1. 08 Mar, 2021 1 commit
    • Nayuta Yanagisawa's avatar
      MDEV-24868 Server crashes in optimize_schema_tables_memory_usage after select... · 75f781f0
      Nayuta Yanagisawa authored
      MDEV-24868 Server crashes in optimize_schema_tables_memory_usage after select from information_schema.innodb_sys_columns
      
      optimize_schema_tables_memory_usage() crashed when its argument included
      TABLE struct that was not fully initialized.
      
      To prevent such a crash, we check if a table is an information schema table at
      the beginning of each iteration.
      
      Closes #1768
      75f781f0
  2. 05 Mar, 2021 3 commits
  3. 04 Mar, 2021 5 commits
    • Marko Mäkelä's avatar
      fixup 58b56f14: Remove dead code · 7759991a
      Marko Mäkelä authored
      row_prebuilt_t::m_no_prefetch: Remove (it was always false).
      row_prebuilt_t::m_read_virtual_key: Remove (it was always false).
      
      Only ha_innopart ever set these fields.
      7759991a
    • Marko Mäkelä's avatar
      MDEV-25051 Race condition between persistent statistics and RENAME TABLE or TRUNCATE · 978e48c9
      Marko Mäkelä authored
      innobase_rename_table(): Invoke dict_stats_wait_bg_to_stop_using_table()
      to ensure that dict_stats_update() cannot be accessing the table name
      that we will be modifying. If we are executing RENAME rather than TRUNCATE,
      reset the flag at the end so that persistent statistics can be calculated
      again.
      
      The race condition was encountered with ASAN and rr.
      Sorry, there is no test case, like there is for nothing related to
      dict_stats_wait_bg_to_stop_using_table(). The entire code is an ugly
      work-around for the failure of dict_stats_process_entry_from_recalc_pool()
      to acquire MDL.
      
      Note: It appears that an ALTER TABLE that is not rebuilding the table
      will fail to reset the flag that blocks the processing of statistics.
      978e48c9
    • Vicențiu Ciorbaru's avatar
      Merge branch '10.2' into 10.3 · e9b8b76f
      Vicențiu Ciorbaru authored
      e9b8b76f
    • Vicențiu Ciorbaru's avatar
      MDEV-25032: Window functions without column references get removed from ORDER BY · 5da6ffe2
      Vicențiu Ciorbaru authored
      row_number() over () window function can be used without any column in the OVER
      clause. Additionally, the item doesn't reference any tables, as it's not
      effectively referencing any table. Rather it is specifically built based
      on the end temporary table used for window function computation.
      
      This caused remove_const function to wrongly drop it from the ORDER
      list. Effectively, we shouldn't be dropping any window function from the
      ORDER clause, so adjust remove_const to account for that.
      
      Reviewed by: Sergei Petrunia sergey@mariadb.com
      5da6ffe2
    • Igor Babaev's avatar
      MDEV-22786 Crashes with nested table value constructors · 08d8bce5
      Igor Babaev authored
      The bug caused crashes of the server when processing queries with nested
      table value constructors (TVC) . It happened because the grammar rules to
      parse TVC used the same global lists for both nested TVC and nesting TVC.
      As a result invalid select trees were constructed for queries with nested
      TVC and this led to crashes at the prepare stage.
      This patch provides its own lists structures for each TVC nest level.
      
      Besides the patch fixes a bug in the function wrap_tvc() that missed
      inheritance of the SELECT_LEX::exclude_from_table_unique_test for
      selects that wrapped TVCs. This inheritance is critical for specifications
      of derived tables that employ nested TVCs.
      
      Approved by dmitry.shulga@mariadb.com
      08d8bce5
  4. 03 Mar, 2021 4 commits
  5. 02 Mar, 2021 2 commits
    • Monty's avatar
      MDEV-24532 Table corruption ER_NO_SUCH_TABLE_IN_ENGINE .. on table with foreign key · 676987c4
      Monty authored
      When doing a truncate on an Innodb under lock tables, InnoDB would rename
      the old table to #sql-... and recreate a new 't1' table. The table lock
      would still be on the #sql-table.
      
      When doing ALTER TABLE, Innodb would do the changes on the #sql table
      (which would disappear on close).
      When the SQL layer, as part of inline alter table, would close the
      original t1 table (#sql in InnoDB) and then reopen the t1 table, Innodb
      would notice that this does not match it's own (old) t1 table and
      generate an error.
      
      Fixed by adding code in truncate table that if we are under lock tables
      and truncating an InnoDB table, we would close, reopen and lock the
      table after truncate. This will remove the #sql table and ensure that
      lock tables is using the new empty table.
      
      Reviewer: Marko Mäkelä
      676987c4
    • Dmitry Shulga's avatar
      MDEV-25006: Failed assertion on executing EXPLAIN DELETE statement as a prepared statement · fc774316
      Dmitry Shulga authored
      Attempt to execute EXPLAIN statement on multi-table DELETE statement
      leads to firing firing of the assertion
        DBUG_ASSERT(! is_set());
      in the method Diagnostics_area::set_eof_status.
      
      For example, above mentioned assertion failure happens
      in case any of the following statements
        EXPLAIN DELETE FROM t1.* USING t1
        EXPLAIN DELETE b FROM t1 AS a JOIN t1 AS b
      are executed in prepared statement mode provided the table t1
      does exist.
      
      This assertion is hit by the reason that a status of
      Diagnostics_area is set twice. The first time it is set from
      the function do_select() when the method multi_delete::send_eof()
      called. The second time it is set when the method
      Explain_query::send_explain() calls the method select_send::send_eof
      (this method invokes the method Diagnostics_area::set_eof_status that
      finally hits assertion)
      
      The second invocation for a setter method of the class Diagnostics_area
      is correct and run to send a response containing explain data.
      
      But first invocation of a setter method of the class Diagnostics_area
      is wrong since the function do_select() shouldn't be called at all
      for handling of the EXPLAIN statement.
      
      The reason by that the function do_select() is called during handling of
      the EXPLAIN statement is that the flag SELECT_DESCRIBE not set in the
      data member JOIN::select_options. The flag SELECT_DESCRIBE
      if is copied from values select_lex->options.
      
      During parsing of EXPLAIN statement this flag is set but latter reset
      from the function reinit_stmt_before_use() that is called on
      execution of prepared statement.
        void reinit_stmt_before_use(THD *thd, LEX *lex)
        {
          ...
          for (; sl; sl= sl->next_select_in_list())
          {
            if (sl->changed_elements & TOUCHED_SEL_COND)
            {
              /* remove option which was put by mysql_explain_union() */
              sl->options&= ~SELECT_DESCRIBE;
            ...
            }
         ...
        }
      
      So, to fix the issue the flag SELECT_DESCRIBE is set forcibly at the
      mysql_select() function in case thd->lex->describe set,
      that is in case EXPLAIN being executed.
      fc774316
  6. 01 Mar, 2021 8 commits
    • Igor Babaev's avatar
      MDEV-24919 Crash with subselect formed by table value constructor and · 0f81ca6a
      Igor Babaev authored
                 used in set function
      
      If a subselect is formed by a table value constructor (TVC) then the
      following transformation is applied at the prepare stage:
        VALUES (v1), ... (vn) => SELECT * FROM (VALUES (v1), ... (vn)) tvc_x.
      The transformation is performed by the function wrap_tvc() that resets
      THD::LEX::current select to the top level select of the result of the
      transformation. After the call of wrap_tvc() in the function
      Item_subselect::wrap_tvc_into_select() the field THD::LEX::current must be
      reset to the same select as before the call. It was not done. As a result
      if the subselect formed by a TVC was an argument of a set function then
      an assertion was hit in the function Item_sum::check_sum_func().
      
      Approved by Oleksandr Byelkin <sanja@mariadb.com>
      0f81ca6a
    • Monty's avatar
      Fixed typo in comment · c25e6f91
      Monty authored
      c25e6f91
    • Monty's avatar
      Fixed unit test to not 'bail out' if some tests are not compiled. · 3f15d3ba
      Monty authored
      Before the changes two things could happen:
      - "path required name explain_filename path" error
      - unit test never finishead (as it tried to execute just /bin/sh as
        a test case)
      3f15d3ba
    • Monty's avatar
      MDEV-24958 Server crashes in my_strtod ... with DEFAULT(blob) · 41540957
      Monty authored
      Fixes also:
      MDEV-24942 Server crashes in _ma_rec_pack... with DEFAULT() on BLOB
      
      This was caused by two different bugs, both related to that the default
      value for the blob was not calculated before it was used:
      - There where now Item_default_value::..result() wrappers, which is
        needed as item in HAVING uses these.  This causes crashes when
        using a reference to a DEFAULT(blob_field) in HAVING. It also
        caused wrong results when used with other fields with default value
        expressions that are not constants.
      - create_tmp_field() did not take into account that blob fields with
        default expressions are not yet initialized. Fixed by treating
        Item_default_value(blob) like a normal item expression.
      41540957
    • Monty's avatar
      MDEV-24710 Uninitialized value upon CREATE .. SELECT ... VALUE... · 6983ce70
      Monty authored
      The failure happened for group by queries when all tables where marked as
      'const tables' (tables with 0-1 matching rows) and no row matched the
      where clause and there was in addition a direct reference to a field.
      
      In this case the field would not be properly reset and the query would
      return 'random data' that happended to be in table->record[0].
      
      Fixed by marking all const tables as null tables in this particular case.
      
      Sergei also provided an extra test case for the code.
      
      @reviewer Sergei Petrunia <psergey@askmonty.org>
      6983ce70
    • Monty's avatar
      Fixed printing of wring filname "maria_open" in maria.maria-recovery2.test · 43a0a813
      Monty authored
      eprintf() was missing a va_start(), which caused wrong filename to be
      printed when printing recovery trace.
      
      Added also missing new line when printing "Table is crashed" to trace file
      43a0a813
    • Alexey Botchkov's avatar
      MDEV-24965 With ALTER USER ...IDENTIFIED BY command, password doesn't replaced... · a18b39e3
      Alexey Botchkov authored
      MDEV-24965 With ALTER USER ...IDENTIFIED BY command, password doesn't replaced by asterisks in audit log.
      
      Test result fixed.
      a18b39e3
    • Sergei Golubchik's avatar
      mtr --gdb: fix for --rr and for a warning · dd9e5827
      Sergei Golubchik authored
      use _RR_TRACE_DIR=dir instead of -o dir, as the former can store
      multiple traces in dir (if, e.g., the test restarts mysqld)
      
      suppress uninitialized warning when $exe is undefined (--manual-XXX)
      dd9e5827
  7. 26 Feb, 2021 1 commit
  8. 25 Feb, 2021 7 commits
    • Monty's avatar
      MENT-1098 Crash during update on 10.4.17 after upgrade from 10.4.10 · 1d80e8e4
      Monty authored
      The reason for the crash was that there was not a write lock to
      protect against file rotations in the server_audit plugin after an
      audit plugin patch to changed audit mutexes to read & write locks.
      
      The fixes are:
      * Moving server_audit.c to use read & write locks (which improves
        performance).
      * Added functionality in file_logger.c to not do file rotations until
        it is allowed by the caller (done without any interface changes for
        the logging service).
      * Move checking of file size limit to server_audit.c and if it is time to
        do a rotation change the read lock to a write lock and tell file_logger
        that it is now allowed to rotate the log files.
      1d80e8e4
    • Marko Mäkelä's avatar
      Merge 10.2 into 10.3 · 4473d174
      Marko Mäkelä authored
      4473d174
    • Dmitry Shulga's avatar
      MDEV-24860: Incorrect behaviour of SET STATEMENT in case it is executed as a prepared statement · 259e5243
      Dmitry Shulga authored
      Running statements with SET STATEMENT FOR clause is handled incorrectly in
      case the whole statement is executed in prepared statement mode.
      For example, running of the following statement
        SET STATEMENT sql_mode = 'NO_ENGINE_SUBSTITUTION' FOR CREATE TABLE t1 AS SELECT CONCAT('abc') AS c1;
      results in different definition of the table t1 depending on whether
      the statement is executed as a prepared or as a regular statement.
      
      In first case the column c1 is defined as
        `c1` varchar(3) DEFAULT NULL
      in the last case the column c1 is defined as
        `c1` varchar(3) NOT NULL
      
      Different definition for the column c1 arise due to the fact that
      a value of the data memeber Item_func_concat::maybe_null depends on
      whether strict mode is on or off. Below is definition of the method
      fix_fields() of the class Item_str_func that is base class for the
      class Item_func_concat that is created on parsing the
      SET STATEMENT FOR clause.
      
      bool Item_str_func::fix_fields(THD *thd, Item **ref)
      {
        bool res= Item_func::fix_fields(thd, ref);
        /*
          In Item_str_func::check_well_formed_result() we may set null_value
          flag on the same condition as in test() below.
        */
        maybe_null= maybe_null || thd->is_strict_mode();
        return res;
      }
      
      Although the clause SET STATEMENT sql_mode = 'NO_ENGINE_SUBSTITUTION' FOR
      is parsed on PREPARE phase during processing of the prepared statement,
      real setting of the sql_mode system variable is done on EXECUTION phase.
      On the other hand, the method Item_str_func::fix_fields is called on PREPARE
      phase. In result, thd->is_strict_mode() returns true during calling the method
      Item_str_func::fix_fields(), the data member maybe_null is assigned the value
      true and column c1 is defined as DEFAULT NULL.
      
      To fix the issue the system variables listed in the SET STATEMENT FOR clause
      are set at the beginning of handling the PREPARE phase just right before
      calling  the function check_prepared_statement() and their original values
      restored immediate after return from this function.
      
      Additionally, to avoid code duplication the source code used in the function
      mysql_execute_command for setting variables, specified by SET STATEMENT
      clause, were extracted to the standalone functions
      run_set_statement_if_requested(). This new function is called from
      the function  mysql_execute_command() and the method
      Prepared_statement::prepare().
      259e5243
    • Varun Gupta's avatar
      0a95c922
    • Daniel Black's avatar
      mysys: lf_hash - fix l_search size_t keylen · 48b5f8a5
      Daniel Black authored
      Correcting an incorrect merge from 10.2
      48b5f8a5
    • Daniel Black's avatar
      3e2afcb3
    • Daniel Black's avatar
      MDEV-24728: Debian include client caching_sha2_password plugin · 577c970c
      Daniel Black authored
      Backport of 4bc31a90
      
      Include client libraries for auth caching_sha2_password and
      sha256_password in the libmariadb3 client library package.
      577c970c
  9. 24 Feb, 2021 2 commits
    • Daniel Black's avatar
      MDEV-23510: arm64 lf_hash alignment of pointers · 1635686b
      Daniel Black authored
      volatile != atomic.
      
      volatile has no memory barrier schemantics, its for mmaped IO
      so lets allow some optimizer gains and stop pretending it helps
      with memory atomicity.
      
      The MDEV lists a SEGV an assumption is made that an address was
      partially read. As C packs structs strictly in order and on arm64 the
      cache line size is 128 bits. A pointer (link - 64 bits), followed
      by a hashnr (uint32 - 32 bits), leaves the following key (uchar *
      64 bits), neither naturally aligned to any pointer and worse, split
      across a cache line which is the processors view of an atomic
      reservation of memory.
      
      lf_dynarray_lvalue is assumed to return a 64 bit aligned address.
      
      As a solution move the 32bit hashnr to the end so we don't get the
      *key pointer split across two cache lines.
      
      Tested by: Krunal Bauskar
      Reviewer: Marko Mäkelä
      1635686b
    • Igor Babaev's avatar
      MDEV-24910 Crash with SELECT that uses table value constructor as a subselect · bf6484e7
      Igor Babaev authored
      This bug caused crashes of the server when processing queries with table
      value constructors (TVC) that contained subqueries and were used itself as
      subselects. For such TVCs the following transformation is applied at the
      prepare stage:
        VALUES (v1), ... (vn) => SELECT * FROM (VALUES (v1), ... (vn)) tvc_x.
      This transformation allows to reduce the problem of evaluation of TVCs used
      as subselects to the problem of evaluation of regular subselects.
      The transformation is implemented in the wrap_tvc(). The code the function
      to mimic the behaviour of the parser when processing the result of the
      transformation. However this imitation was not free of some flaws. First
      the function called the method exclude() that completely destroyed the
      select tree structures below the transformed TVC. Second the function
      used the procedure mysql_new_select to create st_select_lex nodes for
      both wrapping select of the transformation and TVC. This also led to
      constructing of invalid select tree structures.
      The patch actually re-engineers the code of wrap_tvc().
      
      Approved by Oleksandr Byelkin <sanja@mariadb.com>
      bf6484e7
  10. 23 Feb, 2021 4 commits
  11. 22 Feb, 2021 3 commits
    • Monty's avatar
      MDEV-24929 Server crash in thr_multi_unlock or in get_schema_tables_result · 640f4231
      Monty authored
      This was caused by two different bugs:
      1) Information_schema tables where not locked by lock_tables, but
         get_lock_data() was not filtering these out. This caused a crash when
         mysql_unlock_some_tables() tried to unlock tables early, including
         not locked information schema tables.
      
      Fixed by not locking SYSTEM_TMP_TABLES
      
      2) In some cases the optimizer will notice that we do not need to read
         the information_schema tables at all. In this case
         join_tab->read_record is not set, which caused a crash in
         get_schema_tables_result()
      
      Fixed by ignoring const tables in get_schema_tables_result()
      640f4231
    • Sergei Golubchik's avatar
      Merge branch '10.2' into 10.3 · 0ab1e391
      Sergei Golubchik authored
      0ab1e391
    • Sergei Golubchik's avatar
      ca126d96