1. 25 May, 2010 1 commit
  2. 11 May, 2010 1 commit
    • Martin Hansson's avatar
      Bug#48157: crash in Item_field::used_tables · 27ac666f
      Martin Hansson authored
            
      MySQL handles the join syntax "JOIN ... USING( field1,
      ... )" and natural joins by building the same parse tree as
      a corresponding join with an "ON t1.field1 = t2.field1 ..."
      expression would produce. This parse tree was not cleaned up
      properly in the following scenario. If a thread tries to
      lock some tables and finds that the tables were dropped and
      re-created while waiting for the lock, it cleans up column
      references in the statement by means a per-statement free
      list. But if the statement was part of a stored procedure,
      column references on the stored procedure's free list
      weren't cleaned up and thus contained pointers to freed
      objects.
            
      Fixed by adding a call to clean up the current prepared
      statement's free list.
      
      This is a backport from MySQL 5.1
      27ac666f
  3. 06 May, 2010 1 commit
    • Martin Hansson's avatar
      Bug#52357: Assertion failed: join->best_read in · 4e75f7c0
      Martin Hansson authored
      greedy_search optimizer_search_depth=0
      
      The algorithm inside restore_prev_nj_state failed to
      properly update the counters within the NESTED_JOIN
      tree. The counter was decremented each time a table in the
      node was removed from the QEP, the correct thing to do being
      only to decrement it when the last table in the child node
      was removed from the plan. This lead to node counters
      getting negative values and the plan thus appeared
      impossible. An assertion caught this.
      
      Fixed by not recursing up the tree unless the last table in
      the join nest node is removed from the plan
      4e75f7c0
  4. 03 May, 2010 1 commit
  5. 29 Apr, 2010 2 commits
    • Davi Arnaut's avatar
      Bug#50974: Server keeps receiving big (> max_allowed_packet) packets indefinitely. · 14ccbeb4
      Davi Arnaut authored
      The server could be tricked to read packets indefinitely if it
      received a packet larger than the maximum size of one packet.
      This problem is aggravated by the fact that it can be triggered
      before authentication.
      
      The solution is to no skip big packets for non-authenticated
      sessions. If a big packet is sent before a session is authen-
      ticated, a error is returned and the connection is closed.
      14ccbeb4
    • Ramil Kalimullin's avatar
      Fix for bug #53237: mysql_list_fields/COM_FIELD_LIST stack smashing · 933e5ca5
      Ramil Kalimullin authored
      Problem: "COM_FIELD_LIST is an old command of the MySQL server, before there was real move to only
      SQL. Seems that the data sent to COM_FIELD_LIST( mysql_list_fields() function) is not
      checked for sanity. By sending long data for the table a buffer is overflown, which can
      be used deliberately to include code that harms".
      
      Fix: check incoming data length.
      933e5ca5
  6. 26 Apr, 2010 1 commit
    • Alexey Kopytov's avatar
      Backport of the fix for bug #50335 to 5.0. · 1a1fd04d
      Alexey Kopytov authored
      The problem was in an incorrect debug assertion. The expression
      used in the failing assertion states that when finding
      references matching ORDER BY expressions, there can be only one
      reference to a single table. But that does not make any sense,
      all test cases for this bug are valid examples with multiple
      identical WHERE expressions referencing the same table which
      are also present in the ORDER BY list.
      
      Fixed by removing the failing assertion. We also have to take
      care of the 'found' counter so that we count multiple
      references only once. We rely on this fact later in
      eq_ref_table().
      1a1fd04d
  7. 06 Apr, 2010 2 commits
  8. 30 Mar, 2010 1 commit
  9. 26 Mar, 2010 1 commit
  10. 24 Mar, 2010 1 commit
    • Sergey Glukhov's avatar
      Bug#48483 crash in get_best_combination() · 658cf9e4
      Sergey Glukhov authored
      The crash happens because greedy_serach
      can not determine best plan due to
      wrong inner table dependences. These
      dependences affects join table sorting
      which performs before greedy_search starting.
      In our case table which has real 'no dependences'
      should be put on top of the list but it does not
      happen as inner tables have no dependences as well.
      The fix is to exclude RAND_TABLE_BIT mask from
      condition which checks if table dependences
      should be updated.
      658cf9e4
  11. 10 Mar, 2010 4 commits
  12. 08 Mar, 2010 1 commit
    • Georgi Kodinov's avatar
      Backport of the fix for bug #51357 to 5.0-bugteam.: · 63605817
      Georgi Kodinov authored
      Spatial indexes were not checking for out-of-record condition in
      the handler next command when the previous command didn't found
      rows.
      
      Fixed by making the rtree index to check for end of rows condition
      before re-using the key from the previous search.
      
      Fixed another crash if the tree has changed since the last search.
      Added a test case for the other error.
      63605817
  13. 04 Mar, 2010 2 commits
  14. 02 Mar, 2010 2 commits
  15. 01 Mar, 2010 1 commit
  16. 26 Feb, 2010 1 commit
  17. 25 Feb, 2010 2 commits
  18. 20 Feb, 2010 1 commit
  19. 19 Feb, 2010 1 commit
    • Tatiana A. Nurnberg's avatar
      Bug#49487: crash with explain extended and group_concat in a derived table · 3678457d
      Tatiana A. Nurnberg authored
      When EXPLAIN EXTENDED tries to print column names, it checks whether the
      referenced table is CONST (in which case, the column's value rather than
      its name will be printed). If no proper table is reference (i.e. because
      a derived table was used that has since gone out of scope), this will fail
      spectacularly.
      
      This ports an equivalent of the fix for Bug 43354.
      3678457d
  20. 12 Feb, 2010 1 commit
  21. 08 Feb, 2010 1 commit
  22. 04 Feb, 2010 1 commit
  23. 03 Feb, 2010 10 commits
    • MySQL Build Team's avatar
      Backport into build-201002030816-5.0.87sp1 · d3c17518
      MySQL Build Team authored
      > ------------------------------------------------------------
      > revno: 2840 [merge]
      > revision-id: ramil@mysql.com-20100113101142-pda4phrsyh1rjp85
      > parent: joerg@mysql.com-20100112114118-zfpofgcu0j49j839
      > parent: ramil@mysql.com-20100113052045-een35iazzk8023w2
      > committer: Ramil Kalimullin <ramil@mysql.com>
      > branch nick: mysql-5.0-bugteam
      > timestamp: Wed 2010-01-13 14:11:42 +0400
      > message:
      >   Auto-merge.
      > ------------------------------------------------------------
      > Use --include-merges or -n0 to see merged revisions.
      d3c17518
    • MySQL Build Team's avatar
      Backport into build-201002030816-5.0.87sp1 · cab2b496
      MySQL Build Team authored
      > ------------------------------------------------------------
      > revno: 2818.1.48
      > revision-id: joro@sun.com-20091210092838-zbz9ugqay1tn7rxm
      > parent: joro@sun.com-20091207143856-ojmmqr0bm1haxvca
      > committer: Georgi Kodinov <joro@sun.com>
      > branch nick: B49250-5.0-bugteaam
      > timestamp: Thu 2009-12-10 11:28:38 +0200
      > message:
      >   Bug #49250 : spatial btree index corruption and crash
      >   
      >   SPATIAL and FULLTEXT indexes don't support algorithm
      >   selection. 
      >   Disabled by creating a special grammar rule for these
      >   in the parser.
      >   Added some encasulation of duplicate parser code.
      cab2b496
    • MySQL Build Team's avatar
      Backport into build-201002030816-5.0.87sp1 · 7da5dc14
      MySQL Build Team authored
      > ------------------------------------------------------------
      > revno: 2818.1.41 [merge]
      > revision-id: epotemkin@mysql.com-20091203132153-k8xwk3nh02n8npg4
      > parent: epotemkin@mysql.com-20091202134712-4muwnr152xqkcwm7
      > parent: epotemkin@mysql.com-20091203131520-93uiop1a81o9z8mb
      > committer: Evgeny Potemkin <epotemkin@mysql.com>
      > branch nick: mysql-5.0-bugteam
      > timestamp: Thu 2009-12-03 16:21:53 +0300
      > message:
      >   Auto-merged.
      > ------------------------------------------------------------
      > Use --include-merges or -n0 to see merged revisions.
      7da5dc14
    • MySQL Build Team's avatar
      Backport into build-201002030816-5.0.87sp1 · cb6780d2
      MySQL Build Team authored
      > ------------------------------------------------------------
      > revno: 2818.1.40 [merge]
      > revision-id: epotemkin@mysql.com-20091202134712-4muwnr152xqkcwm7
      > parent: gshchepa@mysql.com-20091201102444-yw166t3audrojo9s
      > parent: epotemkin@mysql.com-20091201182845-aw0uawt6c6gwi98c
      > committer: Evgeny Potemkin <epotemkin@mysql.com>
      > branch nick: mysql-5.0-bugteam
      > timestamp: Wed 2009-12-02 16:47:12 +0300
      > message:
      >   Auto-merged fix for the bug#48508.
      > ------------------------------------------------------------
      > Use --include-merges or -n0 to see merged revisions.
      cb6780d2
    • MySQL Build Team's avatar
      Backport into build-201002030816-5.0.87sp1 · 5c04b437
      MySQL Build Team authored
      > ------------------------------------------------------------
      > revno: 2818.1.39
      > revision-id: gshchepa@mysql.com-20091201102444-yw166t3audrojo9s
      > parent: joro@sun.com-20091127160731-6h2fahbh4409i841
      > committer: Gleb Shchepa <gshchepa@mysql.com>
      > branch nick: mysql-5.0-bugteam
      > timestamp: Tue 2009-12-01 14:24:44 +0400
      > message:
      >   Bug #38883 (reopened): thd_security_context is not thread safe, crashes?
      >   
      >   The bug 38816 changed the lock that protects THD::query from
      >   LOCK_thread_count to LOCK_thd_data, but didn't update the associated
      >   InnoDB functions.
      >   
      >   1. The innobase_mysql_prepare_print_arbitrary_thd and the
      >   innobase_mysql_end_print_arbitrary_thd InnoDB functions have been
      >   removed, since now we have a per-thread mutex: now we don't need to wrap
      >   several inter-thread access tries to THD::query with a single global
      >   LOCK_thread_count lock, so we can simplify the code.
      >   
      >   2. The innobase_mysql_print_thd function has been modified to lock
      >   LOCK_thd_data in direct way.
      5c04b437
    • MySQL Build Team's avatar
      Backport into build-201002030816-5.0.87sp1 · 18332268
      MySQL Build Team authored
      > ------------------------------------------------------------
      > revno: 2818.1.38
      > revision-id: joro@sun.com-20091127160731-6h2fahbh4409i841
      > parent: joro@sun.com-20091127143622-bqfsmhhr2pqodsm2
      > committer: Georgi Kodinov <joro@sun.com>
      > branch nick: fix-5.0-bugteam
      > timestamp: Fri 2009-11-27 18:07:31 +0200
      > message:
      >   Addendum to bug #48872: disable output in the test case because errors are 
      >   dependent on the case mode
      18332268
    • MySQL Build Team's avatar
      Backport into build-201002030816-5.0.87sp1 · d3ecc66c
      MySQL Build Team authored
      > ------------------------------------------------------------
      > revno: 2818.1.35
      > revision-id: joro@sun.com-20091127095944-autr58itccge4z9l
      > parent: satya.bn@sun.com-20091125095925-871384fcnwwa2yqt
      > committer: Georgi Kodinov <joro@sun.com>
      > branch nick: B48872-5.0-bugteam
      > timestamp: Fri 2009-11-27 11:59:44 +0200
      > message:
      >   Bug #48872 : Privileges for stored functions ignored if function name
      >     is mixed case
      >   
      >   Transcode the procedure name to lowercase when searching for it in the 
      >   hash. This is the missing part of the fix for bug #41049.
      d3ecc66c
    • MySQL Build Team's avatar
      Backport into build-201002030816-5.0.87sp1 · f5feec0d
      MySQL Build Team authored
      > ------------------------------------------------------------
      > revno: 2818.1.29
      > revision-id: joro@sun.com-20091118152410-j4tv22vf9xkb6sdz
      > parent: kent.boortz@sun.com-20091117164924-rscth12t9a2qog1b
      > committer: Georgi Kodinov <joro@sun.com>
      > branch nick: test-5.0-bugteam
      > timestamp: Wed 2009-11-18 17:24:10 +0200
      > message:
      >   Bug#48864: MySQL fails to compile on 64 bit Fedora 12
      >   
      >   Fixed 2 errors in comp_err executable : 
      >   1. Wrong (off by 1) length passed to my_checksum()
      >   2. strmov() was used on overlapping strings. This is
      >    not legal according to the docs in stpcpy(). Used 
      >   the overlap safe memmove() instead.
      f5feec0d
    • MySQL Build Team's avatar
      Backport into build-201002030816-5.0.87sp1 · 90582e5e
      MySQL Build Team authored
      > ------------------------------------------------------------
      > revno: 2818.1.26
      > revision-id: joro@sun.com-20091109140946-07wao5od7l1vn4x1
      > parent: joro@sun.com-20091110082141-ldr8p6s1joczve2j
      > committer: Georgi Kodinov <joro@sun.com>
      > branch nick: B48458-5.0-bugteam
      > timestamp: Mon 2009-11-09 16:09:46 +0200
      > message:
      >   Bug #48458: simple query tries to allocate enormous amount of
      >     memory
      >   
      >   The server was doing a bad class typecast causing setting of 
      >   wrong value for the maximum number of items in an internal
      >   structure used in equality propagation.
      >   Fixed by not doing the wrong typecast and asserting the type
      >   of the Item where it should be done.
      90582e5e
    • MySQL Build Team's avatar
      Backport into build-201002030816-5.0.87sp1 · 3ee3ee70
      MySQL Build Team authored
      > ------------------------------------------------------------
      > revno: 2818.1.19
      > revision-id: kostja@sun.com-20091103165854-7di545xruez8w207
      > parent: li-bing.song@sun.com-20091103090041-zj7nedx6ok5jgges
      > committer: Konstantin Osipov <kostja@sun.com>
      > branch nick: 5.0-41756
      > timestamp: Tue 2009-11-03 19:58:54 +0300
      > message:
      >   A fix and a test case for
      >   Bug#41756 "Strange error messages about locks from InnoDB".
      >   
      >   In JT_EQ_REF (join_read_key()) access method,
      >   don't try to unlock rows in the handler, unless certain that
      >   a) they were locked
      >   b) they are not used.
      >   
      >   Unlocking of rows is done by the logic of the nested join loop,
      >   and is unaware of the possible caching that the access method may
      >   have. This could lead to double unlocking, when a row
      >   was unlocked first after reading into the cache, and then
      >   when taken from cache, as well as to unlocking of rows which
      >   were actually used (but taken from cache).
      >   
      >   Delegate part of the unlocking logic to the access method,
      >   and in JT_EQ_REF count how many times a record was actually
      >   used in the join. Unlock it only if it's usage count is 0.
      >   
      >   Implemented review comments.
      3ee3ee70