1. 18 Dec, 2013 2 commits
    • Tor Didriksen's avatar
      Bug#16316074 RFE: MAKE TMPDIR A BUILD-TIME CONFIGURABLE OPTION · ba22c3f2
      Tor Didriksen authored
      Bug#68338    RFE: make tmpdir a build-time configurable option
      
      Background: Some distributions use tmpfs for mounting /tmp by
      default, which has some advantages, but brings also new
      issues. Fedora started using tmpfs on /tmp in version 18 for
      example. If not configured otherwise in my.cnf, MySQL uses
      system's constant P_tmpdir expanded to /tmp on Linux. This can
      introduce some problems with limited space in /tmp and also some
      data loss in case of replication slave [1].
      
      In case distributions would like to use /var/tmp, which should be
      better for MySQL purposes, then we have to patch the source or
      change tmpdir option in my.cnf, which is however not updated in
      case it has already existed.
      
      Thus, it would be useful to be able to specify default tmpdir
      path using a configure option, while using P_tmpdir in case it is
      not defined explicitly.
      
      Based on a contribution from Honza Horak
      ba22c3f2
    • Venkatesh Duggirala's avatar
      Bug17632978 SLAVE CRASHES IF ROW EVENT IS CORRUPTED · 11c0805e
      Venkatesh Duggirala authored
      (MYSQLBINLOG -V CRASHES WITH THAT BINLOG)
      
      Post Push: Fixing Werror compiler issue 
      11c0805e
  2. 17 Dec, 2013 1 commit
    • Venkatesh Duggirala's avatar
      Bug#17632978 SLAVE CRASHES IF ROW EVENT IS CORRUPTED · 5fa9664b
      Venkatesh Duggirala authored
      (MYSQLBINLOG -V CRASHES WITH THAT BINLOG)
      
      Problem: If slave receives a corrupted row event,
      slave server is crashing.
      
      Analysis: When slave is unpacking the row event, it is
      not validating the data before applying the event. If the
      data is corrupted for eg: the length of a field is wrong,
      it could end up reading wrong data leading to a crash.
      A similar problem happens when mysqlbinlog tool is used
      against a corrupted binlog using '-v' option. Due to -v
      option, the tool tries to print the values of all the
      fields. Corrupted field length could lead to a crash.
      
      Fix: Before unpacking the field, a verification
      will be made on the length. If it falls into the event
      range, only then it will be unpacked. Otherwise,
      "ER_SLAVE_CORRUPT_EVENT" error will be thrown.
      Incase mysqlbinlog -v case, the field value will not be
      printed and the processing of the file will be stopped.
      
      sql/field.h:
        Removed a function which is not required anymore
      sql/log_event.cc:
        Adding a validation on the field length before
        the tool tries to print the value.
      sql/log_event.h:
        Changing unpack_row call according to the new arguments
      sql/log_event_old.h:
        Changing unpack_row call according to the new arguments
      sql/rpl_record.cc:
        Adding a new argument 'row_end' which tells
        the end position of the complete data in the
        row event. It will be used to do validation
        before doing 'unpack' field.
      sql/rpl_record.h:
        Adding a new argument 'row_end' which tells
        the end position of the complete data in the
        row event. It will be used to do validation
        before doing 'unpack' field.
      sql/rpl_utility.cc:
        Now calc_field_size() is required for client too.
      5fa9664b
  3. 14 Dec, 2013 1 commit
  4. 13 Dec, 2013 1 commit
  5. 12 Dec, 2013 1 commit
  6. 11 Dec, 2013 1 commit
    • Marc Alff's avatar
      Bug#17928281 'CHECK_PERFORMANCE_SCHEMA()' LEAVES 'CURRENT_THD' REFERRING · 82eed657
      Marc Alff authored
      DESTRUCTED THD OBJ 
      
      Prior to fix, function check_performance_schema() could leave
      behind stale pointers in thread local storage, for the following keys:
      - THR_THD (used by _current_thd)
      - THR_MALLOC (used for memory allocation)
      This is an unsafe practice, which can potentially cause crashes,
      and that can cause other bugs when code is modified during maintenance.
      
      With this fix, thread local storage keys used temporarily within
      function check_performance_schema() are cleaned up after use.
      82eed657
  7. 04 Dec, 2013 2 commits
    • Guilhem Bichot's avatar
      Bug#16539979 - BASIC SELECT COUNT(DISTINCT ID) IS BROKEN · c90cdf5d
      Guilhem Bichot authored
      Bug#17867117 - ERROR RESULT WHEN "COUNT + DISTINCT + CASE WHEN" NEED MERGE_WALK 
      
      Problem:
      COUNT DISTINCT gives incorrect result when it uses a Unique
      Tree and its last inserted record has null value.
      
      Here is how COUNT DISTINCT is processed, given that this query is not
      using loose index scan.
      
      When a row is produced as a result of joining tables (there is only
      one table here), we store the SELECTed value in a Unique tree. This
      allows elimination of any duplicates, and thus implements DISTINCT.
      
      When we have processed all rows like this, we walk the Unique tree,
      counting its elements, in Aggregator_distinct::endup() (tree->walk());
      for each element we call Item_sum_count::add(). Such function wants to
      ignore any NULL value, for that it checks item_sum -> args[0] ->
      null_value. It is a mistake: when walking the Unique tree, the value
      to be aggregated is not item_sum ->args[0] but rather table ->
      field[0].
      
      Solution:
      instead of item_sum -> args[0] -> null_value, use arg_is_null(), which
      knows where to look (like in fix for bug 57932).
      
      As a consequence of this solution, we have to make arg_is_null() a
      little more general:
      1) Because it was so far only used for AVG() (which always has a
      single argument), this function was looking at a single argument; now
      that it has to work with COUNT(DISTINCT expression1,expression2), it
      must look at all arguments.
      2) Because we start using arg_is_null () for COUNT(DISTINCT), i.e. in
      Item_sum_count::add (), it implies that we are also using it for
      COUNT(no DISTINCT) (same add ()). For COUNT(no DISTINCT), the
      nullness to check is that of item_sum -> args[0]. But the null_value
      of such item is reliable only if val_*() has been called on it. So far
      arg_is_null() was always used after a call to arg_val*(), so could
      rely on null_value; but for COUNT, there is no call to arg_val*(), so
      arg_is_null() has to call is_null() instead.
      
      Testcase for 16539979 by Neeraj. Testcase for 17867117 contributed by
      Xiaobin Lin from Taobao.
      c90cdf5d
    • Hery Ramilison's avatar
      Upmerge of the mysql-5.1.73 build · 494d0247
      Hery Ramilison authored
      494d0247
  8. 03 Dec, 2013 1 commit
  9. 29 Nov, 2013 2 commits
  10. 27 Nov, 2013 1 commit
  11. 25 Nov, 2013 5 commits
    • Balasubramanian Kandasamy's avatar
      4fe19a25
    • Balasubramanian Kandasamy's avatar
      fac6e3ea
    • Anirudh Mangipudi's avatar
      Bug#12428404 MYSQLD.EXE CRASHES WHEN EXTRACTVALUE() IS CALLED WITH · df202830
      Anirudh Mangipudi authored
      MALFORMED XPATH EXP
      Problem:
      A malformed XPATH expression in the ExtractValue query is causing
      a server crash. This malformed XPATH expression is resulted when 
      the position attribute in the substring function contains ".." in
      the beginning.
      Solution:
      The original crash is happening because the "../" is being evaluated
      prematurely. It tries to access XML while it hasn't been parsed yet.
      The premature evaluation is happening because the val_nodeset function
      is being set to constant, in which case we proceed to evaluate them in
      JOIN:prepare stage only. The solution to this is setting the val_nodeset
      functions as non-constant. This forces us to evaluate the function in
      the JOIN:exec stage and thus avoid any premature evaluation of the 
      XML strings.
      df202830
    • Anirudh Mangipudi's avatar
      Bug#12428404 MYSQLD.EXE CRASHES WHEN EXTRACTVALUE() IS CALLED · f80d5653
      Anirudh Mangipudi authored
      WITH MALFORMED XPATH EXP
      Problem:
      A malformed XPATH expression in the ExtractValue query is 
      causing a server crash. This malformed XPATH expression is
      resulted when the position attribute in the substring function
      contains ".." in the beginning.
      Solution:
      The original crash is happening because the "../" is being 
      evaluated prematurely. It tries to access XML while it 
      hasn't been parsed yet. The premature evaluation is happening
      because the val_nodeset function is being set to constant, 
      in which case we proceed to evaluate them in JOIN:prepare
      stage only. The solution to this is setting the val_nodeset
      functions as non-constant. This forces us to evaluate the function
       in the JOIN:exec stage and thus avoid any premature evaluation of
      the XML strings.
      f80d5653
    • Arun Kuruvila's avatar
      Bug #17168602 MYSQL_PLUGIN REMOVES NON-DIRECTORY TYPE FILES · 946c2468
      Arun Kuruvila authored
                    SPECIFIED WITH THE BASEDIR OPTION 
      
      Description: The mysql_plugin client attempts to remove any
      filename specified to the --basedir option. The problem is
      that if the filename does not end with a slash, it will 
      attempt to unlink it, which succeeds for files, but not for
      directories.
      
      Analysis: When we are starting mysql_plugin with basedir 
      option and if we are giving path of a file as basedir, it 
      deletes that file. It was because it uses a function 
      my_delete which unlinks the file path given.
      
      Fix:  As a fix we replace that line using another function 
      my_free, which will only free the  pointer which is having 
      that file path.
      946c2468
  12. 20 Nov, 2013 1 commit
    • Mattias Jonsson's avatar
      backport of Bug#17401628 · dc7db799
      Mattias Jonsson authored
      revid:mattias.jonsson@oracle.com-20131119103616-u6t82s8cpgp0q3ex
      
      Use of uninitialized memory in the priority queue used for returning records
      in sorted order.
      
      It happens if no previous partition have returned a row since the
      beginning of index_init + an index_read* call returned
      HA_ERR_KEY_NOT_FOUND for all partitions (otherwise the record
      buffer/priority queue would be initialized) + an index_next/prev
      call where all partitions returns HA_ERR_END_OF_FILE.
      dc7db799
  13. 18 Nov, 2013 1 commit
    • mithun's avatar
      Bug #17708621 : EXCEEDING SORT_BUFFER_SIZE (FILE SORT) · 020edb1c
      mithun authored
                      WITH SORT ABORTED LEAKS FILE DESCRIPTORS
      
      ISSUE : IO_CACHE used for index_merge quick select
      is freed only on successful retrieval of all rows
      from index merge.
      Suppose if there is a interrupt( or failure) to
      this operation of row retrieval (let it be a
      KILL_QUERY signal) then we are not freeing the IO_CACHE
      resources allocated by index_merge quick select.
      And hence temp file associated with it is also not closed.
      This lead to a file descriptor leak.
      
      SOLUTION : As part of file sort operation now we always 
      free the IO_CACHE allocated by index_merge quick select.
      
      sql/filesort.cc:
        In filesort function we try to free if any
        IO_CACHE allocated by index_merge quick select
        and if it is not yet freed.
      020edb1c
  14. 14 Nov, 2013 2 commits
    • unknown's avatar
      No commit message · 19f00f6d
      unknown authored
      No commit message
      19f00f6d
    • Atanu Ghosh's avatar
      Bug #17049656 : MYSQLD --LOCAL-SERVICE PARAMETER DOES NOT WORK · e9854f58
      Atanu Ghosh authored
      Problem: The "--local-install" service does not perform as expected for, at least,
               Windows.
      
      Fix: A NULL pointer was dereferenced due to which there was crash.A check was introduced
           for NULL string before dereferencing it.No test cases written as it is a bug during 
           installation.
      e9854f58
  15. 12 Nov, 2013 2 commits
    • Venkatesh Duggirala's avatar
      Bug#17641586 INCORRECTLY PRINTED BINLOG DUMP INFORMATION · e0efc2c3
      Venkatesh Duggirala authored
      Problem:
      When log_warnings is greater than 1, master prints binlog
      dump thread information in mysqld.1.err file.
      The information contains slave server id, binlog file and
      binlog position. The slave server id is uint32 and the print
      format was wrongly specifified (%d instead of %u).
      Hence a server id which is more than 2 billion is getting
      printed with a negative value.
      Eg: Start binlog_dump to slave_server(-1340259414),
      pos(mysql-bin.001663, 325187493)
      
      Fix: Changed the uint32 format to %u.
      e0efc2c3
    • mithun's avatar
      Bug #14057034 : WASTED CPU CYCLES IN MY_UTF8_UNI WHERE · 7c9112b9
      mithun authored
                      RESULTING MY_WC_T RESULT IS NOT USED
      Issue         : handler functions my_ismbchar_utf8,
                    my_well_formed_len_mb for charset utf8
                    is calling unicode converion function
                    to validate and to find the character
                    length. Because of this, instructions
                    which will convert the utf8 to unicode
                    are executed for no use.
                    A similar issue exist with charset utf8mb4
      Solution      : reorganized the code such that character
                    validation part of unicode conversion
                    handler is extracted(duplicated) in to
                    separate function. Hence
                    my_ismbchar_utf8, my_well_formed_len_mb
                    will call the new function which only
                    validates and return the length of mb(utf8).
                    A similar fix for charset utf8mb4.
      
      strings/ctype-utf8.c:
        New functions has been added for charset utf8 and utf8mb4
        to validate and to get the length of the character.
      7c9112b9
  16. 07 Nov, 2013 4 commits
    • Christopher Powers's avatar
      Bug#17702677 WRONG INSTRUMENTATION INTERFACE FOR MYSQL_COND_TIMEDWAIT · 4189e05c
      Christopher Powers authored
      Fix Windows build break
      4189e05c
    • Marc Alff's avatar
      Push to mysql-5.5 · 51efb2e0
      Marc Alff authored
      51efb2e0
    • Sujatha Sivakumar's avatar
      Bug#16736412: THE SERVER WAS CRASHED WHILE EXECUTING · 81fd7f8a
      Sujatha Sivakumar authored
      "SHOW BINLOG EVENTS"
      
      Fixing post push test issue. 
      Changing the debug simulation.
      81fd7f8a
    • Neeraj Bisht's avatar
      Bug#16691598 - ORDER BY LOWER(COLUMN) PRODUCES OUT-OF-ORDER RESULTS · 88680a99
      Neeraj Bisht authored
      Problem:-
      We have created a table with UTF8_BIN collation.
      In case, when in our query we have ORDER BY clause over a function 
      call we are getting result in incorrect order.
      Note:the bug is not there in 5.5.
      
      Analysis:
      In 5.5, for UTF16_BIN, we have min and max multi-byte length is 2 and 4 
      respectively.In make_sortkey(),for 2 byte character character we are 
      assuming that the resultant length will be 2 byte/character. But when we 
      use my_strnxfrm_unicode_full_bin(), we store sorting weights using 3 bytes 
      per character.This result in truncated result.
      
      Same thing happen for UTF8MB4, where we have 1 byte min multi-byte and 
      4 byte max multi-byte.We will accsume resultant data as 1 byte/character, 
      which result in truncated result.
      
      Solution:-
      use strnxfrm(means use of MY_CS_STRNXFRM macro) is used for sort, in 
      which the resultant length is not dependent on source length.
      88680a99
  17. 06 Nov, 2013 3 commits
    • unknown's avatar
      No commit message · e6949c24
      unknown authored
      No commit message
      e6949c24
    • Sujatha Sivakumar's avatar
      Bug#16736412: THE SERVER WAS CRASHED WHILE EXECUTING · 2a2641ad
      Sujatha Sivakumar authored
      "SHOW BINLOG EVENTS"
      
      Problem:
      ========
      mysql was crashed after executing "show binlog events in
      'mysql-bin.000005' from 99", the crash happened randomly.
      
      Analysis:
      ========
      During construction of LOAD EVENT or NEW LOAD EVENT object
      if the starting offset is provided as incorrect value then
      all the object members that are retrieved from the offset
      are also invalid.  Some times it will lead to out of bound
      address offsets.  In the bug scenario, the file name is
      extracrated from an invalid address and the same is fed to
      strlen(fname) function. Passing invalid address to strlen
      will lead to crash.
      
      Fix:
      ===
      Validate if the given offset falls within the event boundary
      or not.
      
      sql/log_event.cc:
        Added code to validate fname's address. "fname" should
        be within event boundary. Added code to find invalid
        invents.
      2a2641ad
    • Marc Alff's avatar
      Bug#17702677 WRONG INSTRUMENTATION INTERFACE FOR MYSQL_COND_TIMEDWAIT · 63819ccb
      Marc Alff authored
      The pthread_cond_timedwait(3P) api
      uses a const struct timespec for parameter 3.
      
      The instrumentation api for the same, mysql_cond_timedwait,
      which expands to inline_mysql_cond_timedwait,
      should also take a const parameter for the timespec.
      
      This fix add the missing const to inline_mysql_cond_timedwait.
      63819ccb
  18. 05 Nov, 2013 3 commits
  19. 04 Nov, 2013 4 commits
  20. 01 Nov, 2013 2 commits