1. 27 Aug, 2009 1 commit
    • Georgi Kodinov's avatar
      Bug #46749: Segfault in add_key_fields() with outer subquery level · a22c29d5
      Georgi Kodinov authored
        field references
      
      This error requires a combination of factors : 
      1. An "impossible where" in the outermost SELECT
      2. An aggregate in the outermost SELECT
      3. A correlated subquery with a WHERE clause that includes an outer 
      field reference as a top level WHERE sargable predicate
      
      When JOIN::optimize detects an "impossible WHERE" it will bail out
      without doing the rest of the work and initializations. It will not
      call make_join_statistics() as well.  And make_join_statistics fills 
      in various structures for each table referenced.
      When processing the result of the "impossible WHERE" the query must
      send a single row of data if there are aggregate functions in it.
      In this case the server marks all the aggregates as having received 
      no rows and calls the relevant Item::val_xxx() method on the SELECT
      list. However if this SELECT list happens to contain a correlated 
      subquery this subquery is evaluated in a normal evaluation mode.
      And if this correlated subquery has a reference to a field from the 
      outermost "impossible where" SELECT the add_key_fields will mistakenly
      consider the outer field reference as a "local" field reference when 
      looking for sargable predicates.
      But since the SELECT where the outer field reference refers to is not
      completely initialized due to the "impossible WHERE" in this level
      we'll get a NULL pointer reference.
      Fixed by making a better condition for discovering if a field is "local"
      to the SELECT level being processed. 
      It's not enough to look for OUTER_REF_TABLE_BIT in this case since 
      for outer references to constant tables the Item_field::used_tables() 
      will return 0 regardless of whether the field reference is from the 
      local SELECT or not.
      a22c29d5
  2. 31 Aug, 2009 1 commit
  3. 28 Aug, 2009 2 commits
    • Staale Smedseng's avatar
      Bug #43414 Parenthesis (and other) warnings compiling MySQL · 1ba25ae4
      Staale Smedseng authored
      with gcc 4.3.2
            
      This patch fixes a number of GCC warnings about variables used
      before initialized. A new macro UNINIT_VAR() is introduced for
      use in the variable declaration, and LINT_INIT() usage will be
      gradually deprecated. (A workaround is used for g++, pending a
      patch for a g++ bug.)
            
      GCC warnings for unused results (attribute warn_unused_result)
      for a number of system calls (present at least in later
      Ubuntus, where the usual void cast trick doesn't work) are
      also fixed.
      
      
      client/mysqlmanager-pwgen.c:
        A fix for warn_unused_result, adding fallback to use of
        srand()/rand() if /dev/random cannot be used. Also actually
        adds calls to rand() in the second branch so that it actually
        creates a random password.
      1ba25ae4
    • Alfranio Correia's avatar
  4. 27 Aug, 2009 2 commits
    • Alfranio Correia's avatar
      BUG#46861 Auto-closing of temporary tables broken by replicate-rewrite-db · ea06bbd2
      Alfranio Correia authored
      When a connection is dropped any remaining temporary table is also automatically
      dropped and the SQL statement of this operation is written to the binary log in
      order to drop such tables on the slave and keep the slave in sync. Specifically,
      the current code base creates the following type of statement:
      DROP /*!40005 TEMPORARY */ TABLE IF EXISTS `db`.`table`;
      
      Unfortunately, appending the database to the table name in this manner circumvents
      the replicate-rewrite-db option (and any options that check the current database).
      To solve the issue, we started writing the statement to the binary as follows:
      use `db`; DROP /*!40005 TEMPORARY */ TABLE IF EXISTS `table`;
      ea06bbd2
    • Sergey Glukhov's avatar
      Bug#46184 Crash, SELECT ... FROM derived table procedure analyze · 367c14b8
      Sergey Glukhov authored
      The crash happens because select_union object is used as result set
      for queries which have derived tables.
      select_union use temporary table as data storage and if
      fields count exceeds 10(count of values for procedure ANALYSE())
      then we get a crash on fill_record() function.
      
      
      mysql-test/r/analyse.result:
        test result
      mysql-test/r/subselect.result:
        result fix
      mysql-test/t/analyse.test:
        test case
      mysql-test/t/subselect.test:
        test fix
      sql/sql_yacc.yy:
        The crash happens because select_union object is used as result set
        for queries which have derived tables.
        select_union use temporary table as data storage and if
        fields count exceeds 10(count of values for procedure ANALYSE())
        then we get a crash on fill_record() function.
      367c14b8
  5. 24 Aug, 2009 2 commits
    • Georgi Kodinov's avatar
      Bug #37044: Read overflow in opt_range.cc found during "make test" · 7492d622
      Georgi Kodinov authored
      The code was using a special global buffer for the value of IS NULL ranges.
      This was not always long enough to be copied by a regular memcpy. As a 
      result read buffer overflows may occur.
      Fixed by setting the null byte to 1 and setting the rest of the field disk image
      to NULL with a bzero (instead of relying on the buffer and memcpy()).
      7492d622
    • Anurag Shekhar's avatar
      Bug #44723 Larger read_buffer_size values can cause performance · 11dd1d6d
      Anurag Shekhar authored
               decrease for INSERTs
      
      
      Bulk inserts (multiple row, CREATE ... SELECT, INSERT ... SELECT) into
      MyISAM tables were performed inefficiently. This was mainly affecting
      use cases where read_buffer_size was considerably large (>256K) and low
      number of rows was inserted (e.g. 30-100).
      
      The problem was that during I/O cache initialization (this happens
      before each bulk insert) allocated I/O buffer was unnecessarily
      initialized to '\0'.
      
      This was happening because of mess in flag values. MyISAM informs I/O
      cache to wait for free space (if out of disk space) by passing
      MY_WAIT_IF_FULL flag. Since MY_WAIT_IF_FULL and MY_ZEROFILL have the
      same values, memory allocator was initializing memory to '\0'.
      
      The performance gain provided with this patch may only be visible with
      non-debug binaries, since safemalloc always initializes allocated memory
      to 0xA5A5...
      
      mysys/mf_iocache.c:
        Remove MY_WAIT_IF_FULL from myflags before calling my_malloc
        to prevent conflict with MY_ZEROFILL.
      11dd1d6d
  6. 19 Aug, 2009 1 commit
  7. 21 Aug, 2009 3 commits
  8. 20 Aug, 2009 1 commit
    • Martin Hansson's avatar
      Bug#46616: Assertion `!table->auto_increment_field_not_null' on · e66fba53
      Martin Hansson authored
      view manipulations
            
      The bespoke flag was not properly reset after last call to 
      fill_record. Fixed by resetting in caller mysql_update.
      
      mysql-test/r/auto_increment.result:
        Bug#46616: Test result.
      mysql-test/t/auto_increment.test:
        Bug#46616: Test case.
      sql/sql_update.cc:
        Bug#46616: Fix.
      e66fba53
  9. 19 Aug, 2009 2 commits
    • Georgi Kodinov's avatar
      Bug #46019: ERROR 1356 When selecting from within another · 06655369
      Georgi Kodinov authored
      view that has Group By
            
      Table access rights checking function check_grant() assumed
      that no view is opened when it's called.
      This is not true with nested views where the inner view
      needs materialization. In this case the view is already 
      materialized when check_grant() is called for it.
      This caused check_grant() to not look for table level
      grants on the materialized view table.
      Fixed by checking if a view is already materialized and if 
      it is check table level grants using the original table name
      (not the ones of the materialized temp table).
      06655369
    • Georgi Kodinov's avatar
      40defb1d
  10. 17 Aug, 2009 1 commit
  11. 13 Aug, 2009 1 commit
    • Davi Arnaut's avatar
      Bug#46013: rpl_extraColmaster_myisam fails on pb2 · 050c36c7
      Davi Arnaut authored
      Bug#45243: crash on win in sql thread clear_tables_to_lock() -> free()
      Bug#45242: crash on win in mysql_close() -> free()
      Bug#45238: rpl_slave_skip, rpl_change_master failed (lost connection) for STOP SLAVE
      Bug#46030: rpl_truncate_3innodb causes server crash on windows
      Bug#46014: rpl_stm_reset_slave crashes the server sporadically in pb2
      
      When killing a user session on the server, it's necessary to
      interrupt (notify) the thread associated with the session that
      the connection is being killed so that the thread is woken up
      if waiting for I/O. On a few platforms (Mac, Windows and HP-UX)
      where the SIGNAL_WITH_VIO_CLOSE flag is defined, this interruption
      procedure is to asynchronously close the underlying socket of
      the connection.
      
      In order to enable this schema, each connection serving thread
      registers its VIO (I/O interface) so that other threads can
      access it and close the connection. But only the owner thread of
      the VIO might delete it as to guarantee that other threads won't
      see freed memory (the thread unregisters the VIO before deleting
      it). A side note: closing the socket introduces a harmless race
      that might cause a thread attempt to read from a closed socket,
      but this is deemed acceptable.
      
      The problem is that this infrastructure was meant to only be used
      by server threads, but the slave I/O thread was registering the
      VIO of a mysql handle (a client API structure that represents a
      connection to another server instance) as a active connection of
      the thread. But under some circumstances such as network failures,
      the client API might destroy the VIO associated with a handle at
      will, yet the VIO wouldn't be properly unregistered. This could
      lead to accesses to freed data if a thread attempted to kill a
      slave I/O thread whose connection was already broken.
      
      There was a attempt to work around this by checking whether
      the socket was being interrupted, but this hack didn't work as
      intended due to the aforementioned race -- attempting to read
      from the socket would yield a "bad file descriptor" error.
      
      The solution is to add a hook to the client API that is called
      from the client code before the VIO of a handle is deleted.
      This hook allows the slave I/O thread to detach the active vio
      so it does not point to freed memory.
      
      server-tools/instance-manager/mysql_connection.cc:
        Add stub method required for linking.
      sql-common/client.c:
        Invoke hook.
      sql/client_settings.h:
        Export hook.
      sql/slave.cc:
        Introduce hook that clears the active VIO before it is freed
        by the client API.
      050c36c7
  12. 12 Aug, 2009 1 commit
    • unknown's avatar
      BUG#45516 SQL thread does not use database charset properly · 0d821faf
      unknown authored
              
      Replication SQL thread does not set database default charset to 
      thd->variables.collation_database properly, when executing LOAD DATA binlog.
      This bug can be repeated by using "LOAD DATA" command in STATEMENT mode.
              
      This patch adds code to find the default character set of the current database 
      then assign it to thd->db_charset when slave server begins to execute a relay log.
      The test of this bug is added into rpl_loaddata_charset.test 
      0d821faf
  13. 11 Aug, 2009 4 commits
  14. 10 Aug, 2009 2 commits
  15. 08 Aug, 2009 1 commit
    • Davi Arnaut's avatar
      Bug#45010: invalid memory reads during parsing some strange statements · c7163c63
      Davi Arnaut authored
      The problem is that the lexer could inadvertently skip over the
      end of a query being parsed if it encountered a malformed multibyte
      character. A specially crated query string could cause the lexer
      to jump up to six bytes past the end of the query buffer. Another
      problem was that the laxer could use unfiltered user input as
      a signed array index for the parser maps (having upper and lower
      bounds 0 and 256 respectively).
      
      The solution is to ensure that the lexer only skips over well-formed
      multibyte characters and that the index value of the parser maps
      is always a unsigned value.
      
      mysql-test/r/ctype_recoding.result:
        Update test case result: ending backtick is not skipped over anymore.
      sql/sql_lex.cc:
        Characters being analyzed must be unsigned as they can be
        used as indexes for the parser maps. Only skip over if the
        string is a valid multi-byte sequence.
      tests/mysql_client_test.c:
        Add test case for Bug#45010
      c7163c63
  16. 06 Aug, 2009 1 commit
  17. 04 Aug, 2009 2 commits
  18. 03 Aug, 2009 2 commits
  19. 02 Aug, 2009 1 commit
    • Alfranio Correia's avatar
      BUG#43264 Test rpl_trigger is failing randomly w/ use of copy_file in 5.0 · 968ec5ea
      Alfranio Correia authored
      The test case fails sporadically on Windows while trying to overwrite an unused
      binary log. The problem stems from the fact that MySQL on Windows does not
      immediately unlock/release a file while the process that opened and closed it is
      still running. In BUG 38603, this issue was circumvented by stopping the MySQL
      process, copying the file and then restarting the MySQL process. 
      
      Unfortunately, such facilities are not available in the 5.0.  Other approaches
      such as stopping the slave and issuing change master do not work because the relay
      log file and index are not closed when a slave is stopped. So to fix the problem,
      we simply don't run on windows the part of the test that was failing.
      968ec5ea
  20. 31 Jul, 2009 1 commit
  21. 30 Jul, 2009 4 commits
    • Matthias Leich's avatar
      7fc27f3d
    • Joerg Bruehe's avatar
      Merge the fix for bug#42213 into 5.0-build. · f0d31dbe
      Joerg Bruehe authored
      f0d31dbe
    • Matthias Leich's avatar
      Merge of fix for bug 44493 into GCA tree · 79751dff
      Matthias Leich authored
      79751dff
    • Joerg Bruehe's avatar
      Our autoconf function "MYSQL_STACK_DIRECTION" will not work · 9ff93233
      Joerg Bruehe authored
      correctly if the compiler optimizes too clever.
      
      This has happaned on HP-UX 11.23 (IA64) at optimization
      level "+O2", causing bug#42213:
         Check for "stack overrun" doesn't work, server crashes
      
      Fix it by adding a pragma that prevents this optimization.
      As a result, it should be safe to use "+O2" on this platform
      (unless there is some other, optimizer-related, bug which
      is just currently masked because we use resudec optimization).
      
      
      config/ac-macros/misc.m4:
        Our autoconf function "MYSQL_STACK_DIRECTION" is meant to
        determine whether the stack grows towards higher or towards
        lower addresses.
        It does this by comparing the addresses of a variable
        (which is local to a recursive function) on different
        nesting levels.
        
        This approach requires that the function is really
        implemented as a recursive function, with each nested call
        allocating a new stack frame containing the local variable.
        If, however, the compiler is optimizing so clever that the
        recursive function is implemented by a loop, then this
        test will not produce correct results.
        
        This has happened on HP-UX 11.23 (IA64) when HP's compiler
        was called with optimization "+O2" (not with "+O1"),
        reported as bug#42213.
        
        Rather than starting a race with the compiler and making
        the function so complicated that this optimization does
        not happen, the idea is to prevent the optimization
        by adding a pragma. For HP, this is "#pragma noinline".
        
        If we encounter other compilers which also optimize
        too clever, we may add their pragmas here.
        
        It is a debatable issue whether such pragmas should be
        guarded by conditional compiling or not, the reviewers
        voted to do it.
        It seems HP has different compilers, "ANSI C" and "aCC",
        on the affected platform "__HP_cc" ("ANSI C") is predefined.
        To be on the safe side, the pragma will also take effect
        if HP's "aCC" compiler is used, or any other compiler on HP-UX.
      9ff93233
  22. 28 Jul, 2009 2 commits
    • Alexey Kopytov's avatar
      Automerge. · bac18522
      Alexey Kopytov authored
      bac18522
    • Alexey Kopytov's avatar
      Bug #45031: invalid memory reads in my_real_read using protocol · baefaa1e
      Alexey Kopytov authored
                  compression 
       
      Since uint3korr() may read 4 bytes depending on build flags and 
      platform, allocate 1 extra "safety" byte in the network buffer 
      for cases when uint3korr() in my_real_read() is called to read
      last 3 bytes in the buffer. 
       
      It is practically hard to construct a reliable and reasonably 
      small test case for this bug as that would require constructing 
      input stream such that a certain sequence of bytes in a 
      compressed packet happens to be the last 3 bytes of the network 
      buffer. 
      
      
      sql/net_serv.cc:
        Allocate 1 extra "safety" byte in the network buffer for cases 
        when uint3korr() is used to read last 3 bytes in the buffer.
      baefaa1e
  23. 27 Jul, 2009 2 commits
    • Davi Arnaut's avatar
      Bug#46385: [Warning] option 'max_join_size': unsigned value 18446744073709551615 adjusted t · e2656098
      Davi Arnaut authored
      The maximum value of the max_join_size variable is set by converting
      a signed type (long int) with negative value (-1) to a wider unsigned
      type (unsigned long long), which yields the largest possible value of
      the wider unsigned type -- as per the language conversion rules. But,
      depending on build options, the type of the max_join_size might be a
      shorter type (ha_rows - unsigned long) which causes the warning to be
      thrown once the large value is truncated to fit.
      
      The solution is to ensure that the maximum value of the variable is
      always set to the maximum value of integer type of max_join_size.
      
      Furthermore, it would be interesting to always have a fixed type for
      this variable, but this would incur in a change of behavior which is
      not acceptable for a GA version. See Bug#35346.
      
      sql/mysqld.cc:
        Set max value for type.
      e2656098
    • Davi Arnaut's avatar
      Bug#20023: mysql_change_user() resets the value of SQL_BIG_SELECTS · d5e84db3
      Davi Arnaut authored
      Post-merge fix: test case could fail due to a conversion of the
      max_join_size value to a integer. Fixed by preserving the value
      as a string for comparison purposes.
      
      tests/mysql_client_test.c:
        Preserve max_join_size value as a string instead of converting
        it to a integer -- value can be larger then the type used.
      d5e84db3