1. 29 Oct, 2010 13 commits
    • Jon Olav Hauglid's avatar
      Bug #57659 Segfault in Query_cache::invalidate_data for TRUNCATE TABLE · e16d4c49
      Jon Olav Hauglid authored
      This crash could happen if TRUNCATE TABLE indirectly failed to open a
      merge table due to failures to open underlying tables. Even if opening
      failed, the TRUNCATE TABLE code would try to invalidate the table in
      the query cache. Since this table had been closed and memory released,
      this could lead to a crash.
      
      This bug was introduced by a combination of the changes introduced by
      the patch for Bug#52044, where failing to open a table will cause opened
      tables to be closed. And the changes in patch for Bug#49938, where
      TRUNCATE TABLE uses the standard open tables function.
      
      This patch fixes the problem by setting the TABLE pointer to NULL before 
      invalidating the query cache.
      
      Test case added to truncate_coverage.test.
      e16d4c49
    • Georgi Kodinov's avatar
      merge · 077a9b5f
      Georgi Kodinov authored
      077a9b5f
    • Georgi Kodinov's avatar
      fix tree name · 3e6c3763
      Georgi Kodinov authored
      3e6c3763
    • Georgi Kodinov's avatar
      merge · 551715a7
      Georgi Kodinov authored
      551715a7
    • Georgi Kodinov's avatar
      merge · 263a7054
      Georgi Kodinov authored
      263a7054
    • Georgi Kodinov's avatar
      merge to 5.1-security · bb592e9c
      Georgi Kodinov authored
      bb592e9c
    • Georgi Kodinov's avatar
      merge to 5.1-security · e223f2bc
      Georgi Kodinov authored
      e223f2bc
    • Georgi Kodinov's avatar
      merge to 5.0-security · 92223604
      Georgi Kodinov authored
      92223604
    • Sergey Glukhov's avatar
      5.1-security->5.5-security merge · 2da3af2c
      Sergey Glukhov authored
      2da3af2c
    • Sergey Glukhov's avatar
      Bug#57688 Assertion `!table || (!table->write_set || bitmap_is_set(table->write_set, field · 5b318c5a
      Sergey Glukhov authored
      Lines below which were added in the patch for Bug#56814 cause this crash:
      
      +      if (table->table)
      +        table->table->maybe_null= FALSE;
      
      Consider following test case:
      --
      CREATE TABLE t1(f1 INT NOT NULL);
      INSERT INTO t1 VALUES (16777214),(0);
      
      SELECT COUNT(*) FROM t1 LEFT JOIN t1 t2
      ON 1 WHERE t2.f1 > 1 GROUP BY t2.f1;
      
      DROP TABLE t1;
      --
      
      We set TABLE::maybe_null to FALSE for t2 table
      and in create_tmp_field() we create appropriate tmp table field
      using create_tmp_field_from_item() function instead of
      create_tmp_field_from_field. As a result we have
      LONGLONG field. As we have GROUP BY clause we calculate
      group buffer length, see calc_group_buffer().
      Item from group list which is used for calculation
      refer to the field from real tables and have LONG type.
      So group buffer length become insufficient for storing of
      LONGLONG value. It leads to overwriting of wrong memory
      area in do_field_int() function which is called from
      end_update().
      After some investigation I found out that
      create_tmp_field_from_item() is used only for OLAP
      grouping and can not be used for common grouping
      as it could be an incompatibility between tmp
      table fields and group buffer length.
      We can not remove create_tmp_field_from_item() call from
      create_tmp_field as OLAP needs it and we can not use this
      function for common grouping. So we should remove setting
      TABLE::maybe_null to FALSE from simplify_joins().
      In this case we'll get wrong behaviour of
      list_contains_unique_index() back. To fix it we
      could use Field::real_maybe_null() check instead of
      Field::maybe_null() and add addition check of
      TABLE_LIST::outer_join.
      
      
      mysql-test/r/group_by.result:
        test case
      mysql-test/r/join_outer.result:
        test case
      mysql-test/t/group_by.test:
        test case
      mysql-test/t/join_outer.test:
        test case
      sql/sql_select.cc:
        --remove wrong code
        --use Field::real_maybe_null() check instead of
          Field::maybe_null() and add addition check of
          TABLE_LIST::outer_join
      5b318c5a
    • Sergey Glukhov's avatar
      5.1-security->5.5-security · 2c1c9a82
      Sergey Glukhov authored
      2c1c9a82
    • Vasil Dimov's avatar
      Merge mysql-5.1-innodb -> mysql-5.1-bugteam · 17d12386
      Vasil Dimov authored
      17d12386
    • Sergey Glukhov's avatar
      Bug#57194 group_concat cause crash and/or invalid memory reads with type errors · 54e7559f
      Sergey Glukhov authored
      The problem is caused by bug49487 fix and became visible
      after after bug56679 fix.
      Items are cleaned up and set to unfixed state after filling derived table.
      So we can not rely on item::fixed state in Item_func_group_concat::print
      and we can not use 'args' array as items there may be cleaned up.
      The fix is always to use orig_args array of items as it
      always should contain the correct data.
      
      
      mysql-test/r/func_gconcat.result:
        test case
      mysql-test/t/func_gconcat.test:
        test case
      sql/item_sum.cc:
        The fix is always to use orig_args array of items.
      54e7559f
  2. 28 Oct, 2010 2 commits
    • Calvin Sun's avatar
      Bug#52062: Compiler warning in os0file.c on windows 64-bit · da1e3612
      Calvin Sun authored
      On Windows, the parameter for number of bytes passed into WriteFile()
      and ReadFile() is DWORD. Casting is needed to silence the warning on
      64-bit Windows.
      
      Also, adding several asserts to ensure the variable for number of bytes
      is no more than 32 bits, even on 64-bit Windows.
      
      This is for InnoDB Plugin.
      
      rb://415
      Approved by: Inaam
      da1e3612
    • Calvin Sun's avatar
      Bug#52062: Compiler warning in os0file.c on windows 64-bit · e0e2446d
      Calvin Sun authored
      On Windows, the parameter for number of bytes passed into WriteFile()
      and ReadFile() is DWORD. Casting is needed to silence the warning on
      64-bit Windows.
      
      Also, adding several asserts to ensure the variable for number of bytes
      is no more than 32 bits, even on 64-bit Windows.
      
      This is for built-in InnoDB.
      
      rb://415
      Approved by: Inaam
      e0e2446d
  3. 27 Oct, 2010 1 commit
  4. 29 Oct, 2010 3 commits
  5. 28 Oct, 2010 4 commits
    • Vasil Dimov's avatar
      Fix a compilation warning: · 03c278e3
      Vasil Dimov authored
      /export/home/pb2/build/sb_0-2459340-1288264809.63/mysql-5.5.8-ga/storage/innobase/os/os0sync.c: In function 'os_cond_wait_timed':
      /export/home/pb2/build/sb_0-2459340-1288264809.63/mysql-5.5.8-ga/storage/innobase/os/os0sync.c:184: warning: format '%lu' expects type 'long unsigned int', but argument 4 has type 'time_t'
      gmake[2]: *** [storage/innobase/CMakeFiles/innobase.dir/os/os0sync.c.o] Error 1 
      03c278e3
    • Mattias Jonsson's avatar
      post merge fix · 861432f0
      Mattias Jonsson authored
      861432f0
    • Calvin Sun's avatar
      8c9a6e4e
    • Calvin Sun's avatar
      Bug#52062: Compiler warning in os0file.c on windows 64-bit · a5577e35
      Calvin Sun authored
      On Windows, the parameter for number of bytes passed into WriteFile()
      and ReadFile() is DWORD. Casting is needed to silence the warning on
      64-bit Windows.
      
      Also, adding several asserts to ensure the variable for number of bytes
      is no more than 32 bits, even on 64-bit Windows.
      
      rb://415
      Approved by: Inaam
      a5577e35
  6. 27 Oct, 2010 12 commits
  7. 26 Oct, 2010 4 commits
    • Inaam Rana's avatar
      Bug #57611 ibdata file and continuous growing undo logs · 153677e4
      Inaam Rana authored
        rb://498
        
        Fix handling of update_undo_logs at trx commit. Previously, when
        rseg->update_undo_list grows beyond 500 the update_undo_logs were
        marked with state TRX_UNDO_TO_FREE which should have been
        TRX_UNDO_TO_PURGE.
        In 5.5 we don't need the heuristic as we support multiple rollback
        segments.
        
        Approved by: Sunny Bains
      153677e4
    • Inaam Rana's avatar
      3a041b98
    • Inaam Rana's avatar
      Bug #57611 ibdata file and continuous growing undo logs · ae1d6c3e
      Inaam Rana authored
      rb://498
      
      Fix handling of update_undo_logs at trx commit. Previously, when
      rseg->update_undo_list grows beyond 500 the update_undo_logs were
      marked with state TRX_UNDO_TO_FREE which should have been
      TRX_UNDO_TO_PURGE.
      
      Approved by: Sunny Bains
      ae1d6c3e
    • unknown's avatar
      Bug#57720 - Windows Vista and possibly Windows 7 can return ERROR_TIMEOUT... · d093b159
      unknown authored
      Bug#57720 - Windows Vista and possibly Windows 7 can return ERROR_TIMEOUT instead of WAIT_TIMEOUT from calls to SleepConditionVariableCS() which is used in os0sync.c; os_cond_wait_timeout() where it is mapped to sleep_condition_variable().   
      
      Consider ERROR_TIMEOUT to be a timeout just like WAIT_TIMEOUT.  
      
      In addition, test for EINTR as a possible return value from pthread_cond_timeout() in the posix section of os_cond_wait_timeout(), even though it is not supposed to be returned, but just to be safe.
      d093b159
  8. 25 Oct, 2010 1 commit
    • Georgi Kodinov's avatar
      Bug #57689: mysql_change_user() breaks user connection on older clients · 819607e8
      Georgi Kodinov authored
      COM_CHANGE_USER was always handled like an implicit request to change the
      client plugin, so that the client can re-use the same code path for both normal 
      login and COM_CHANGE_USER. However this doesn't really work well with old 
      clients because they don't understand the request to change a client plugin.
      
      Fixed by implementing a special state in the code (and old client issuing 
      COM_CHANGE_USER). In this state the server parses the COM_CHANGE_USER 
      package and pushes back the password hash, the user name and the database 
      to the input stream in the same order that the native password server side plugin 
      expects. As a result it replies with an OK/FAIL just like the old server does thus
      making the new server compatible with older clients.
      
      No test case added, since it would requre an old client binary. Tested using 
      accounts with and without passwords. Tested with a correct and incorrect 
      password.
      819607e8