1. 25 Oct, 2011 2 commits
    • Marko Mäkelä's avatar
      Bug#13002783 PARTIALLY UNINITIALIZED CASCADE UPDATE VECTOR · 57923469
      Marko Mäkelä authored
      In the ON UPDATE CASCADE clause of FOREIGN KEY constraints, the
      calculated update vector was not fully initialized. This bug was
      introduced in the InnoDB Plugin when implementing support for
      ROW_FORMAT=DYNAMIC.
      
      Additionally, the data type information was not initialized, but
      apparently it has never been needed in this case.  Nevertheless, it is
      not good programming practice to pass uninitialized values around.
      
      calc_row_difference(): Declare the update field uninitialized in
      Valgrind. Copy the data type information as well, except when the
      field is SQL NULL. In the built-in InnoDB, initialize
      ufield->extern_storage = FALSE (an initialization bug that had gone
      unnoticed this far). The InnoDB Plugin and later have this flag to
      dfield_t and have always initialized it properly.
      
      row_ins_cascade_calc_update_vec(): Reduce the scope of some
      pointers. Initialize orig_len. (This caused the bug in InnoDB Plugin
      and later.)
      
      row_ins_foreign_check_on_constraint(): Simplify a condition. Declare
      the update vector uninitialized.
      
      rb:771 approved by Jimmy Yang
      57923469
    • Vasil Dimov's avatar
      Fix Bug#12661768 UPDATE IGNORE CRASHES SERVER IF TABLE IS INNODB AND IT IS · 7312f83c
      Vasil Dimov authored
      PARENT FOR OTHER ONE
      
      Do not try to lookup key_nr'th key in 'table' because there may not be such
      a key there. key_nr is the number of the key in the _child_ table name, not
      in the parent table.
      
      Instead just print the fields of the record that are covered by the first key
      defined on the parent table.
      
      This bug gets a better fix in MySQL 5.6, which is too risky for 5.1 and 5.5.
      
      Approved by:	Jon Olav Hauglid (via IM)
      7312f83c
  2. 24 Oct, 2011 2 commits
  3. 21 Oct, 2011 3 commits
  4. 20 Oct, 2011 2 commits
  5. 19 Oct, 2011 2 commits
  6. 18 Oct, 2011 1 commit
  7. 14 Oct, 2011 2 commits
  8. 13 Oct, 2011 1 commit
  9. 12 Oct, 2011 5 commits
    • Georgi Kodinov's avatar
    • Georgi Kodinov's avatar
      auto-merge mysql-5.1->mysql-5.1-security · 492e5b9b
      Georgi Kodinov authored
      492e5b9b
    • Georgi Kodinov's avatar
      auto-merge mysql-5.0->mysql-5.0-security · e5e8d376
      Georgi Kodinov authored
      e5e8d376
    • Marko Mäkelä's avatar
      Bug#13006367 62487: innodb takes 3 minutes to clean up the adaptive · 41b97529
      Marko Mäkelä authored
      hash index at shutdown
      
      btr_search_disable(): Just drop the entire adaptive hash index,
      without dropping every record separately.
      
      buf_pool_clear_hash_index(): Renamed and simplified from
      buf_pool_drop_hash_index(). Set block->index = NULL for every block in
      the buffer pool. Do not release the btr_search_latch. The caller will
      have to adjust other data structures.
      
      Remove block->is_hashed. It is redundant, should be always equal to
      block->index != NULL.
      
      Remove btr_search_fully_disabled, btr_search_enabled_mutex, and
      SYNC_SEARCH_SYS_CONF. We drop the AHI in one pass, without releasing
      the btr_search_latch in between.
      
      Replace void* with const rec_t* and add assertions on btr_search_latch
      and btr_search_enabled to ha0ha.h, ha0ha.ic, ha0ha.c.
      
      page_set_max_trx_id(): Ignore the adaptive hash index. I forgot to
      push this in rb:750.
      
      btr0sea.c: Always after acquiring btr_search_latch, check for
      block->index==NULL or !btr_search_enabled. We can now set
      block->index=NULL while only holding btr_search_latch in exclusive
      mode. Always acquire btr_search_latch before reading block->index,
      except in shortcuts when testing for block->index == NULL.
      
      ha_clear(), ha_search(): Unused function, remove.
      
      buf_page_peek_if_search_hashed(): Remove. This function may avoid
      latching a page at the cost of doing a duplicate buf_pool->page_hash
      lookup.
      
      rb:775 approved by Inaam Rana
      41b97529
    • Vinay Fisrekar's avatar
      bug#11766457 - adjusting/modifying the the tests as tests were failing if... · c6120de6
      Vinay Fisrekar authored
      bug#11766457 - adjusting/modifying the the tests as tests were failing if system time zone is set differently.
      c6120de6
  10. 10 Oct, 2011 1 commit
  11. 07 Oct, 2011 1 commit
    • Magne Mahre's avatar
      BUG#12589870 CRASHES WITH MULTIQUERY PACKET + USE<DB> + QUERY CACHE · e02c3d7f
      Magne Mahre authored
       
      A buffer large enough to hold the query _plus_ some additional
      data is allocated before parsing is started.   The additional data 
      is used by the query cache, and consists of the name of the current 
      database and a set of flags.
       
      When a packet containing multiple SQL statements is sent to the
      server and one of the statements changes the current database
      (a "USE <db>" statement), and the name of the new current database 
      is longer than of the previous,  there is not enough space in the 
      buffer for the new name, and we write out over the buffer boundary.
      
      The fix adds an extra field to store the number of bytes
      allocated to the database name in the buffer.  If the current
      database name changes, and the new name is longer than the
      previous one, we refuse to cache the query.
      e02c3d7f
  12. 06 Oct, 2011 2 commits
  13. 05 Oct, 2011 4 commits
    • Bjorn Munch's avatar
      merge 5.1-mtr => 5.1 · ebaa6006
      Bjorn Munch authored
      ebaa6006
    • Sergey Glukhov's avatar
      automerge · cff85ac1
      Sergey Glukhov authored
      cff85ac1
    • Sergey Glukhov's avatar
      Bug#11747970 34660: CRASH WHEN FEDERATED TABLE LOSES CONNECTION DURING INSERT ... SELECT · fcd99c15
      Sergey Glukhov authored
      Problematic query:
      insert ignore into `t1_federated` (`c1`) select `c1` from  `t1_local` a
      where not exists (select 1 from `t1_federated` b where a.c1 = b.c1);
      When this query is killed in another connection it could lead to crash.
      The problem is follwing:
      An attempt to obtain table statistics for subselect table in killed query
      fails with an error. So JOIN::optimize() for subquery is failed but
      it does not prevent further subquery evaluation.
      At the first subquery execution JOIN::optimize() is called
      (see subselect_single_select_engine::exec()) and fails with
      an error. 'executed' flag is set to TRUE and it prevents
      further subquery evaluation. At the second call
      JOIN::optimize() does not happen as 'JOIN::optimized' is TRUE
      and in case of uncacheable subquery the 'executed' flag is set
      to FALSE before subquery evaluation. So we loose 'optimize stage'
      error indication (see subselect_single_select_engine::exec()).
      In other words 'executed' flag is used for two purposes, for
      error indication at JOIN::optimize() stage and for an
      indication of subquery execution. And it seems it's wrong
      as the flag could be reset.
      fcd99c15
    • Marko Mäkelä's avatar
      Add InnoDB UNIV_SYNC_DEBUG assertions to rw-lock code. · 739c5296
      Marko Mäkelä authored
      rw_lock_x_lock_func(): Assert that the thread is not already holding
      the lock in a conflicting mode (RW_LOCK_SHARED).
      
      rw_lock_s_lock_func(): Assert that the thread is not already holding
      the lock in a conflicting mode (RW_LOCK_EX).
      739c5296
  14. 04 Oct, 2011 5 commits
  15. 03 Oct, 2011 1 commit
  16. 29 Sep, 2011 2 commits
    • Tatjana Azundris Nuernberg's avatar
      manual merge · 22532c2c
      Tatjana Azundris Nuernberg authored
      22532c2c
    • Tatjana Azundris Nuernberg's avatar
      Bug#11765687 (MySQL58677): No privilege on table / view, but can know #rows /... · 546084eb
      Tatjana Azundris Nuernberg authored
      Bug#11765687 (MySQL58677): No privilege on table / view, but can know #rows / underlying table's name
      
      1 - If a user had SHOW VIEW and SELECT privileges on a view and
      this view was referencing another view, EXPLAIN SELECT on the outer
      view (that the user had privileges on) could reveal the structure
      of the underlying "inner" view as well as the number of rows in
      the underlying tables, even if the user had privileges on none of
      these referenced objects.
      
      This happened because we used DEFINER's UID ("SUID") not just for
      the view given in EXPLAIN, but also when checking privileges on
      the underlying views (where we should use the UID of the EXPLAIN's
      INVOKER instead).
      
      We no longer run the EXPLAIN SUID (with DEFINER's privileges).
      This prevents a possible exploit and makes permissions more
      orthogonal.
      
      2 - EXPLAIN SELECT would reveal a view's structure even if the user
      did not have SHOW VIEW privileges for that view, as long as they
      had SELECT privilege on the underlying tables.
      
      Instead of requiring both SHOW VIEW privilege on a view and SELECT
      privilege on all underlying tables, we were checking for presence
      of either of them.
      
      We now explicitly require SHOW VIEW and SELECT privileges on
      the view we run EXPLAIN SELECT on, as well as all its
      underlying views. We also require SELECT on all relevant
      tables. 
      546084eb
  17. 28 Sep, 2011 1 commit
    • Raghav Kapoor's avatar
      BUG#11758062 - 50206: ER_TOO_BIG_SELECT REFERS TO OUTMODED · 92d96d14
      Raghav Kapoor authored
      SYSTEM VARIABLE NAME SQL_MAX_JOIN_SI 
      
      BACKGROUND:
      
      ER_TOO_BIG_SELECT refers to SQL_MAX_JOIN_SIZE, which is the
      old name for MAX_JOIN_SIZE.
      
      FIX:
      
      Support for old name SQL_MAX_JOIN_SIZE is removed in MySQL 5.6
      and is renamed as MAX_JOIN_SIZE.So the errmsg.txt 
      and mysql.cc files have been updated and the corresponding result
      files have also been updated.
      92d96d14
  18. 27 Sep, 2011 2 commits
  19. 26 Sep, 2011 1 commit