1. 14 Jun, 2020 3 commits
    • Sergei Petrunia's avatar
      MDEV-22779: Crash: Prepared Statement ..., part #2. · e623d247
      Sergei Petrunia authored
      For the sake of completeness, call sync_clones in reset_stmt_params, too.
      e623d247
    • Sergei Petrunia's avatar
      MDEV-22779: Crash: Prepared Statement with a '?' parameter inside a re-used CTE · 21e79331
      Sergei Petrunia authored
      When a prepared statement parameter '?' is used in a CTE that is used
      multiple times, the following happens:
      - The CTE definition is re-parsed multiple times.
      - There are multiple Item_param objects referring to the same "?" in
      the original query.
      - Prepared_statement::param has a pointer to the first of them, the
        others are "clones".
      - When prepared statement parameter gets the value, it should be passed
        over to clones with param->sync_clones() call.
      
      This call is made in insert_params(), etc. It was not made in
      insert_params_with_log().
      
      This would cause Item_param to not have any value which would confuse
      the query optimizer.
      
      Added the missing call.
      21e79331
    • Marko Mäkelä's avatar
      MDEV-22889: Disable innodb.innodb_force_recovery_rollback · 2cd6afb0
      Marko Mäkelä authored
      The test case that was added for MDEV-21217
      (commit b68f1d84)
      should have only two possible outcomes for the locking SELECT statement:
      
      (1) The statement is blocked, and the test will eventually fail
      with a lock wait timeout. This is what I observed when the
      code fix for MDEV-21217 was missing.
      
      (2) The lock conflict will ensure that the statement will execute
      after the rollback has completed, and an empty table will be observed.
      This is the expected outcome with the recovery fix.
      
      What occasionally happens (in some of our CI environments only, so far)
      is that the locking SELECT will return all 1,000 rows of the table that
      had been inserted by the transaction that was never supposed to be
      committed. One possibility is that the transaction was unexpectedly
      committed when the server was killed.
      
      Let us disable the test until the reason of the failure has been
      determined and addressed.
      2cd6afb0
  2. 13 Jun, 2020 1 commit
  3. 12 Jun, 2020 1 commit
  4. 11 Jun, 2020 3 commits
  5. 10 Jun, 2020 5 commits
  6. 09 Jun, 2020 2 commits
    • Daniel Black's avatar
      innodb: dict_mem_table_add_col - compile warning fix argument 1 null where... · 90274278
      Daniel Black authored
      innodb: dict_mem_table_add_col - compile warning fix argument 1 null where non-null expected (#1584)
      
      cd /build-mariadb-server-10.5-mysql_release/storage/innobase && /usr/bin/powerpc64le-linux-gnu-g++  -DBTR_CUR_ADAPT -DBTR_CUR_HASH_ADAPT -DCOMPILER_HINTS -DDBUG_TRACE -DEMBEDDED_LIBRARY -DHAVE_BZIP2=1 -DHAVE_C99_INITIALIZERS -DHAVE_CONFIG_H -DHAVE_FALLOC_PUNCH_HOLE_AND_KEEP_SIZE=1 -DHAVE_IB_LINUX_FUTEX=1 -DHAVE_LZ4=1 -DHAVE_LZ4_COMPRESS_DEFAULT=1 -DHAVE_LZMA=1 -DHAVE_NANOSLEEP=1 -DHAVE_OPENSSL -DHAVE_SCHED_GETCPU=1 -DLINUX_NATIVE_AIO=1 -DMUTEX_EVENT -DWITH_INNODB_DISALLOW_WRITES -D_FILE_OFFSET_BITS=64 -Iwsrep-lib/include -Iwsrep-lib/wsrep-API/v26 -I/home/dan/build-mariadb-server-10.5-mysql_release/include -Istorage/innobase/include -Istorage/innobase/handler -Ilibbinlogevents/include -Itpool -Iinclude -Isql  -pie -fPIC -Wl,-z,relro,-z,now -fstack-protector --param=ssp-buffer-size=4 -Wconversion -Wno-sign-conversion -O3 -g -static-libgcc -fno-omit-frame-pointer -fno-strict-aliasing -Wno-uninitialized -D_FORTIFY_SOURCE=2 -DDBUG_OFF -Wall -Wextra -Wformat-security -Wno-format-truncation -Wno-init-self -Wno-nonnull-compare -Wno-unused-parameter -Woverloaded-virtual -Wnon-virtual-dtor -Wvla -Wwrite-strings   -DUNIV_LINUX -D_GNU_SOURCE=1 -fPIC -fvisibility=hidden -std=gnu++11 -o CMakeFiles/innobase_embedded.dir/dict/dict0load.cc.o -c storage/innobase/dict/dict0load.cc
      storage/innobase/dict/dict0load.cc: In function ‘const char* dict_process_sys_columns_rec(mem_heap_t*, const rec_t*, dict_col_t*, table_id_t*, const char**, ulint*)’:
      storage/innobase/dict/dict0load.cc:1653:26: warning: argument 1 null where non-null expected [-Wnonnull]
          dict_mem_table_add_col(table, heap, name, mtype,
          ~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~
                   prtype, col_len);
                   ~~~~~~~~~~~~~~~~
      In file included from storage/innobase/include/dict0dict.h:32:0,
                       from storage/innobase/include/btr0pcur.h:30,
                       from storage/innobase/dict/dict0load.cc:31:
      storage/innobase/include/dict0mem.h:323:1: note: in a call to function ‘void dict_mem_table_add_col(dict_table_t*, mem_heap_t*, const char*, ulint, ulint, ulint)’ declared here
       dict_mem_table_add_col(
       ^~~~~~~~~~~~~~~~~~~~~~
      90274278
    • rucha174's avatar
      MDEV-22830: SQL_CALC_FOUND_ROWS not working properly for single SELECT for DUAL · 44339123
      rucha174 authored
      In case of SELECT without tables which returns either 0 or 1 rows,
      JOIN::exec_inner() did not check if the flag representing SQL_CALC_FOUND_ROWS
      is set or not and send_records was direclty assigned 0. So SELECT FOUND_ROWS()
      was giving 0 in the output. Now it checks if the flag is set, if it is set
      send_record=1 else 0. 1 is the number of rows that could have been sent
      to the client if the SELECT query had SQL_CALC_FOUND_ROWS.
      It is 0 when no rows were sent because the SELECT query did not have
      SQL_CALC_FOUND_ROWS.
      44339123
  7. 08 Jun, 2020 3 commits
    • Sujatha's avatar
      MDEV-22717: Conditional jump or move depends on uninitialised value(s) in... · e1045a76
      Sujatha authored
      MDEV-22717: Conditional jump or move depends on uninitialised value(s) in find_uniq_filename(char*, unsigned long)
      
      Fix:
      ===
      Initialize 'number' variable to '0'.
      e1045a76
    • Ian Gilfillan's avatar
      Client spelling mistakes · 4f488569
      Ian Gilfillan authored
      4f488569
    • Marko Mäkelä's avatar
      MDEV-22827 InnoDB: Failing assertion: purge_sys->n_stop == 0 · f458b40f
      Marko Mäkelä authored
      When MDEV-22769 introduced srv_shutdown_state=SRV_SHUTDOWN_INITIATED in
      commit efc70da5
      we forgot to adjust a few checks for SRV_SHUTDOWN_NONE.
      
      In the initial shutdown step, we are waiting for the background
      DROP TABLE queue to be processed or discarded. At that time,
      some background tasks (such as buffer pool resizing or dumping
      or encryption key rotation) may be terminated, but others must
      remain running normally.
      
      srv_purge_coordinator_suspend(), srv_purge_coordinator_thread(),
      srv_start_wait_for_purge_to_start(): Treat SRV_SHUTDOWN_NONE
      and SRV_SHUTDOWN_INITIATED equally.
      f458b40f
  8. 06 Jun, 2020 6 commits
    • Varun Gupta's avatar
      MDEV-22728: SIGFPE in Unique::get_cost_calc_buff_size from... · d218d1aa
      Varun Gupta authored
      MDEV-22728: SIGFPE in Unique::get_cost_calc_buff_size from prepare_search_best_index_intersect on optimized builds
      
      For low sort_buffer_size, in the cost calculation of using the Unique object the elements in the tree were evaluated to 0, make sure to have atleast 1 element in the Unique tree.
      
      Also for the function Unique::get allocate memory for atleast MERGEBUFF2+1 keys.
      d218d1aa
    • Igor Babaev's avatar
      MDEV-22748 MariaDB crash on WITH RECURSIVE large query · e9dbbf11
      Igor Babaev authored
      This bug is the same as the bug MDEV-17024. The crashes caused by these
      bugs were due to premature cleanups of the unit specifying recursive CTEs
      that happened in some cases when there were several outer references the
      same recursive CTE.
      The problem of premature cleanups for recursive CTEs could be already
      resolved by the correction in TABLE_LIST::set_as_with_table() introduced
      in this patch. ALL other changes introduced by the patches for MDEV-17024
      and MDEV-22748 guarantee that this clean-ups are performed as soon as
      possible: when the select containing the last outer reference to a
      recursive CTE is being cleaned up the specification of the recursive CTE
      should be cleaned up as well.
      e9dbbf11
    • Marko Mäkelä's avatar
      MDEV-22817: Skip the test in --embedded · be0c46eb
      Marko Mäkelä authored
      be0c46eb
    • Marko Mäkelä's avatar
      MDEV-22817: Add a test case · 187b9c92
      Marko Mäkelä authored
      187b9c92
    • Marko Mäkelä's avatar
      Merge 10.1 into 10.2 · 0df01ccb
      Marko Mäkelä authored
      0df01ccb
    • Marko Mäkelä's avatar
      MDEV-22818 Server crash on corrupted ROW_FORMAT=COMPRESSED page · 1bd5b75c
      Marko Mäkelä authored
      page_zip_fields_decode(): Do not dereference index=NULL.
      Instead, return NULL early. The only caller does not care
      about the values of output parameters in that case.
      
      This bug was introduced in MySQL 5.7.6 by
      mysql/mysql-server@9eae0edb7a8e4004328e61157f5f3b39cebe1b2b
      and in MariaDB 10.2.2 by
      commit 2e814d47.
      
      Thanks to my son for pointing this out after investigating
      the output of a static analysis tool.
      1bd5b75c
  9. 05 Jun, 2020 9 commits
    • Eugene Kosov's avatar
      fix compilation with VS2019, preview of 16.7 version · 7a695d8a
      Eugene Kosov authored
      Compiler tells something about argument-dependent lookup. I do not
      understand how that ADL works. But I know that such operators should
      be free functions, instead of methods:
      http://isocpp.github.io/CppCoreGuidelines/CppCoreGuidelines#Ro-symmetric
      
      Such syntax defines 'friend' free functions.
      7a695d8a
    • Igor Babaev's avatar
      MDEV-22042 Server crash in Item_field::print on ANALYZE FORMAT=JSON · a8c200c7
      Igor Babaev authored
      When processing a query with a recursive CTE a temporary table is used for
      each recursive reference of the CTE. As any temporary table it uses its own
      mem-root for table definition structures. Due to specifics of the current
      implementation of ANALYZE stmt command this mem-root can be freed only at
      the very of query processing. Such deallocation of mem-root memory happens
      in close_thread_tables(). The function looks through the list of the tmp
      tables rec_tables attached to the THD of the query and frees corresponding
      mem-roots. If the query uses a stored function then such list is created
      for each query of the function. When a new rec_list has to be created the
      old one has to be saved and then restored at the proper moment.
      The bug occurred because only one rec_list for the query containing CTE was
      created. As a result close_thread_tables() freed tmp mem-roots used for
      rec_tables prematurely destroying some data needed for the output produced
      by the ANALYZE command.
      a8c200c7
    • Julius Goryavsky's avatar
    • Julius Goryavsky's avatar
      Merge 10.1 into 10.2 · 5f55f69e
      Julius Goryavsky authored
      5f55f69e
    • Vladislav Vaintroub's avatar
      Fix appveyor build. · 15cdcb2a
      Vladislav Vaintroub authored
      15cdcb2a
    • Marko Mäkelä's avatar
      MDEV-22769 Shutdown hang or crash due to XA breaking locks · efc70da5
      Marko Mäkelä authored
      The background drop table queue in InnoDB is a work-around for
      cases where the SQL layer is requesting DDL on tables on which
      transactional locks exist.
      
      One such case are XA transactions. Our test case exploits the
      fact that the recovery of XA PREPARE transactions will
      only resurrect InnoDB table locks, but not MDL that should
      block any concurrent DDL.
      
      srv_shutdown_t: Introduce the srv_shutdown_state=SRV_SHUTDOWN_INITIATED
      for the initial part of shutdown, to wait for the background drop
      table queue to be emptied.
      
      srv_shutdown_bg_undo_sources(): Assign
      srv_shutdown_state=SRV_SHUTDOWN_INITIATED
      before waiting for the background drop table queue to be emptied.
      
      row_drop_tables_for_mysql_in_background(): On slow shutdown, if
      no active transactions exist (excluding ones that are in
      XA PREPARE state), skip any tables on which locks exist.
      
      row_drop_table_for_mysql(): Do not unnecessarily attempt to
      drop InnoDB persistent statistics for tables that have
      already been added to the background drop table queue.
      
      row_mysql_close(): Relax an assertion, and free all memory
      even if innodb_force_recovery=2 would prevent the background
      drop table queue from being emptied.
      efc70da5
    • Marko Mäkelä's avatar
      MDEV-22790 Race between btr_page_mtr_lock() dropping AHI on the same block · 138c11cc
      Marko Mäkelä authored
      This race condition was introduced by
      commit ad6171b9 (MDEV-22456).
      
      In the observed case, two threads were executing
      btr_search_drop_page_hash_index() on the same block,
      to free a stale entry that was attached to a dropped index.
      Both threads were holding an S latch on the block.
      
      We must prevent the double-free of block->index by holding
      block->lock in exclusive mode.
      
      btr_search_guess_on_hash(): Do not invoke
      btr_search_drop_page_hash_index(block) to get rid of
      stale entries, because we are not necessarily holding
      an exclusive block->lock here.
      
      buf_defer_drop_ahi(): New function, to safely drop stale
      entries in buf_page_mtr_lock(). We will skip the call to
      btr_search_drop_page_hash_index(block) when only requesting
      bufferfixing (no page latch), because in that case, we should
      not be accessing the adaptive hash index, and we might get
      a deadlock if we acquired the page latch.
      138c11cc
    • Marko Mäkelä's avatar
      MDEV-22646: Fix a memory leak · 3677dd5c
      Marko Mäkelä authored
      btr_search_sys_free(): Free btr_search_sys->hash_tables.
      
      The leak was introduced in commit ad2bf112.
      3677dd5c
    • Vladislav Vaintroub's avatar
      Windows, build tweak. · 1828196f
      Vladislav Vaintroub authored
      Allow targets for building "noinstall" zip, and debuginfo zip.
      1828196f
  10. 04 Jun, 2020 6 commits
    • Sergei Golubchik's avatar
      29ed04cb
    • Sergey Vojtovich's avatar
      MDEV-22339 - Assertion `str_length < len' failed · dce4c0f9
      Sergey Vojtovich authored
      When acquiring SNW/SNRW/X MDL lock DDL/admin statements may abort pending
      thr lock in concurrent connection with open HANDLER (or delayed insert
      thread).
      
      This may lead to a race condition when table->alias is accessed
      concurrently by such threads. Either assertion failure or memory leak
      is a practical consequence of this race condition.
      
      Specifically HANDLER is opening a table and issuing alias.copy(), while
      DDL executing get_lock_data()/alias.c_ptr()/realloc()/realloc_raw().
      
      Fixed by perforimg table->init() before it is published via
      thd->open_tables.
      dce4c0f9
    • Varun Gupta's avatar
      MDEV-22715: SIGSEGV in radixsort_for_str_ptr and in native_compare/my_qsort2 (optimized builds) · f30ff10c
      Varun Gupta authored
      For DECIMAL[(M[,D])] datatype max_sort_length was not being honoured which was leading to buffer
      overflow while making the sort key. The fix to this problem would be to create sort keys for decimals
      with atmost max_sort_key bytes
      
      Important:
      The minimum value of max_sort_length has been raised to 8 (previously was 4),
      so fixed size datatypes like DOUBLE and BIGINIT are not truncated for
      lower values of max_sort_length.
      f30ff10c
    • Marko Mäkelä's avatar
      dict_check_sys_tables(): Do not rely on buf_page_optimistic_get() · c5883deb
      Marko Mäkelä authored
      We are supposed to commit and restart the mini-transaction
      between records. There is no point to store and restore the
      persistent cursor position otherwise.
      
      If buf_page_optimistic_get() is patched to always fail, the
      debug build would fail to start up due to trying to re-acquire
      an already S-latched block.
      
      This bug (which should not have visible impact to users, because
      the code is only executed during startup, while no other threads
      are accessing B-trees or causing pages to be evicted from the
      buffer pool) was caught as part of a debugging effort for
      something else.
      
      The debugging approach was: Make buf_page_optimistic_get()
      always return FALSE, and add ut_a(block->lock.lock_word == X_LOCK_DECR)
      to both buf_LRU_get_free_only() and buf_LRU_block_free_non_file_page().
      This would catch misuse of the buffer pool. If it were not for
      buf_page_optimistic_get(), no buf_block_t::lock of any BUF_BLOCK_NOT_USED
      block would ever be acquired.
      c5883deb
    • Varun Gupta's avatar
      MDEV-16230: Server crashes when Analyze format=json is run with a window... · f69278bc
      Varun Gupta authored
      MDEV-16230: Server crashes when Analyze format=json is run with a window function with empty PARTITION BY and ORDER BY clauses
      
      Currently when both PARTITION BY and ORDER BY clauses are empty then we create a Item
      with the first field in the select list and sort with that field.
      It should be created as an Item_temptable_field instead of Item_field because the
      print() function continues to work even if the table has been dropped.
      f69278bc
    • Marko Mäkelä's avatar
      MDEV-22721 Remove bloat caused by InnoDB logger class · eba2d10a
      Marko Mäkelä authored
      Introduce a new ATTRIBUTE_NOINLINE to
      ib::logger member functions, and add UNIV_UNLIKELY hints to callers.
      
      Also, remove some crash reporting output. If needed, the
      information will be available using debugging tools.
      
      Furthermore, remove some fts_enable_diag_print output that included
      indexed words in raw form. The code seemed to assume that words are
      NUL-terminated byte strings. It is not clear whether a NUL terminator
      is always guaranteed to be present. Also, UCS2 or UTF-16 strings would
      typically contain many NUL bytes.
      eba2d10a
  11. 03 Jun, 2020 1 commit