1. 24 Jan, 2020 1 commit
    • Sujatha's avatar
      MDEV-21490: binlog tests fail with valgrind: Conditional jump or move depends... · 599a0609
      Sujatha authored
      MDEV-21490: binlog tests fail with valgrind: Conditional jump or move depends on uninitialised value in sql_ex_info::init
      
      Problem:
      =======
      P1) Conditional jump or move depends on uninitialised value(s)
          sql_ex_info::init(char const*, char const*, bool) (log_event.cc:3083)
      
      code: All the following variables are not initialized.
      ----
        return ((cached_new_format != -1) ? cached_new_format :
          (cached_new_format=(field_term_len > 1 || enclosed_len > 1 ||
          line_term_len > 1 || line_start_len > 1 || escaped_len > 1)));
      
      P2) Conditional jump or move depends on uninitialised value(s)
          Rows_log_event::Rows_log_event(char const*, unsigned
            int, Format_description_log_event const*) (log_event.cc:9571)
      
      Code: Uninitialized values is reported for 'var_header_len' variable.
      ----
        if (var_header_len < 2 || event_len < static_cast<unsigned
            int>(var_header_len + (post_start - buf)))
      
      P3) Conditional jump or move depends on uninitialised value(s)
          Table_map_log_event::pack_info(Protocol*) (log_event.cc:11553)
      
      code:'m_table_id' is uninitialized.
      ----
        void Table_map_log_event::pack_info(Protocol *protocol)
        ...
        size_t bytes= my_snprintf(buf, sizeof(buf), "table_id: %lu (%s.%s)",
                                    m_table_id, m_dbnam, m_tblnam);
      
      Fix:
      ===
      P1 - Fix)
      Initialize cached_new_format,field_term_len, enclosed_len, line_term_len,
      line_start_len, escaped_len members in default constructor.
      
      P2 - Fix)
      "var_header_len" is initialized by reading the event buffer. In case of an
      invalid event the buffer will contain invalid data. Hence added a check to
      validate the event data. If event_len is smaller than valid header length
      return immediately.
      
      P3 - Fix)
      'm_table_id' within Table_map_log_event is initialized by reading data from
      the event buffer. Use 'VALIDATE_BYTES_READ' macro to validate the current
      state of the buffer. If it is invalid return immediately.
      599a0609
  2. 21 Jan, 2020 1 commit
    • Julius Goryavsky's avatar
      MDEV-17601: MariaDB Galera does not expect 'mbstream' as streamfmt · 982294ac
      Julius Goryavsky authored
      Setting "streamfmt=mbstream" in the "[sst]" section causes SST to fail
      because the format automatically switches to 'tar' by default (insead
      of mbstream).
      
      To fix this, we need to add mbstream to the list of valid values for
      the format, making it synonymous with xbstream. This must be done both
      in the SST script and when parsing the options of the corresponding
      utilities.
      982294ac
  3. 20 Jan, 2020 1 commit
    • Julius Goryavsky's avatar
      MDEV-19457: sys_vars.wsrep_provider_basic failed in buildbot · 578b6ba0
      Julius Goryavsky authored
      If the initialization of the wsrep provider failed, in some
      cases the internal variable wrep_inited indicating that the
      initialization has already been completed is still set to
      "1", which then leads to confusion in the initialization
      status. To solve the problem, we should set this variable
      to "1" only if the wsrep provider initialization really
      completed successfully.
      
      An earlier issue has already been fixed for branch 10.4,
      and this patch contains a fix for earlier versions (where
      Galera 3.x is used).
      578b6ba0
  4. 19 Jan, 2020 6 commits
  5. 17 Jan, 2020 3 commits
  6. 16 Jan, 2020 3 commits
    • Vicențiu Ciorbaru's avatar
      MDEV-21210: main.uniques_crash-7912 tries to allocate 1TB of memory · 1bee9efc
      Vicențiu Ciorbaru authored
      Remove the offending test case. This sort of error is hard to test in
      all possible corner cases and thus makes the test less valuable. The
      overflow error will be covered by warnings generated by the compiler,
      which is much more reliable in the general case.
      1bee9efc
    • Vicențiu Ciorbaru's avatar
      Improve documentation of Unique class · 409aba3d
      Vicențiu Ciorbaru authored
      * size represents the size of an element in the Unique class
      * full_size is used when the Unique class counts the number of
      duplicates stored per element. This requires additional space per Unique
      element.
      409aba3d
    • Marko Mäkelä's avatar
      MDEV-21500 Server hang when using simulated AIO · bde7e0ba
      Marko Mäkelä authored
      The write-heavy test innodb_zip.wl6501_scale_1 timed out on
      10.2 60d7011c for me.
      Out of os_aio_n_segments=6, 5 are waiting for an event in
      os_aio_simulated_handler(). One thread is waiting for a
      write to complete in buf_dblwr_add_to_batch(), but that
      would never happen, because nothing is waking up the simulated AIO
      handler threads.
      
      This hang appears to have been introduced in MySQL 5.6.12
      in mysql/mysql-server@26cfde776cdf5ce61bd5cc494dfc1df28c76977f.
      bde7e0ba
  7. 15 Jan, 2020 2 commits
  8. 14 Jan, 2020 1 commit
    • Sergei Petrunia's avatar
      MDEV-21341: Fix UBSAN failures: Issue Six · 5e5ae51b
      Sergei Petrunia authored
      (Variant #2 of the patch, which keeps the sp_head object inside the
      MEM_ROOT that sp_head object owns)
      (10.3 requires extra work due to sp_package, will commit a separate
      patch for it)
      
      sp_head::operator new() and operator delete() were dereferencing sp_head*
      pointers to memory that didn't hold a valid sp_head object (it was
      not created/already destroyed).
      This caused UBSan to crash when looking up type information.
      
      Fixed by providing static sp_head::create() and sp_head::destroy() methods.
      5e5ae51b
  9. 13 Jan, 2020 1 commit
  10. 11 Jan, 2020 3 commits
    • Olivier Bertrand's avatar
      - Update grant tests for new MariaDB version 10.1.44 · 85f2217c
      Olivier Bertrand authored
        modified:   storage/connect/mysql-test/connect/disabled.def
        modified:   storage/connect/mysql-test/connect/r/grant.result
        modified:   storage/connect/mysql-test/connect/r/ini_grant.result
        modified:   storage/connect/mysql-test/connect/r/mysql_grant.result
        modified:   storage/connect/mysql-test/connect/r/xml2_grant.result
        modified:   storage/connect/mysql-test/connect/r/xml_grant.result
        modified:   storage/connect/mysql-test/connect/t/grant.inc
        modified:   storage/connect/mysql-test/connect/t/grant.test
        modified:   storage/connect/mysql-test/connect/t/grant2.test
        modified:   storage/connect/mysql-test/connect/t/ini_grant.test
        modified:   storage/connect/mysql-test/connect/t/mysql_grant.test
      85f2217c
    • Olivier Bertrand's avatar
      Merge with last MariaDB version · 54449161
      Olivier Bertrand authored
      54449161
    • Olivier Bertrand's avatar
      - Fix MDEV-21450 · 98f70fa2
      Olivier Bertrand authored
        Failed compile when XML table type is not supported.
        Was because XMLDEF was unconditionally called from REST table.
        modified:   storage/connect/tabrest.cpp
      98f70fa2
  11. 09 Jan, 2020 1 commit
  12. 07 Jan, 2020 10 commits
    • Sujatha's avatar
      MDEV-18046: Assortment of crashes, assertion failures and ASAN errors in mysql_show_binlog_events · cb204e11
      Sujatha authored
      Problem:
      ========
      SHOW BINLOG EVENTS FROM <pos> reports following ASAN error.
      
      AddressSanitizer: heap-buffer-overflow on address
      READ of size 1 at 0x60e00009cf71 thread T28
      #0 0x55e37e034ae2 in net_field_length
      
      Fix:
      ===
      **Part10: Avoid reading out of buffer**
      cb204e11
    • Sujatha's avatar
      MDEV-18046: Assortment of crashes, assertion failures and ASAN errors in mysql_show_binlog_events · d05c511d
      Sujatha authored
      Problem:
      ========
      SHOW BINLOG EVENTS FROM <pos> reports following assert when ASAN is enabled.
      
      Query_log_event::Query_log_event(const char*, uint,
          const Format_description_log_event*, Log_event_type):
        Assertion `(pos) + (6) <= (end)' failed
      
      Fix:
      ===
      **Part9: Removed additional DBUG_ASSERT**
      d05c511d
    • Sujatha's avatar
      MDEV-18046: Assortment of crashes, assertion failures and ASAN errors in mysql_show_binlog_events · bac33533
      Sujatha authored
      Problem:
      ========
      SHOW BINLOG EVENTS FROM <pos> reports following ASAN error
      
      AddressSanitizer: SEGV on unknown address
      The signal is caused by a READ memory access.
      User_var_log_event::User_var_log_event(char const*, unsigned int,
          Format_description_log_event const*)
      
      Implemented part of upstream patch.
      commit: mysql/mysql-server@a3a497ccf7ecacc900551fb1e47ea4078b45c351
      
      Fix:
      ===
      **Part8: added checks to avoid reading out of buffer limits**
      bac33533
    • Sujatha's avatar
      MDEV-18046: Assortment of crashes, assertion failures and ASAN errors in mysql_show_binlog_events · 2187f1c2
      Sujatha authored
      Problem:
      ========
      SHOW BINLOG EVENTS FROM <pos> reports following ASAN error
      "heap-buffer-overflow on address" and some times it asserts.
      
      Table_map_log_event::Table_map_log_event(const char*, uint,
          const Format_description_log_event*)
      Assertion `m_field_metadata_size <= (m_colcnt * 2)' failed.
      
      Fix:
      ===
      **Part7: Avoid reading out of buffer**
      
      
      Converted debug assert to error handler code.
      2187f1c2
    • Sujatha's avatar
      MDEV-18046: Assortment of crashes, assertion failures and ASAN errors in mysql_show_binlog_events · d6fa69e4
      Sujatha authored
      Problem:
      ========
      SHOW BINLOG EVENTS FROM <pos> reports following ASAN error
      
      AddressSanitizer: heap-buffer-overflow on address 0x60400002acb8
      Load_log_event::copy_log_event(char const*, unsigned long, int,
          Format_description_log_event const*)
      
      Fix:
      ===
      **Part6: Moved the event_len validation to the begin of copy_log_event function**
      d6fa69e4
    • Sujatha's avatar
      MDEV-18046: Assortment of crashes, assertion failures and ASAN errors in mysql_show_binlog_events · 15781283
      Sujatha authored
      Problem:
      ========
      SHOW BINLOG EVENTS FROM <pos> reports following ASAN error
      
      AddressSanitizer: heap-buffer-overflow on address
      String::append(char const*, unsigned int)
      Query_log_event::pack_info(Protocol*)
      
      Fix:
      ===
      **Part5: Added check to catch buffer overflow**
      15781283
    • Sujatha's avatar
      MDEV-18046: Assortment of crashes, assertion failures and ASAN errors in mysql_show_binlog_events · a42ef108
      Sujatha authored
      Problem:
      ========
      SHOW BINLOG EVENTS FROM <pos> reports following ASAN error
      
      heap-buffer-overflow within "my_strndup" in Rotate_log_event
      
      my_strndup /mysys/my_malloc.c:254
      Rotate_log_event::Rotate_log_event(char const*, unsigned int,
          Format_description_log_event const*)
      
      Fix:
      ===
      **Part4: Improved the check for event_len validation**
      a42ef108
    • Sujatha's avatar
      MDEV-18046: Assortment of crashes, assertion failures and ASAN errors in mysql_show_binlog_events · 5a54e84e
      Sujatha authored
      Problem:
      ========
      SHOW BINLOG EVENTS FROM <pos> reports following crash when ASAN is enabled.
      
      SEGV on unknown address
      in inline_mysql_mutex_destroy
      in my_bitmap_free
      in Update_rows_log_event::~Update_rows_log_event()
      
      Fix:
      ===
      **Part3: Initialize m_cols_ai.bitmap to NULL**
      5a54e84e
    • Sujatha's avatar
      MDEV-18046: Assortment of crashes, assertion failures and ASAN errors in mysql_show_binlog_events · 913f405d
      Sujatha authored
      Problem:
      ========
      SHOW BINLOG EVENTS FROM <pos> reports following assert when ASAN is enabled.
      
      Rows_log_event::Rows_log_event(const char*, uint,
          const Format_description_log_event*):
      Assertion `var_header_len >= 2'
      
      Implemented part of upstream patch.
      commit: mysql/mysql-server@a3a497ccf7ecacc900551fb1e47ea4078b45c351
      
      Fix:
      ===
      **Part2: Avoid reading out of buffer limits**
      913f405d
    • Sujatha's avatar
      MDEV-18046: Assortment of crashes, assertion failures and ASAN errors in mysql_show_binlog_events · a6dd827a
      Sujatha authored
      Problem:
      ========
      SHOW BINLOG EVENTS FROM <pos> causes a variety of failures, some of which are
      listed below. It is not a race condition issue, but there is some
      non-determinism in it.
      
      Analysis:
      ========
      "show binlog events from <pos>" code considers the user given position as a
      valid event start position. The code starts reading data from this event start
      position onwards and tries to map it to a set of known events. Each event has
      a specific event structure and asserts have been added to ensure that read
      event data satisfies the event specific requirements. When a random position
      is supplied to "show binlog events command" the event structure specific
      checks will fail and they result in assert.
      
      Fix:
      ====
      The fix is split into different parts. Each part addresses either an ASAN
      issue or an assert/crash.
      
      **Part1: Checksum based position validation when checksum is enabled**
      
      
      Using checksum validate the very first event read at the user specified
      position. If there is a checksum mismatch report an appropriate error for the
      invalid event.
      a6dd827a
  13. 03 Jan, 2020 3 commits
  14. 02 Jan, 2020 1 commit
  15. 26 Dec, 2019 1 commit
    • Varun Gupta's avatar
      MDEV-19680:: Assertion `!table || (!table->read_set ||... · 359d91aa
      Varun Gupta authored
      MDEV-19680:: Assertion `!table || (!table->read_set || bitmap_is_set(table->read_set, field_index) || (!(ptr >= table->record[0] && ptr < table->record[0] + table->s->reclength)))' or alike failed upon SELECT with mix of functions from simple view
      
      Set read_set bitmap for view from the JOIN::all_fields list instead of JOIN::fields_list
      as split_sum_func would have added items to the all_fields list.
      359d91aa
  16. 23 Dec, 2019 1 commit
  17. 20 Dec, 2019 1 commit
    • Sergei Golubchik's avatar
      fix a bad merge · aade6e53
      Sergei Golubchik authored
      in 10.1+ one should use
      
      MY_CHECK_AND_SET_COMPILER_FLAG("-Wno-address-of-packed-member")
      
      and it's already done in storage/tokudb/PerconaFT/CMakeLists.txt
      aade6e53