1. 30 Nov, 2011 1 commit
    • Tor Didriksen's avatar
      Bug#11761576 54082: HANDLE_SEGFAULT MAKES USE OF UNSAFE FUNCTIONS · 8c3181b6
      Tor Didriksen authored
      handle_segfault is the signal handler code of mysqld.  however, it makes
      calls to potentially unsafe functions localtime_r, fprintf, fflush.
      
      
      
      include/my_stacktrace.h:
        Add safe versions of itoa() write() and snprintf().
      libmysqld/CMakeLists.txt:
        Move signal handler to separate file.
      mysys/stacktrace.c:
        Remove unsafe function calls.
      sql/CMakeLists.txt:
        Move signal handler to separate file.
      sql/Makefile.am:
        Move signal handler to separate file.
      sql/mysqld.cc:
        Move signal handler to separate file.
      sql/signal_handler.cc:
        Remove unsafe function calls.
      8c3181b6
  2. 29 Nov, 2011 2 commits
    • Tor Didriksen's avatar
      Build broken for gcc 4.5.1 in optimized mode. · 4775084b
      Tor Didriksen authored
      readline.cc: In function char* batch_readline(LINE_BUFFER*):
      readline.cc:60:9: error: out_length may be used uninitialized in this function
      log.cc: In function int find_uniq_filename(char*):
      log.cc:1857:8: error: number may be used uninitialized in this function
      4775084b
    • Nirbhay Choubey's avatar
      Bug#11756764 48726: MYSQLD KEEPS CRASHING WITH SIGSEGV · 11b2a2fe
      Nirbhay Choubey authored
                          WITH MYISAM_USE_MMAP ENABLED
      
      MySQL server can crash due to segmentation fault when
      started with myisam_use_mmap.
      
      The reason behind this being, while making a request to
      unmap (munmap) the previously mapped memory (mmap), the
      size passed was 7 bytes larger than the size requested at
      the time of mapping. This can eventually unmap the adjacent
      memory mapped block, belonging to some other memory-map pool.
      Hence the subsequent call to mmap can map a region which was
      still a valid memory mapped area.
      
      Fixed by removing the extra 7-byte margin which was erroneously
      added to the size, used for unmappping.
      
      
      storage/myisam/mi_close.c:
        Bug#11756764 48726: MYSQLD KEEPS CRASHING WITH SIGSEGV
                            WITH MYISAM_USE_MMAP ENABLED
        
        Added a condition to call _mi_unmap_file() in case
        of compressed records. mi_munmap_file() is called
        otherwise.
      storage/myisam/mi_packrec.c:
        Bug#11756764 48726: MYSQLD KEEPS CRASHING WITH SIGSEGV
                            WITH MYISAM_USE_MMAP ENABLED
        
        mi_dynmap_file() function, after successfully executing
        mmap, stores the total size in info->s->mapped_length
        variable. Now, if mi_dynmap_file() is invoked with a size
        with an extra 7-byte margin (MEMMAP_EXTRA_MARGIN),
        the margin will eventually also get stored in mapped_length.
        So, un-mapping function can simply use the value stored in
        mapped_length in order to unmap the previously mapped
        region.
      11b2a2fe
  3. 23 Nov, 2011 1 commit
    • Ashish Agarwal's avatar
      BUG#11751793 - 42784: ARCHIVE TABLES CAUSE 100% CPU USAGE · cb660cc3
      Ashish Agarwal authored
                            AND HANG IN SHOW TABLE STATUS.
      
      ISSUE: Table corruption due to concurrent queries.
             Different threads running insert and check
             query leads to table corruption. Not properly locked,
             rows are inserted in between check query.
      
      SOLUTION: In check query mutex lock is acquired
                for a longer time to handle concurrent
                insert and check query.
      
      NOTE: Additionally we backported the fix for CHECKSUM
            issue(bug#11758979).
      cb660cc3
  4. 22 Nov, 2011 1 commit
  5. 18 Nov, 2011 2 commits
  6. 16 Nov, 2011 1 commit
  7. 10 Nov, 2011 2 commits
    • Marko Mäkelä's avatar
      Bug #12842206 INNODB LOCKING REGRESSION FOR INSERT IGNORE: Add a test case. · 0d0924e3
      Marko Mäkelä authored
      The bug was accidentally fixed by fixing
      Bug#11759688 52020: InnoDB can still deadlock on just INSERT...ON DUPLICATE KEY
      a.k.a. the reintroduction of
      Bug#7975 deadlock without any locking, simple select and update
      0d0924e3
    • Marko Mäkelä's avatar
      Bug#11759688 52020: InnoDB can still deadlock on just INSERT...ON DUPLICATE KEY · 87593f55
      Marko Mäkelä authored
      a.k.a. Bug#7975 deadlock without any locking, simple select and update
      
      Bug#7975 was reintroduced when the storage engine API was made
      pluggable in MySQL 5.1. Instead of looking at thd->lex directly, we
      rely on handler::extra(). But, we were looking at the wrong extra()
      flag, and we were ignoring the TRX_DUP_REPLACE flag in places where we
      should obey it.
      
      innodb_replace.test: Add tests for hopefully all affected statement
      types, so that bug should never ever resurface. This kind of tests
      should have been added when fixing Bug#7975 in MySQL 5.0.3 in the
      first place.
      
      rb:806 approved by Sunny Bains
      87593f55
  8. 08 Nov, 2011 1 commit
    • Marko Mäkelä's avatar
      Bug#13358468 ASSERTION FAILURE IN BTR_PCUR_GET_BLOCK · c75c8ce8
      Marko Mäkelä authored
      btr_pcur_restore_position_func(): When the cursor was positioned at
      the tree infimum or supremum, initialize pos_state and latch_mode. The
      assertion failed, because pos_state was BTR_PCUR_WAS_POSITIONED.  In
      the test failure of WL#5874, the purge thread attempted to restore the
      cursor position on the infimum record (the clustered index was empty).
      
      btr_pcur_detach(), btr_pcur_is_detached(): Unused functions, remove.
      
      rb:804 approved by Inaam Rana
      c75c8ce8
  9. 07 Nov, 2011 1 commit
  10. 01 Nov, 2011 1 commit
  11. 31 Oct, 2011 1 commit
  12. 29 Oct, 2011 1 commit
  13. 28 Oct, 2011 1 commit
  14. 27 Oct, 2011 1 commit
    • Marko Mäkelä's avatar
      Bug #12884631 62146: TABLES ARE LOST FOR DDL · 212eb9dc
      Marko Mäkelä authored
      row_rename_table_for_mysql(): Return DB_ERROR instead of DB_SUCCESS
      when fil_rename_tablespace() returns an error. This bug was introduced
      in the InnoDB Plugin.
      
      Approved by Sunny Bains over IM.
      212eb9dc
  15. 26 Oct, 2011 5 commits
  16. 25 Oct, 2011 3 commits
    • Marko Mäkelä's avatar
      Fix results after Bug#12661768 fix. · 396dd10a
      Marko Mäkelä authored
      396dd10a
    • Marko Mäkelä's avatar
      Bug#13002783 PARTIALLY UNINITIALIZED CASCADE UPDATE VECTOR · 6c645b7e
      Marko Mäkelä authored
      In the ON UPDATE CASCADE clause of FOREIGN KEY constraints, the
      calculated update vector was not fully initialized. This bug was
      introduced in the InnoDB Plugin when implementing support for
      ROW_FORMAT=DYNAMIC.
      
      Additionally, the data type information was not initialized, but
      apparently it has never been needed in this case.  Nevertheless, it is
      not good programming practice to pass uninitialized values around.
      
      calc_row_difference(): Declare the update field uninitialized in
      Valgrind. Copy the data type information as well, except when the
      field is SQL NULL. In the built-in InnoDB, initialize
      ufield->extern_storage = FALSE (an initialization bug that had gone
      unnoticed this far). The InnoDB Plugin and later have this flag to
      dfield_t and have always initialized it properly.
      
      row_ins_cascade_calc_update_vec(): Reduce the scope of some
      pointers. Initialize orig_len. (This caused the bug in InnoDB Plugin
      and later.)
      
      row_ins_foreign_check_on_constraint(): Simplify a condition. Declare
      the update vector uninitialized.
      
      rb:771 approved by Jimmy Yang
      6c645b7e
    • Vasil Dimov's avatar
      Fix Bug#12661768 UPDATE IGNORE CRASHES SERVER IF TABLE IS INNODB AND IT IS · ab6d44a5
      Vasil Dimov authored
      PARENT FOR OTHER ONE
      
      Do not try to lookup key_nr'th key in 'table' because there may not be such
      a key there. key_nr is the number of the key in the _child_ table name, not
      in the parent table.
      
      Instead just print the fields of the record that are covered by the first key
      defined on the parent table.
      
      This bug gets a better fix in MySQL 5.6, which is too risky for 5.1 and 5.5.
      
      Approved by:	Jon Olav Hauglid (via IM)
      ab6d44a5
  17. 24 Oct, 2011 2 commits
  18. 21 Oct, 2011 3 commits
  19. 20 Oct, 2011 2 commits
    • Alexander Nozdrin's avatar
    • Sergey Vojtovich's avatar
      BUG#11757032 - 49030: OPTIMIZE TABLE BREAKS MYISAM TABLE WHEN · 2c1bcb80
      Sergey Vojtovich authored
                     USING MYISAM_USE_MMAP ON WINDOWS
      
      When OPTIMIZE/REPAIR TABLE is switching to new data file,
      old data file is removed while memory mapping is still
      active.
      
      With 5.1 implementation of nt_share_delete() it is not
      permitted to remove mmaped file.
      
      This fix disables memory mapping for mi_repair() operations.
      
      mysql-test/r/myisam.result:
        A test case for BUG#11757032.
      mysql-test/t/myisam.test:
        A test case for BUG#11757032.
      storage/myisam/ha_myisam.cc:
        mi_repair*() functions family use file I/O even if memory
        mapping is available.
        
        Since mixing mmap I/O and file I/O may cause various artifacts,
        memory mapping must be disabled.
      storage/myisam/mi_delete_all.c:
        Clean-up: do not attempt to remap file after truncate, since
        there is nothing to map.
      2c1bcb80
  20. 19 Oct, 2011 2 commits
  21. 18 Oct, 2011 1 commit
  22. 14 Oct, 2011 2 commits
    • Tor Didriksen's avatar
      merge 5.0-security => 5.1 security · 5e725bb3
      Tor Didriksen authored
      5e725bb3
    • Tor Didriksen's avatar
      Bug#12563865 ROUNDED,TMP_BUF,DECIMAL_VALUE STACK CORRUPTION IN ALL VERSIONS >=5.0 · d23912da
      Tor Didriksen authored
      Buffer over-run on all platforms, crash on windows, wrong result on other platforms,
      when rounding numbers which start with 999999999 and have
      precision = 9 or 18 or 27 or 36 ...
      
      
      mysql-test/r/type_newdecimal.result:
        New test cases.
      mysql-test/t/type_newdecimal.test:
        New test cases.
      sql/my_decimal.h:
        Add sanity checking code, to catch buffer over/under-run.
      strings/decimal.c:
        The original initialization of intg1 (add 1 if buf[0] == DIG_MAX)
        will set p1 to point outside the buffer, and the loop to copy the original value
            while (buf0 < p0)
              *(--p1) = *(--p0);
        will overwrite memory outside the my_decimal object.
      d23912da
  23. 13 Oct, 2011 1 commit
  24. 12 Oct, 2011 2 commits