1. 30 Mar, 2015 2 commits
  2. 26 Mar, 2015 2 commits
    • Sreeharsha Ramanavarapu's avatar
      2b345e7a
    • Sreeharsha Ramanavarapu's avatar
      Bug #20730155: BACKPORT BUG#19699237 TO 5.1 · c788e693
      Sreeharsha Ramanavarapu authored
      Backport from mysql-5.5 to mysql-5.1
      
      Bug# 19699237: UNINITIALIZED VARIABLE IN
                     ITEM_FIELD::STR_RESULT LEADS TO INCORRECT
                     BEHAVIOR
      
      ISSUE:
      ------
      When the following conditions are satisfied in a query, a
      server crash occurs:
      a) Two rows are compared using a NULL-safe equal-to operator.
      b) Each of these rows belong to different charsets.
      
      SOLUTION:
      ---------
      When one charset is converted to another for comparision,
      the constructor of "Item_func_conv_charset" is called.
      This will attempt to use the Item_cache if the string is a
      constant. This check succeeds because the "used_table_map"
      of the Item_cache class is never set to the correct value.
      Since it is mistakenly assumed to be a constant, it tries
      to fetch the relevant null value related fields which are
      yet to be initialized. This results in valgrind issues
      and wrong results.
      
      The fix is to update the "used_table_map" of "Item_cache".
      This will allow "Item_func_conv_charset" to realise that
      this is not a constant.
      c788e693
  3. 25 Mar, 2015 2 commits
  4. 24 Mar, 2015 2 commits
  5. 23 Mar, 2015 5 commits
    • Chaithra Gopalareddy's avatar
      26e845c1
    • Chaithra Gopalareddy's avatar
      Bug #20730220 : BACKPORT BUG#19880368 TO 5.1 · 044060fe
      Chaithra Gopalareddy authored
      Backport from mysql-5.5 to mysql-5.1
      
      Bug#19880368 : GROUP_CONCAT CRASHES AFTER DUMP_LEAF_KEY
      
      Problem:
      find_order_by_list does not update the address of order_item
      correctly after resolving.
      
      Solution:
      Change the ref_by address for a order_by field if its
      SUM_FUNC_ITEM to the address of the field present in
      all_fields.
      044060fe
    • Chaithra Gopalareddy's avatar
      7a361a27
    • Chaithra Gopalareddy's avatar
      Bug #20730129: BACKPORT BUG#19612819 TO 5.1 · a2cd622f
      Chaithra Gopalareddy authored
      Backport from mysql-5.5 to mysql-5.1
      
      Bug #19612819 :  FILESORT: ASSERTION FAILED: POS->FIELD != 0 || POS->ITEM != 0
      
      Problem:
      While getting the temp table field for a REF_ITEM
      make_sortorder is using the real_item. As a result
      server fails later with an assert.
      
      Solution:
      Do not use real_item to get the temp table field.
      Instead use the REF_ITEM itself as temp table fields
      are created for REF_ITEM not the real_item.
      a2cd622f
    • Sreeharsha Ramanavarapu's avatar
      Bug# 19573096: LOADING CORRUPTED GEOMETRY DATA INTO A · b7bdea94
      Sreeharsha Ramanavarapu authored
                     MYISAM TABLE CAUSES THE SERVER TO CRASH
      
      Issue:
      -----
      During index maintanence, R-tree node might need a split.
      In some cases the square of mbr could be calculated to
      infinite (as in this case) or to NaN. This is currently
      not handled. This is specific to MyISAM.
      
      SOLUTION:
      ---------
      If the calculated value in "mbr_join_square" is infinite or
      NaN, set it to max double value.
      
      Initialization of output parameters of "pick_seeds" is
      required if calculation is infinite (or negative infinite).
      
      Similar to the fix made for INNODB as part of Bug#19533996.
      b7bdea94
  6. 19 Mar, 2015 2 commits
    • Jon Olav Hauglid's avatar
      Merge branch 'mysql-5.1' into mysql-5.5 · 120907c0
      Jon Olav Hauglid authored
      Conflicts:
      	mysql-test/suite/sys_vars/r/transaction_alloc_block_size_basic.result
      	mysql-test/suite/sys_vars/r/transaction_prealloc_size_basic.result
      	mysql-test/suite/sys_vars/t/transaction_alloc_block_size_basic.test
      	mysql-test/suite/sys_vars/t/transaction_prealloc_size_basic.test
      	sql/mysqld.cc
      120907c0
    • Jon Olav Hauglid's avatar
      Bug#20730053: BACKPORT BUG#19770858 TO 5.1 · c7581bb5
      Jon Olav Hauglid authored
      Backport from mysql-5.5 to mysql-5.1 of:
      
      Bug19770858: MYSQLD CAN BE DRIVEN TO OOM WITH TWO SIMPLE SESSION VARS
      
      The problem was that the maximum value of the transaction_prealloc_size
      session system variable was ULONG_MAX which meant that it was possible
      to cause the server to allocate excessive amounts of memory.
      
      This patch fixes the problem by reducing the maxmimum value of
      transaction_prealloc_size and transaction_alloc_block_size down
      to 128K.
      
      Note that transactions will still be able to allocate more than
      128K if needed, this patch just reduces the amount that can be
      preallocated - as well as the maximum size of the incremental
      allocation blocks.
      
      (cherry picked from commit 540c9f7ebb428bbf9ec028feabe1f7f919fdefd9)
      
      Conflicts:
      	mysql-test/suite/sys_vars/r/transaction_alloc_block_size_basic.result
      	mysql-test/suite/sys_vars/r/transaction_alloc_block_size_basic_64.result
      	mysql-test/suite/sys_vars/t/disabled.def
      	mysql-test/suite/sys_vars/t/transaction_alloc_block_size_basic.test
      	sql/sys_vars.cc
      c7581bb5
  7. 13 Mar, 2015 2 commits
    • Venkatesh Duggirala's avatar
      Bug #20439913 CREATE TABLE DB.TABLE LIKE TMPTABLE IS · 59142d9a
      Venkatesh Duggirala authored
      BINLOGGED INCORRECTLY - BREAKS A SLAVE
      
      Submitted a incomplete patch with my previous push,
      re submitting the extra changes the required to make
      the patch complete.
      59142d9a
    • Venkatesh Duggirala's avatar
      Bug #20439913 CREATE TABLE DB.TABLE LIKE TMPTABLE IS BINLOGGED INCORRECTLY - BREAKS A SLAVE · 151b8ec4
      Venkatesh Duggirala authored
      Analysis:
      In row based replication, Master does not send temp table information
      to Slave. If there are any DDLs that involves in regular table that needs
      to be sent to Slave and a temp tables (which will not be available at Slave),
      the Master rewrites the query replacing temp table with it's defintion.
      Eg: create table regular_table like temptable.
      In rewrite logic, server is ignoring the database of regular table
      which can cause problems mentioned in this bug.
      
      Fix: dont ignore database information (if available) while
      rewriting the query
      151b8ec4
  8. 11 Mar, 2015 3 commits
    • Sreeharsha Ramanavarapu's avatar
      Revert "Bug #19573096: LOADING CORRUPTED GEOMETRY DATA INTO A" · 96974ea7
      Sreeharsha Ramanavarapu authored
      This reverts commit c7de768ec20f5167cff2c69a255d95ca2eded46a.
      96974ea7
    • Thirunarayanan Balathandayuthapani's avatar
      Bug #20417397 MYSQL SHOW ENGINE INNODB STATUS SHOWING NEGATIVE · 48869fce
      Thirunarayanan Balathandayuthapani authored
      			RESERVATION AND SIGNAL COUNT
      
      Problem:
      	Reservation and Signal count value shows negative value for show engine
      innodb statement.
      
      Solution:
      	This is happening due to counter overflow error. Reservation and Signal
      count values are defined as unsigned long but these variables are converted to
      long while printing it. Change Reservation and Signal count values as unsigned
      long datatype while printing it.
      Reviewed-by: default avatarMarko Mäkelä <marko.makela@oracle.com>
      Approved in bug page.
      48869fce
    • Sreeharsha Ramanavarapu's avatar
      Bug #19573096: LOADING CORRUPTED GEOMETRY DATA INTO A · 54d23ece
      Sreeharsha Ramanavarapu authored
                     MYISAM TABLE CAUSES THE SERVER TO CRASH
      
      Issue:
      -----
      During index maintanence, R-tree node might need a split.
      In some cases the square of mbr could be calculated to
      infinite (as in this case) or to NaN. This is currently
      not handled. This is specific to MyISAM.
      
      SOLUTION:
      ---------
      If the calculated value in "mbr_join_square" is infinite or
      NaN, set it to max double value.
      
      Initialization of output parameters of "pick_seeds" is
      required if calculation is infinite (or negative infinite).
      
      Similar to the fix made for INNODB as part of Bug#19533996.
      54d23ece
  9. 03 Mar, 2015 1 commit
    • Annamalai Gurusami's avatar
      Bug #20442523 CRASH WHEN CREATE TABLE VIOLATES FOREIGN KEY CONSTRAINT · 98b18c59
      Annamalai Gurusami authored
      Problem:
      
      This is a coding mistake during error handling.  When the specified foreign
      key constraint is wrong because of data type mismatch, the resulting
      foreign key object will not have valid foreign->id (it will be NULL.)
      
      Solution:
      
      While removing the foreign key object from dictionary cache during error
      handling, ensure that foreign->id is not null before using it.
      
      rb#8204 approved by Sunny.
      98b18c59
  10. 01 Mar, 2015 2 commits
  11. 26 Feb, 2015 1 commit
    • Chaithra Gopalareddy's avatar
      Bug #19814337 - SERVER CRASHES IN ITEM_FUNC_GROUP_CONCAT::FIX_FIELDS ON · 08763096
      Chaithra Gopalareddy authored
      		3RD EXECUTION OF PS
      
      Problem:
      When order by is by a column number for a group concat function
      which has an outer reference, server fails in case of prepared
      statements on the third execution
      
      Analysis:
      When a group concat function has order by, the fields in order by
      are not resolved until execution if the input is a column number.
      During execution they get resolved after the temp table gets created.
      As a result they will be pointing to temp table fields which are
      runtime created objects. This results in dangling pointers leading
      to server failure.
      
      Solution:
      Reset the pointers for the order by fields to point to the original
      arguments after execution as they are invalid.
      Done in Item_func_group_concat::cleanup.
      08763096
  12. 25 Feb, 2015 1 commit
    • Mithun C Y's avatar
      Bug #20049521: CRASH IN MERGE_BUFFERS FILESORT.C WHEN INNODB WITH ORDER BY. · 2e3c2cd3
      Mithun C Y authored
      ISSUE:
      ------
      There can be up to MERGEBUFF2 number of sorted merge chunks,
      We need enough buffer space for at least one record from
      each merge chunks. If estimates are wrong(very low) and we
      allocate buffer space for less than MERGEBUFF2, then we will
      have issue in merge_buffers, if actual number of rows to be
      sorted is bigger than estimate and external filesort is
      chosen.
      
      SOLUTION:
      ---------
      Set number of rows to sort to be at least MERGEBUFF2.
      2e3c2cd3
  13. 24 Feb, 2015 1 commit
  14. 20 Feb, 2015 1 commit
  15. 18 Feb, 2015 1 commit
  16. 06 Feb, 2015 1 commit
    • Praveenkumar.Hulakund's avatar
      Bug#20052694 - FAILED RESTARTS CONTAIN NO VERSION DETAILS. · ddd275bd
      Praveenkumar.Hulakund authored
      In versions 5.5 and 5.6 the MySQL version is not logged until
      server is started and ready to accept connections. Exiting
      server before this point will not have server version information
      in the log. But in 5.7 code, we log a server version information
      just after we prepare server_version string and logging is initialized.
      
      For 5.5 and 5.6 code also adding this code to print server version
      information.
      
      Test results:
      ================
      
      5.5
      -----
      Server version will be logged as below on server startup:
      141218  8:45:48 [Note] /home/praveen/WorkDir/mysql_local/bug20052694/mysql/sql/mysqld (mysqld 5.5.42-debug-log) starting as process 19697 ...
      
      5.6
      ----
      Server version will be logged as below on server startup:
      2014-12-18 09:08:43 0 [Note] /home/praveen/WorkDir/mysql_local/bug20052694/mysql-5.6/sql/mysqld (mysqld 5.6.23-debug-log) starting as process 18474 ...
      ddd275bd
  17. 05 Feb, 2015 1 commit
    • sreeharsha's avatar
      Bug # 19699237: UNINITIALIZED VARIABLE IN ITEM_FIELD::STR_RESULT · 17c97553
      sreeharsha authored
      LEADS TO INCORRECT BEHAVIOR
      
      ISSUE:
      ------
      When the following conditions are satisfied in a query, a
      server crash occurs:
      a) Two rows are compared using a NULL-safe equal-to operator.
      b) Each of these rows belong to different charsets.
      
      SOLUTION:
      ---------
      When one charset is converted to another for comparision,
      the constructor of "Item_func_conv_charset" is called.
      This will attempt to use the Item_cache if the string is a
      constant. This check succeeds because the "used_table_map"
      of the Item_cache class is never set to the correct value.
      Since it is mistakenly assumed to be a constant, it tries
      to fetch the relevant null value related fields which are
      yet to be initialized. This results in valgrind issues
      and wrong results.
      
      The fix is to update the "used_table_map" of "Item_cache".
      This will allow "Item_func_conv_charset" to realise that
      this is not a constant.
      17c97553
  18. 03 Feb, 2015 1 commit
  19. 30 Jan, 2015 1 commit
    • Mithun C Y's avatar
      Bug #19892803: ASSERTION FAILED: N < M_SIZE WITH DISTINCT TIME · c9f7948b
      Mithun C Y authored
      ISSUE:
      ------
      We pre-allocate the ref_pointer_array before we resolve outer
      references. This means that in some cases the
      ref_pointer_array may not be large enough to hold all
      references created. One such case is aggregate functions in
      having clause of a subquery which may add items to select list
      of outer query. So it is necessary to consider
      select_n_having_items for subqueries while allocating
      ref_pointer_array else we will get buffer overflow.
      
      SOLUTION:
      ---------
      Allocate a larger ref_pointer_array by aggregating
      select_n_having_items for subqueries.
      The fix in sql_yacc.yy is a backport from bug fix 18782905.
      c9f7948b
  20. 28 Jan, 2015 1 commit
    • Arun Kuruvila's avatar
      Bug #12671631 CREATE TABLE .. LIKE .. FEDERATED TABLE · 08526dfb
      Arun Kuruvila authored
                    CRASHES WITH AUTO_INCREMENT COLUMN
      
      Description:- Creating a federated table with AUTO_INCREMENT
      column using LIKE clause results in a server crash.
      
      Analysis:- Creating a federated table with AUTO_INCREMENT
      column using LIKE clause results in a federated server
      crash due to the uninitialized connection structure(mysql).
      Also due to unassigned connection string for the remote
      server, at the time of preparation of "create_info"
      structure, the creation of any federated table using LIKE
      clause fails with an error, "ERROR 1 (HY000): server name:
      '' doesn't exist!". This  bug is not only with
      AUTO_INCREMENT but in all creations of federated tables with
      LIKE clause.
      
      Fix :- In ha_federated::info(), "mysql->insert_id" assigned
      to "stats.auto_increment_value" only when there is an
      active connection. This fixes the crash issue. For creating
      the federated table with LIKE clause, connection string is
      assigned at the time of preparation of "create_info"
      structure.
      08526dfb
  21. 27 Jan, 2015 1 commit
  22. 23 Jan, 2015 1 commit
    • Jon Olav Hauglid's avatar
      Bug#19770858: MYSQLD CAN BE DRIVEN TO OOM WITH TWO SIMPLE SESSION VARS · 7a408dbd
      Jon Olav Hauglid authored
      The problem was that the maximum value of the transaction_prealloc_size
      session system variable was ULONG_MAX which meant that it was possible
      to cause the server to allocate excessive amounts of memory.
      
      This patch fixes the problem by reducing the maxmimum value of
      transaction_prealloc_size and transaction_alloc_block_size down
      to 128K.
      
      Note that transactions will still be able to allocate more than
      128K if needed, this patch just reduces the amount that can be
      preallocated - as well as the maximum size of the incremental
      allocation blocks.
      7a408dbd
  23. 19 Jan, 2015 2 commits
    • s.sujatha's avatar
      Bug#20041860: SLAVE ERROR WHEN DROP DATABASE · 70f5d81a
      s.sujatha authored
      Fixing a post push test issue.
      70f5d81a
    • Thayumanavar's avatar
      BUG#19875331 - HANDLE_FATAL_SIGNAL 11 IN STRMAKE · c9f307c4
      Thayumanavar authored
      Problem Description And Fix:
      Inserting a fudged record in mysql.proc with the dbname
      column value as test and the name column as empty, will
      cause a crash in mysqld when we run the command DROP
      DATABASE test.
       During DROP DATABASE test, mysql_rm_db subsequently
      calls lock_db_routines. In the routine we fetch the
      field 'name' from mysql.proc by calling the underlying
      storage engine API in lock_db_routines. This cause NULL
      value as the field column of mysql.proc and subsequent
      dereference MDL_request::init leads to crash.
      Modifying mysql.proc using SQL command by user is not
      supported, but in principle, there is a possibility
      of mysql.proc getting corrupted which can also lead
      to empty fields and arbitary values. The patch fixes
      the crash by checking NULL and propagating the appopriate
      error code to the user.
      c9f307c4
  24. 16 Jan, 2015 1 commit
  25. 15 Jan, 2015 1 commit
    • Jon Olav Hauglid's avatar
      Bug#20344207: Add support for CMake 3.1 · 2750b4b7
      Jon Olav Hauglid authored
      Rename a CMake variable in compile_flags.cmake to avoid triggering
      CMake 3.1 warning about CMP0054 about interpreting if() arguments
      as keywords or variables.
      
      No changes in behavior.
      2750b4b7
  26. 14 Jan, 2015 1 commit