/INDEX DIRECTORY.
                
                error messages corrected
                test_if_data_home_dir code fixed
      69aa70b6
  4. 21 Aug, 2008 4 commits
    • Sergey Glukhov's avatar
      added replacement of 'CARDINALITY' column values · d03d5478
      Sergey Glukhov authored
      mysql-test/r/join.result:
        result fix
      d03d5478
    • Tatiana A. Nurnberg's avatar
      auto-merge · b6636b0c
      Tatiana A. Nurnberg authored
      b6636b0c
    • Tatiana A. Nurnberg's avatar
      Bug#35616: memory overrun on 64-bit linux on setting large values for keybuffer-size · 3cb7798e
      Tatiana A. Nurnberg authored
      add'l portability fixes
      
      mysys/safemalloc.c:
        Make the various print-functions happy:
        sf_malloc_(cur|max)_memory are size_t now, might as well use %u instead
        of %d. Ideally, we'd use %zu, but we can't rely on having that, so we'll
        use %lu instead. Likewise, we could cast to unsigned for our poor man's
        %p -- pointers are never negative, and neither is %x --, but since it
        was fixed to %p with seemingly no ill effects in 6.0 anyway, we'll back
        port that instead.
      3cb7798e
    • Tatiana A. Nurnberg's avatar
      Bug#35616: memory overrun on 64-bit linux on setting large values for keybuffer-size · f006888f
      Tatiana A. Nurnberg authored
      portability fixes / cleanup
      
      include/my_sys.h:
        declaration should certainly match definition!
      mysys/safemalloc.c:
        Make the various print-functions happy:
        sf_malloc_(cur|max)_memory are size_t now, might as well use %u instead
        of %d. Ideally, we'd use %zu, but we can't rely on having that, so we'll
        use %lu instead. Likewise, we could cast to unsigned for our poor man's
        %p -- pointers are never negative, and neither is %x --, but since it
        was fixed to %p with seemingly no ill effects in 6.0 anyway, we'll back
        port that instead.
      f006888f
  5. 20 Aug, 2008 16 commits
    • Timothy Smith's avatar
    • Timothy Smith's avatar
      Cherry-pick some changes from innodb-5.1-ss2545 snapshot. Includes fixes for · 98251bef
      Timothy Smith authored
      Bug#37531, Bug#36941, Bug#36941, Bug#36942, Bug#38185.
      
      Also include test case from Bug 34300 which was left out from earlier snapshot
      (5.1-ss2387).
      
      Also include fix for Bug #29507, "TRUNCATE shows to many rows effected", since
      the fix for Bug 37531 depends on it.
      98251bef
    • Mattias Jonsson's avatar
      merge · 3eb54b63
      Mattias Jonsson authored
      3eb54b63
    • Mattias Jonsson's avatar
      Backport of patch for Bug#34604 (from 6.0) · d2e143f3
      Mattias Jonsson authored
      post push fix for bug#20129, test failed due to non existing
      source files.
      
      mysql-test/Makefile.am:
        Bug#20129: ALTER TABLE ... REPAIR PARTITION ... complains that
        partition is corrupt
        
        Test parts.partition_repair_myisam failed because the corrupted
        pre fabricated files was not included in the dist-file.
      mysql-test/suite/parts/r/partition_special_innodb.result:
        Bug#34604: hander::ha_rnd_end(): Assertion inited==RND failed
        
        updated result file
      mysql-test/suite/parts/t/partition_special_innodb-master.opt:
        Bug#34604: hander::ha_rnd_end(): Assertion inited==RND failed
        
        Added parameter to speed up the test.
        Set to 2 seconds to be working on slow machines.
      mysql-test/suite/parts/t/partition_special_innodb.test:
        Bug#34604: hander::ha_rnd_end(): Assertion inited==RND failed
        
        Added test for verifying the bug (without the patch in
        ha_partition.cc, this crashes a debug compiled server)
      sql/ha_partition.cc:
        Bug#34604: hander::ha_rnd_end(): Assertion inited==RND failed
        
        In some cases error was not properly propagated through
        ha_partition::rnd_next.
        
        Will now return the error code from the partitions rnd_next and
        update m_part_spec.start_part and m_last_part properly.
        This makes the inited state to be correct.
      d2e143f3
    • Jonathan Perkin's avatar
      merge · 05c4872b
      Jonathan Perkin authored
      05c4872b
    • Jonathan Perkin's avatar
      Fix path to myisamchk for mysql-5.1 · b6de7b91
      Jonathan Perkin authored
      b6de7b91
    • Sergey Glukhov's avatar
      5.0-bugteam->5.1-bugteam merge · e67fd24e
      Sergey Glukhov authored
      e67fd24e
    • Jonathan Perkin's avatar
      bug#33300: use myisamchk to verify that mysql_install_db has · ab928e23
      Jonathan Perkin authored
      created at least some files and that they are correct.
      ab928e23
    • Sergey Glukhov's avatar
      Bug#38291 memory corruption and server crash with view/sp/function · 1b39f28f
      Sergey Glukhov authored
      Send_field.org_col_name has broken value on secondary execution.
      It happens when result field is created from the field which belongs to view
      due to forgotten assignment of some Send_field attributes. 
      The fix:
      set Send_field.org_col_name,org_table_name with correct value during Send_field intialization.
      
      mysql-test/r/metadata.result:
        result fix
        The result file was changed because now forgotten attributes are properly set.
      mysql-test/r/sp.result:
        test result
      mysql-test/t/sp.test:
        test case
      sql/item.cc:
        Send_field.org_col_name has broken value on secondary execution.
        It happens when result field is created from the field which belongs to view
        due to forgotten assignment of some Send_field attributes. 
        The fix:
        set Send_field.org_col_name,org_table_name with correct value during Send_field intialization.
      tests/mysql_client_test.c:
        test case fix
        The test was changed because now forgotten attributes are properly set.
      1b39f28f
    • Sergey Glukhov's avatar
      487ff7a4
    • Sergey Petrunia's avatar
    • Timothy Smith's avatar
      Cherry-pick one change from innodb-5.1-ss2485 snapshot. Fixes Bug#35602. · ff2dd134
      Timothy Smith authored
      Bug #35602 "Failed to read auto-increment value from storage engine" with
      Innodb
      
      The test for REPLACE was an error of ommission since it's classified as
      a simple INSERT. For REPLACE statements we don't acquire the special
      AUTOINC lock for AUTOINC_NEW_STYLE_LOCKING with this fix.
      ff2dd134
    • Sergey Petrunia's avatar
      Merge · a0636a15
      Sergey Petrunia authored
      a0636a15
    • Timothy Smith's avatar
      Cherry-pick some changes from innodb-5.1-ss2479 snapshot. Includes fixes for · f35cb179
      Timothy Smith authored
      Bug#36600 and Bug#36793:
      
      Bug #36600 SHOW STATUS takes a lot of CPU in buf_get_latched_pages_number
      
      Fix by removing the Innodb_buffer_pool_pages_latched variable from SHOW
      STATUS output in non-UNIV_DEBUG compilation.
      
      Bug #36793 rpl_innodb_bug28430 fails on Solaris
      
      This is a back port from branches/zip. This code has been tested on a
      big-endian machine too.
      f35cb179
    • Sergey Petrunia's avatar
      c59d5437
    • Timothy Smith's avatar
      Cherry-pick one part of innodb-5.1-ss2438 snapshot. · dc2f8d95
      Timothy Smith authored
      Bug #36278 Data_free in SHOW TABLE STATUS for InnoDB is in kilobytes
      
      Change the fix for Bug 32440 to show bytes instead of kilobytes in
      INFORMATION_SCHEMA.TABLES.DATA_FREE.
      dc2f8d95
  6. 19 Aug, 2008 12 commits
    • Sven Sandberg's avatar
      Bug#35807 - INSTALL PLUGIN replicates row-based, but not stmt-based · 6fa28d26
      Sven Sandberg authored
      INSTALL PLUGIN and UNINSTALL PLUGIN worked with statement-based and
      mixed-mode replication only, but not with row-based replication.
      
      There is no statement-based replication of these statements.
      But there was row-based replication of the inserts and deletes
      to and from the mysql.plugin table.
      
      The fix is to suppress binlogging during insert and delete to
      and from the mysql.plugin table.
      
      
      mysql-test/suite/rpl/r/rpl_plugin_load.result:
        new result file
      mysql-test/suite/rpl/t/rpl_plugin_load-master.opt:
        new opt file
      mysql-test/suite/rpl/t/rpl_plugin_load-slave.opt:
        new opt file
      mysql-test/suite/rpl/t/rpl_plugin_load.test:
        new test
      sql/sql_plugin.cc:
        Suppress binlogging during insert and delete to/from the
        mysql.plugin table.
      6fa28d26
    • Tatiana A. Nurnberg's avatar
      auto-merged · 5e28432c
      Tatiana A. Nurnberg authored
      5e28432c
    • Tatiana A. Nurnberg's avatar
      Bug#35616: memory overrun on 64-bit linux on setting large values for keybuffer-size · bd727441
      Tatiana A. Nurnberg authored
      We could allocate chunks larger than 4GB, but did our
      size-accounting in 32-bit values. This could lead to
      spurious warnings, inaccurate accounting, and, in
      theory, data loss.
        
      Affected: 64-bit platforms. Debug-build (with safemalloc).
      At least one buffer larger than 4GB. For potential data
      loss, a re-alloc on such a buffer would be necessary.
      
      
      mysys/my_static.c:
        Make memory-accounting 64-bit safe.
      mysys/my_static.h:
        Make memory-accounting 64-bit safe.
        Move in struct for better alignment when 64-bit.
      bd727441
    • Mattias Jonsson's avatar
      89328c8c
    • Sergey Petrunia's avatar
      Merge · 48713952
      Sergey Petrunia authored
      48713952
    • Georgi Kodinov's avatar
      Bug#36638: fixing a failing test case. · 470ac487
      Georgi Kodinov authored
      470ac487
    • Sergey Petrunia's avatar
      BUG#36135: void Diagnostics_area::set_eof_status(THD*): Assertion `! is_set()' failed. · 9427feac
      Sergey Petrunia authored
        - Before sending EOF, check if we've already sent an error.
      
      mysql-test/r/subselect3.result:
        BUG#36135: void Diagnostics_area::set_eof_status(THD*): Assertion `! is_set()' failed.
        - Testcase
      mysql-test/t/subselect3.test:
        BUG#36135: void Diagnostics_area::set_eof_status(THD*): Assertion `! is_set()' failed.
        - Testcase
      sql/sql_class.cc:
        BUG#36135: void Diagnostics_area::set_eof_status(THD*): Assertion `! is_set()' failed.
        - Before sending EOF, check if we've already sent an error.
      9427feac
    • Georgi Kodinov's avatar
      merged 5.0-bugteam to 5.1-bugteam · 9bfe9daa
      Georgi Kodinov authored
      9bfe9daa
    • Georgi Kodinov's avatar
      merged 5.0-main to 5.0-bugteam · 6fbbb39e
      Georgi Kodinov authored
      6fbbb39e
    • Georgi Kodinov's avatar
      Bug#38195: Incorrect handling of aggregate functions when loose index scan · 3a296beb
      Georgi Kodinov authored
      is used causes server crash.
        Revert the fix : unstable test case revealed by pushbuild
      3a296beb
    • Mattias Jonsson's avatar
      merge · bdefa12c
      Mattias Jonsson authored
      bdefa12c
    • Mattias Jonsson's avatar
      Post push fix for valgrind warning in ha_partition.cc · e1f74adb
      Mattias Jonsson authored
      Bug#35161
      Fixed memory leak when failing to open a partition.
      
      Bug#20129
      Added tests for verifying REPAIR PARTITION.
      
      mysql-test/std_data/parts/t1_will_crash#P#p1_first_1024.MYD:
        Bug#20129: ALTER TABLE ... REPAIR PARTITION ... not working
        
        (see mysql-test/suite/parts/t/partition_repair_myisam.test
        Created by:
        CREATE TABLE t1_will_crash (
          a VARCHAR(255),
          b INT,
          c LONGTEXT,
          PRIMARY KEY (a, b))ENGINE=MyISAM
        PARTITION BY HASH (b)
        PARTITIONS 7;
        INSERT INTO t1_will_crash VALUES ...
        and then
        head -c 1024 var/master-data/test/t1_will_crash#P#p1.MYD
        into this file.
      mysql-test/std_data/parts/t1_will_crash#P#p2.MYD:
        Bug#20129: ALTER TABLE ... REPAIR PARTITION ... not working
        
        (see mysql-test/suite/parts/t/partition_repair_myisam.test)
        copy of file right after _mi_mark_file_changed in mi_write
        was done.
      mysql-test/std_data/parts/t1_will_crash#P#p2.MYI:
        Bug#20129: ALTER TABLE ... REPAIR PARTITION ... not working
        
        (see mysql-test/suite/parts/t/partition_repair_myisam.test)
        copy of file right after _mi_mark_file_changed in mi_write
        was done.
      mysql-test/std_data/parts/t1_will_crash#P#p3.MYI:
        Bug#20129: ALTER TABLE ... REPAIR PARTITION ... not working
        
        (see mysql-test/suite/parts/t/partition_repair_myisam.test)
        copy of file right after *share->write_record was done.
      mysql-test/std_data/parts/t1_will_crash#P#p4.MYI:
        Bug#20129: ALTER TABLE ... REPAIR PARTITION ... not working
        
        (see mysql-test/suite/parts/t/partition_repair_myisam.test)
        copy of file right after flush_cached_blocks
      mysql-test/std_data/parts/t1_will_crash#P#p6.MYD:
        Bug#20129: ALTER TABLE ... REPAIR PARTITION ... not working
        
        (see mysql-test/suite/parts/t/partition_repair_myisam.test)
        copy of file right after _mi_write_part_record in
        write_dynamic_record returned for the first time.
      mysql-test/std_data/parts/t1_will_crash#P#p6_2.MYD:
        Bug#20129: ALTER TABLE ... REPAIR PARTITION ... not working
        
        (see mysql-test/suite/parts/t/partition_repair_myisam.test)
        copy of file right after _mi_write_part_record in
        write_dynamic_record returned for the second time.
      mysql-test/std_data/parts/t1_will_crash#P#p6_3.MYD:
        Bug#20129: ALTER TABLE ... REPAIR PARTITION ... not working
        
        (see mysql-test/suite/parts/t/partition_repair_myisam.test)
        copy of file right after _mi_write_part_record in
        write_dynamic_record returned for the third time.
        (data file fully updated).
      mysql-test/suite/parts/r/partition_recover_myisam.result:
        Bug#35161
        
        Renamed since it was a test of recover
        and to make repair free for use without
        --myisam-recover
      mysql-test/suite/parts/r/partition_repair_myisam.result:
        Bug#20129: ALTER TABLE ... REPAIR PARTITION ... not working
        
        New result file for testing CHECK/REPAIR of partitioned tables
      mysql-test/suite/parts/t/partition_recover_myisam-master.opt:
        Bug#35161
        
        Renamed since it was a test of recover
        and to make repair free for use without
        --myisam-recover
      mysql-test/suite/parts/t/partition_recover_myisam.test:
        Bug#35161
        
        Renamed since it was a test of recover
        and to make repair free for use without
        --myisam-recover
      mysql-test/suite/parts/t/partition_repair_myisam.test:
        Bug#20129: ALTER TABLE ... REPAIR PARTITION ... not working
        
        New test file for testing CHECK/REPAIR of partitioned tables
      sql/ha_partition.cc:
        Bug#35161
        
        Fix of memory leak when open of partition failed.
      e1f74adb
  7. 18 Aug, 2008 2 commits