1. 29 Oct, 2010 5 commits
    • Georgi Kodinov's avatar
      merge · 97a06e4d
      Georgi Kodinov authored
      97a06e4d
    • Sergey Glukhov's avatar
      5.1-security->5.5-security merge · 88e82a89
      Sergey Glukhov authored
      88e82a89
    • Sergey Glukhov's avatar
      Bug#57688 Assertion `!table || (!table->write_set || bitmap_is_set(table->write_set, field · e3917c3d
      Sergey Glukhov authored
      Lines below which were added in the patch for Bug#56814 cause this crash:
      
      +      if (table->table)
      +        table->table->maybe_null= FALSE;
      
      Consider following test case:
      --
      CREATE TABLE t1(f1 INT NOT NULL);
      INSERT INTO t1 VALUES (16777214),(0);
      
      SELECT COUNT(*) FROM t1 LEFT JOIN t1 t2
      ON 1 WHERE t2.f1 > 1 GROUP BY t2.f1;
      
      DROP TABLE t1;
      --
      
      We set TABLE::maybe_null to FALSE for t2 table
      and in create_tmp_field() we create appropriate tmp table field
      using create_tmp_field_from_item() function instead of
      create_tmp_field_from_field. As a result we have
      LONGLONG field. As we have GROUP BY clause we calculate
      group buffer length, see calc_group_buffer().
      Item from group list which is used for calculation
      refer to the field from real tables and have LONG type.
      So group buffer length become insufficient for storing of
      LONGLONG value. It leads to overwriting of wrong memory
      area in do_field_int() function which is called from
      end_update().
      After some investigation I found out that
      create_tmp_field_from_item() is used only for OLAP
      grouping and can not be used for common grouping
      as it could be an incompatibility between tmp
      table fields and group buffer length.
      We can not remove create_tmp_field_from_item() call from
      create_tmp_field as OLAP needs it and we can not use this
      function for common grouping. So we should remove setting
      TABLE::maybe_null to FALSE from simplify_joins().
      In this case we'll get wrong behaviour of
      list_contains_unique_index() back. To fix it we
      could use Field::real_maybe_null() check instead of
      Field::maybe_null() and add addition check of
      TABLE_LIST::outer_join.
      e3917c3d
    • Sergey Glukhov's avatar
      5.1-security->5.5-security · bfa29d10
      Sergey Glukhov authored
      bfa29d10
    • Sergey Glukhov's avatar
      Bug#57194 group_concat cause crash and/or invalid memory reads with type errors · 3a61843a
      Sergey Glukhov authored
      The problem is caused by bug49487 fix and became visible
      after after bug56679 fix.
      Items are cleaned up and set to unfixed state after filling derived table.
      So we can not rely on item::fixed state in Item_func_group_concat::print
      and we can not use 'args' array as items there may be cleaned up.
      The fix is always to use orig_args array of items as it
      always should contain the correct data.
      3a61843a
  2. 27 Oct, 2010 1 commit
  3. 29 Oct, 2010 4 commits
  4. 28 Oct, 2010 6 commits
    • Vasil Dimov's avatar
      Fix a compilation warning: · 2aee9fb9
      Vasil Dimov authored
      /export/home/pb2/build/sb_0-2459340-1288264809.63/mysql-5.5.8-ga/storage/innobase/os/os0sync.c: In function 'os_cond_wait_timed':
      /export/home/pb2/build/sb_0-2459340-1288264809.63/mysql-5.5.8-ga/storage/innobase/os/os0sync.c:184: warning: format '%lu' expects type 'long unsigned int', but argument 4 has type 'time_t'
      gmake[2]: *** [storage/innobase/CMakeFiles/innobase.dir/os/os0sync.c.o] Error 1 
      2aee9fb9
    • Mattias Jonsson's avatar
      post merge fix · 02f1a6cb
      Mattias Jonsson authored
      02f1a6cb
    • Calvin Sun's avatar
      eb3f0d2e
    • Calvin Sun's avatar
      Bug#52062: Compiler warning in os0file.c on windows 64-bit · c441f79a
      Calvin Sun authored
      On Windows, the parameter for number of bytes passed into WriteFile()
      and ReadFile() is DWORD. Casting is needed to silence the warning on
      64-bit Windows.
      
      Also, adding several asserts to ensure the variable for number of bytes
      is no more than 32 bits, even on 64-bit Windows.
      
      rb://415
      Approved by: Inaam
      c441f79a
    • Calvin Sun's avatar
      Bug#52062: Compiler warning in os0file.c on windows 64-bit · bc921dd7
      Calvin Sun authored
      On Windows, the parameter for number of bytes passed into WriteFile()
      and ReadFile() is DWORD. Casting is needed to silence the warning on
      64-bit Windows.
      
      Also, adding several asserts to ensure the variable for number of bytes
      is no more than 32 bits, even on 64-bit Windows.
      
      This is for InnoDB Plugin.
      
      rb://415
      Approved by: Inaam
      bc921dd7
    • Calvin Sun's avatar
      Bug#52062: Compiler warning in os0file.c on windows 64-bit · 6cc24b9a
      Calvin Sun authored
      On Windows, the parameter for number of bytes passed into WriteFile()
      and ReadFile() is DWORD. Casting is needed to silence the warning on
      64-bit Windows.
      
      Also, adding several asserts to ensure the variable for number of bytes
      is no more than 32 bits, even on 64-bit Windows.
      
      This is for built-in InnoDB.
      
      rb://415
      Approved by: Inaam
      6cc24b9a
  5. 27 Oct, 2010 12 commits
  6. 26 Oct, 2010 4 commits
    • Inaam Rana's avatar
      Bug #57611 ibdata file and continuous growing undo logs · b91f6c72
      Inaam Rana authored
        rb://498
        
        Fix handling of update_undo_logs at trx commit. Previously, when
        rseg->update_undo_list grows beyond 500 the update_undo_logs were
        marked with state TRX_UNDO_TO_FREE which should have been
        TRX_UNDO_TO_PURGE.
        In 5.5 we don't need the heuristic as we support multiple rollback
        segments.
        
        Approved by: Sunny Bains
      b91f6c72
    • Inaam Rana's avatar
      a91cb6a3
    • Inaam Rana's avatar
      Bug #57611 ibdata file and continuous growing undo logs · cb64e660
      Inaam Rana authored
      rb://498
      
      Fix handling of update_undo_logs at trx commit. Previously, when
      rseg->update_undo_list grows beyond 500 the update_undo_logs were
      marked with state TRX_UNDO_TO_FREE which should have been
      TRX_UNDO_TO_PURGE.
      
      Approved by: Sunny Bains
      cb64e660
    • kevin.lewis@oracle.com's avatar
      Bug#57720 - Windows Vista and possibly Windows 7 can return ERROR_TIMEOUT... · 2dad3c94
      kevin.lewis@oracle.com authored
      Bug#57720 - Windows Vista and possibly Windows 7 can return ERROR_TIMEOUT instead of WAIT_TIMEOUT from calls to SleepConditionVariableCS() which is used in os0sync.c; os_cond_wait_timeout() where it is mapped to sleep_condition_variable().   
      
      Consider ERROR_TIMEOUT to be a timeout just like WAIT_TIMEOUT.  
      
      In addition, test for EINTR as a possible return value from pthread_cond_timeout() in the posix section of os_cond_wait_timeout(), even though it is not supposed to be returned, but just to be safe.
      2dad3c94
  7. 25 Oct, 2010 1 commit
    • Georgi Kodinov's avatar
      Bug #57689: mysql_change_user() breaks user connection on older clients · 777ad2dd
      Georgi Kodinov authored
      COM_CHANGE_USER was always handled like an implicit request to change the
      client plugin, so that the client can re-use the same code path for both normal 
      login and COM_CHANGE_USER. However this doesn't really work well with old 
      clients because they don't understand the request to change a client plugin.
      
      Fixed by implementing a special state in the code (and old client issuing 
      COM_CHANGE_USER). In this state the server parses the COM_CHANGE_USER 
      package and pushes back the password hash, the user name and the database 
      to the input stream in the same order that the native password server side plugin 
      expects. As a result it replies with an OK/FAIL just like the old server does thus
      making the new server compatible with older clients.
      
      No test case added, since it would requre an old client binary. Tested using 
      accounts with and without passwords. Tested with a correct and incorrect 
      password.
      777ad2dd
  8. 27 Oct, 2010 4 commits
  9. 26 Oct, 2010 3 commits