1. 18 Sep, 2015 3 commits
  2. 16 Sep, 2015 1 commit
    • Shishir Jaiswal's avatar
      Bug #21467458 - UNINSTALL PLUGIN DAEMON_EXAMPLE CRASHES · 17387bc5
      Shishir Jaiswal authored
                      MYSQLD.
      
      DESCRIPTION
      ===========
      Crash occurs when daemon_example plugin is uninstalled
      immediately after its installed. This can be reproduced
      by installing and uninstalling the plugin repeatedly.
      
      ANALYSIS
      ========
      The daemon_example_plugin_deinit() function of the daemon
      example plugin calls pthread_cancel() but doesn't wait for
      the worker thread to actually complete before deallocating
      the data buffer and closing the file that it writes to.
      This is causing SEGFAULT!
      
      FIX
      ===
      Added a pthread_join() to wait for the thread to complete
      before doing the cleanup work.
      
      Removed a stray 'x' variable from the example code.
      
      NOTE
      ====
      Have made an entry in .opt file as given below:
      --plugin-dir=$DAEMONEXAMPLE_DIR
      
      This is done so that the program takes plugin directory as
      ../<dbg>/plugin/daemon_example/ instead of
      ../lib/plugin/
      17387bc5
  3. 11 Sep, 2015 1 commit
  4. 04 Sep, 2015 1 commit
    • Arun Kuruvila's avatar
      Bug #21503595 : --QUERY-ALLOC-BLOCK-SIZE=-1125899906842624 + · ddcad361
      Arun Kuruvila authored
                      PID_FILE CHECK LEADS TO OOM SIG 11
      
      Description:- A server started with 'query_alloc_block_size'
      option set to a certain range of negative values on a
      machine without enough memory may lead to OOM.
      
      Analysis:- Server uses 'strtoull()' to convert server
      variable values of type 'GET_UINT', 'GET_ULONG' or 'GET_ULL'
      from string to unsigned long long. According to the man
      page, 'strtoull()' function returns either the result of the
      conversion or, if there was a leading minus sign, the
      negation of the result of the conversion represented as an
      unsigned value, unless the original(nonnegated) value would
      overflow; in the latter case, strtoull() returns ULLONG_MAX
      and sets errno to ERANGE. So 'strtoull()' converts a small
      negative value to a larger postive value. For example string
      '-1125899906842624' will be converted to an unsigned value,
      '18445618173802708992' (ulonglong typecast of
      '-1125899906842624'). So a
      server started with 'query_alloc_block_size' set to
      "-1125899906842624" on a machine without enough memory will
      lead to OOM since server allocates '18445618173802708992'
      bytes(17178820608 GB) for query allocation block.
      
      Fix:- When server is started with any server variable, of
      type "GET_UINT", "GET_ULONG" or "GET_ULL", set to a negative
      value, a warning, "option xxx: value -yyy adjusted to zzz"
      is thrown and the value is adjusted to the lowest possible
      value for that variable. The dynamic server variable which
      is configured through the client exhibit the same behavior
      as fix made for variables configured during the server
      start up.
      ddcad361
  5. 01 Sep, 2015 2 commits
  6. 31 Aug, 2015 1 commit
  7. 26 Aug, 2015 1 commit
  8. 25 Aug, 2015 1 commit
  9. 21 Aug, 2015 1 commit
    • Arun Kuruvila's avatar
      Bug#20198490 : LOWER_CASE_TABLE_NAMES=0 ON WINDOWS LEADS TO · f4ff086a
      Arun Kuruvila authored
                     PROBLEMS
      
      Description:- Server variable "--lower_case_tables_names"
      when set to "0" on windows platform which does not support
      case sensitive file operations leads to problems. A warning
      message is printed in the error log while starting the
      server with "--lower_case_tables_names=0". Also according to
      the documentation, seting "lower_case_tables_names" to "0"
      on a case-insensitive filesystem might lead to index
      corruption.
      
      Analysis:- The problem reported in the bug is:-
      Creating an INNODB table 'a' and executing a query, "INSERT
      INTO a SELECT a FROM A;" on a server started with
      "--lower_case_tables_names=0" and running on a
      case-insensitive filesystem leads innodb to flat spin.
      Optimizer thinks that "a" and "A" are two different tables
      as the variable "lower_case_table_names" is set to "0". As a
      result, optimizer comes up with a plan which does not need a
      temporary table. If the same table is used in select and
      insert, a temporary table is needed. This incorrect
      optimizer plan leads to infinite insertions.
      
      Fix:- If the server is started with
      "--lower_case_tables_names" set to 0 on a case-insensitive
      filesystem, an error, "The server option
      'lower_case_table_names'is configured to use case sensitive
      table names but the data directory is on a case-insensitive
      file system which is an unsupported combination. Please
      consider either using a case sensitive file system for your
      data directory or switching to a case-insensitive table name
      mode.", is printed in the server error log and the server
      exits.
      f4ff086a
  10. 19 Aug, 2015 1 commit
  11. 18 Aug, 2015 2 commits
    • Shishir Jaiswal's avatar
      Bug #16171518 - LOAD XML DOES NOT HANDLE EMPTY ELEMENTS · ee02650b
      Shishir Jaiswal authored
      DESCRIPTION
      ===========
      Inability of mysql LOAD XML command to handle empty XML
      tags i.e. <row><tag/></row>. Also the behaviour is wrong
      and (different than above) when there is a space in empty
      tag i.e. <row><tag /></row>
      
      ANALYSIS
      ========
      In read_xml() the case where we encounter a close tag ('/')
      we're decreasing the 'level' blindly which is wrong.
      Actually when its an without-space-empty-tag (succeeding
      char is '>'), we need to skip the decrement. In other words
      whenever we hit a close tag ('/'), decrease the 'level'
      only when (i) It's not an (without space) empty tag i.e.
      <tag/> or, (ii) It is of format <row col="val" .../>
      
      FIX
      ===
      The switch case for '/' is modified. We've removed the
      blind decrement of 'level'. We do it only when its not an
      without-space-empty-tag. Also we are setting 'in_tag' to
      false to let program know that we're done reading current
      tag (required in the case of format <row col="val" .../>)
      ee02650b
    • Karthik Kamath's avatar
      BUG#11754258: INCORRECT ERROR MESSAGE WHEN CREATING UNSAFE · 93ac0eb1
      Karthik Kamath authored
                    VIEW
      
      
      It appears that the code refactoring done as part of the
      patch for the MySQL BUG#11749859 fixed this issue. This
      issue is not reproducible on MySQL 5.5+ versions now.
      As part of this patch, the test file "mysqldump.test" has
      been updated to remove the comment which was referring to
      the bug and also the line which suppresses the warning.
      93ac0eb1
  12. 17 Aug, 2015 2 commits
    • Mithun C Y's avatar
      Merge branch 'mysql-5.1' into mysql-5.5 · 8fe07088
      Mithun C Y authored
      8fe07088
    • Mithun C Y's avatar
      Bug #21350175: SUBQUERIES IN PROCEDURE CLAUSE OF SELECT STATEMENT CAUSES SERVER FAILURES. · 557a57f3
      Mithun C Y authored
      Analysis :
      ==========
      During JOIN::prepare of sub-query which creates the
      derived tables we call setup_procedure. Here we call
      fix_fields for parameters of procedure clause. Calling
      setup_procedure at this point may cause issue. If
      sub-query is one of parameter being fixed it might
      lead to complicated dependencies on derived tables
      being prepared.
      
      SOLUTION :
      ==========
      In 5.6 with WL#6242, we have made procedure clause
      parameters can only be NUM, so sub-queries are not
      allowed as parameters. So in 5.5 we can block
      sub-queries in procedure clause parameters.
      This eliminates above conflicting dependencies.
      557a57f3
  13. 12 Aug, 2015 1 commit
    • Aditya A's avatar
      Bug #21025880 DUPLICATE UK VALUES IN READ-COMMITTED (AGAIN) · 608efca4
      Aditya A authored
      PROBLEM
      
      Whenever we insert in unique secondary index we take shared
      locks on all possible duplicate record present in the table.
      But while during a replace on the unique secondary index ,
      we take exclusive and locks on the all duplicate record.
      When the records are deleted, they are first delete marked
      and later purged by the purge thread. While purging the
      record we call the lock_update_delete() which in turn calls
      lock_rec_inherit_to_gap() to inherit locks of the deleted
      records. In repeatable read mode we inherit all the locks
      from the record to the next record  but in the read commited
      mode we skip inherting them as gap type locks. We make a
      exception here if the lock on the records is  in shared mode
      ,we assume that it is set during insert for unique secondary
      index and needs to be inherited to stop constraint violation.
      We didnt handle the case when exclusive locks are set during
      replace, we skip inheriting locks of these records and hence
      causing constraint violation.
      
      FIX
      
      While inheriting the locks,check whether the transaction is
      allowed to do TRX_DUP_REPLACE/TRX_DUP_IGNORE, if true
      inherit the locks.
      
      [ Revewied by Jimmy #rb9709]
      608efca4
  14. 10 Aug, 2015 1 commit
  15. 07 Aug, 2015 2 commits
    • Ajo Robert's avatar
      Merge branch 'mysql-5.1' into mysql-5.5 · 552b1c8a
      Ajo Robert authored
      552b1c8a
    • Ajo Robert's avatar
      Bug #20760261 mysqld crashed in materialized_cursor:: · f3dce250
      Ajo Robert authored
      send_result_set_metadata
      
      Analysis
      --------
      Cursor inside trigger accessing NEW/OLD row leads server exit.
      
      The reason for the bug was that implementation of function
      create_tmp_table() was not considering Item::TRIGGER_FIELD_ITEM
      as possible alternative for type of class being instantiated.
      This was resulting in a mismatch between a number of columns
      in result list and temp table definition. This mismatch leads
      to the failure of assertion
      DBUG_ASSERT(send_result_set_metadata.elements == item_list.elements)
      in the method Materialized_cursor::send_result_set_metadata
      in debug mode.
      
      Fix:
      ---
      Added code to consider Item::TRIGGER_FIELD_ITEM as valid
      type while creating fields.
      f3dce250
  16. 05 Aug, 2015 2 commits
  17. 04 Aug, 2015 2 commits
  18. 03 Aug, 2015 4 commits
  19. 29 Jul, 2015 2 commits
  20. 24 Jul, 2015 1 commit
  21. 23 Jul, 2015 1 commit
    • Nisha Gopalakrishnan's avatar
      BUG#19886430: VIEW CREATION WITH NAMED COLUMNS, OVER UNION, · b5380e09
      Nisha Gopalakrishnan authored
                    IS REJECTED.
      
      Analysis
      ========
      
      View creation with named columns over UNION is rejected.
      Consider the following view definition:
      
      CREATE VIEW v1 (fld1, fld2) AS SELECT 1 AS a, 2 AS b
      UNION ALL SELECT 1 AS a, 1 AS a;
      
      A 'duplicate column' error was reported due to the duplicate
      alias name in the secondary SELECT. The VIEW column names
      are either explicitly specified or determined from the
      first SELECT (which can be auto generated if not specified).
      Since a duplicate column name check was performed even
      for the secondary SELECTs, an error was reported.
      
      Fix
      ====
      
      Check for duplicate column names only for the named
      columns if specified or only for the first SELECT.
      b5380e09
  22. 16 Jul, 2015 1 commit
    • Sreeharsha Ramanavarapu's avatar
      Bug #21143080: UPDATE ON VARCHAR AND TEXT COLUMNS PRODUCE · 888fabd6
      Sreeharsha Ramanavarapu authored
                     INCORRECT RESULTS
      
      Issue:
      -----
      Updating varchar and text fields in the same update
      statement can produce incorrect results. When a varchar
      field is assigned to the text field and the varchar field
      is then set to a different value, the text field's result
      contains the varchar field's new value.
      
      SOLUTION:
      ---------
      Currently the blob type does not allocate space for the
      string to be stored. Instead it contains a pointer to the
      varchar string. So when the varchar field is changed as
      part of the update statement, the value contained in the
      blob also changes.
      
      The fix would be to actually store the value by allocating
      space for the blob's string. We can avoid allocating this
      space when the varchar field is not being written into.
      888fabd6
  23. 14 Jul, 2015 1 commit
  24. 13 Jul, 2015 2 commits
    • Tor Didriksen's avatar
      Bug #20168526 YASSL: CORRUPT SSL-KEY CRASHES CLIENT · 067ae38c
      Tor Didriksen authored
      Post-push fix: broken build on windows.
      The problem is min/max macros from windows.h
      which interfere with a template function callex max.
      
      Solution: ADD_DEFINITIONS(-DNOMINMAX)
      067ae38c
    • Sreeharsha Ramanavarapu's avatar
      Bug #20777016: DELETE CHECKS PRIVILEGES ON THE WRONG · 6fb2cdbc
      Sreeharsha Ramanavarapu authored
                     DATABASE WHEN USING TABLE ALIASES
      
      Issue:
      -----
      When using table aliases for deleting, MySQL checks
      privileges against the current database and not the
      privileges on the actual table or database the table
      resides.
      
      
      SOLUTION:
      ---------
      While checking privileges for multi-deletes,
      correspondent_table should be used since it points to the
      correct table and database.
      6fb2cdbc
  25. 10 Jul, 2015 3 commits