1. 28 Apr, 2015 2 commits
    • Arun Kuruvila's avatar
      Merge branch 'mysql-5.1' into mysql-5.5 · c9a38e86
      Arun Kuruvila authored
      c9a38e86
    • Arun Kuruvila's avatar
      Bug #20181776 :- ACCESS CONTROL DOESN'T MATCH MOST SPECIFIC · fdae90dd
      Arun Kuruvila authored
                       HOST WHEN IT CONTAINS WILDCARD
      
      Description :- Incorrect access privileges are provided to a
      user due to wrong sorting of users when wildcard characters
      is present in the hostname.
      
      Analysis :- Function "get_sorts()" is used to sort the
      strings of user name, hostname, database name. It is used
      to arrange the users in the access privilege matching order.
      When a user connects, it checks in the sorted user access
      privilege list and finds a corresponding matching entry for
      the user. Algorithm used in "get_sort()" sorts the strings
      inappropriately. As a result, when a user connects to the
      server, it is mapped to incorrect user access privileges.
      Algorithm used in "get_sort()" counts the number of
      characters before the first occurence of any one of the
      wildcard characters (single-wildcard character '_' or
      multi-wildcard character '%') and sorts in that order.
      As a result of inconnect sorting it treats hostname "%" and
      "%.mysql.com" as equally-specific values and therefore
      the order is indeterminate.
      
      Fix:- The "get_sort()" algorithm has been modified to treat
      "%" seperately. Now "get_sort()" returns a number which, if
      sorted in descending order, puts strings in the following
      order:-
      * strings with no wildcards
      * strings containg wildcards and non-wildcard characters
      * single muilt-wildcard character('%')
      * empty string.
      fdae90dd
  2. 27 Apr, 2015 3 commits
    • V S Murthy Sidagam's avatar
      Bug #18592390 QUERY TO I_S.TABLES AND I_S.COLUMNS LEADS TO HUGE MEMORY USAGE · c3870e08
      V S Murthy Sidagam authored
      Description: On an example MySQL instance with 28k empty
      InnoDB tables, a specific query to information_schema.tables
      and information_schema.columns leads to memory consumption
      over 38GB RSS.
      
      Analysis: In get_all_tables() call, we fill the I_S tables
      from frm files and storage engine. As part of that process
      we call make_table_name_list() and allocate memory for all
      the 28k frm file names in the THD mem_root through
      make_lex_string_root(). Since it has been called around
      28k * 28k times there is a huge memory getting hogged in
      THD mem_root. This causes the RSS to grow to 38GB.
      
      Fix: As part of fix we are creating a temporary mem_root
      in get_all_tables and passing it to fill_fiels(). There we
      replace the THD mem_root with the temporary mem_root and
      allocates the file names in temporary mem_root and frees
      it once we fill the I_S tables in get_all_tables and
      re-assign the original mem_root back to THD mem_root.
      
      Note: Checked the massif out put with the fix now the memory growth is just around 580MB at peak.
      c3870e08
    • V S Murthy Sidagam's avatar
      7797ef4d
    • V S Murthy Sidagam's avatar
      Bug #20683237 BACKPORT 19817663 TO 5.1 and 5.5 · c655515d
      V S Murthy Sidagam authored
      Restrict when user table hashes can be viewed. Require SUPER privileges.
      c655515d
  3. 24 Apr, 2015 2 commits
    • Arun Kuruvila's avatar
      Merge branch 'mysql-5.1' into mysql-5.5 · dbe6832c
      Arun Kuruvila authored
      dbe6832c
    • Arun Kuruvila's avatar
      Bug#20318154 : NEGATIVE ARRAY INDEX WRITE V2 · eb79ead4
      Arun Kuruvila authored
      Description:- There is a possibility of negative array index
      write associated with the function "terminal_writec()". This
      is due to the assumption that there is a possibility of
      getting -1 return value from the function call
      "ct_visual_char()".
      
      Analysis:- The function "terminal_writec()" is called only
      from "em_delete_or_list()" and "vi_list_or_eof()" and both
      these functions deal with the "^D" (ctrl+D) signal. So the
      "size_t len" and "Char c" passed to "ct_visual_char()" (when
      called from "terminal_writec()") is always 8 (macro
      VISUAL_WIDTH_MAX is passed whose value is 8) and 4 (ASCII
      value for "^D"/"ctrl+D") respectively.
      Since the value of "c" is 4, "ct_chr_class()" returns -1
      (macro CHTYPE_ASCIICTL is associated with -1 value). And
      since value of "len" is 8, "ct_visual_char()" will always
      return 2 when it is called from "terminal_writec()".
      So there is no possible case so that we encounter a negative
      array index write in "terminal_writec()". But since there is
      a rare posibility of using "terminal_writec()" in future
      enhancements, it is good handle the error case as well.
      
      Fix:- A condition is added in "terminal_writec()" to check
      whether "ct_visual_char()" is returning -1 or not. If the
      return value is -1, then value 0 is returned to its calling
      function "em_delete_or_list()" or "vi_list_or_eof()", which
      in turn will return CC_ERROR.
      
      NOTE:- No testcase is added since currently there is no
      possible scenario to encounter this error case.
      eb79ead4
  4. 21 Apr, 2015 1 commit
  5. 20 Apr, 2015 2 commits
    • V S Murthy Sidagam's avatar
      Bug #16861371 SSL_OP_NO_COMPRESSION NOT DEFINED · f07d9957
      V S Murthy Sidagam authored
      post push change: missed the change in mysql-5.5
      (Fixing compiler warning/error)
      f07d9957
    • V S Murthy Sidagam's avatar
      Bug #16861371 SSL_OP_NO_COMPRESSION NOT DEFINED · e7ad7f05
      V S Murthy Sidagam authored
      Description:
      Can't build mysql-5.5 latest source with openssl 0.9.8e.
      
      Analysis:
      Older OpenSSL versions(prior to openssl 1.0) doesn't have 'SSL_OP_NO_COMPRESSION' defined.
      Hence the build is failing with SSL_OP_NO_COMPRESSION undeclared.
      
      Fix:
      Added a conditonal compilation for 'SSL_OP_NO_COMPRESSION'.
      i.e if 'SSL_OP_NO_COMPRESSION' is defined then have the SSL_set_options call for OpenSSL 1.0 versions.
      Have sk_SSL_COMP_zero() call for OpenSSL 0.9.8 version
      e7ad7f05
  6. 17 Apr, 2015 1 commit
    • Mauritz Sundell's avatar
      Bug#20814396 PB2 IS SECRET ABOUT WHAT UNIT TESTS IT RUN · 30c14893
      Mauritz Sundell authored
      One can not see in PB2 test logs which unit tests have been run
      and passed.
      
      This patchs adds an option --unit-tests-report to mtr which
      include the ctest report in mtr output.  It will also turn on unit
      testing if not explicitly turned off with --no-unit-tests or
      equivalent.
      
      In manual runs one can always look in the ctest.log file in mtr
      vardir.
      
      --unit-tests are replaced with --unit-tests-report in files under
      mysql-test/collections/ to activate report in PB2.
      30c14893
  7. 15 Apr, 2015 1 commit
  8. 13 Apr, 2015 2 commits
  9. 10 Apr, 2015 2 commits
  10. 09 Apr, 2015 2 commits
  11. 08 Apr, 2015 1 commit
  12. 07 Apr, 2015 2 commits
  13. 06 Apr, 2015 3 commits
    • Nisha's avatar
      Merge branch 'mysql-5.1' into mysql-5.5 · 9bacdef1
      Nisha authored
      9bacdef1
    • Nisha's avatar
      BUG#20754369: BACKPORT BUG#20007583 TO 5.1 · e65f3f6f
      Nisha authored
      Backporting the patch to 5.1 and 5.5
      e65f3f6f
    • aditya's avatar
      Bug #17299181 CREATE_TIME AND UPDATE_TIME ARE WRONG FOR PARTITIONED TABLES · 232d8bbd
      aditya authored
      PROBLEM
      
      Create time is calculated as last status change time of .frm file.
      The first problem was that innodb was passing file name as
      "table_name#po#p0.frm" to the stat() call which calculates the create time.
      Since there is no frm file with this name create_time will be stored as NULL.
      The second problem is ha_partition::info() updates stats for create time
      when HA_STATUS_CONST flag was set ,where as innodb calculates this statistic
      when HA_STATUS_TIME is set,which causes create_time to be set as NULL.
      
      Fix
      Pass proper .frm name to stat() call and calculate create time when
      HA_STATUS_CONST flag is set.
      232d8bbd
  14. 30 Mar, 2015 2 commits
  15. 26 Mar, 2015 2 commits
    • Sreeharsha Ramanavarapu's avatar
      2b345e7a
    • Sreeharsha Ramanavarapu's avatar
      Bug #20730155: BACKPORT BUG#19699237 TO 5.1 · c788e693
      Sreeharsha Ramanavarapu authored
      Backport from mysql-5.5 to mysql-5.1
      
      Bug# 19699237: UNINITIALIZED VARIABLE IN
                     ITEM_FIELD::STR_RESULT LEADS TO INCORRECT
                     BEHAVIOR
      
      ISSUE:
      ------
      When the following conditions are satisfied in a query, a
      server crash occurs:
      a) Two rows are compared using a NULL-safe equal-to operator.
      b) Each of these rows belong to different charsets.
      
      SOLUTION:
      ---------
      When one charset is converted to another for comparision,
      the constructor of "Item_func_conv_charset" is called.
      This will attempt to use the Item_cache if the string is a
      constant. This check succeeds because the "used_table_map"
      of the Item_cache class is never set to the correct value.
      Since it is mistakenly assumed to be a constant, it tries
      to fetch the relevant null value related fields which are
      yet to be initialized. This results in valgrind issues
      and wrong results.
      
      The fix is to update the "used_table_map" of "Item_cache".
      This will allow "Item_func_conv_charset" to realise that
      this is not a constant.
      c788e693
  16. 25 Mar, 2015 2 commits
  17. 24 Mar, 2015 2 commits
  18. 23 Mar, 2015 5 commits
    • Chaithra Gopalareddy's avatar
      26e845c1
    • Chaithra Gopalareddy's avatar
      Bug #20730220 : BACKPORT BUG#19880368 TO 5.1 · 044060fe
      Chaithra Gopalareddy authored
      Backport from mysql-5.5 to mysql-5.1
      
      Bug#19880368 : GROUP_CONCAT CRASHES AFTER DUMP_LEAF_KEY
      
      Problem:
      find_order_by_list does not update the address of order_item
      correctly after resolving.
      
      Solution:
      Change the ref_by address for a order_by field if its
      SUM_FUNC_ITEM to the address of the field present in
      all_fields.
      044060fe
    • Chaithra Gopalareddy's avatar
      7a361a27
    • Chaithra Gopalareddy's avatar
      Bug #20730129: BACKPORT BUG#19612819 TO 5.1 · a2cd622f
      Chaithra Gopalareddy authored
      Backport from mysql-5.5 to mysql-5.1
      
      Bug #19612819 :  FILESORT: ASSERTION FAILED: POS->FIELD != 0 || POS->ITEM != 0
      
      Problem:
      While getting the temp table field for a REF_ITEM
      make_sortorder is using the real_item. As a result
      server fails later with an assert.
      
      Solution:
      Do not use real_item to get the temp table field.
      Instead use the REF_ITEM itself as temp table fields
      are created for REF_ITEM not the real_item.
      a2cd622f
    • Sreeharsha Ramanavarapu's avatar
      Bug# 19573096: LOADING CORRUPTED GEOMETRY DATA INTO A · b7bdea94
      Sreeharsha Ramanavarapu authored
                     MYISAM TABLE CAUSES THE SERVER TO CRASH
      
      Issue:
      -----
      During index maintanence, R-tree node might need a split.
      In some cases the square of mbr could be calculated to
      infinite (as in this case) or to NaN. This is currently
      not handled. This is specific to MyISAM.
      
      SOLUTION:
      ---------
      If the calculated value in "mbr_join_square" is infinite or
      NaN, set it to max double value.
      
      Initialization of output parameters of "pick_seeds" is
      required if calculation is infinite (or negative infinite).
      
      Similar to the fix made for INNODB as part of Bug#19533996.
      b7bdea94
  19. 19 Mar, 2015 2 commits
    • Jon Olav Hauglid's avatar
      Merge branch 'mysql-5.1' into mysql-5.5 · 120907c0
      Jon Olav Hauglid authored
      Conflicts:
      	mysql-test/suite/sys_vars/r/transaction_alloc_block_size_basic.result
      	mysql-test/suite/sys_vars/r/transaction_prealloc_size_basic.result
      	mysql-test/suite/sys_vars/t/transaction_alloc_block_size_basic.test
      	mysql-test/suite/sys_vars/t/transaction_prealloc_size_basic.test
      	sql/mysqld.cc
      120907c0
    • Jon Olav Hauglid's avatar
      Bug#20730053: BACKPORT BUG#19770858 TO 5.1 · c7581bb5
      Jon Olav Hauglid authored
      Backport from mysql-5.5 to mysql-5.1 of:
      
      Bug19770858: MYSQLD CAN BE DRIVEN TO OOM WITH TWO SIMPLE SESSION VARS
      
      The problem was that the maximum value of the transaction_prealloc_size
      session system variable was ULONG_MAX which meant that it was possible
      to cause the server to allocate excessive amounts of memory.
      
      This patch fixes the problem by reducing the maxmimum value of
      transaction_prealloc_size and transaction_alloc_block_size down
      to 128K.
      
      Note that transactions will still be able to allocate more than
      128K if needed, this patch just reduces the amount that can be
      preallocated - as well as the maximum size of the incremental
      allocation blocks.
      
      (cherry picked from commit 540c9f7ebb428bbf9ec028feabe1f7f919fdefd9)
      
      Conflicts:
      	mysql-test/suite/sys_vars/r/transaction_alloc_block_size_basic.result
      	mysql-test/suite/sys_vars/r/transaction_alloc_block_size_basic_64.result
      	mysql-test/suite/sys_vars/t/disabled.def
      	mysql-test/suite/sys_vars/t/transaction_alloc_block_size_basic.test
      	sql/sys_vars.cc
      c7581bb5
  20. 13 Mar, 2015 1 commit