- 20 Mar, 2013 1 commit
-
-
Jorgen Loland authored
RETURNS RANDOM DATA MySQL 5.5 specific version of bugfix. When Loose Index Scan Range access is used, MySQL execution needs to copy non-aggregated fields. end_send() checked if this was necessary by checking if join_tab->select->quick had type QS_TYPE_GROUP_MIN_MAX. In this bug, however, MySQL created a sort index to sort the rows read from this range access method. create_sort_index() deletes join_tab->select->quick which makes it impossible to inquire the join_tab if LIS has been used. The fix for MySQL 5.5 is to introduce a variable in JOIN_TAB that stores whether or not LIS has been used. There is no need for this variable in later MySQL versions because the relevant code has been refactored.
-
- 19 Mar, 2013 5 commits
-
-
Tor Didriksen authored
Post push fix: setup_ref_array() now uses n_sum_items to determine size of ref_pointer_array. The problem was that n_sum_items kept growing, it wasn't reset for each query. A similar memory leak was fixed with the patch for: Bug 14683676 ENDLESS MEMORY CONSUMPTION IN SETUP_REF_ARRAY WITH MAX IN SUBQUERY sql/sql_yacc.yy: Reset parsing_place when we're done parsing SHOW commands, to prevent Item::Item incrementing select_n_having_items (which is also used in setup_ref_array())
-
Murthy Narkedimilli authored
-
Murthy Narkedimilli authored
-
Murthy Narkedimilli authored
-
Murthy Narkedimilli authored
-
- 18 Mar, 2013 1 commit
-
-
Vasil Dimov authored
UPDATES After checking that the table has changed too much in row_update_statistics_if_needed() and calling dict_update_statistics(), also check if the same condition holds after acquiring the table stats latch. This is to avoid multiple threads concurrently entering and executing the stats update code. Approved by: Marko (rb:2186)
-
- 19 Mar, 2013 2 commits
-
-
Murthy Narkedimilli authored
-
Murthy Narkedimilli authored
-
- 18 Mar, 2013 5 commits
-
-
Sujatha Sivakumar authored
-
Sujatha Sivakumar authored
Problem: ======= Found using AddressSanitizer testing. The mysqlbinlog utility may result in out-of-bound heap buffer reads and thus, undefined behaviour, when processing RBR events in the old (pre-5.1 GA) format. The following code in process_event() would only be correct if Rows_log_event was the base class for Write,Update,Delete_rows_log_event_old classes: case PRE_GA_WRITE_ROWS_EVENT: case PRE_GA_DELETE_ROWS_EVENT: case PRE_GA_UPDATE_ROWS_EVENT: ... Rows_log_event *e= (Rows_log_event*) ev; Table_map_log_event *ignored_map= print_event_info->m_table_map_ignored.get_table(e->get_table_id()); ... if (e->get_flags(Rows_log_event::STMT_END_F)) { ... } However, Rows_log_event is only the base class for the Write,Update_Delete_rows_event family of classes, but not for their *_old counterparts. So the above typecasts are incorrect for the old-format RBR events and may result (and do result according to AddressSanitizer reports) in reading memory outside of the previously allocated on heap buffer. Fix: === The above mentioned invalid type cast has been replaced with appropriate old counterpart. Note:The above mentioned issue is present only mysql-5.1 and 5.5. This is fixed in mysql-5.6 and above as part of Bug#55790. Hence few of the relevant changes of Bug#55790 are being back ported to fix the current issue. client/mysqlbinlog.cc: The above mentioned invalid type cast of using new event object to read old events, has been replaced with appropriate old counterpart. Note:The above mentioned issue is present only mysql-5.1 and 5.5. This is fixed in mysql-5.6 and above as part of Bug#55790. Hence few of the relevant changes of Bug#55790 are being back ported to fix the current issue.
-
Neeraj Bisht authored
Backport the changes for bug#14786792 which is regression of fix for bug#11761854.So backported both changes.
-
Nirbhay Choubey authored
-
Nirbhay Choubey authored
INTERACTIVE MODE In interactive mode, libedit/readline allocates memory for every new line entered & later the allocated memory never gets freed. Fixed by freeing the allocated memory blocks appropriately.
-
- 15 Mar, 2013 2 commits
-
-
Venkatesh Duggirala authored
Null merge from mysql-5.1
-
Venkatesh Duggirala authored
Back porting fix from mysql-5.5 sql/rpl_utility.cc: Resetting last_added to NULL to avoid memory leak
-
- 14 Mar, 2013 3 commits
-
-
Tor Didriksen authored
We need to take 'n_sum_items' into the calculation when allocating the ref_ptr_array.
-
Sergey Glukhov authored
-
Sergey Glukhov authored
Item_func_group_concat::copy_or_same() creates a copy of original object. It also creates a copy of ORDER structure because ORDER struct elements may be modified in find_order_in_list() called from Item_func_group_concat::setup(). As ORDER copy is created using memcpy, ORDER::next elements point to original ORDER structs. Thus find_order_in_list() called from EXECUTE stmt modifies ordinal ORDER item pointers so they point to runtime items, these items are freed after execution, so original ORDER structure becomes invalid. The fix is to properly update ORDER::next fields so that they point to new ORDER elements. sql/item_sum.cc: update ORDER::next fields so that they point to new ORDER elements.
-
- 13 Mar, 2013 5 commits
-
-
Venkatesh Duggirala authored
COLUMNS ARE USED INSIDE A STORED PROCEDURE Merging post-push fix from mysql-5.1
-
Venkatesh Duggirala authored
COLUMNS ARE USED INSIDE A STORED PROCEDURE Post-push fix. String::operator=() in client/sql_string.h also needs to be updated with fix.
-
Aditya A authored
FREED LOCK ANALYIS ------- In 5.5 code the lock_rec_block_validate() is called after releasing the kernel mutex. There is a chance that the lock might be invalid so, we are getting the valgrind error on invalid read on lock->index. FIX --- Fix would be to copy the lock->index when we are holding the kernel mutex and then pass it to the lock_rec_block_validate(). This implementation is present in 5.1 code. [ Approved by sunny rb.no.oracle.com/rb/r/2152/ ]
-
Harin Vadodaria authored
Description: Null merge from 5.1.
-
unknown authored
No commit message
-
- 12 Mar, 2013 6 commits
-
-
Venkatesh Duggirala authored
COLUMNS ARE USED INSIDE A STORED PROCEDURE Problem: When 'SET' type columns are used in a DML inside a stored procedure and a NULL value is passed to that column, replication is breaking. Analysis: All stored procedure variables used inside a DML will be substituted with NAME_CONST functions. While NAME_CONST are used in this particular scenario, i.e., when NULL value is passed then charset is copied from 'empty_set_string' member of Field_set class. The operator '=' overload method inside 'String' class is not coping str_charset from R.H.S object to L.H.S object. Hence charset is wrongly copied in the string assignment Fix: Handle coping str_charset member in operator '=' overload method. sql/sql_string.h: Handled coping str_charset member in operator '=' overload method.
-
Venkatesh Duggirala authored
COLUMNS ARE USED INSIDE A STORED PROCEDURE Problem: The operator '=' overload method inside 'String' class is not coping str_charset member from R.H.S object to L.H.S object. Hence charset is wrongly set while using string assignments Analaysis: The above mentioned problem is identified while doing the analaysis of bug#14593883. Though the test scenario mentioned in the bug page is not an issue in mysql-5.1 code, the actual root cause ie., "str_charset member is not copied" exists in the mysql-5.1 code base. Fix: Handle coping str_charset member in operator '=' overload method. sql/sql_string.h: Handled coping str_charset member in operator '=' overload method.
-
Marko Mäkelä authored
IBUF, FREE SPACE MANAGEMENT ibuf_merge_or_delete_for_page(): Declare the user index page latched for UNIV_SYNC_DEBUG after opening the change buffer cursor. This should avoid the bogus latching order violation. ibuf_delete_rec(): Add assertions to the callers, checking that the mini-transaction was committed when the function returned TRUE. This is a non-functional change, just clarifying the code. rb#2136 approved by Kevin Lewis
-
Marko Mäkelä authored
-
Marko Mäkelä authored
For a fresh insert, page_zip_available() was counting some fields twice. In the worst case, the compressed page size grows by PAGE_ZIP_DIR_SLOT_SIZE plus the size of the record that is being inserted. The size of the record already includes the fields that will be stored in the uncompressed portion of the compressed page. page_zip_get_trailer_len(): Remove the output parameter entry_size, because no caller is interested in it. page_zip_max_ins_size(), page_zip_available(): Assume that the page grows by PAGE_ZIP_DIR_SLOT_SIZE and the record size (which includes the fields that would be stored in the uncompressed portion of the page). rb#2169 approved by Sunny Bains
-
unknown authored
No commit message
-
- 11 Mar, 2013 2 commits
-
-
Tor Didriksen authored
The check for unsigned time_t failed, on all platforms, due to missing #include. from CMakeFiles/CMakeError.log with this patch: error: size of array array is negative without this patch: error: time_t undeclared (first use in this function)
-
unknown authored
No commit message
-
- 08 Mar, 2013 1 commit
-
-
unknown authored
No commit message
-
- 07 Mar, 2013 1 commit
-
-
Aditya A authored
MEM_HEAP_CREATE_BLOCK() PROBLEM ------- If we give start mysqld with the option --innodb_log_buffer_size=50GB ,then mem_area_alloc() function fails to allocate memory and returns NULL.In debug version we assert at this point,but there is no check in release version and we get a segmentation fault. FIX --- Added a log message saying that we are unable to allocate memory. After this message we assert. [Approved by Kevin http://rb.no.oracle.com/rb/r/2065 ]
-
- 05 Mar, 2013 1 commit
-
-
unknown authored
-
- 01 Mar, 2013 1 commit
-
-
Tor Didriksen authored
Don't use CMAKE_OSX_ARCHITECTURES to determine DEFAULT_MACHINE if it is not defined. If we're 64bit, then use "x86_64" rather than "x86"
-
- 07 Mar, 2013 1 commit
-
-
Ashish Agarwal authored
PROBLEM: If multiple statements are sent by a single request then only the last statement was getting logged. An attacker can bypass the audit log just by sending two comsecutive statements in one request. SOLUTION: Each statements from a single request are logged.
-
- 06 Mar, 2013 2 commits
-
-
Annamalai Gurusami authored
INSERT WITH SAME VALUES Problem: When a transaction is in READ COMMITTED isolation level, gap locks are still taken in the secondary index, when row is inserted. This happens when the secondary index is scanned for duplicate. The function row_ins_scan_sec_index_for_duplicate() always calls the function row_ins_set_shared_rec_lock() with LOCK_ORDINARY irrespective of the transaction isolation level. Solution: The function row_ins_scan_sec_index_for_duplicate() calls the function row_ins_set_shared_rec_lock() with LOCK_ORDINARY or LOCK_REC_NOT_GAP based on the transaction isolation level. rb://2035 approved by Krunal and Marko
-
unknown authored
-
- 05 Mar, 2013 1 commit
-
-
Inaam Rana authored
Approved by: Marko Makela (patch in bug report) Reduce the number of debug buf_validate() calls
-