1. 30 Aug, 2022 3 commits
    • Marko Mäkelä's avatar
      MDEV-13888: innodb_fts.innodb_fts_plugin failed · 57739ae9
      Marko Mäkelä authored
      Add ORDER BY to make the test deterministic.
      
      Add FLUSH TABLES to avoid crash recovery warnings about the table
      mysql.plugin. This tends to occur on Valgrind, where the server
      shutdown could presumably time out, resulting in a forced kill.
      57739ae9
    • Marko Mäkelä's avatar
      MDEV-29409 Buffer overflow in my_wc_mb_filename() on RENAME TABLE · 422f3204
      Marko Mäkelä authored
      dict_table_rename_in_cache(), dict_table_get_highest_foreign_id():
      Reserve sufficient space for the fkid[] buffer, and ensure that the
      fkid[] will be NUL-terminated.
      
      The fkid[] must accommodate both the database name (which is already
      encoded in my_charset_filename) and the constraint name
      (which must be converted to my_charset_filename) so that we can check
      if it is in the format databasename/tablename_ibfk_1 (all encoded in
      my_charset_filename).
      422f3204
    • Marko Mäkelä's avatar
      MDEV-29258 Failing assertion for name length on RENAME TABLE · b2609038
      Marko Mäkelä authored
      trx_undo_page_report_rename(): Use the correct maximum length of
      a table name. Both the database name and the table name can be up to
      NAME_CHAR_LEN (64 characters) times 5 bytes per character in the
      my_charset_filename encoding. They are not encoded in UTF-8!
      
      fil_op_write_log(): Reserve the correct amount of log buffer for
      a rename operation. The file name will be appended by
      mlog_catenate_string().
      
      rename_file_ext(): Reserve a large enough buffer for the file names.
      b2609038
  2. 28 Aug, 2022 1 commit
  3. 25 Aug, 2022 3 commits
    • Igor Babaev's avatar
      MDEV-29350 Crash when IN predicand is used in eliminated GROUP BY clause · 94e3f02d
      Igor Babaev authored
      This bug affected some queries with an IN/ALL/ANY predicand or an EXISTS
      predicate whose subquery contained a GROUP BY clause that could be
      eliminated. If this clause used a IN/ALL/ANY predicand whose left operand
      was a single-value subquery then execution of the query caused a crash of
      the server after invokation of remove_redundant_subquery_clauses().
      The crash was caused by an attempt to exclude the unit for the single-value
      subquery from the query tree for the second time by the function
      Item_subselect::eliminate_subselect_processor().
      
      This bug had been masked by the bug MDEV-28617 until a fix for the latter
      that properly excluded units was pushed into 10.3.
      
      Approved by Oleksandr Byelkin <sanja@mariadb.com>
      94e3f02d
    • Marko Mäkelä's avatar
      MDEV-29384 Hangs caused by innodb_adaptive_hash_index=ON · d1a80c42
      Marko Mäkelä authored
      buf_defer_drop_ahi(): Remove. Ever since
      commit c7f8cfc9 (MDEV-27700)
      it is safe to invoke btr_search_drop_page_hash_index(block, true)
      to remove an orphan adaptive hash index.
      
      Any attempt to upgrade page latches is prone to deadlocks. Recently,
      we observed a few hangs that involved nothing more than a small table
      consisting of one clustered index page, one secondary index page and
      some undo pages.
      d1a80c42
    • Sergei Golubchik's avatar
      update a global_suppressions() list · 2f6a7280
      Sergei Golubchik authored
      followup for "remove invalid options from warning messages"
      2f6a7280
  4. 24 Aug, 2022 4 commits
  5. 22 Aug, 2022 3 commits
    • Brandon Nesterenko's avatar
      MDEV-28294: set default role bypasses Replicate_Wild_Ignore_Table: mysql.% · 8963d64e
      Brandon Nesterenko authored
      Problem:
      ========
      When replicating SET DEFAULT ROLE, the pre-update check (i.e. that
      in set_var_default_role::check()) tries to validate the existence of
      the given rules/user even when the targeted tables are ignored. When
      previously issued CREATE USER/ROLE commands are ignored by the
      replica because of the replication filtering rules, this results in
      an error because the targeted data does not exist.
      
      Solution:
      ========
      Before checking that the given roles/user exist of a SET DEFAULT
      ROLE command, first ensure that the mysql.user and
      mysql.roles_mapping tables are not excluded by replication filters.
      
      Reviewed By:
      ============
      Andrei Elkin <andrei.elkin@mariadb.com>
      Sergei Golubchik <serg@mariadb.com>
      8963d64e
    • Thirunarayanan Balathandayuthapani's avatar
      MDEV-27700 ASAN: Heap_use_after_free in btr_search_drop_page_hash_index() · c7f8cfc9
      Thirunarayanan Balathandayuthapani authored
      Reason:
      =======
      Race condition between btr_search_drop_hash_index() and
      btr_search_lazy_free(). One thread does resizing of buffer pool
      and clears the ahi on all pages in the buffer pool, frees the
      index and table while removing the last reference. At the same time,
      other thread access index->heap in btr_search_drop_hash_index().
      
      Solution:
      =========
      Acquire the respective ahi latch before checking index->freed()
      
      btr_search_drop_page_hash_index(): Added new parameter to indicate
      that drop ahi entries only if the index is marked as freed
      
      btr_search_check_marked_free_index(): Acquire all ahi latches and
      return true if the index was freed
      c7f8cfc9
    • Marko Mäkelä's avatar
      MDEV-13013 fixup: Adjust a test · fd0cd480
      Marko Mäkelä authored
      fd0cd480
  6. 19 Aug, 2022 1 commit
    • Marko Mäkelä's avatar
      MDEV-29043 mariabackup --compress hangs · a1055ab3
      Marko Mäkelä authored
      Even though commit b817afaa passed
      the test mariabackup.compress_qpress, that test turned out to be
      too small to reveal one more problem that had previously been prevented
      by the existence of ctrl_mutex. I did not realize that there can be
      multiple concurrent callers to compress_write(). One of them is the
      log copying thread; further callers are data file copying threads
      (default: --parallel=1).
      
      By default, there is only one compression worker thread
      (--compress-threads=1).
      
      compress_write(): Fix a race condition between threads that would
      use the same worker thread object. Make thd->data_avail contain the
      thread identifier of the submitter, and add thd->avail_cond to
      notify other compress_write() threads that are waiting for a slot.
      a1055ab3
  7. 17 Aug, 2022 1 commit
  8. 16 Aug, 2022 1 commit
  9. 15 Aug, 2022 2 commits
  10. 11 Aug, 2022 1 commit
  11. 10 Aug, 2022 7 commits
  12. 09 Aug, 2022 3 commits
  13. 08 Aug, 2022 3 commits
  14. 04 Aug, 2022 2 commits
  15. 03 Aug, 2022 3 commits
    • Sergei Petrunia's avatar
      MDEV-23809: Server crash in JOIN_CACHE::free ...: part #2 · 37a3d446
      Sergei Petrunia authored
      Part #2: make sure we allocate space for two JOIN_TABs that
      use temporary tables.
      The dbug_join_tab_array_size is still set to catch cases where
      we try to access more JOIN_TAB object than we thought we would have.
      37a3d446
    • Sergei Petrunia's avatar
      MDEV-23809: Server crash in JOIN_CACHE::free or ... · 2cd98c95
      Sergei Petrunia authored
      The problem was caused by use of COLLATION(AVG('x')). This is an
      item whose value is a constant.
      Name Resolution code called convert_const_to_int() which removed AVG('x').
      However, the item representing COLLATION(...) still had with_sum_func=1.
      
      This inconsistent state confused the code that handles grouping and
      DISTINCT: JOIN::get_best_combination() decided to use one temporary
      table and allocated one JOIN_TAB for it, but then
      JOIN::make_aggr_tables_info() attempted to use two and made writes
      beyond the end of the JOIN::join_tab array.
      
      The fix:
      - Do not replace constant expressions which contain aggregate functions.
      - Add JOIN::dbug_join_tab_array_size to catch attempts to use more
        JOIN_TAB objects than we've allocated.
      2cd98c95
    • Thirunarayanan Balathandayuthapani's avatar
      MDEV-27282 InnoDB: Failing assertion: !query->intersection · f9ec9b6a
      Thirunarayanan Balathandayuthapani authored
      - query->intersection fails to get freed if the query exceeds
      innodb_ft_result_cache_limit
      
      - errors from init_ftfuncs were not propogated by delete command
      
      This is taken from percona/percona-server@ef2c0bcb9a34aeb06de0058d7c2a2969416b35a7
      f9ec9b6a
  16. 02 Aug, 2022 2 commits
    • Igor Babaev's avatar
      MDEV-28617 Crash with INSERT...SELECT using derived table in GROUP BY clause · c2300d06
      Igor Babaev authored
      This bug manifested itself for INSERT...SELECT and DELETE statements whose
      WHERE condition used an IN/ANY/ALL predicand or a EXISTS predicate with
      such grouping subquery that:
       - its GROUP BY clause could be eliminated,
       - the GROUP clause contained a subquery over a mergeable derived table
         referencing the updated table.
      
      The bug ultimately caused a server crash when the prepare phase of the
      statement processing was executed. This happened after removal redundant
      subqueries used in the eliminated GROUP BY clause from the statement tree.
      The function that excluded the subqueries from the did not do it properly.
      As a result the specification of any derived table contained in a removed
      subquery was not marked as excluded.
      
      Approved by Oleksandr Byelkin <sanja@mariadb.com>
      c2300d06
    • Sergei Golubchik's avatar
      MDEV-23097 heap-use-after-free in mysqlimport · 07a670b8
      Sergei Golubchik authored
      mysqlimport starts many worker threads. when one of the worker
      encounters an error, it frees global memory and calls exit().
      
      it suppresses memory leak detector, because, as the comment says
      "dirty exit, some threads are still running", indeed, it cannot
      free the memory from other threads.
      
      but precisely because some threads are still running, they
      might use this global memory, so it cannot be freed.
      
      fix: if we know that some threads are still running and accept
      that we cannot free all memory anyway, let's not free global
      allocations either
      07a670b8