1. 03 Oct, 2022 1 commit
    • Vlad Lesin's avatar
      MDEV-29575 Access to innodb_trx, innodb_locks and innodb_lock_waits along with... · c0817dac
      Vlad Lesin authored
      MDEV-29575 Access to innodb_trx, innodb_locks and innodb_lock_waits along with detached XA's can cause SIGSEGV
      
      trx->mysql_thd can be zeroed-out between thd_get_thread_id() and
      thd_query_safe() calls in fill_trx_row(). trx_disconnect_prepared() zeroes out
      trx->mysql_thd. And this can cause null pointer dereferencing in
      fill_trx_row().
      
      fill_trx_row() is invoked from fetch_data_into_cache() under trx_sys.mutex.
      
      Bug fix is in reseting trx_t::mysql_thd in trx_disconnect_prepared() under
      trx_sys.mutex lock too.
      
      MTR test case can't be created for the fix, as we need to wait for
      trx_t::mysql_thd reseting in fill_trx_row() after trx_t::mysql_thd was
      checked for null while trx_sys.mutex is held. But trx_t::mysql_thd must be
      reset in trx_disconnect_prepared() under trx_sys.mutex. There will be deadlock.
      c0817dac
  2. 01 Oct, 2022 2 commits
  3. 30 Sep, 2022 3 commits
    • Oleksandr Byelkin's avatar
      MDEV-17124: mariadb 10.1.34, views and prepared statements: ERROR 1615... · f65ba9ae
      Oleksandr Byelkin authored
      MDEV-17124: mariadb 10.1.34, views and prepared statements:  ERROR 1615 (HY000): Prepared statement needs to be re-prepared
      
      The problem is that if table definition cache (TDC) is full of real tables
      which are in tables cache, view definition can not stay there so will be
      removed by its own underlying tables.
      In situation above old mechanism of detection matching definition in PS
      and current version always require reprepare and so prevent executing
      the PS.
      
      One work around is to increase TDC, other - improve version check for
      views/triggers (which is done here). Now in suspicious cases we check:
       - timestamp (microseconds) of the view to be sure that version really
         have changed;
       - time (microseconds) of creation of a trigger related to time
         (microseconds) of statement preparation.
      f65ba9ae
    • Oleksandr Byelkin's avatar
      Better declaration of the buffer size · 98e62e63
      Oleksandr Byelkin authored
      98e62e63
    • Anel Husakovic's avatar
      MDEV-28548: ER_TABLEACCESS_DENIED_ERROR is missing information about DB · 1f51d6c0
      Anel Husakovic authored
      - Added missing information about database of corresponding table for various types of commands
      - Update some typos
      
      - Reviewed by: <vicentiu@mariadb.org>
      1f51d6c0
  4. 29 Sep, 2022 2 commits
    • Sergei Golubchik's avatar
      fix sporadic failures on main.kill · f9605eb2
      Sergei Golubchik authored
      KILL QUERY ID 0 was sometimes finding con3 that was still in the process
      of disconnecting and had query_id==0 (as it didn't run any queries)
      f9605eb2
    • Igor Babaev's avatar
      MDEV-29361 Infinite recursive calls when detecting CTE dependencies · 28ae3618
      Igor Babaev authored
      This patch resolves the problem of improper name resolution of table
      references to embedded CTEs for some queries. This improper binding could
      lead to
        - infinite sequence of calls of recursive functions
        - crashes due to resolution of null pointers
        - wrong result sets returned by queries
        - bogus error messages
      
      If the definition of a CTE contains with clauses then such CTE is called
      embedding CTE while CTEs from the with clauses are called embedded CTEs.
      If a table reference used in the definition of an embedded CTE cannot be
      resolved within the unit that contains this reference it still may be
      resolved against a CTE definition from the with clause with one of the
      embedding CTEs.
      A table reference can be resolved against a CTE definition if it used in
      the the scope of this definition and it refers to the name of the CTE.
      Table reference t is in the scope of the CTE definition of CTE cte if
      - the definition of cte is an element of a with clause declared as
        RECURSIVE and the reference t belongs either to the unit to which
        this with clause is attached or to one of the elements of this clause
      - the definition of cte is an element of a with clause without RECURSIVE
        specifier and the reference t belongs either to the unit to which this
        with clause is attached or to one of the elements from this clause that
        are placed before the definition of cte.
      If a table reference can be resolved against several CTE definitions then
      it is bound to the most embedded.
      
      The code before this patch not always resolved table references used in
      embedded CTE according to the above rules.
      
      Approved by Oleksandr Byelkin <sanja@mariadb.com>
      28ae3618
  5. 28 Sep, 2022 1 commit
    • Mikhail Chalov's avatar
      Use memory safe snprintf() in Connect Engine and elsewhere (#2210) · 9de9f105
      Mikhail Chalov authored
      Continue with similar changes as done in 19af1890 to replace sprintf(buf, ...)
      with snprintf(buf, sizeof(buf), ...), specifically in the "easy" cases where buf
      is allocated with a size known at compile time.
      
      All new code of the whole pull request, including one or several files that are
      either new files or modified ones, are contributed under the BSD-new license.  I
      am contributing on behalf of my employer Amazon Web Services, Inc.
      9de9f105
  6. 27 Sep, 2022 2 commits
  7. 26 Sep, 2022 6 commits
  8. 23 Sep, 2022 1 commit
    • Andrew Hutchings's avatar
      MDEV-25767 Fix CONNECT ODBC WHERE condition crash (#2243) · 66cd1c33
      Andrew Hutchings authored
      When an UPDATE or DELETE was executed with a WHERE condition it would
      crash the MariaDB server. This is because the code expects the WHERE
      condition to have generated a query string but it hasn't.
      
      Also updates the ODBC test results for current MariaDB version.
      66cd1c33
  9. 22 Sep, 2022 2 commits
  10. 21 Sep, 2022 2 commits
    • Alexey Botchkov's avatar
      Backport fix for MDEV-29352 to 10.3-10.5 · f5e4e154
      Alexey Botchkov authored
      The fix for MDEV-29352 was pushed to 10.6+ but the code causing the
      bug is old and the bug is unlikely to be a recent regression in 10.6.
      So, we apply the fix also to older versions, 10.3-10.5.
      
      The original commit message:
      
      MDEV-29352 SIGSEGV's in strlen and unknown location on optimized builds at SHUTDOWN
      
      When the UDF creation frails to write the newly created UDF into
      the related system table, the UDF is still created in memory.
      
      However, as it is now, the related DLL is unloaded in this case right
      in the mysql_create_function. And failure happens when the UDF handle
      is freed and tries to unload the respective DLL which is still unloaded.
      f5e4e154
    • Ian Gilfillan's avatar
      MDEV-29275 Fix server/Docs typos · b9c1c07f
      Ian Gilfillan authored
      b9c1c07f
  11. 20 Sep, 2022 3 commits
    • Brandon Nesterenko's avatar
      MDEV-28986: rpl tests sometimes failing on freebsd builders · b6bf7cd1
      Brandon Nesterenko authored
      The rpl_row_img_sequence test can fail on resource
      constrained buildbot machines due to its high
      space consumption. To reduce this footprint, the
      test is split into three parts, one for each value
      of the binlog_row_img variable.
      b6bf7cd1
    • Sergei Golubchik's avatar
      MDEV-29480 spider group by handler wrong result on order by aggregate alias · fc8a7655
      Sergei Golubchik authored
      when generating a query to send to a remote server, spider generates
      new aliases for all tables in the query (at least in the group_by handler).
      First it walks all the expressions and create a list of new table aliases
      to use for each field. Then - in init_scan() - it actually generates the
      query, taking for each field the next alias from the list.
      
      It dives recursively into functions, for example, for func(f1) it'll
      go in, will see the field f1 and append to the list the new name for
      the table of f1. This works fine for non-aggregate functions and
      for aggregate functions in the SELECT list. But aggregate functions
      in the ORDER BY are always references to the select list, they never
      need to be qualified with a table name. That is, even if there is a
      field name as an argument of an aggregate function in the ORDER BY
      it must not append a table alias to the list. Let's just skip
      aggregate functions when analyzing ORDER BY for table aliases.
      
      This fixes spider/bugfix.mdev_29008
      (was observed on aarch64, x86, ppc64le, and amd64 --rr)
      fc8a7655
    • Alexander Barkov's avatar
  12. 19 Sep, 2022 7 commits
  13. 15 Sep, 2022 1 commit
  14. 14 Sep, 2022 7 commits
    • Sergei Golubchik's avatar
      MDEV-22647 Assertion `!check_audit_mask(mysql_global_audit_mask, event_class_mask)' · beffef9f
      Sergei Golubchik authored
      
      check_audit_mask(mysql_global_audit_mask, event_class_mask) is tested in
      mysql_audit_general_log() and then assert in mysql_audit_acquire_plugins()
      verifies that the condition still holds.
      But this code path is not protected by LOCK_audit_mask, so
      mysql_global_audit_mask can change its value between the if() and the
      assert. That is, the assert is invalid and will fire if the
      audit plugin is unloaded concurrently with mysql_audit_general_log().
      
      Nothing bad will happen in this case though, we'll just do a useless
      loop over all remaining installed audit plugins.
      
      That is, the fix is simply to remove the assert.
      beffef9f
    • Anel Husakovic's avatar
      Add missing comment and remove unnecessary initialization · b7928f75
      Anel Husakovic authored
      - Commit c8948b0d introduced `get_one_variable()` - updating missing argument.
      - Remove caller setting of empty string in `rpl_filter`, since underlying functions will do the same
        (commit 9584cbe7 introduced).
      
      Reviewed by: <brandon.nesterenko@mariadb.com>
      b7928f75
    • Vicențiu Ciorbaru's avatar
      MDEV-29509 execute granted indirectly (via roles) doesn't always work · 16b2bb90
      Vicențiu Ciorbaru authored
      The issue manifests due to a bug in mysql_routine_grant. This was a side
      effect of e46eea86 which fixed the problem of not giving appropriate error
      message (ER_NONEXISTING_PROC_GRANT) when a routine grant existed due to role
      inheritance.
      
      When granting a routine privilege, it is possible to have a GRANT_NAME
      entry already created from an inherited role, but with it's init_privs
      set to 0.
      
      In this case we must not create a *new* grant entry, but we must edit
      this grant entry to set its init_privs.
      
      Note that this case was already covered by MDEV-29458, however due to a
      forgotten "flush privileges;" the actual code path never got hit.
      Remove the flush privilege command as it was never intended to be there
      in the first place.
      16b2bb90
    • Vicențiu Ciorbaru's avatar
      5ad8cd93
    • Vicențiu Ciorbaru's avatar
      MDEV-29458: Role grant commands do not propagate all grants · 7735ba76
      Vicențiu Ciorbaru authored
      There was an issue in updating in-memory role datastructures when
      propagating role grants.
      
      The issue is that changing a particular role's privilege (on any
      privilege level, global, database, etc.)
      was done such that it overwrote the entire set of bits for that
      particular level of privileges.
      
      For example:
      grant select on *.* to r1 -> sets the access bits to r1 to select,
      regardless of what bits were present for role r1 (inherited from any
      other roles).
      
      Before this fix, the rights of role r1 were propagated to any roles r1
      was granted to, however the propagated rights did *not* include the
      complete rights r1 inherited from its own grants.
      
      For example:
        grant r2 to r1;
        grant select on *.* to r2;
        grant insert on *.* to r1; # This command completely disregards the
                                   # select privilege from r2.
      
      In order to correct this, ensure that before rights are propagated
      onwards, that the current's role rights have been updated from its
      grants.
      
      Additionally, the patch exposed a flaw in the DROP ROLE code.
      When deleting a role we removed all its previous grants, but what
      remained was the actual links of roles granted to the dropped role.
      Having these links present when propagating grants meant that we would
      have leftover ACL_xxx entries.
      
      Ensure that the links are removed before propagating grants.
      7735ba76
    • Vicențiu Ciorbaru's avatar
      MDEV-29465: Inherited columns privs for roles wrongly set mysql.tables_priv column · 145932a5
      Vicențiu Ciorbaru authored
      There was a bug in the ACL internal data structures GRANT_TABLE and
      GRANT_COLUMN. The semantics are: GRANT_TABLE::init_cols and
      GRANT_COLUMN::init_privs represent the bits that correspond to the
      privilege bits stored in the physical tables. The other struct members
      GRANT_TABLE::cols and GRANT_COLUMN::privs represent the actual access
      bits, as they may be modified through role grants.
      
      The error in logic was mixing the two fields and thus we ended up
      storing the logical access bits in the physical tables, instead of the
      physical (init_xxx) bits.
      
      This caused subsequent DBUG_ASSERT failures when dropping the involved
      roles.
      145932a5
    • Thirunarayanan Balathandayuthapani's avatar
      MDEV-29479 I_S.INNODB_SYS_TABLESPACES doesn't have temporary tablespace information · d7aefc0f
      Thirunarayanan Balathandayuthapani authored
      - innodb_sys_tablespaces view in information schema displays temporary
      tablespace information too.
      d7aefc0f