1. 05 Nov, 2019 1 commit
  2. 04 Nov, 2019 1 commit
    • Sergei Golubchik's avatar
      MDEV-20971 ASAN heap-use-after-free in list_delete / heap_close · cd156e2c
      Sergei Golubchik authored
      Don't save/restore HP_INFO as it could be changed by a concurrent thread.
      different parts of HP_INFO are protected by different mutexes and
      the mutex that protect most of the HP_INFO does not protect its open_list
      data.
      
      As a bonus, make heap_check_heap() to take const HP_INFO* and not
      make any changes there whatsoever.
      cd156e2c
  3. 30 Oct, 2019 2 commits
  4. 29 Oct, 2019 2 commits
  5. 28 Oct, 2019 1 commit
  6. 19 Oct, 2019 3 commits
  7. 15 Oct, 2019 3 commits
  8. 11 Oct, 2019 2 commits
    • Marko Mäkelä's avatar
      MDEV-20805 ibuf_add_free_page() is not initializing FIL_PAGE_TYPE first · ea61b796
      Marko Mäkelä authored
      In the function recv_parse_or_apply_log_rec_body() there are debug checks
      for validating the state of the page when redo log records are being
      applied. Most notably, FIL_PAGE_TYPE should be set before anything else
      is being written to the page.
      
      ibuf_add_free_page(): Set FIL_PAGE_TYPE before performing any other changes.
      ea61b796
    • Marko Mäkelä's avatar
      MDEV-19455: Avoid SET DEBUG_DBUG='-d,...' construct · 4ebaf813
      Marko Mäkelä authored
      Apply the correct pattern for debug instrumentation:
      
      SET @save_dbug=@@debug_dbug;
      SET debug_dbug='+d,...';
      ...
      SET debug_dbug=@save_dbug;
      
      Numerous tests use statements of the form
      
      SET debug_dbug='-d,...';
      
      which will inadvertently enable all DBUG tracing output,
      causing unnecessary waste of resources.
      4ebaf813
  9. 07 Oct, 2019 1 commit
  10. 01 Oct, 2019 1 commit
  11. 24 Sep, 2019 1 commit
    • Alexander Barkov's avatar
      MDEV-20495 Assertion `precision > 0' failed in decimal_bin_size upon CREATE ..... · 67b0faa2
      Alexander Barkov authored
      MDEV-20495 Assertion `precision > 0' failed in decimal_bin_size upon CREATE .. SELECT with zerofilled decimal
      
      Also fixes:
      
      MDEV-20560 Assertion `precision > 0' failed in decimal_bin_size upon SELECT with MOD short unsigned decimal
      
      Changing the way how Item_func_mod calculates its max_length.
      It now uses decimal_precision(), decimal_scale() and unsigned_flag
      of its arguments, like all other Item_num_op descendants do.
      67b0faa2
  12. 20 Sep, 2019 4 commits
  13. 01 Sep, 2019 1 commit
  14. 21 Aug, 2019 1 commit
  15. 19 Aug, 2019 1 commit
    • Igor Babaev's avatar
      MDEV-20265 Unknown column in field list · e746f451
      Igor Babaev authored
      This patch corrects the fix of the patch for mdev-19421 that resolved
      the problem of parsing some embedded join expressions such as
        t1 join t2 left join t3 on t2.a=t3.a on t1.a=t2.a.
      Yet the patch contained a bug that prevented proper context analysis
      of the queries where such expressions were used together with comma
      separated table references in from clauses.
      e746f451
  16. 16 Aug, 2019 1 commit
  17. 12 Aug, 2019 2 commits
  18. 31 Jul, 2019 1 commit
  19. 26 Jul, 2019 1 commit
  20. 25 Jul, 2019 1 commit
  21. 24 Jul, 2019 6 commits
    • Nisha Gopalakrishnan's avatar
      BUG#28642318: POINT IN TIME RECOVERY USING MYSQLBINLOG BROKEN WITH TEMPORARY TABLE -> ERRORS · 2536c0b1
      Nisha Gopalakrishnan authored
      Analysis
      ========
      Point in time recovery using mysqlbinlog containing queries
      operating on temporary tables results in an error.
      
      While writing the query log event in the binary log, the
      thread id used for execution of DROP TABLE and DELETE commands
      were incorrect. The thread variable 'thread_specific_used'
      is used to determine whether a specific thread id is to used
      while executing the statements i.e using 'SET
      @@session.pseudo_thread_id'. This variable was not set
      correctly for DROP TABLE query and was never set for DELETE
      query. The thread id is important for temporary tables
      since the tables are session specific. DROP TABLE and DELETE
      queries executed using a wrong thread id resulted in errors
      while applying the queries generated by mysqlbinlog utility.
      
      Fix
      ===
      Set the 'thread_specific_used' THD variable for DROP TABLE and
      DELETE queries.
      
      ReviewBoard: 21833
      2536c0b1
    • Gleb Shchepa's avatar
      Bug #29419820: MEMORY LEAK IN MY_YYOVERFLOW() · 7473a71a
      Gleb Shchepa authored
      Note: this patch is for 5.6.
      
      Detected by ASAN.
      
      The patch fixes the cleanup of parser stack pointers.
      Reviewed-by: default avatarGuilhem Bichot <guilhem.bichot@oracle.com>
      7473a71a
    • Sergei Golubchik's avatar
      Bug#27167197 USING ? IN INSTALL PLUGIN QUERY ABORTS DEBUG, AND HANGS OPTIMIZED SERVER · 8ddb7e3e
      Sergei Golubchik authored
      check_valid_path() uses my_strcspn() that cannot handle invalid characters
      properly. This is fixed by a big refactoring in 10.2 (MDEV-6353).
      
      For 5.5, let's simply swap tests, because check_string_char_length()
      rejects invalid characters just fine.
      8ddb7e3e
    • Sergei Golubchik's avatar
      Bug#27302459: EMPTY VALUE IN MYSQL.PLUGIN TABLE CAUSES SERVER TO EXIT ON STARTUP · 5e8ab9b7
      Sergei Golubchik authored
      Description:- During server startup, the server exits if
      the 'mysql.plugin' system table has any rows with empty
      value for the field 'name' (plugin name).
      5e8ab9b7
    • Georgi Kodinov's avatar
      Bug #27312862: ASAN: HEAP-USE-AFTER-FREE: UPDATEXML RB#21666 RB#21666 · c5e96743
      Georgi Kodinov authored
      The xpath parsing function was using a local string buffer that was
      deallocated when going out of scope. However references to it are
      preserved in the XPATH parse tree. This was causing read-after-free.
      
      Fixed by making the xpath buffer a local variable inside the Item
      class for the relevant xpath function, thus being preserved for the
      duration of the query.
      c5e96743
    • Anushree Prakash B's avatar
      Bug#27259654 - ISSUES FOUND BY PVS-STUDIO STATIC ANALYZER · 9c6777c0
      Anushree Prakash B authored
      DESCRIPTION
      ===========
      PVS-Studio static code analyzer found several suspicious
      fragments of code across various files.
      
      i)   sizeof() is using the pointer
      ii)  memcpy() doesn't copy the whole string.
      iii) enumeration constant 'wkb_multilinestring' is used as
           a variable of a Boolean-type.
      iv) 'throw' keyword is missing from std::runtime_error()
      
      FIX
      ===
      i)   Use sizeof({actual object/data type})
      ii)  Use strncpy() and set last char as '\0'
      iii) N/A (Issue has already been fixed)
      iv)  Add 'throw' before the exception.
      
      RB: 21502
      9c6777c0
  22. 23 Jul, 2019 3 commits
    • Marko Mäkelä's avatar
      MDEV-8827: Fix the 32-bit build · 9d93f9da
      Marko Mäkelä authored
      Follow-up to 07ba5560:
      Use the correct 64-bit type name ulonglong instead of ulint,
      like in mysql/mysql-server@4e0100d86b1b46be0107ebd46a98a0c2dbb0fab4
      9d93f9da
    • Rahul Malik's avatar
      Bug#15851528 DUPLICATE KEY ERROR ON AUTO-INC PK WITH MIXED AUTO_INCREMENT_INCREMENT CLIENTS · 739f5239
      Rahul Malik authored
      Problem: Clients running different values for auto_increment_increment
      and doing concurrent inserts leads to "Duplicate key error" in one of them.
      
      Analysis:
      When auto_increment_increment value is reduced in a session,
      InnoDB uses last auto_increment_increment value
      to recalculate the autoinc value.
      In case, some other session has inserted a value
      with different auto_increment_increment, InnoDB recalculate
      autoinc values based on current session previous auto_increment_increment
      instead of considering the auto_increment_increment used for last insert
      across all session
      
      Fix:
      revert 7acdf29c
      a.k.a. 7c12a9e5
      as it causing the bug.
      
      Reviewed By:
      Bin <bin.x.su@oracle.com>
      Kevin <kevin.lewis@oracle.com>
      RB#21777
      
      Note: In MariaDB Server, earlier changes in
      ae5bc059
      for MDEV-533 require that the original test in
      mysql/mysql-server@1ccd472d63a042d3237a55f5827239164219ef7e
      be adjusted for MariaDB.
      
      Also, ef47b625 (MDEV-8827)
      had to be reverted after the upstream fix had been backported.
      739f5239
    • Marko Mäkelä's avatar
      Revert "MDEV-8827 Duplicate key with auto increment" · 7153e155
      Marko Mäkelä authored
      This reverts commit ef47b625.
      The parent commit 07ba5560
      which is a backport of
      mysql/mysql-server@1198267c331b045b9cad26be72b1a5b4f8930a79
      fixes the issue differently.
      7153e155