1. 14 Mar, 2013 2 commits
    • Sergey Glukhov's avatar
      5.1 -> 5.5 merge · 662feebc
      Sergey Glukhov authored
      662feebc
    • Sergey Glukhov's avatar
      Bug#16075310 SERVER CRASH OR VALGRIND ERRORS IN ITEM_FUNC_GROUP_CONCAT::SETUP AND ::ADD · 6077a41a
      Sergey Glukhov authored
      Item_func_group_concat::copy_or_same() creates a copy of original object.
      It also creates a copy of ORDER structure because ORDER struct elements may
      be modified in find_order_in_list() called from Item_func_group_concat::setup().
      As ORDER copy is created using memcpy, ORDER::next elements point to original
      ORDER structs. Thus find_order_in_list() called from EXECUTE stmt modifies
      ordinal ORDER item pointers so they point to runtime items, these items are
      freed after execution, so original ORDER structure becomes invalid.
      The fix is to properly update ORDER::next fields so that they point to
      new ORDER elements.
      
      
      
      sql/item_sum.cc:
        update ORDER::next fields so that they point to new ORDER elements.
      6077a41a
  2. 13 Mar, 2013 5 commits
  3. 12 Mar, 2013 6 commits
    • Venkatesh Duggirala's avatar
      BUG#14593883-REPLICATION BREAKS WHEN SET DATA TYPE · 3883559d
      Venkatesh Duggirala authored
      COLUMNS ARE USED INSIDE A STORED PROCEDURE                                      
                                                                                      
      Problem: When 'SET' type columns are used in a DML                              
      inside a stored procedure and a NULL value is passed                            
      to that column, replication is breaking.                                        
                                                                                      
      Analysis: All stored procedure variables used inside                            
      a DML will be substituted with NAME_CONST functions.                            
      While NAME_CONST are used in this particular scenario,                          
      i.e., when NULL value is passed then charset is copied                          
      from 'empty_set_string' member of Field_set class.                              
      The operator '=' overload method inside 'String' class                          
      is not coping str_charset from R.H.S object to L.H.S object.                    
      Hence charset is wrongly copied in the string assignment                        
                                                                                      
      Fix: Handle coping str_charset member in operator '=' overload                  
      method.
      
      sql/sql_string.h:
        Handled coping str_charset member in operator '=' overload                  
        method.
      3883559d
    • Venkatesh Duggirala's avatar
      BUG#14593883-REPLICATION BREAKS WHEN SET DATA TYPE · 8a49d7a8
      Venkatesh Duggirala authored
      COLUMNS ARE USED INSIDE A STORED PROCEDURE                                      
                                                                                      
      Problem: The operator '=' overload method inside
      'String' class is not coping str_charset member from
      R.H.S object to L.H.S object. Hence charset is wrongly
      set while using string assignments
      
      Analaysis: The above mentioned problem is
      identified while doing the analaysis of bug#14593883.
      Though the test scenario mentioned in the bug page
      is not  an issue in mysql-5.1 code, the actual root cause
      ie., "str_charset member is not copied" exists in the 
      mysql-5.1 code base. 
      
      Fix: Handle coping str_charset member in operator '=' overload                  
      method.
      
      sql/sql_string.h:
        Handled coping str_charset member in operator '=' overload                  
        method.
      8a49d7a8
    • Marko Mäkelä's avatar
      Bug#16409715 ASSERT SYNC_THREAD_LEVELS_G(ARRAY, LEVEL - 1, TRUE), · d910c5ac
      Marko Mäkelä authored
      IBUF, FREE SPACE MANAGEMENT
      
      ibuf_merge_or_delete_for_page(): Declare the user index page latched
      for UNIV_SYNC_DEBUG after opening the change buffer cursor. This
      should avoid the bogus latching order violation.
      
      ibuf_delete_rec(): Add assertions to the callers, checking that the
      mini-transaction was committed when the function returned TRUE. This
      is a non-functional change, just clarifying the code.
      
      rb#2136 approved by Kevin Lewis
      d910c5ac
    • Marko Mäkelä's avatar
      Merge mysql-5.1 to mysql-5.5. · b5f4385e
      Marko Mäkelä authored
      b5f4385e
    • Marko Mäkelä's avatar
      Bug#16463505 PESSIMISTIC PAGE_ZIP_AVAILABLE() MAY CAUSE INFINITE PAGE SPLIT · daa28126
      Marko Mäkelä authored
      For a fresh insert, page_zip_available() was counting some fields twice.
      In the worst case, the compressed page size grows by PAGE_ZIP_DIR_SLOT_SIZE
      plus the size of the record that is being inserted. The size of the record
      already includes the fields that will be stored in the uncompressed portion
      of the compressed page.
      
      page_zip_get_trailer_len(): Remove the output parameter entry_size,
      because no caller is interested in it.
      
      page_zip_max_ins_size(), page_zip_available(): Assume that the page grows
      by PAGE_ZIP_DIR_SLOT_SIZE and the record size (which includes the fields
      that would be stored in the uncompressed portion of the page).
      
      rb#2169 approved by Sunny Bains
      daa28126
    • unknown's avatar
      No commit message · 893a97e4
      unknown authored
      No commit message
      893a97e4
  4. 11 Mar, 2013 2 commits
    • Tor Didriksen's avatar
      Bug#11766815 INVALID SYSTEM CHECK TIME_T_UNSIGNED · 8b50ce72
      Tor Didriksen authored
      The check for unsigned time_t failed, on all platforms, due to missing #include.
      
      from CMakeFiles/CMakeError.log
      with this patch: error: size of array array is negative
      without this patch: error: time_t undeclared (first use in this function)
      8b50ce72
    • unknown's avatar
      No commit message · e4b15e92
      unknown authored
      No commit message
      e4b15e92
  5. 08 Mar, 2013 1 commit
  6. 07 Mar, 2013 1 commit
    • Aditya A's avatar
      BUG#16069598 - SERVER CRASH BY NULL POINTER DEREFERENCING IN · b6b3d6e2
      Aditya A authored
                     MEM_HEAP_CREATE_BLOCK() 
      
      PROBLEM
      -------
      
      If we give start mysqld with the option --innodb_log_buffer_size=50GB
      ,then  mem_area_alloc() function fails to allocate memory and returns
      NULL.In debug version we assert at this point,but there is no check in
      release version and we get a segmentation fault.
      
      FIX
      ---
      Added a log message saying that we are unable to allocate memory.
      After this message we assert.
      
      [Approved by Kevin http://rb.no.oracle.com/rb/r/2065 ]
      b6b3d6e2
  7. 05 Mar, 2013 1 commit
  8. 01 Mar, 2013 1 commit
  9. 07 Mar, 2013 1 commit
    • Ashish Agarwal's avatar
      Bug#16169063: SECURITY CONCERN BECAUSE OF INSUFFICIENT LOGGING · b29fb8c4
      Ashish Agarwal authored
      PROBLEM: If multiple statements are sent by a single
               request then only the last statement was
               getting logged. An attacker can bypass the
               audit log just by sending two comsecutive
               statements in one request.
      
      SOLUTION: Each statements from a single request are
                logged.
      b29fb8c4
  10. 06 Mar, 2013 2 commits
    • Annamalai Gurusami's avatar
      Bug #16133801 UNEXPLAINABLE INNODB UNIQUE INDEX LOCKS ON DELETE + · 775dbed9
      Annamalai Gurusami authored
      INSERT WITH SAME VALUES
      
      Problem:
      
      When a transaction is in READ COMMITTED isolation level, gap locks are still
      taken in the secondary index, when row is inserted.  This happens when the
      secondary index is scanned for duplicate.  
      
      The function row_ins_scan_sec_index_for_duplicate() always calls the 
      function row_ins_set_shared_rec_lock() with LOCK_ORDINARY irrespective of
      the transaction isolation level.
      
      Solution:
      
      The function row_ins_scan_sec_index_for_duplicate() calls the 
      function row_ins_set_shared_rec_lock() with LOCK_ORDINARY or 
      LOCK_REC_NOT_GAP based on the transaction isolation level.
      
      rb://2035 approved by Krunal and Marko
      
      775dbed9
    • unknown's avatar
      NULL Merge for release 5.1.69 · 09f18a7d
      unknown authored
      09f18a7d
  11. 05 Mar, 2013 2 commits
  12. 01 Mar, 2013 2 commits
    • Marc Alff's avatar
      L0ocal merge · 37210261
      Marc Alff authored
      37210261
    • Venkatesh Duggirala's avatar
      BUG#11753923-SQL THREAD CRASHES ON DISK FULL · 0ebb72b5
      Venkatesh Duggirala authored
      Fixing post push issue
      Simulator name used needs to be changed to make it
      work properly.
      
      Analysis: 
      Debug control list addition (ListAddDel function
      dbug.c file) code was written in such a way that
      if new element is subset of already existing element,
      then the new element is not added.
      i.e., set @@global.debug = '+d,abcd', is existing in
      the list then you cannot add "a" or "ab" or "abc"
      in the list.
      0ebb72b5
  13. 28 Feb, 2013 5 commits
    • Jon Olav Hauglid's avatar
      Bug#16385711: HANDLER, CREATE TABLE IF NOT EXISTS, · a4a50271
      Jon Olav Hauglid authored
                    PROBLEM AFTER MYSQL_HA_FIND
      
      This problem occured if a prepared statement tried to create a table
      for which there already existed a view with the same name while a
      SQL handler was opened.
      
      Before DDL statements are executed, mysql_ha_rm_tables() is called
      to remove any matching tables from the internal list of opened SQL
      handler tables. This match was done on TABLE_LIST::db and 
      TABLE_LIST::table_name. This is problematic for views (which use
      TABLE_LIST::view_db and TABLE_LIST::view_name) and anonymous
      derived tables.
      
      This patch fixes the problem by skipping TABLE_LISTs representing
      anonymous derived tables and using get_db_name()/get_table_name()
      which handles views when looking for SQL handler tables to remove.
      a4a50271
    • Marc Alff's avatar
      Bug#16414644 ASSERTION FAILED: SIZE == PFS_ALLOCATED_MEMORY · 99f83c66
      Marc Alff authored
      Before this fix, the command
        SHOW ENGINE PERFORMANCE_SCHEMA STATUS
      could report wrong amount of memory allocated,
      when the amount of memory used exceeds 4GB.
      
      The problem is that size computations are not done using size_t,
      so that overflows do occur, truncating the results.
      
      This fix compute memory sizes properly with size_t.
      
      Tested manually.
      
      No test script provided, as the script would need to allocate too much 
      memory for the test.
      99f83c66
    • unknown's avatar
      No commit message · 94b1b653
      unknown authored
      No commit message
      94b1b653
    • unknown's avatar
      No commit message · d5f292de
      unknown authored
      No commit message
      d5f292de
    • unknown's avatar
      No commit message · 6ba3d9b8
      unknown authored
      No commit message
      6ba3d9b8
  14. 27 Feb, 2013 5 commits
    • Gleb Shchepa's avatar
      Manual up-merge (16311231 backport) · 93c93592
      Gleb Shchepa authored
      93c93592
    • Gleb Shchepa's avatar
      Bug #16311231: MISSING DATA ON SUBQUERY WITH WHERE + XOR · f8cd565d
      Gleb Shchepa authored
      IN IN-CLAUSE USING MYISAM OR MEMORY ENGINE
      
      Backport from 5.6. Original message:
      
      The coincidences caused a data loss:
      * The query has IN subqueries nested twice,
      * the WHERE clause of the inner subquery refers to the
        outer field, and the whole WHERE clause returns FALSE,
      * the inner subquery has a LEFT JOIN that joins a single
        row with a row of NULLs; one of that NULL columns
        represents the select list of the subquery.
      
      Normally, that inner subquery should return empty record set.
      However, in our case:
      * the Item_is_not_null_test item goes constant, since
        its underlying field is NULL (because of LEFT JOIN ... ON 
        FALSE of const table row with a row of nulls);
      * we evaluate Item_is_not_null_test::val_int() as a part
        of fake HAVING expression of the transformed subquery;
      * as far as the underlying field is NULL, we optimize
        out the whole fake HAVING expression as FALSE as well
        as a whole subquery with a zero result:
        Impossible HAVING noticed after reading const tables";
      * thus, the optimizer ignores the presence of the WHERE
        clause (the WHERE expression is FALSE in our case, so
        the subquery should return empty set);
      * however, during the evaluation of the 
        Item_is_not_null_test::val_int() in the optimizer,
        it marked its "owner" with the "was_null" flag -- that
        forced the subquery to return UNKNOWN instead of empty
        set.
      That caused a wrong result.
      
      
      The problem is a regression of the small cleanup in
      the fix for the bug11827369 (the Item_is_not_null_test part)
      that conflicts with optimizations in the fix for the bug11752543.
      Before that regression the Item_is_not_null_test items
      never were constants.
      
      The fix is the rollback of Item_is_not_null_test parts
      of the bug11827369 fix.
      f8cd565d
    • unknown's avatar
      Bug #16305265 HANG IN RENAME TABLE · e1e43631
      unknown authored
      This is a deadlock that will also be fixed in the server by
      Bug #11844915 - HANG IN THDVAR MUTEX ACQUISITION.
      So this is a simple alternate method of fixing the same problem,
      but from within InnoDB.
      
      The simple change is to make rename table start a transaction
      before locking dict_sys->mutex since thd_supports_xa() can call
      THDVAR which can lock a mutex, LOCK_global_system_variables, that
      is used in the server by many other activities.  At least one of
      those, sys_var::update(), can call back into InnoDB and try to
      lock dict_sys->mutex while holding LOCK_global_system_variables.
      
      The other bug fix for 11844915 eliminates the use of
      LOCK_global_system_variables for calls to THDVAR.
      
      Approved by marko in http://rb.no.oracle.com/rb/r/2000/
      e1e43631
    • Marko Mäkelä's avatar
      Merge mysql-5.1 to mysql-5.5. · a0d7f34b
      Marko Mäkelä authored
      a0d7f34b
    • Marko Mäkelä's avatar
      Bug#16400920 INNODB TRIES TO PASS EMPTY BUFFER TO ZLIB, GETS Z_BUF_ERROR · d065d727
      Marko Mäkelä authored
      page_zip_compress_node_ptrs(): Do not attempt to invoke deflate() with
      c_stream->avail_in, because it will result in Z_BUF_ERROR (and
      page_zip_compress() failure and unnecessary further splits of the node
      pointer page). A node pointer record can have empty payload, provided
      that all key fields are empty.
      
      Approved by Jimmy Yang
      d065d727
  15. 26 Feb, 2013 2 commits
  16. 25 Feb, 2013 2 commits