Problem:
In debug builds, there is a chance that an out-of-bounds
read is performed when tables are locked in
LTM_PRELOCKED_UNDER_LOCK_TABLES mode. It can happen because
the debug code uses enum values as index for an array of
mode descriptions, but it only takes into consideration 3
out of 4 of the enum values.

Fix:
This patch fixes it by implementing a getter for the enum which
returns a string representation of the enum,
effectively removing the out-of-bounds read.

Moreover, it also fixes the lock mode descriptions that
would be print out in debug builds.

Commit#ebd24626 obsoleted the THREAD and
THREAD_SAFE_CLIENT preprocessor symbols. This is not removed in the
sql/net_serv.cc thereby the code that retries on EINTR became dead code.
Remove the THREAD_SAFE_CLIENT preprocessor directive form sql/net_serv.cc.
Also check errno for EINTR only if there is an error in preceding read call.

               GET_SERVER_FROM_TABLE_TO_CACHE

Description:- Server received SIG11 in the function,
"get_server_from_table_to_cache()".

Analysis:- Defining a server with a blank name is not
handled properly.

Fix:- Modified "get_server_from_table_to_cache()" to
take care of blank server name.

               FROM I_S

Issue:
------
There is a difference in the field type created when the
following DDLs are used:

1) CREATE TABLE t0 AS SELECT NULL;
2) CREATE TABLE t0 AS SELECT GREATEST(NULL,NULL);

The first statement creates field of type Field_string and
the second one creates a field of type Field_null.

This creates a problem when the query mentioned in this bug
is used. Since the null_ptr is calculated differently for
Field_null.

Solution:
---------
When there is a function returning null in the select list
as mentioned above, the field should be of type
Field_string.

This was fixed in 5.6+ as part of Bug#14021323. This is a
backport to mysql-5.5.

An incorrect comment in innodb_bug54044.test has been
corrected in all versions.

	      ASSERTION `0' FAILED ON SELECT AREA

Problem:
Optimizer tries to get the points to calculate area without
checking the return value of uint4korr for 0 "points". As a
result server exits.

Solution:
Check the return value from uint4korr().

Remove mysql_config from client sub-package

(cherry picked from commit 45c4bfa0f3f1c70756591f48710bb3e76ffde9bc)

Remove mysql_config from client sub-package

                MY_TOSORT_UTF32

This patch is specific for mysql-5.5

ISSUE: When a charater that is larger than possible to
handle is passed to function my_tosort_utf32(), it results
in segmentation fault. In the scenario mentioned in the bug
AES_ENCRYPT function is used which returns large value.
This value is further passed to my_tosort_utf32 function.
This causes to cross array bound for array uni_plane,
resulting in segment violation.

SOLUTION:
This issue has got addressed in 5.6 onward releases
through worklog 2673.

The fix is similar backport of that.
Check for maximum character before accessing the array
uni_plane. In addition to function my_tosort_utf32, the
same potential problem is also present in functions
my_tolower_utf16, my_toupper_utf16, my_tosort_utf16,
my_tolower_utf32, my_toupper_utf32, my_tosort_unicode,
my_tolower_utf8mb4 and my_toupper_utf8mb4.
Fixed these functions as well.

Permanently removed test case perfschema.aggregate.

The Performance Schema is generally lock-free, allowing for
race conditions that might arise from multi-threaded operation
which occasionally results in temporary and/or minor variances
when aggregating statistics. This test needs to be redesigned
to accommodate such variances.

               MYSQL-5.5

The bug asks for a backport of bug#1463594 and bug#20682959. This
is required because of the fact that if replication is enabled, master
transaction can commit whereas slave can't commit due to not exact
'enviroment'. This manifestation is seen in bug#22024200.

Fix is a backport of BUG#18518216/72230 to MySQL 5.5 and 5.6.

Will also resolve:

 BUG#23605713/81384 LIBMYSQLCLIENT.SO.18 MISSING FROM MYSQL 5.7

  as mysql-community-libs-5.5 or mysql-community-libs-5.6 can
  installed on EL6 system with libmysqlclient.16 (from MySQL 5.1)
  libmysqlclient.20 (from MySQL 5.7) by doing:

  $ rpm --oldpackage -ivh mysql-community-libs-5.5.50-2.el6.x86_64.rpm

  Providing a way to have several versions of libmysqlclient installed
  on the same system.

and help:

 BUG#23088014/80981 LIBS-COMPAT RPMS SHOULD BE INDEPENDENT OF ALL OTHER SUBPACKAGES

  due to less strict coupling between -libs-compat and -common package.

DESCRIPTION
===========
Buffer overflow is reported in Regex library. This can be
triggered when the data corresponding to argv[1] is >=
512 bytes resutling in abnormal behaviour.

ANALYSIS
========
Its a straight forward case of SEGFAULT where the target
buffer is smaller than the source string to be copied.
A simple pre-copy validation should do.

FIX
===
A check is added before doing strcpy() to ensure that the
target buffer is big enough to hold the to-be copied data.
If the check fails, the program aborts.

              ERROR MESSAGE

Post push patch to fix test case failure.

              ERROR MESSAGE

Post push patch to fix test case failure.

              ERROR MESSAGE

Description:- Mtr test, "main.mysqldump" is failing with an
assert when "mysqlimport" client utility is executed with
the option "--use_threads".

Analysis:- "mysqlimport" uses the option, "--use_threads",
to spawn worker threads to complete its job in parallel. But
currently the main thread is not waiting for the worker
threads to complete its cleanup, rather just wait for the
worker threads to say its done doing its job. So the cleanup
is done in a race between the worker threads and the main
thread. This lead to an assertion failure.

Fix:- "my_thread_join()" is introduced in the main thread to
join all the worker threads it have spawned. This will let
the main thread to wait for all the worker threads to
complete its cleanup before calling "my_end()".

               NAME_CONST QUERY

ISSUE:
------
Using NAME_CONST with a non-constant negated expression as
value can result in incorrect behavior.

SOLUTION:
---------
The problem can be avoided by checking whether the argument
is a constant value.

The fix is a backport of Bug#12735545.

Remove mysql_config from client package to avoid conflict (file
shipped in devel package any way).

Description:
This issue doesn't effect any default installation of repo rpms if user uses
init scripts that are shipped as part of package but will have trouble if
user tries to createdb or start server manually.

After installing mysql-server from repository(yum,zypper) /var/log/mysqld.log
is created with logged in user and group permissions instead of with mysql
user and group permissions,due to which while creating database or starting
server, it is failing

Fix:

Updated the user and group permissions of the /var/log/mysqld.log and
/var/log/mysql/mysqld.log (for sles) files to mysql.

              THAT ACTUALLY EXISTS

ANALYSIS:
=========
Stored functions updating a view where the view table has a
trigger defined that updates another table, fails reporting
an error that the table doesn't exist.

If there is a trigger defined on a table, a variable
'trg_event_map' will be set to a non-zero value after the
parsed tree creation. This indicates what triggers we need to
pre-load for the TABLE_LIST when opening an associated table.

During the prelocking phase, the variable 'trg_event_map'
will not be set for the view table. This value will be set
after the processing of triggers defined on the table. During
the processing of sub-statements, 'locked_tables_mode' will be
set to 'LTM_PRELOCKED' which denotes that further locking
of tables/functions cannot be done. This results in the other
table not being locked and thus further processing results in
an error getting reported.

FIX:
====
During the prelocking of view, the value of 'trg_event_map'
of the view is copied to 'trg_event_map' of the next table
in the TABLE_LIST. This results in the locking of tables
associated with the trigger as well.

Revert following bug fix:

Bug#20685029: SLAVE IO THREAD SHOULD STOP WHEN DISK IS
FULL
Bug#21753696: MAKE SHOW SLAVE STATUS NON BLOCKING IF IO
THREAD WAITS FOR DISK SPACE

This fix results in a deadlock between slave IO thread
and SQL thread.

(cherry picked from commit e3fea6c6dbb36c6ab21c4ab777224560e9608b53)

DESCRIPTION
===========
Buffer overflow is reported in a lot of code sections
spanning across server, client programs, Regex libraries
etc. If not handled appropriately, they can cause abnormal
behaviour.

ANALYSIS
========
The reported casea are the ones which are likely to result
in SEGFAULT, MEMORY LEAK etc.

FIX
===
- sprintf() has been replaced by my_snprintf() to avoid
buffer overflow.
- my_free() is done after checking if the pointer isn't
  NULL already and setting it to NULL thereafter at few
  places.
- Buffer is ensured to be large enough to hold the data.
- 'unsigned int' (aka 'uint') is replaced with 'size_t'
to avoid wraparound.
- Memory is freed (if not done so) after its alloced and
used.
- Inserted assert() for size check in InnoDb memcached
code (from 5.6 onwards)
- Other minor changes

(cherry picked from commit 3487e20959c940cbd24429afa795ebfc8a01e94f)

DESCRIPTION
===========
Buffer overflow is reported in a lot of code sections
spanning across server, client programs, Regex libraries
etc. If not handled appropriately, they can cause abnormal
behaviour.

ANALYSIS
========
The reported casea are the ones which are likely to result
in SEGFAULT, MEMORY LEAK etc.

FIX
===
- sprintf() has been replaced by my_snprintf() to avoid
buffer overflow.
- my_free() is done after checking if the pointer isn't
  NULL already and setting it to NULL thereafter at few
  places.
- Buffer is ensured to be large enough to hold the data.
- 'unsigned int' (aka 'uint') is replaced with 'size_t'
to avoid wraparound.
- Memory is freed (if not done so) after its alloced and
used.
- Inserted assert() for size check in InnoDb memcached
code (from 5.6 onwards)
- Other minor changes

Revert following bug fix:

Bug#20685029: SLAVE IO THREAD SHOULD STOP WHEN DISK IS
FULL
Bug#21753696: MAKE SHOW SLAVE STATUS NON BLOCKING IF IO
THREAD WAITS FOR DISK SPACE

This fix results in a deadlock between slave IO thread
and SQL thread.

INSERTS/UPDATES ON TEMPORARY TABLES
Bug#14294223: CHANGES NOT ALLOWED TO TEMPORARY TABLES ON
READ-ONLY SERVERS

Problem:
========
Running 5.5.14 in read only we can create temporary tables
but can not insert or update records in the table. When we
try we get Error 1290 : The MySQL server is running with the
--read-only option so it cannot execute this statement.

Analysis:
=========
This bug is very specific to binlog being enabled and
binlog-format being stmt/mixed. Standalone server without
binlog enabled or with row based binlog-mode works fine.

How standalone server and row based replication work:
=====================================================
Standalone server and row based replication mark the
transactions as read_write only when they are modifying
non temporary tables as part of their current transaction.

Because of this when code enters commit phase it checks
if a transaction is read_write or not. If the transaction
is read_write and global read only mode is enabled those
transaction will fail with 'server is read only mode'
error.

In the case of statement based mode at the time of writing
to binary log a binlog handler is created and it is always
marked as read_write. In case of temporary tables even
though the engine did not mark the transaction as read_write
but the new transaction that is started by binlog handler is
considered as read_write.

Hence in this case when code enters commit phase it finds
one handler which has a read_write transaction even when
we are modifying temporary table. This causes the server
to throw an error when global read-only mode is enabled.

Fix:
====
At the time of commit in "ha_commit_trans" if a read_write
transaction is found, we should check if this transaction is
coming from a handler other than binlog_handler. This will
ensure that there is a genuine read_write transaction being
sent by the engine apart from binlog_handler and only then
it should be blocked.

Post push fix : Fixing i_main.mysqlshow failure.

              INCORRECT ERROR.

Analysis
========
INSERT with DUPLICATE KEY UPDATE and REPLACE on a table
where foreign key constraint is defined fails with an
incorrect 'duplicate entry' error rather than foreign
key constraint violation error.

As part of the bug fix for BUG#22037930, a new flag
'HA_CHECK_FK_ERROR' was added while checking for non fatal
errors to manage FK errors based on the 'IGNORE' flag. For
INSERT with DUPLICATE KEY UPDATE and REPLACE queries, the
foreign key constraint violation error was marked as non-fatal,
even though IGNORE was not set. Hence it continued with the
duplicate key processing resulting in an incorrect error.

Fix:
===
Foreign key violation errors are treated as non fatal only when
the IGNORE is not set in the above mentioned queries. Hence reports
the appropriate foreign key violation error.

ANALYSIS:
=========
A LEX_STRING structure pointer is processed during the
validation of a stored program name. During this processing,
there is a possibility of null pointer dereference.

FIX:
====
check_routine_name() is invoked by the parser by supplying a
non-empty string as the SP name. To avoid any potential calls
to check_routine_name() with NULL value, a debug assert has
been added to catch such cases.

FAILURES

Analysis:
=========
Test script is not ensuring that "assert_grep.inc" should be
called only after 'Disk is full' error is written to the
error log.

Test checks for "Queueing master event to the relay log"
state. But this state is set before invoking 'queue_event'.
Actual 'Disk is full' error happens at a very lower level.
It can happen that we might even reset the debug point
before even the actual disk full simulation occurs and the
"Disk is full" message will never appear in the error log.

In order to guarentee that we must have some mechanism where
in after we write "Disk is full" error messge into the error
log we must signal the test to execute SSS and then reset
the debug point. So that test is deterministic.

Fix:
===
Added debug sync point to make script deterministic.

No commit message

No commit message

              UNIQUE::~UNIQUE | SQL/UNIQUES.CC:355

Analysis
========

Enabling the sort_buffer_size with a large value
can cause operations utilizing the sort buffer
like DELETE as mentioned in the bug report to
fail. 5.5 and 5.6 versions reports OOM error
while in 5.7+, the server crashes.

While initializing the mem_root for the sort buffer
tree, the block size for the mem_root is determined
from the 'sort_buffer_size' value. This unsigned
long value is typecasted to unsigned int, hence
it becomes zero. Further block_size computation
while initializing the mem_root results in a very
large block_size value. Hence while trying to
allocate a block during the DELETE operation,
an OOM error is reported. In case of 5.7+, the PFS
instrumentation for memory allocation, overshoots
the unsigned value and allocates a block of just
one byte. While trying to free the block of the
mem_root, the original block_size is used. This
triggers the crash since the server tries to free
unallocated memory.

Fix:
====
In order to restrict usage of such unreasonable
sort_buffer_size, the typecast of block size
to 'unsigned int' is removed and hence reports
OOM error across all versions for sizes
exceeding unsigned int range.

FULL
Bug#21753696: MAKE SHOW SLAVE STATUS NON BLOCKING IF IO
THREAD WAITS FOR DISK SPACE

Fixing a post push test issue.

               INTERVALS

ISSUE:
------
Some string functions return one or a combination of the
parameters as their result. Here the resultant string's
charset could be incorrectly set to that of the chosen
parameter.

This results in incorrect behavior when an ascii string is
expected.

SOLUTION:
---------
Since an ascii string is expected, val_str_ascii should
explicitly convert the string.

Part of the fix is a backport of Bug#22340858 for mysql-5.5
and mysql-5.6.

               IS NOT FOUND

DESCRIPTION
===========
If script mysqld_multi and utility my_print_defaults are in
the same folder (not included in $PATH) and the former is
made to run, it complaints that the mysqld binary is absent
eventhough the binary exists.

ANALYSIS
========
We've a subroutine my_which() mimicking the behaviour of
POSIX "which" command. Its current behaviour is to check
for a given argument as follows:
- Step 1: Assume the argument to be a command having full
fledged absolute path. If it exists "as-is", return the
argument (which will be pathname), else proceed to Step 2.
- Step 2: Assume the argument to be a plain command with no
aboslute path. Try locating it in all of the paths
(mentioned in $PATH) one by one. If found return the
pathname. If found nowhere, return NULL.

Currently when my_which(my_print_defaults) is called, it
returns from Step 1 (since utlity exists in current
folder) and doesn't proceed to Step 2. This is wrong since
the returned value is same as the argument i.e.
'my_print_default' which defies the purpose of this
subroutine whose job is to return a pathname either in Step
1 or Step 2.

Later when the utility is executed in subroutine
defaults_for_group(), it evaluates to NULL and returns the
same. This is because the plain command 'my_print_defaults
{options} ...' would execute properly only if
my_print_defaults exists in one of the paths (in $PATH). In
such a case, in the course of the flow it looks onto the
variable $mysqld_found which comes out to be NULL and
hence ethe error.

In this case, call to my_which should fail resulting in
script being aborted and thus avoiding this mess.

FIX
===
This utility my_print_defaults should be tested only in
Step 2 since it does not have an absolute path. Thus added
a condition in Step 1 so that is gets executed iff not
called for my_print_defaults thus bypassing it to proceed
to Step 2 where the check is made for various paths (in
$PATH)

FULL
Bug#21753696: MAKE SHOW SLAVE STATUS NON BLOCKING IF IO
THREAD WAITS FOR DISK SPACE

Problem:
========
Currently SHOW SLAVE STATUS blocks if IO thread waits for
disk space. This makes automation tools verifying
server health block on taking relevant action. Finally this
will create SHOW SLAVE STATUS piles.

Analysis:
=========
SHOW SLAVE STATUS hangs on mi->data_lock if relay log write
is waiting for free disk space while holding mi->data_lock.
mi->data_lock is needed to protect the format description
event (mi->format_description_event) which is accessed by
the clients running FLUSH LOGS and slave IO thread. Note
relay log writes don't need to be protected by
mi->data_lock, LOCK_log is used to protect relay log between
IO and SQL thread (see MYSQL_BIN_LOG::append_event). The
code takes mi->data_lock to protect
mi->format_description_event during relay log rotate which
might get triggered right after relay log write.

Fix:
====
Release the data_lock just for the duration of writing into
relay log.

Made change to ensure the following lock order is maintained
to avoid deadlocks.

data_lock, LOCK_log

data_lock is held during relay log rotations to protect
the description event.