1. 24 Sep, 2014 1 commit
    • Bill Qu's avatar
      Bug #15868071 USING SET GLOBAL SQL_LOG_BIN SHOULD NOT BE ALLOWED · 5693b1e4
      Bill Qu authored
      Normally, SET SESSION SQL_LOG_BIN is used by DBAs to run a
      non-conflicting command locally only, ensuring it does not
      get replicated.
      Setting GLOBAL SQL_LOG_BIN would not require all sessions to
      disconnect. When SQL_LOG_BIN is changed globally, it does not
      immediately take effect for any sessions. It takes effect by
      becoming the session-level default inherited at the start of
      each new session, and this setting is kept and cached for the
      duration of that session. Setting it intentionally is unlikely
      to have a useful effect under any circumstance; setting it
      unintentionally, such as while intending to use SET [SESSION]
      is potentially disastrous. Accidentally using SET GLOBAL
      SQL_LOG_BIN will not show an immediate effect to the user,
      instead not having the desired session-level effect, and thus
      causing other potential problems with local-only maintenance
      being binlogged and executed on slaves; And transactions from
      new sessions (after SQL_LOG_BIN is changed globally) are not
      binlogged and replicated, which would result in irrecoverable
      or difficult data loss.
      This is the regular GLOBAL variables way to work, but in
      replication context it does not look right on a working server
      (with connected sessions) 'set global sql_log_bin' and none of
      that connections is affected. Unexperienced DBA after noticing
      that the command did "nothing" will change the session var and
      most probably won't unset the global var, causing new sessions
      to not be binlog.
      Setting GLOBAL SQL_LOG_BIN allows DBA to stop binlogging on all
      new sessions, which can be used to make a server "replication
      read-only" without restarting the server. But this has such big
      requirements, stop all existing connections, that it is more
      likely to make a mess, it is too risky to allow the GLOBAL variable.
      
      The statement 'SET GLOBAL SQL_LOG_BIN=N' will produce an error
      in 5.5, 5.6 and 5.7. Reading the GLOBAL SQL_LOG_BIN will produce
      a deprecation warning in 5.7.
      5693b1e4
  2. 23 Sep, 2014 1 commit
  3. 18 Sep, 2014 1 commit
    • Annamalai Gurusami's avatar
      Bug #19306524 FAILING ASSERTION WITH TEMP TABLE FOR A PROCEDURE CALLED · db78f29b
      Annamalai Gurusami authored
      FROM A FUNCTION
      
      Scenario:
      
      In a stored procedure, CREATE TABLE statement is not allowed.  But an
      exception is provided for CREATE TEMPORARY TABLE.  We can create a temporary
      table in a stored procedure.
      
      Let there be two stored functions f1 and f2 and two stored procedures p1 and
      p2.  Their properties are as follows:
      
      . stored function f1() calls stored procedure p1().
      . stored function f2() calls stored procedure p2().
      . stored procedure p1() creates temporary table t1.
      . stored procedure p2() does DML on t1.
      
      Consider the following situation:
      
      1.  Autocommit mode is on. 
      2.  select f1()
      3.  select f2()
      
      Step 2:  In this step, t1 would be created via p1().  A table level transaction
      lock would have been taken.  The ::external_lock() would not have been called
      on this table.  At the end of step 2, because of autocommit mode on, this table
      level lock will be released.
      
      Step 3:  When we execute DML on table t1 via p2() we have two problems:
      
      Problem 1:
      
      The function ha_innobase::external_lock() would have been called but since
      it is a select query no table level locks would have been taken.  Hence the
      following assert will fail:
      
      ut_ad(lock_table_has(thr_get_trx(thr), index->table, LOCK_IX));
      
      Solution:
      
      The solution would be to identify this situation and take a table level lock
      and use the proper lock type prebuilt->select_lock_type = LOCK_X for DML
      operations.
      
      Problem 2:
      
      Another problem is that in step 3, ha_innobase::open() is never called on
      the table t1.  
      
      Solution:
      
      The solution would be to identify this situation and call re-init the handler
      of table t1.
      
      rb#6429 approved by Krunal.
      db78f29b
  4. 17 Sep, 2014 1 commit
    • Annamalai Gurusami's avatar
      Bug #17852083 PRINT A WARNING WHEN DDL HAS AN ERROR IN INNODB_STRICT_MODE = 1 · 44fd241a
      Annamalai Gurusami authored
      Problem:
      
      Creation of a table fails when innodb_strict_mode is enabled, but the same
      table is created without any warning when innodb_strict_mode is enabled.
      
      Solution:
      
      If creation of a table fails with an error when innodb_strict_mode is
      enabled, it must issue a warning when innodb_strict_mode is disabled.
      
      rb#6723 approved by Krunal.
      44fd241a
  5. 16 Sep, 2014 1 commit
    • Praveenkumar Hulakund's avatar
      Bug#19070633 - POSSIBLE ACCESS TO FREED MEMORY IN IS_FREE_LOCK() · 508c74ac
      Praveenkumar Hulakund authored
                      AND IS_USED_LOCK().
      
      Analysis:
      -----------
      In functions Item_func_is_free_lock::val_int() and 
      Item_func_is_used_lock::val_int(), for the specified user lock
      name, pointer to its "User_level_lock" object is obtained from hash
      "hash_user_locks". Mutex "LOCK_user_locks" is acquired for this
      and released immediately. And we are accessing members of
      User_level_lock after releasing the mutex. If same user lock is
      deleted(released) from concurrent thread then accessing members
      results in invalid(freed) memory access issue.
      
      Deleting of user lock is also protected from the mutex
      "LOCK_user_locks". Since this mutex is released in "val_int" 
      functions mentioned above, delete operation proceeds while concurrent
      thread tries to access its members.
      
      With the test case, valgrind reports invalid read issues in val_int
      functions.
      
      Fix:
      -----------
      To fix this issue, in "val_int" function of classes
      "Item_func_is_free_lock" and "Item_func_is_used_lock", now releasing
      mutex "LOCK_user_locks" after accessing User_level_lock members.
      508c74ac
  6. 11 Sep, 2014 2 commits
  7. 10 Sep, 2014 1 commit
    • Praveenkumar Hulakund's avatar
      Bug#18790730 - CROSS-DATABASE FOREIGN KEY WITHOUT PERMISSIONS · cf4231a7
      Praveenkumar Hulakund authored
                     CHECK.
      
      Analysis:
      ----------
      Issue here is, while creating or altering the InnoDB table,
      if the foreign key defined on the table references a parent
      table on which the user has no access privileges then the
      table is created without reporting any error. 
      
      Currently the privilege level REFERENCES_ACL is unused
      and is not used for access evaluation while creating the
      table with a foreign key constraint or adding the foreign
      key constraint to a table. But when no privileges are granted
      to user then also access evaluation on parent table is ignored.
      
      Fix:
      ---------
      For DMLs, irrelevant of the fact, support does not want any
      changes to avoid permission checks on every operation.
      
      So, as a fix, added a function "check_fk_parent_table_access" 
      to check whether any of the SELECT_ACL, INSERT_ACL, UDPATE_ACL,
      DELETE_ACL or REFERENCE_ACL privileges are granted for user
      at table level. If none of them is granted then error is reported.
      This function is called during the table creation and alter 
      operation. 
      cf4231a7
  8. 08 Sep, 2014 1 commit
  9. 05 Sep, 2014 2 commits
  10. 03 Sep, 2014 1 commit
  11. 02 Sep, 2014 1 commit
  12. 28 Aug, 2014 2 commits
    • Venkatesh Duggirala's avatar
      Bug#19145712 USER AFTER FREE / DOUBLE FREE ISSUE · a7975870
      Venkatesh Duggirala authored
            
            Problem: A corrupted header length in FORMAT_DESCRIPTION_LOG_EVENT
            can cause server to crash.
            Analysis: FORMAT_DESCRIPTION_EVENT will be considered invalid if
            header len is too small (i.e. below OLD_HEADER_LEN).
            
            Format_description_log_event:: Format_description_log_event(...)
            {
              ...
              if ((common_header_len=buf[ST_COMMON_HEADER_LEN_OFFSET]) < OLD_HEADER_LEN)
                DBUG_VOID_RETURN; /* sanity check */
              ...
              post_header_len= my_memdup(...)
            }
            
            In that case Format_description_log_event constructor will return early,
            without allocating any memory for post_header_len. Thence this variable is
            left uninitialized and making server to crash when server is trying
            to free the uninitialized value.
            
            Fix: When Format_description_log_event constructor returns early, assign
            NULL to post_header_len.
      a7975870
    • Alexander Nozdrin's avatar
      Update copyright text. · f46a7602
      Alexander Nozdrin authored
      f46a7602
  13. 27 Aug, 2014 1 commit
  14. 26 Aug, 2014 3 commits
  15. 25 Aug, 2014 2 commits
    • Annamalai Gurusami's avatar
      Bug #19471516 SERVER CRASHES WHEN EXECUTING ALTER TABLE ADD FOREIGN KEY · f97dfa81
      Annamalai Gurusami authored
      Problem:
      
      We maintain two rb trees in each dict_table_t.  The foreign_rbt must be in
      sync with foreign_list.  The referenced_rbt must be in sync with
      referenced_list. There is one function which checks this consistency and it
      failed, resulting in an assert failure.
      
      The root cause of the problem was identified that the search order was 
      lost in the referenced_rbt.  This is because while renaming the table,
      we didn't not refresh this referenced_rbt.
      
      Solution:
      
      When a foreign key is renamed, we must delete and re-insert into both
      foreign_rbt and referenced_rbt.  
      
      rb#6412 approved by Jimmy.
      f97dfa81
    • murthy.narkedimilli@oracle.com's avatar
  16. 23 Aug, 2014 1 commit
  17. 21 Aug, 2014 1 commit
    • Tor Didriksen's avatar
      Bug#18928848 II. MALLOC OF UNINITIALIZED MEMORY SIZE · 63a6af32
      Tor Didriksen authored
      Several string functions have optimizations for constant
      sub-expressions which lead to setting max_length == 0.
      
      For subqueries, where we need a temporary table to holde the result,
      we need to ensure that we use a VARCHAR(0) column rather than a
      CHAR(0) column when such expressions take part in grouping.
      With CHAR(0) end_update() may write garbage into the next field.
      63a6af32
  18. 20 Aug, 2014 1 commit
  19. 12 Aug, 2014 6 commits
  20. 06 Aug, 2014 2 commits
  21. 04 Aug, 2014 1 commit
  22. 01 Aug, 2014 2 commits
    • Venkata Sidagam's avatar
      Bug #18415196 MYSQL_UPGRADE DUPLICATE KEY ERROR FOR MYSQL.USER FOR 5.5.35+, 5.6.15+, 5.7.3+ · 7d904273
      Venkata Sidagam authored
      Follow-up patch. Removed unwanted code.
      7d904273
    • Venkata Sidagam's avatar
      Bug #18415196 MYSQL_UPGRADE DUPLICATE KEY ERROR FOR MYSQL.USER FOR 5.5.35+, 5.6.15+, 5.7.3+ · 7879b3ee
      Venkata Sidagam authored
      Description: mysql_upgrade fails with below error, 
      when there are duplicate entries(like 'root'@'LOCALHOST'
      and 'root'@'localhost') in mysql.user table.
      ERROR 1062 (23000) at line 1140: Duplicate entry 'localhost-root' for key 'PRIMARY'
      FATAL ERROR: Upgrade failed
      
      Analysis: As part of the bug 12917151 fix we are 
      making all the hostnames as lower case hostnames.
      So, this has been done by mysql_upgrade.
      In case of above mentioned duplicate entries 
      mysql_upgrade tries to change hostname to lowercase.
      Since there is already 'root'@'localhost' exists.
      it is failing with "duplicate entry" error.
      
      Fix: Since its a valid error failure. We are 
      making the error more verbose. So, that user will
      delete the duplicate errors manually.
      Along with existing error we are printing below
      error as well.
      ERROR 1644 (45000) at line 1153: Multiple accounts exist for @user_name, @host_name that differ only in Host lettercase; remove all except one of them
      7879b3ee
  23. 31 Jul, 2014 2 commits
  24. 28 Jul, 2014 1 commit
  25. 24 Jul, 2014 1 commit
  26. 21 Jul, 2014 1 commit
    • Venkata Sidagam's avatar
      Bug #17297324 GLIBC DOUBLE FREE OR CORRUPTION WHEN KILLING CLIENT; CTRL+C · c20c135a
      Venkata Sidagam authored
      Description: Sometimes when killing the mysql command line client with
      KILL -2(SIGINT), mysql client core dumps as a result of a double free or
      corruption.
      
      Analysis: When we run the mysql client in command line mode it will goes
      to mysql_end() and frees many data structures. At the same time (i.e
      after some data structures are freed), if we give "KILL -2" signal then
      the signal will be handled with function handle_kill_signal() and as
      part of it will again calls mysql_end() and goes with free() to the
      already freed data structure for batch_readline_end() function, which
      causes core dump.
      
      Fix: Ignoring SIGQUIT and SIGINT signals when cleanup process starts.
      This will help in resolving the double free issues, which occurs 
      in case the signal handler function is started in between of the 
      clean up function.
      For 5.6 we need to ignore SIGHUP also.
      c20c135a