1. 24 Jun, 2013 3 commits
    • unknown's avatar
      No commit message · 87015f4c
      unknown authored
      No commit message
      87015f4c
    • Sujatha Sivakumar's avatar
      Bug#16753869:INCORRECT TRUNCATION OF LONG SET EXPRESSION IN · ce29ca8b
      Sujatha Sivakumar authored
      LOAD DATA CAN CAUSE SQL INJECTION
      
      Problem:
      =======
      A long SET expression in LOAD DATA is incorrectly truncated
      when written to the binary log.
      
      Analysis:
      ========
      LOAD DATA statements are reconstructed once again before
      they are written to the binary log. When SET clauses are
      specified as part of LOAD DATA statement, these SET clause
      user command strings need to be stored as it is inorder to
      reconstruct the original user command.  At present these
      strings are stored as part of SET clause item tree's
      top most Item node's name itself which is incorrect. As an
      Item::name can be of MAX_ALIAS_NAME (256) size. Hence the
      name will get truncated to "255".
      
      Because of this the rewritten LOAD DATA statement will be
      terminated incorrectly.  When this statment is read back by
      the mysqlbinlog tool it reads a starting single quote and
      continuos to read till it finds an ending quote. Hence any
      statement written post ending quote will be considered as
      a new statement.
      
      Fix:
      ===
      As name field has length restriction the string value
      should not be stored in Item::name.  A new String list is
      maintained to store the SET expression values and this list
      is read during reconstrution.
      
      sql/sql_lex.cc:
        Clear the load data set string list during each query 
        execution.
      sql/sql_lex.h:
        Added a new String list to store the load data operation's
        SET clause user command strings.
      sql/sql_load.cc:
        Read the SET clause user command strings from load data
        set string list.
      sql/sql_yacc.yy:
        Store the SET caluse user command string as part of load
        data set string list.
      ce29ca8b
    • unknown's avatar
      No commit message · 99c7d1f1
      unknown authored
      No commit message
      99c7d1f1
  2. 21 Jun, 2013 1 commit
    • Tor Didriksen's avatar
      Bug#16945503 ADDRESSSANITIZER BUG IN SYS_VARS · 98ed58ca
      Tor Didriksen authored
      Sys_var_keycache inherits from some variant of Sys_var_integer
      
      Instances of Sys_var_keycache are initialized using the KEYCACHE_VAR macro,
      which takes an offset within st_key_cache.
      However, the Sys_var_integer CTOR treats the offset as if it was within
      global_system_variables (hidden within some layers of macros and fuction
      pointers)
      
      The result is that we write arbitrary data to arbitrary locations in memory.
      This all happens during static initialization of global objects,
      i.e. before we have even entered the main() function.
      
      
      Bug#12325449 TYPO IN CMAKE/DTRACE.CMAKE
      Fix typo in dtrace.cmake
      98ed58ca
  3. 19 Jun, 2013 2 commits
  4. 18 Jun, 2013 4 commits
  5. 17 Jun, 2013 1 commit
  6. 14 Jun, 2013 7 commits
    • unknown's avatar
      Bug#16914007-INNODB: CHECK TABLE SHOULD MARK AN INDEX AS CORRUPTED · e0c68b15
      unknown authored
      IF IT HAS A WRONG COUNT
      
      If CHECK TABLE finds that a secondary index contains the wrong
      number of entries, it used to report an error but not mark the
      index as corrupt. The error means that the index should be rebuilt,
      which can be done with ALTER TABLE DROP INDEX and ALTER TABLE ADD
      INDEX.  But just in case the DBA does not pay any attention to the
      output of CHECK TABLE, the secondary index should be marked as
      corrupted so that it is not used again.
      
      Approved by Inaam in RB:2607
      e0c68b15
    • Tor Didriksen's avatar
      Bug#14834378 ADDRESSSANITIZER BUG IN FILENAME_TO_TABLENAME · 45f739bd
      Tor Didriksen authored
      Backport to 5.5
      
      
      sql/sql_table.cc:
        gcc asan crashes in filename_to_tablename() on this: memcmp("-@", "#sql", 4)
        during loading of the innobase plugin
      45f739bd
    • unknown's avatar
      No commit message · 28c67699
      unknown authored
      No commit message
      28c67699
    • Tor Didriksen's avatar
      Bug#16729109: FIX COMPILATION WARNINGS WITH GCC 4.8 · c94ccb23
      Tor Didriksen authored
      Backport to 5.5
      (external Bug#69407 Build warnings with mysql)
      
      
      support-files/build-tags:
        Run etags on sql_yacc.yy, ignore other .yy files
      unittest/mysys/explain_filename-t.cc:
        NO_PLAN seems to fail on some platforms, use the actual number instead.
      c94ccb23
    • unknown's avatar
      No commit message · d0e58676
      unknown authored
      No commit message
      d0e58676
    • Aditya A's avatar
      Bug#13548704 ALGORITHM USED FOR DROPPING PARTITIONED TABLE CAN LEAD · 291e0296
      Aditya A authored
                   TO INCONSISTENCY 
      [Merge from 5.1]
      
      291e0296
    • Aditya A's avatar
      Bug#13548704 ALGORITHM USED FOR DROPPING PARTITIONED TABLE CAN LEAD · dfb6f63b
      Aditya A authored
                   TO INCONSISTENCY 
      
      PROBLEM
      --------
      When we drop a partitoned table , we first gather the
      information about partitions in the table from the 
      table_name.par file and store it in an internal data 
      structure.Then we delete this file and the data in 
      the table. If the server crashes  after deleting the
      file,then after recovering we cannot access the table
      .Even we cannot drop the table ,because drop algorithm
      requires par file to read the partition information.
      
      
      FIX
      ---
      1. We move the part of deleting par file after deleting 
         all the table data from the storage egine.
      2. During drop operation if we detect that the par 
         file is missing then we delete the .frm file,since 
         there is no way of recovering without par file.
        
      [Approved by Mattias rb#2576 ]   
      dfb6f63b
  7. 13 Jun, 2013 1 commit
    • Annamalai Gurusami's avatar
      Bug #16417635 INNODB FAILS TO MERGE UNDER-FILLED PAGES DEPENDING · d9a71d5c
      Annamalai Gurusami authored
      ON DELETION ORDER
      
      Problem:
      
      When a InnoDB index page is under-filled, we will merge it with either
      the left sibling node or the right sibling node.  But this checking is
      incorrect.  When the left sibling node is available, even if merging
      is not possible with left sibling node, we do not check for the 
      possibility of merging with the right sibling node.  
      
      Solution:
      
      If left sibling node is available, and merging with left sibling node
      is not possible, then check if merge with right sibling node is
      possible.
      
      rb#2506 approved by jimmy & ima.
      
      d9a71d5c
  8. 12 Jun, 2013 2 commits
    • Sivert Sorumgard's avatar
      Bug #14227431: CHARACTER SET MISMATCH WHEN ALTERING FOREIGN KEYS · c8fc3db1
      Sivert Sorumgard authored
      CAN LEAD TO MISSING TABLES
      
      Overview
      --------
      If the FOREIGN_KEY_CHECKS system variable is set to 0, it is
      possible to break a foreign key constraint by changing the type
      or character set of the foreign key column, or by dropping the
      foreign key index (without carrying out corresponding changes on
      another table in the relationship).
      
      If we subsequently set FOREIGN_KEY_CHECKS to 1 and execute ALTER
      TABLE involving the COPY algorithm on such a table, the following
      happens:
      
      1) If ALTER TABLE does not contain a RENAME clause, the attempt 
         to install the new version of the table instead of the old one
         will fail due to the fact that the inconsistency will be 
         detected. An attempt to revert the partially executed alter 
         table operation by restoring the old table definition will 
         fail as well due to FOREIGN_KEY_CHECKS == 1. As a result, the 
         table being altered will be lost.
      2) If ALTER TABLE contains the RENAME clause, the inconsistency 
         will not be detected (most probably due to other bugs). But if
         an attempt to install the new version of the table fails (for 
         example, due to a failure when updating triggers associated 
         with the table), reverting the partially executed alter table 
         by restoring the old table definition will fail too. So the 
         table being altered might be lost as well.
      
      
      Suggested fix
      -------------
      The suggested fix is to temporarily unset the option bit
      representing FOREIGN_KEY_CHECKS when the old table definition is
      restored while reverting the partially executed operation.
      c8fc3db1
    • unknown's avatar
      No commit message · b75b3229
      unknown authored
      No commit message
      b75b3229
  9. 10 Jun, 2013 3 commits
  10. 07 Jun, 2013 2 commits
  11. 06 Jun, 2013 1 commit
  12. 05 Jun, 2013 1 commit
  13. 04 Jun, 2013 1 commit
  14. 03 Jun, 2013 1 commit
  15. 29 May, 2013 1 commit
  16. 24 May, 2013 4 commits
    • Maitrayi Sabaratnam's avatar
      4371 Maitrayi Sabaratnam 2013-05-23 · baca6688
      Maitrayi Sabaratnam authored
            Bug#13116514 - CREATE LOGFILE GROUP INITIAL_SIZE & UNDO_BUFFER_SIZE FAILS
            
            Fixing parser to accept the syntax: to give a size with suffix 'M', eg. undo_buffer_size=10M (M for mega bytes), in 'create logfile group' command.
      baca6688
    • Marko Mäkelä's avatar
      Bug#16859867 INNODB_BUG14529666 FAILS SPORADICALLY IN VALGRIND · 90f3f080
      Marko Mäkelä authored
      i_s_innodb_buffer_page_get_info(): Do not read the buffer block frame
      contents of read-fixed blocks, because it may be invalid or
      uninitialized. When we are going to decompress or read a block, we
      will put it into buf_pool->page_hash and buf_pool->LRU, read-fix the
      block and release the mutexes for the duration of the reading or
      decompression.
      
      rb#2500 approved by Jimmy Yang
      90f3f080
    • Venkatesh Duggirala's avatar
      Bug#16765278 DELETE SQL_LOAD_MB* FILE (TEMP FILE) CREATED · 8cfe6365
      Venkatesh Duggirala authored
      BY BINLOG_KILLED_SIMULATE.TEST
      Merging fix from mysql-5.1
      8cfe6365
    • Venkatesh Duggirala's avatar
      Bug#16765278 DELETE SQL_LOAD_MB* FILE (TEMP FILE) CREATED · e8a0b9f9
      Venkatesh Duggirala authored
      BY BINLOG_KILLED_SIMULATE.TEST
            
      'mysqbinlog' tool creates a temporary file while 
      preparing LOAD DATA QUERY. These files needs to be deleted
      at the end of the test script otherwise these files are
      left out in the daily-run machines, causing
      "no space on device issues"
            
      Fix: 
      Delete them at the end of these test scripts
      1) execute mysqlbinlog with --local-load option to
      create these files in a specified tmpdir
      2) delete the tmpdir at the end of the test script
      e8a0b9f9
  17. 23 May, 2013 3 commits
    • Chaithra Gopalareddy's avatar
      Null merge from 5.1 to 5.5 · d8d95d41
      Chaithra Gopalareddy authored
      d8d95d41
    • Chaithra Gopalareddy's avatar
      Bug #16119355: PREPARED STATEMENT: READ OF FREED MEMORY WITH · 4bd94e7d
      Chaithra Gopalareddy authored
                                       STRING CONVERSION FUNCTIONS
                  
      Problem:
      While executing the prepared statement, user variable is
      set to memory which would be freed at the end of
      execution.
      If the statement is executed again, valgrind throws
      error when accessing this pointer.
                        
      Analysis:
                      
      1. First time when Item_func_set_user_var::check is called,
         memory is allocated for "value" to store the result.
         (In the call to copy_if_not_alloced).
      2. While sending the result, Item_func_set_user_var::check
         is called again. But, this time, its called with
         "use_result_field" set to true. 
         As a result, we call result_field->val_str(&value).
      3. Here memory allocated for "value" gets freed. And "value"
         gets set to "result_field", with "str_length" being that of
         result_field's.
      4. In the call to JOIN::cleanup, result_field's memory gets
         freed as this is allocated in a chunk as part of the
         temporary table which is needed to execute the query.
      5. Next time, when execute of the same statement is called,
         "value" will be set to memory which is already freed.
         Valgrind error occurs as "str_length" is positive 
         (set at Step 3)
                        
      Note that user variables list is stored as part of the Lex object
      in set_var_list. Hence the persistance across executions.
                  
      Solution:
      Patch for Bug#11764371 fixed in mysql-5.6+ fixes this problem 
      as well.So backporting the same.
                  
      In the solution for Bug#11764371, we create another object of 
      user_var and repoint it to temp_table's field. As a result while 
      deleting the alloced buffer in Step 3, since the cloned object 
      does not own the buffer, deletion will not happen.
      So at step 5 when we execute the statement second time, the 
      original object will be used and since deletion did not happen 
      valgrind will not complain about dangling pointer.
      
      
      sql/item_func.h:
        Add constructors.
      sql/sql_select.cc:
        Change user variable assignment functions to read from fields after
        tables have been unlocked.
      4bd94e7d
    • Chaithra Gopalareddy's avatar
      Merge from 5.5 to 5.6 · e2f73d9d
      Chaithra Gopalareddy authored
      e2f73d9d
  18. 22 May, 2013 1 commit
    • Chaithra Gopalareddy's avatar
      Bug#11766191:INVALID MEMORY READ IN DO_DIV_MOD WITH DOUBLY ASSIGNED VARIABLES · 0c903fb5
      Chaithra Gopalareddy authored
      Bug#12608543: CRASHES WITH DECIMALS AND STATEMENT NEEDS TO BE REPREPARED ERRORS
      
      Backporting these two fixes to 5.1 
      Added unittest to test my_decimal construtor and assignment operators
      
      sql/my_decimal.h:
        Added constructor and assignment operators for my_decimal
      unittest/my_decimal/my_decimal-t.cc:
        Added test to check constructor and assignment operators for my_decimal
      0c903fb5
  19. 20 May, 2013 1 commit