1. 24 Sep, 2012 2 commits
  2. 14 Sep, 2012 1 commit
    • unknown's avatar
      Fix bug lp:1009187, mdev-373, mysql bug#58628 · f89d6a6f
      unknown authored
      Analysis:
      The queries in question use the [unique | index]_subquery execution methods.
      These methods reuse the ref keys constructed by create_ref_for_key(). The
      way create_ref_for_key() works is that it doesn't store in ref.key_copy[]
      store_key elements that represent constants. In particular it doesn't store
      the store_key for NULL constants.
      
      The execution of [unique | index]_subquery calls
      subselect_uniquesubquery_engine::copy_ref_key, which in addition to copy
      the left IN argument into a index lookup key, is supposed to detect if
      the left IN argument contains NULLs. Since the store_key for the NULL
      constant is not copied into the key array, the null is not detected, and
      execution erroneously proceeds as if it should look for a complete match.
      
      Solution:
      The solution (unlike MySQL) is to reuse already computed information about
      NULL presence. Item_in_optimizer::val_int already finds out if the left IN
      operand contains NULLs. The fix propagates this to the execution methods
      subselect_[unique | index]subquery_engine::exec so it knows if there were
      NULL values independent of the presence of keys.
      
      In addition the patch siplifies copy_ref_key() and the logic that hanldes
      the case of NULLs in the left IN operand.
      f89d6a6f
  3. 24 Aug, 2012 9 commits
  4. 22 Aug, 2012 3 commits
  5. 12 Jul, 2012 1 commit
  6. 10 Jul, 2012 7 commits
    • unknown's avatar
      No commit message · ed568c27
      unknown authored
      No commit message
      ed568c27
    • Andrei Elkin's avatar
      merge from 5.1 repo. · 6d850e4a
      Andrei Elkin authored
      6d850e4a
    • Andrei Elkin's avatar
      merge from 5.1 repo. · 01c536f1
      Andrei Elkin authored
      01c536f1
    • Bjorn Munch's avatar
      98fe47b2
    • Andrei Elkin's avatar
      merge from 5.1 repo. · 1f91cb18
      Andrei Elkin authored
      1f91cb18
    • Sujatha Sivakumar's avatar
      BUG#11762670:MY_B_WRITE RETURN VALUE IGNORED · 0577d729
      Sujatha Sivakumar authored
      Problem:
      =======
      The return value from my_b_write is ignored by: `my_b_write_quoted',
      `my_b_write_bit',`Query_log_event::print_query_header'
      
      Most callers of `my_b_printf' ignore the return value. `log_event.cc' 
      has many calls to it. 
      
      Analysis:
      ========
      `my_b_write' is used to write data into a file. If the write fails it
      sets appropriate error number and error message through my_error()
      function call and sets the IO_CACHE::error == -1.
      `my_b_printf' function is also used to write data into a file, it
      internally invokes my_b_write to do the write operation. Upon
      success it returns number of characters written to file and on error
      it returns -1 and sets the error through my_error() and also sets
      IO_CACHE::error == -1.  Most of the event specific print functions
      for example `Create_file_log_event::print', `Execute_load_log_event::print'
      etc are the ones which make several calls to the above two functions and
      they do not check for the return value after the 'print' call. All the above 
      mentioned abuse cases deal with the client side.
      
      Fix:
      ===
      As part of bug fix a check for IO_CACHE::error == -1 has been added at 
      a very high level after the call to the 'print' function.  There are 
      few more places where the return value of "my_b_write" is ignored
      those are mentioned below.
      
      +++ mysys/mf_iocache2.c    2012-06-04 07:03:15 +0000
      @@ -430,7 +430,8 @@
                 memset(buffz, '0', minimum_width - length2);
               else
                 memset(buffz, ' ', minimum_width - length2);
      -        my_b_write(info, buffz, minimum_width - length2);
      
      +++ sql/log.cc	2012-06-08 09:04:46 +0000
      @@ -2388,7 +2388,12 @@
           {
             end= strxmov(buff, "# administrator command: ", NullS);
             buff_len= (ulong) (end - buff);
      -      my_b_write(&log_file, (uchar*) buff, buff_len);
      
      At these places appropriate return value handlers have been added.
      
      client/mysqlbinlog.cc:
        check for IO_CACHE::error == -1 has been added after the call to
        the event specific print functions
      mysys/mf_iocache2.c:
        Added handler to check the written value of `my_b_write'
      sql/log.cc:
        Added handler to check the written value of `my_b_write'
      sql/log_event.cc:
        Added error simulation statements in `Create_file_log_event::print`
        and `Execute_load_query_log_event::print'
      sql/rpl_utility.h:
        Removed the extra ';'
      0577d729
    • Bjorn Munch's avatar
      f91bd53e
  7. 09 Jul, 2012 2 commits
  8. 05 Jul, 2012 2 commits
    • Andrei Elkin's avatar
      Bug#14275000 · e30dbf15
      Andrei Elkin authored
      Fixes for BUG11761686 left a flaw that managed to slip away from testing.
      Only effective filtering branch was actually tested with a regression test
      added to rpl_filter_tables_not_exist.
      The reason of the failure is destuction of too early mem-root-allocated memory 
      at the end of the deferred User-var's do_apply_event().
      
      Fixed with bypassing free_root() in the deferred execution branch.
      Deallocation of created in do_apply_event() items is done by the base code
      through THD::cleanup_after_query() -> free_items() that the parent Query
      can't miss.
      
      
      
      sql/log_event.cc:
        Do not call free_root() in case the deferred User-var event.
        Necessary methods to the User-var class are added, do_apply_event() refined.
      sql/log_event.h:
        Necessary methods to avoid destoying mem-root-based memory at
        User-var applying are defined.
      e30dbf15
    • Georgi Kodinov's avatar
      Bug #13889741: HANDLE_FATAL_SIGNAL IN _DB_ENTER_ | · 4b498c9a
      Georgi Kodinov authored
      HANDLE_FATAL_SIGNAL IN STRNLEN
      
      Fixed the following bounds checking problems :
      1. in check_if_legal_filename() make sure the null terminated
      string is long enough before accessing the bytes in it.
      Prevents pottential read-past-buffer-end
      2. in my_wc_mb_filename() of the filename charset check
      for the end of the destination buffer before sending single
      byte characters into it.
      Prevents write-past-end-of-buffer (and garbaling stack in
      the cases reported here) errors.
      
      Added test cases.
      4b498c9a
  9. 03 Jul, 2012 1 commit
    • Rohit Kalhans's avatar
      BUG#11762667:MYSQLBINLOG IGNORES ERRORS WHILE WRITING OUTPUT · b2c19cfe
      Rohit Kalhans authored
      This is a followup patch for the bug enabling the test
      i_binlog.binlog_mysqlbinlog_file_write.test
      this was disabled in mysql trunk and mysql 5.5 as in the release
      build mysqlbinlog was not debug compiled whereas the mysqld was.
      Since have_debug.inc script checks only for mysqld to be debug
      compiled, the test was not being skipped on release builds.
      
      We resolve this problem by creating a new inc file 
      mysqlbinlog_have_debug.inc which checks exclusively for mysqlbinlog
      to be debug compiled. if not it skips the test.
       
      
      mysql-test/include/mysqlbinlog_have_debug.inc:
        new inc file to check if mysqlbinlog is debug compiled.
      b2c19cfe
  10. 29 Jun, 2012 1 commit
  11. 28 Jun, 2012 1 commit
    • Georgi Kodinov's avatar
      Bug #13708485: malformed resultset packet crashes client · c3beb575
      Georgi Kodinov authored
      Several fixes :
      
      * sql-common/client.c
      Added a validity check of the fields metadata packet sent 
      by the server.
      Now libmysql will check if the length of the data sent by
      the server matches what's expected by the protocol before
      using the data.
      
      * client/mysqltest.cc
      Fixed the error handling code in mysqltest to avoid sending
      new commands when the reading the result set failed (and 
      there are unread data in the pipe).
      
      * sql_common.h + libmysql/libmysql.c + sql-common/client.c
      unpack_fields() now generates a proper error when it fails.
      Added a new argument to this function to support the error 
      generation.
      
      * sql/protocol.cc
      Added a debug trigger to cause the server to send a NULL
      insted of the packet expected by the client for testing 
      purposes.
      c3beb575
  12. 29 Jun, 2012 2 commits
  13. 28 Jun, 2012 1 commit
  14. 26 Jun, 2012 1 commit
  15. 21 Jun, 2012 1 commit
    • unknown's avatar
      Fix for LP bug#1001505 and LP bug#1001510 · c82fac11
      unknown authored
      We set correct cmp_context during preparation to avoid changing it later by Item_field::equal_fields_propagator.
      (see mysql bugs #57135 #57692 during merging)
      c82fac11
  16. 23 Jun, 2012 1 commit
  17. 21 Jun, 2012 1 commit
  18. 20 Jun, 2012 2 commits
  19. 19 Jun, 2012 1 commit