1. 27 Nov, 2023 3 commits
    • Monty's avatar
      Do not use MEM_ROOT in set_killed_no_mutex() · dc116541
      Monty authored
      The reason for this change are the following:
      - If we call set_killed() from one thread to kill another thread with
        a message, there may be concurrent usage of the MEM_ROOT which is
        not supported (this could cause memory corruption).
        We do not currently have code that does this, but the API allows this
        and it is better to be fix the issue before it happens.
      - The per thread memory tracking does not work if one thread uses
        another threads MEM_ROOT.
      - set_killed() can be called if a MEM_ROOT allocation fails.  In this case
        it is not good to try to allocate more memory from potentially the same
        MEM_ROOT.
      
      Fix is to use my_malloc() instead of mem_root for killed messages.
      dc116541
    • Monty's avatar
      MENT-1707 Crash at reload_acl_and_cache · 9e424b62
      Monty authored
      The stack function trace for this bug is:
      
      libc
      my_free
      free_root
      acl_reload
      
      The crash happens because acl_memroot gets corrupted.
      
      The issue was that during FLUSH PRIVILEGES we discard the old
      privileges and create new ones. We have protection in place that no
      one can accesses the privileges during this time.
      
      However one short piece of code called during login of a new user, or
      change password, was not properly protected, which could in some very
      rare circumstances case a memory overwrite of a MEMROOT object if
      at the same time another thread calls FLUSH PRIVILEGES.
      
      This it issue is fixed by adding protection around set_user_salt().
      I also added asserts to other code that is using the acl_memroot to
      ensure that it is properly proteced everywhere.
      9e424b62
    • Anel Husakovic's avatar
      MDEV-32168: slave_error_param condition is never checked from the wait_for_slave_param.inc · 18acf97d
      Anel Husakovic authored
      - Record unrecorded tests from `rpl` suite to `engines/funcs` suite
      (done by d8e448ba):
        1) Record test `rpl_row_until` from commit d95fa7e3
        2) Record test `rpl_slave_status` from commit a7d186a1
      
      - Stop only running threads for `engines/funcs.rpl_server_id1.test` that
      is not the same as `rpl.rpl_server_id1.test`
      
      - Reviewer:  <knielsen@knielsen-hq.org>
                   <andrei.elkin@mariadb.com>
      18acf97d
  2. 26 Nov, 2023 1 commit
  3. 25 Nov, 2023 6 commits
  4. 24 Nov, 2023 9 commits
    • Vladislav Vaintroub's avatar
      MDEV-32875 SERVER_STATUS_AUTOCOMMIT set after connecting, if autocommit=0 · 934db2ef
      Vladislav Vaintroub authored
      After successful connection, server always sets SERVER_STATUS_AUTOCOMMIT
      in server_status in the OK packet. This is wrong, if global variable
      autocommit=0.
      
      Fixed THD::init(), added mysql_client_test test.
      
      Thanks to Diego Dupin for the providing the patch.
      Signed-off-by: default avatarVladislav Vaintroub <vvaintroub@gmail.com>
      934db2ef
    • Dmitry Shulga's avatar
      MDEV-32867: ASAN errors in Item_func_json_contains_path::val_int upon PS execution · 85c15780
      Dmitry Shulga authored
      This bug was caused by a patch for the task MDEV-32733.
      Incorrect memory root was used for allocation of memory
      pointed by the data memebr Item_func_json_contains_path::p_found.
      85c15780
    • Marko Mäkelä's avatar
      MDEV-32874 Test innodb.innodb-table-online,crypt occasionally fails · ead61d9b
      Marko Mäkelä authored
      Let us make the test compatible with ./mtr --repeat
      and convert variable_value to integer, so that comparisons like
      16>9 will work as intended, instead of being compared as '16'<'9'.
      ead61d9b
    • Oleg Smirnov's avatar
      MDEV-29070 SIGSEGV in my_decimal::operator= and Assertion `0' failed and in... · 69d294e7
      Oleg Smirnov authored
      MDEV-29070 SIGSEGV in my_decimal::operator= and Assertion `0' failed and in Item_type_holder::val_decimal on SELECT
      
      The bug is fixed by the patch ported from MySQL. See the comprehensive
      description below.
      
      commit 455c4e8810c76430719b1a08a63ca0f69f44678a
      Author: Guilhem Bichot <guilhem.bichot@oracle.com>
      Date:   Fri Mar 13 17:51:27 2015 +0100
      
          Bug#17668844: CRASH/ASSERT AT ITEM_TYPE_HOLDER::VAL_STR IN ITEM.C
      
          We have a predicate of the form:
          literal_row <=> (a UNION)
      
          The subquery is constant, so Item_cache objects are used for its
          SELECT list.
          In order, this happens:
          - Item_subselect::fix_fields() calls select_lex_unit::prepare,
          where we create Item_type_holder's
          (appended to unit->types list), create the tmp table (using type info
          found in unit->types), and call fill_item_list() to put the
          Item_field's of this table into unit->item_list.
          - Item_subselect::fix_length_and_dec() calls set_row() which
          makes Item_cache's of the subquery wrap the Item_type_holder's
          - When/if a first result row is found for the subquery,
          Item_cache's are re-pointed to unit->item_list
          (i.e. Item_field objects which reference the UNION's tmp table
          columns) (see call to Item_singlerow_subselect::store()).
          - In our subquery, no result row is found, so the Item_cache's
          still wrap Item_type_holder's; evaluating '<=>' reads the
          value of those, but Item_type_holder objects are not expected to be
          evaluated.
      
          Fix: instead of putting unit->types into Item_cache, and later
          replacing with unit->item_list, put unit->item_list in Item_cache from
          the start.
      
      Approved by Oleksandr Byelkin <sanja@mariadb.com>
      69d294e7
    • Dmitry Shulga's avatar
      MDEV-32466: Potential memory leak on executing of create view statement · 85f2e4f8
      Dmitry Shulga authored
      This is the follow-up patch that removes explicit use of thd->stmt_arena
      for memory allocation and replaces it with call of the method
        THD::active_stmt_arena_to_use()
      Additionally, this patch adds extra DBUG_ASSERT to check that right
      query arena is in use.
      85f2e4f8
    • Dmitry Shulga's avatar
      MDEV-32466: Potential memory leak on executing of create view statement · 5064750f
      Dmitry Shulga authored
      This patch is actually follow-up for the task
        MDEV-23902: MariaDB crash on calling function
      to use correct query arena for a statement. In case invocation of
      a function is in progress use its call arena, else use current
      query arena that can be either a statement or a regular query arena.
      5064750f
    • Yuchen Pei's avatar
      MDEV-28739 MDEV-29421 Remove spider persistent table stats · bdfd93d3
      Yuchen Pei authored
      We remove the call to update spider persistent table stats (sts/crd)
      in spider_free_share(). This prevents spider from opening and closing
      further tables during close(), which fixes the following issues:
      
      MDEV-28739: ha_spider::close() is called during tdc_start_shutdown(),
      which is called after query_cache_destroy(). Closing the sts/crd Aria
      tables will trigger a call to Query_cache::invalidate_table(), which
      will attempt to use the query cache mutex structure_guard_mutex
      destroyed previously.
      
      MDEV-29421: during ha_spider::close(), spider_free_share() could
      trigger another spider_free_share() through updating sts/crd table,
      because open_table() calls tc_add_table(), which could trigger another
      ha_spider::close()...
      
      Since spider sts/crd system tables are only updated here, there's no
      use for these tables any more, and we remove all uses of these tables
      too.
      
      The removal should not cause any performance issue, as in memory
      spider table stats are only updated based on a time
      interval (spider_sts_interval and spider_crd_interval), which defaults
      to 10 seconds. It should not affect accuracy either, due to the
      infrequency of server restart. And inaccurate stats are not a problem
      for optimizer anyway.
      
      To be on the safe side, we defer the removal of the spider sts/crd
      tables themselves to future.
      bdfd93d3
    • Yuchen Pei's avatar
      MDEV-32804 Remove references to spider_rewrite_plugin tables · 1a76d751
      Yuchen Pei authored
      They are not used. The code paths are never reached.
      1a76d751
    • Yuchen Pei's avatar
      MDEV-27575 Add sleeping statement spider/bugfix.mdev_27575 · ed0ab6e1
      Yuchen Pei authored
      This could help prevent race condition when shutting down the server
      not long after loading spider. Thus only needed for 10.4-10.6.
      ed0ab6e1
  5. 23 Nov, 2023 5 commits
  6. 22 Nov, 2023 1 commit
    • Rex's avatar
      MDEV-32829 Crash when executing PS for query with eliminated subquery using view · 32c68497
      Rex authored
      Statements affected by this bug have all the following
      1) select statements with a sub-query
      2) that sub-query includes a group-by clause
      3) that group-by clause contains an expression
      4) that expression has a reference to view
      
      When a view is used in a group by expression, and that group by can be
      eliminated in a sub-query simplification as part of and outer condition
      that could be in, exists, > or <, then the table structure left behind
      will have a unit that contains a null select_lex pointer.
      
      If this happens as part of a prepared statement, or execute in a stored
      procedure for the second time, then, when the statement is executed, the table
      list entry for that, now eliminated, view is "opened" and "reinit"ialized.
      This table entry's unit no longer has a select_lex pointer.
      Prior to MDEV-31995 this was of little consequence, but now following this
      null pointer will cause a crash.
      
      Reviewed by Igor Babaev (igor@mariadb.com)
      32c68497
  7. 21 Nov, 2023 6 commits
  8. 20 Nov, 2023 3 commits
  9. 19 Nov, 2023 1 commit
  10. 18 Nov, 2023 1 commit
  11. 17 Nov, 2023 4 commits