1. 01 Oct, 2010 1 commit
    • Sergey Glukhov's avatar
      Bug#54488 crash when using explain and prepared statements with subqueries · 86ef2332
      Sergey Glukhov authored
      The crash happens because original join table is replaced with temporary table
      at execution stage and later we attempt to use this temporary table in
      select_describe. It might happen that
      Item_subselect::update_used_tables() method which sets const_item flag
      is not called by some reasons (no where/having conditon in subquery for example).
      It prevents JOIN::join_tmp creation and breaks original join.
      The fix is to call ::update_used_tables() before ::const_item() check.
      86ef2332
  2. 23 Sep, 2010 1 commit
    • Sergey Glukhov's avatar
      Bug#54494 crash with explain extended and prepared statements · 55390725
      Sergey Glukhov authored
      In case of outer join and emtpy WHERE conditon
      'always true' condition is created for WHERE clasue.
      Later in mysql_select() original SELECT_LEX WHERE
      condition is overwritten with created cond.
      However SELECT_LEX condition is also used as inital
      condition in mysql_select()->JOIN::prepare().
      On second execution of PS modified SELECT_LEX condition
      is taken and it leads to crash.
      The fix is to restore original SELECT_LEX condition
      (set to NULL if original cond is NULL) in
       reinit_stmt_before_use().
      HAVING clause is fixed too for safety reason
      (no test case as I did not manage to think out
       appropriate example).
      55390725
  3. 13 Sep, 2010 1 commit
  4. 10 Sep, 2010 1 commit
  5. 09 Sep, 2010 1 commit
  6. 07 Sep, 2010 4 commits
  7. 02 Sep, 2010 1 commit
  8. 26 Aug, 2010 3 commits
    • Alexey Kopytov's avatar
      Automerge. · 1f7b4031
      Alexey Kopytov authored
      1f7b4031
    • Alexey Kopytov's avatar
      Automerge. · 8a310d69
      Alexey Kopytov authored
      8a310d69
    • Alexey Kopytov's avatar
      Bug #53544: Server hangs during JOIN query in stored procedure · 6c6a3e8f
      Alexey Kopytov authored
                  called twice in a row
      
      Queries with nested joins could cause an infinite loop in the
      server when used from SP/PS.
      
      When flattening nested joins, simplify_joins() tracks if the
      name resolution list needs to be updated by setting
      fix_name_res to TRUE if the current loop iteration has done any
      transformations to the join table list. The problem was that
      the flag was not reset before the next loop iteration leading
      to unnecessary "fixing" of the name resolution list which in
      turn could lead to a loop (i.e. circularly-linked part) in that
      list. This was causing problems on subsequent execution when
      used together with stored procedures or prepared statements.
      
      Fixed by making sure fix_name_res is reset on every loop
      iteration.
      6c6a3e8f
  9. 25 Aug, 2010 1 commit
  10. 24 Aug, 2010 1 commit
  11. 30 Aug, 2010 5 commits
  12. 27 Aug, 2010 3 commits
    • Vasil Dimov's avatar
      Merge mysql-5.1-innodb -> mysql-5.1-bugteam · 74c32d69
      Vasil Dimov authored
      74c32d69
    • Alexey Kopytov's avatar
      Bug #54465: assert: field_types == 0 || field_types[field_pos] · b409a221
      Alexey Kopytov authored
                  == MYSQL_TYPE_LONGLONG
      
      A MIN/MAX() function with a subquery as its argument could lead
      to a debug assertion on debug builds or wrong data on release
      ones.
      
      The problem was a combination of the following factors:
      
      - Item_sum_hybrid::fix_fields() might use the argument
      (args[0]) to calculate 'hybrid_field_type' which was later used
      to decide how the data should be sent to the client.
      
      - Item_sum::make_field() might use the argument again to
      calculate the field's type when sending result set metadata to
      the client.
      
      - The argument could be changed in between these two calls via
        Item::set_arg() leading to inconsistent metadata being
        reported.
      
      Here is what was happening for the bug's test case:
      
      1. Item_sum_hybrid::fix_fields() calculates hybrid_field_type
      as MYSQL_TYPE_LONGLONG based on args[0] which is an
      Item::SUBSELECT_ITEM at that time.
      
      2. A temporary table is created to execute the
      query. create_tmp_field_from_item() creates a Field_long object
      according to the subselect's max_length.
      
      3. The subselect item in Item_sum_hybrid is replaced by the
      Item_field object referencing the newly created Field_long.
      
      4. Item_sum::make_field() rightfully returns the
      MYSQL_TYPE_LONG type when calculating the result set metadata.
      
      5. When sending the actual data, Item::send() relies on the
      virtual field_type() function which in our case returns
      previously calculated hybrid_field_type == MYSQL_TYPE_LONGLONG.
      
      It looks like the only solution is to never refer to the
      argument's metadata after the result metadata has been
      calculated in fix_fields(), since the argument itself may be
      different by then. In this sense, Item_sum::make_field() should
      never be used, because it may rely on the argument's metadata
      and is only called after fix_fields(). The "default"
      implementation in Item::make_field() should be used instead as
      it relies only on field_type(), but not on the argument's type.
      
      Fixed by removing Item_sum::make_field() so that the superclass
      implementation Item::make_field() is always used.
      b409a221
    • Ramil Kalimullin's avatar
      Fix for bug #54253: memory leak when using I_S plugins w/o deinit method · 1087cfc4
      Ramil Kalimullin authored
      Free memory allocated by the server for all plugins,
      with or without deinit() method.
      1087cfc4
  13. 26 Aug, 2010 5 commits
  14. 25 Aug, 2010 4 commits
  15. 24 Aug, 2010 4 commits
    • Alexey Kopytov's avatar
      Bug #54802: 'NOT BETWEEN' evaluation is incorrect · 756076bd
      Alexey Kopytov authored
      Queries involving predicates of the form "const NOT BETWEEN
      not_indexed_column AND indexed_column" could return wrong data
      due to incorrect handling by the range optimizer.
      
      For "c NOT BETWEEN f1 AND f2" predicates, get_mm_tree()
      produces a disjunction of the SEL_ARG trees for "f1 > c" and
      "f2 < c". If one of the trees is empty (i.e. one of the
      arguments is not sargable) the resulting tree should be empty
      as well, since the whole expression in this case is not
      sargable.
      
      The above logic is implemented in get_mm_tree() as follows. The
      initial state of the resulting tree is NULL (aka empty). We
      then iterate through arguments and compute the corresponding
      SEL_ARG tree (either "f1 > c" or "f2 < c"). If the resulting
      tree is NULL, it is simply replaced by the generated
      tree. Otherwise it is replaced by a disjunction of itself and
      the generated tree. The obvious flaw in this implementation is
      that if the first argument is not sargable and thus produces a
      NULL tree, the resulting tree will simply be replaced by the
      tree for the second argument. As a result, "c NOT BETWEEN f1
      AND f2" will end up as just "f2 < c".
      
      Fixed by adding a check so that when the first argument
      produces an empty tree for the NOT BETWEEN case, the loop is
      aborted with an empty tree as a result. The whole idea of using
      a loop for 2 arguments does not make much sense, but it was
      probably used to avoid code duplication for several BETWEEN
      variants.
      756076bd
    • Alexey Kopytov's avatar
      Automerge. · 947c7f30
      Alexey Kopytov authored
      947c7f30
    • Alexey Kopytov's avatar
      Bug #55568: user variable assignments crash server when used · 0e74ac50
      Alexey Kopytov authored
                  within query
      
      The server could crash after materializing a derived table
      which requires a temporary table for grouping.
      
      When destroying the temporary table used to execute a query for
      a derived table, JOIN::destroy() did not clean up Item_fields
      pointing to fields in the temporary table. This led to
      dereferencing a dangling pointer when printing out the items
      tree later in the outer SELECT.
      
      The solution is an addendum to the patch for bug37362: in
      addition to cleaning up items in tmp_all_fields3, do the same
      for items in tmp_all_fields1, since now we have an example
      where this is necessary.
      0e74ac50
    • Marko Mäkelä's avatar
      Bug#55832: selects crash too easily when innodb_force_recovery>3 · ce7d6a28
      Marko Mäkelä authored
      dict_update_statistics_low(): Create bogus statistics for those
      indexes that cannot be accessed because of the innodb_force_recovery
      setting.
      
      ha_innobase::info(): Calculate statistics for each index, even if
      innodb_force_recovery is set. Fill in bogus data for those indexes
      that are not accessed because of the innodb_force_recovery setting.
      ce7d6a28
  16. 23 Aug, 2010 1 commit
    • Marko Mäkelä's avatar
      Bug#55832: selects crash too easily when innodb_force_recovery>3 · 109893da
      Marko Mäkelä authored
      dict_update_statistics_low(): Create bogus statistics for those
      indexes that cannot be accessed because of the innodb_force_recovery
      setting.
      
      ha_innobase::info(): Calculate statistics for each index, even if
      innodb_force_recovery is set. Fill in bogus data for those indexes
      that are not accessed because of the innodb_force_recovery setting.
      109893da
  17. 20 Aug, 2010 3 commits