1. 10 Jun, 2024 3 commits
    • Marko Mäkelä's avatar
      MDEV-33161 Function pointer signature mismatch in LF_HASH · a2bd936c
      Marko Mäkelä authored
      In cmake -DWITH_UBSAN=ON builds with clang but not with GCC,
      -fsanitize=undefined will flag several runtime errors on
      function pointer mismatch related to the lock-free hash table LF_HASH.
      
      Let us use matching function signatures and remove function pointer
      casts in order to avoid potential bugs due to undefined behaviour.
      
      These errors could be caught at compilation time by
      -Wcast-function-type-strict, which is available starting with clang-16,
      but not available in any version of GCC as of now. The old GCC flag
      -Wcast-function-type is enabled as part of -Wextra, but it specifically
      does not catch these errors.
      
      Reviewed by: Vladislav Vaintroub
      a2bd936c
    • Alexander Barkov's avatar
      MDEV-34227 On startup: UBSAN: runtime error: applying non-zero offset in... · 246c0b3a
      Alexander Barkov authored
      MDEV-34227 On startup: UBSAN: runtime error: applying non-zero offset in JOIN::make_aggr_tables_info in sql/sql_select.cc
      
      Avoid undefined behaviour (applying offset to nullptr).
      The reported scenario is covered in mysql-test/connect-no-db.test
      No new tests needed.
      246c0b3a
    • Alexander Barkov's avatar
      MDEV-32376 SHOW CREATE DATABASE statement crashes the server when db name... · 21f56583
      Alexander Barkov authored
      MDEV-32376 SHOW CREATE DATABASE statement crashes the server when db name contains some unicode characters, ASAN stack-buffer-overflow
      
      Adding the test for the length of lex->name into show_create_db().
      
      Without this test writes beyond the end of db_name_buff were possible
      upon a too long database name.
      21f56583
  2. 09 Jun, 2024 1 commit
    • Brandon Nesterenko's avatar
      MDEV-34237: On Startup: UBSAN: runtime error: call to function... · bf0aa99a
      Brandon Nesterenko authored
      MDEV-34237: On Startup: UBSAN: runtime error: call to function MDL_lock::lf_hash_initializer lf_hash_insert through pointer to incorrect function type 'void (*)(st_lf_hash *, void *, const void *)'
      
      A few different incorrect function type UBSAN issues have been
      grouped into this patch.
      
      The only real potentially undefined behavior is an error about
      show_func_mutex_instances_lost, which when invoked in
      sql_show.cc::show_status_array(), puts 5 arguments onto the stack;
      however, the implementing function only actually has 3 parameters (so
      only 3 would be popped). This was fixed by adding in the remaining
      parameters to satisfy the type mysql_show_var_func.
      
      The rest of the findings are pointer type mismatches that wouldn't
      lead to actual undefined behavior. The lf_hash_initializer function
      type definition is
      
      typedef void (*lf_hash_initializer)(LF_HASH *hash, void *dst, const void *src);
      
      but the MDL_lock and table cache's implementations of this function
      do not have that signature. The MDL_lock has specific MDL object
      parameters:
      
      static void lf_hash_initializer(LF_HASH *hash __attribute__((unused)),
                                      MDL_lock *lock, MDL_key *key_arg)
      
      and the table cache has specific TDC parameters:
      
      static void tdc_hash_initializer(LF_HASH *,
                                       TDC_element *element, LEX_STRING *key)
      
      leading to UBSAN runtime errors when invoking these functions.
      
      This patch fixes these type mis-matches by changing the
      implementing functions to use void * and const void * for their
      respective parameters, and later casting them to their expected
      type in the function body.
      
      Note too the functions tdc_hash_key and tc_purge_callback had
      a similar problem to tdc_hash_initializer and was fixed
      similarly.
      
      Reviewed By:
      ============
      Sergei Golubchik <serg@mariadb.com>
      bf0aa99a
  3. 07 Jun, 2024 7 commits
  4. 06 Jun, 2024 7 commits
  5. 05 Jun, 2024 11 commits
    • Vladislav Vaintroub's avatar
    • Nikita Malyavin's avatar
      7d86751d
    • Vladislav Vaintroub's avatar
      fix typo · db9c2d22
      Vladislav Vaintroub authored
      db9c2d22
    • Vladislav Vaintroub's avatar
    • Vladislav Vaintroub's avatar
      Appveyor build - skip irrelevant commits · b242b44f
      Vladislav Vaintroub authored
      Since we're only building on Windows, skip changes to debian directory
      and to shell scripts.
      b242b44f
    • Vladislav Vaintroub's avatar
      MDEV-34236 Mroonga build with ASAN/UBSAN with GCC 12+ extremely slow. · 40abd973
      Vladislav Vaintroub authored
      Workaround by disabling sanitizer for single source file.
      40abd973
    • Monty's avatar
      MDEV-22935 Erroneous Aria Index / Optimizer behaviour · 38cbef8b
      Monty authored
      The problem was in the Aria part of the range optimizer,
      maria_records_in_range(), which wrong concluded that there was no rows
      in the range.
      
      This error would happen in the unlikely case when searching for a range
      on a partial key and there was a match for the first key part in the
      upper part of the b-tree (node) and also a match in the underlying
      node page.
      
      In other words, for this bug to happen one have to use Aria, have a multi
      part key with a lot of identical values for the first key part and do a
      range search on the second part of the key.
      
      Fixed by ensuring that we do not stop searching for partial keys found
      on node.
      
      Other things:
      - Added some comments
      - Changed a variable name to more clearly explain it's purpose.
      - Fixed wrong cast in _ma_record_pos() that could cause problems on 32 bit
        systems.
      38cbef8b
    • Marko Mäkelä's avatar
      MDEV-34297 get_rnd_value() of ib_counter_t is unnecessarily complex · c6d36c3e
      Marko Mäkelä authored
      The shared counter template ib_counter_t uses the function
      my_timer_cycles() as a source of pseudo-random numbers to pick a shard.
      On some platforms, my_timer_cycles() could return the constant value 0.
      
      get_rnd_value(): Remove.
      
      my_pseudo_random(): Implement as an alias of my_timer_cycles() or
      a wrapper for pthread_self().
      
      Reviewed by: Vladislav Vaintroub
      c6d36c3e
    • ilyasa1211's avatar
    • Igor Babaev's avatar
      MDEV-29307 Wrong result when joining two derived tables over the same view · 4d38267f
      Igor Babaev authored
      This bug could affect queries containing a join of derived tables over
      grouping views such that one of the derived tables contains a window
      function while another uses view V with dependent subquery DSQ containing
      a set function aggregated outside of the subquery in the view V. The
      subquery also refers to the fields from the group clause of the view.Due to
      this bug execution of such queries could produce wrong result sets.
      
      When the fix_fields() method performs context analysis of a set function AF
      first, at the very beginning the function Item_sum::init_sum_func_check()
      is called. The function copies the pointer to the embedding set function,
      if any, stored in THD::LEX::in_sum_func into the corresponding field of the
      set function AF simultaneously changing the value of THD::LEX::in_sum_func
      to point to AF. When at the very end of the fix_fields() method the function
      Item_sum::check_sum_func() is called it is supposed to restore the value
      of THD::LEX::in_sum_func to point to the embedding set function. And in
      fact Item_sum::check_sum_func() did it, but only for regular set functions,
      not for those used in window functions. As a result after the context
      analysis of AF had finished THD::LEX::in_sum_func still pointed to AF.
      It confused the further context analysis. In particular it led to wrong
      resolution of Item_outer_ref objects in the fix_inner_refs() function.
      This wrong resolution forced reading the values of grouping fields referred
      in DSQ not from the temporary table used for aggregation from which they
      were supposed to be read, but from the table used as the source table for
      aggregation.
      
      This patch guarantees that the value of THD::LEX::in_sum_func is properly
      restored after the call of fix_fields() for any set function.
      4d38267f
    • Yuchen Pei's avatar
      MDEV-27186 spider/partition: Report error on info() failure · 042a0d85
      Yuchen Pei authored
      Like MDEV-28105, spider may attempt to connect to remote server in
      info(), and it may emit an error upon failure to connect. In this
      case, the downstream caller ha_partition::open() should return the
      error to avoid inconsistency.
      
      This fixes MDEV-27186, MDEV-27237, MDEV-27334, MDEV-28241, MDEV-34101.
      042a0d85
  6. 04 Jun, 2024 3 commits
  7. 03 Jun, 2024 4 commits
    • Julius Goryavsky's avatar
      c21aa486
    • Denis Protivensky's avatar
      MDEV-32633: Fix Galera cluster <-> native replication interaction · a4838721
      Denis Protivensky authored
      GTID events are applied without a running server transaction,
      we need to set next transaction ID for Wsrep transaction.
      
      The whole Galera cluster now has a single GTID value (including
      the server ID throughout the cluster), fix the config accordingly.
      
      Add force restart so that repeated MTR test execution prints
      consistent GTID values, otherwise they would have been recovered
      from the previous run.
      Signed-off-by: default avatarJulius Goryavsky <julius.goryavsky@mariadb.com>
      a4838721
    • Denis Protivensky's avatar
      MDEV-32633: Fix Galera cluster <-> native replication interaction · 0cc9b497
      Denis Protivensky authored
      It's possible to establish Galera multi-cluster setups connected
      through the native replication when every Galera cluster is configured
      to have a separate domain ID.
      For this setup to work, we need to replace domain ID values in generated
      GTID events when they are written at transaction commit to the values
      configured by Wsrep replication.
      
      At the same time, it's possible that the GTID event already contains
      a correct domain ID if it comes through the native replication from
      another Galera cluster.
      In this case, when such an event is applied either through a native
      replication slave thread or through Wsrep applier, we write GTID event
      on transaction start and avoid writing it during transaction commit.
      
      The code contained multiple problems that were fixed:
      - applying GTID events didn't work because it's applied without a
      running server transaction and Wsrep transaction was not started
      - GTID event generation on transaction start didn't contain proper
      "standalone" and "is_transactional" flags that the original applied
      GTID event contained
      - condition determining that GTID event is written on transaction start
      to avoid writing it on commit relied on the fact that the GTID event
      is the first found in transaction/statement caches, which wasn't the
      case and resulted in duplicate GTID events written
      - instead of relying on the caches to find a GTID event, a simple check
      is introduced that follows the exact rules for checking if event is
      written at transaction start as described above
      - the test case is improved to check that exact GTID events are
      applied after two Galera clusters have synced.
      Signed-off-by: default avatarJulius Goryavsky <julius.goryavsky@mariadb.com>
      0cc9b497
    • Denis Protivensky's avatar
      MDEV-33952: Fix flaky galera_create_table_as_select test with debug sync · a6b7203d
      Denis Protivensky authored
      The test that triggers multi-master conflict between two CTAS commands
      uses LOCK/UNLOCK TABLES to block local CTAS from progress. It could
      result in a race when UNLOCK TABLES command is issued a bit earlier
      then needed, causing local CTAS to run further and change wsrep
      transaction state, so that a different code path is taken later and
      the original error gets overridden, causing the test to fail.
      The solution is to replace LOCK/UNLOCK TABLES with debug sync points.
      Signed-off-by: default avatarJulius Goryavsky <julius.goryavsky@mariadb.com>
      a6b7203d
  8. 30 May, 2024 4 commits
    • Yuchen Pei's avatar
      MDEV-29027 ASAN errors in spider_db_free_result after partition DDL · 25476ba1
      Yuchen Pei authored
      Spider calls ha_spider::close() at least twice on ALTER TABLE ... ADD
      PARTITION. The first call frees wide_handler and the second call
      accesses wide_handler->trx->thd (heap-use-after-free).
      
      In general, there seems to be no problem with using THD obtained by
      the macro current_thd() except in background threads. Thus, we simply
      replace wide_handler->trx->thd with current_thd().
      
      Original author: Nayuta Yanagasawa
      25476ba1
    • Nayuta Yanagisawa's avatar
      MDEV-28522 Delete constant SPIDER_SQL_TYPE_*_HS · 6d0c9872
      Nayuta Yanagisawa authored
      The HandlerSocket support of Spider has been deleted by MDEV-26858.
      Thus, the constants, SPIDER_SQL_TYPE_*_HS, are no longer necessary.
      6d0c9872
    • Yuchen Pei's avatar
      MDEV-26858 Spider: Remove dead code related to HandlerSocket · 6c302207
      Yuchen Pei authored
      Remove the dead-code, in Spider, which is related to the Spider's
      HandlerSocket support. The code has been disabled for a long time
      and it is unlikely that the code will be enabled.
      
      - rm all files under storage/spider/hs_client/ except hs_compat.h
      - rm storage/spider/spd_db_handlersocket.*
      - unifdef -UHS_HAS_SQLCOM -UHAVE_HANDLERSOCKET \
        -m storage/spider/spd_* storage/spider/ha_spider.* storage/spider/hs_client/*
      - remove relevant files from storage/spider/CMakeLists.txt
      6c302207
    • Marko Mäkelä's avatar
      MDEV-31340 fixup: Add end-of-test marker · 0c440abd
      Marko Mäkelä authored
      0c440abd