No commit message

Analysis:
---------

When the server is out of memory, an error is raised
to indicate the same. Handling the error requires
more memory to be allocated which fails, hence the
error handling loops in a recursion and causes the
server to crash.

Fix:
---
a) Prevents pushing the 'out of memory' error condition
to the diagnostic area as it requires memory allocation.
GET DIAGNOSTICS, SHOW WARNINGS and SHOW ERRORS statements
will not show information about this error. However the
'out of memory' error is returned to the client.
b) It sets the ME_FATALERROR flag when 'out of memory' errors
are reported (for places where the flag is not already set).
This flag prevents activation of SP error handlers which also
require memory allocation and therefore are likely to fail.

Problem:-
In case of blob data field, UNION ALL doesn't give correct result.

Analysis:-
In MyISAM table, when we dont want to check for the distinct for particular 
key, we set the key_map to zero.

While writing record in MyISAM table, we check the distinct with the help 
of keys, by checking whether that key is active in key_map and then writing 
the record.

In case of blob field, we are checking for distinct by unique constraint, 
where we are not checking whether that unique key is active or not in key_map.

Solution:
Before checking for distinct, check whether any key is active in key_map.


storage/myisam/mi_write.c:
  check whether key_map is active before checking distinct.

Problem:-
In case of blob data field, UNION ALL doesn't give correct result.

Analysis:-
In MyISAM table, when we dont want to check for the distinct for particular 
key, we set the key_map to zero.

While writing record in MyISAM table, we check the distinct with the help 
of keys, by checking whether that key is active in key_map and then writing 
the record.

In case of blob field, we are checking for distinct by unique constraint, 
where we are not checking whether that unique key is active or not in key_map.

Solution:-
Before checking for distinct, check whether any key is active in key_map.

storage/myisam/mi_write.c:
  check whether key_map is active before checking distinct.

No commit message

BUG#14303860 - EXECUTING A SELECT QUERY WITH TOO 
MANY WILDCARDS CAUSES A SEGFAULT
      Back port from 5.6 and trunk

                     WITH A VARIABLE AND ORDER BY
        Bug#16035412 MYSQL SERVER 5.5.29 WRONG SORTING USING COMPLEX INDEX
      
This is a fix for a regression introduced by Bug#12667154:
Bug#12667154 attempted to fix a performance problem with subqueries
that did filesort. For doing filesort, the optimizer creates a quick
select object to use when building the sort index. This quick select
object was deleted after the first call to create_sort_index(). Thus,
for queries where the subquery was executed multiple times, the quick
object was only used for the first execution. For all later executions
of the subquery, filesort used a complete table scan for building the
sort index. The fix for Bug#12667154 tried to fix this by not deleting
the quick object after the first execution of create_sort_index() so
that it would be re-used for building the sort index by the following
executions of the subquery.
      
This regression introduced in Bug#12667154 is that due to not deleting
the quick select object after building the sort index, the quick
object could in some cases be used also during the second phase of the
execution of the subquery instead of using the created sort
index. This caused wrong results to be returned.
      
The fix for this issue is to delete the reference to the select object
after it has been used in create_sort_index(). In this way the select 
and quick objects will not be available when doing the second phase
of the execution of the select operation. To ensure that the select
object can be re-used for the following executions of the subquery
we make a copy of the select pointer. This is used for restoring the
select object after the select operation is completed.


mysql-test/suite/innodb/r/innodb_mysql.result:
  Changed explain output: The explain now contains "Using where" since we
  have restored the select pointer after doing the filesort operation.
sql/sql_select.cc:
  Change create_sort_index() so that it always sets the pointer to
  the select object to NULL. This is done in order to avoid that the
  select->quick object can be used when execution the main part of
  the select operation.
sql/sql_select.h:
  New member in JOIN_TAB: saved_select. Used by create_sort_index to
  make a backup copy of the select pointer.

MANY WILDCARDS CAUSES A SEGFAULT

Back port from 5.6 and trunk

  WITH AN ASSERTION

  Recently we added check to handle kill query signal for long operating
  queries. 
  While the query interruption is reported it must to ensure cursor is restore
  to proper state for HANDLER interface to work correctly. 
  Normal select query will not face this problem, as on recieving interrupt,
  select query is aborted and new select query result in re-initialization
  (including cursor).

  rb://1836. Approved by Marko.

Merge from 5.1 to 5.5

Analysis:
--------

REPLACE operation provides incorrect output when
user variable is supplied as an argument and there
are multiple rows on which the operation is performed.

Consider the example below:

SET @var='(( 00000000 ++ 00000000 ))';
SELECT REPLACE(@var, '00000000', table_name) AS a FROM
INFORMATION_SCHEMA.TABLES WHERE TABLE_SCHEMA='mysql';

Invalid output:
  +---------------------------------------+
  | REPLACE(@var, '00000000', TABLE_NAME) |
  +---------------------------------------+
  | (( columns_priv ++ columns_priv ))    |
  | (( columns_priv ++ columns_priv ))    |
      ......
      ......
  | (( columns_priv ++ columns_priv ))    |
  | (( columns_priv ++ columns_priv ))    |
  | (( columns_priv ++ columns_priv ))    |
  +---------------------------------------+

The user argument supplied as the string to REPLACE
operation is overwritten after the first iteration
to '(( columns_priv ++ columns_priv ))'.
The overwritten string after the first iteration
is used for the subsequent REPLACE iteration. Since
the pattern string is not found, it returns invalid
output as mentioned above.

Fix:
---
If the Alloced_length is zero, realloc() and create a
copy of the string which is then used for the REPLACE
operation for every iteration.

               INCLUDES FIRST PARTITION WHEN PRUNING

[Merge from 5.1 to 5.5]

               INCLUDES FIRST PARTITION WHEN PRUNING


PROBLEM
-------

TO_DAYS()/TO_SECONDS() can return NULL for invalid dates which 
was stored in the first partition ,therefore the first partition 
was always included for the scan when range was specified.


FIX
---

The fix is a small optimization which we have included ,which will
prune the scanning of NULL/first partition if the dates specified 
in the range are valid and in the same year and month . TO_SECONDS()
function is not supported in 5.1 so removed it from the fix and test
scripts for mysql-5.1 version.

Problem description: When client loses the connection to the MySQL server or 
if the server gets shutdown after mysql_stmt_prepare() then the next 
mysql_stmt_prepare() will return an error(as expected) but consecutive call 
mysql_stmt_execute(), will crash the client program. 
The expected behavior would be, it should through an error.

Analysis: The mysql_stmt_prepare() interns calls the function end_server() 
and net->vio and net->buff are freed and set to NULL. Then the next call 
mysql_stmt_execute() will interns call net_clear() where we are "net->vio" 
with out validating it.

Fix: we are validating the net->vio, before calling net_clear().

              INCORRECT RESULTS

This is a backport of fix for Bug#13068506.

mysql-test/r/join_outer.result:
  Added test result for Bug#13068506
mysql-test/t/join_outer.test:
  Added test case for Bug#13068506
sql/item.h:
  Implement Item_outer_ref::not_null_tables()

              AVAILABLE MEMORY IS TOO LOW 

Analysis:
---------
In function "mysql_make_view", "table->view" is initialized
after parsing(using File_parser::parse) the view definition.
If "::parse" function fails then control is moved to label 
"err:". Here we have assert (table->view == thd->lex). 
This assert fails if "::parse" function fails, as 
table->view is not initialized yet.

File_parser::parse fails if data being parsed is incorrect/
corrupted or when memory allocation fails. In this scenario
its failing because of failure in memory allocation.

Fix:
---------
In case of failure in function "File_parser::parse", moving
to label "err:" is incorrect. Modified code to move
to label "end:".

Problem:

During the index intersect access method, the SQL layer will access one row,
that satisfies a set of conditions, using an index i1.  And then it will try to
access the same row, with other set of conditions using the next index i2.  If
the fetch from i2 fails (we are talking about an error situation here and not
simply an unmatched row situation), then it will unlock the row accessed via
i1.  This will work in all situations except deadlock error.

When a deadlock happens, InnoDB will rollback the transaction.  InnoDB intimates
the SQL layer about this through the THD::transaction_rollback_request member.
But this is not currently used by the SQL layer.

Solution:

When an error happens, the SQL layer must check the 
THD::transaction_rollback_request member, before calling handler::unlock_row().
We have also added a debug assert in ha_innobase::unlock_row() checking that
it must be called only when the transaction is in active state.

rb#1773 approved by Marko and Sunny.

Analysis:
On solaris, killing a connection which waits on debug sync
(waits on condition variable) is neglected. Subsequent kill
connection to that thread succeeds. Debug sync code is not
included in release build hence it is not an customer issue.
Also verified that except this case, other cases succeed in
main.kill test script. So moving this test to experimental
state on solaris platform only in mysql-5.5 branch.

Backport fix from mysql-5.6.

			    DIAGNOSTICS_AREA::SET_OK_STATUS

Use DBUG_RETURN() instead of return() if DBUG_ENTER() is
used in the function. This patch is to  fix the Windows 
pb2 failure on mysql-5.1

Approved by Marko. rb#1792

      I_MAIN.CTYPE_UTF8 FOR MACOSX10.6 FOR 5.1

Part 2: Fix for test failures on Windows.

			    DIAGNOSTICS_AREA::SET_OK_STATUS

Test fails on 5.1 valgrind build. This is because of close(-1)
system call.

Fixed by adding extra checks for valid file descriptor.

Approved by Vasil(Calvin). rb#1792

    I_MAIN.CTYPE_UTF8 FOR MACOSX10.6 FOR 5.1

While converting directory name to filename, a
file separator (FN_LIBCHAR) might get appended
to the resulting file name. This can result in
off-by-one error when length of the input string
is equal to FN_REFLEN. In this case, the terminating
'\0' gets written beyond the buffer allocated to store
the result.

Fixed by incrementing the dst buffer size by 1. As
extra safety, switched to strnmov() and added a debug
assert to check the length of the input file name.

No test case added as the scenario is already
covered by the test cases added for bugs in
the description.

No commit message

No commit message

Merging fix from mysql-5.1

Problem:If Disk becomes full while writing into the binlog,
then the server instance hangs till someone frees the space.
After user frees up the disk space, mysql server crashes
with an assert (m_status != DA_EMPTY)

Analysis: wait_for_free_space is being called in an
infinite loop i.e., server instance will hang until
someone frees up the space. So there is no need to
set status bit in diagnostic area.

Fix: Replace my_error/my_printf_error with
sql_print_warning() which prints the warning in error log.

include/my_sys.h:
  Provision to call sql_print_warning from mysys files
mysys/errors.c:
  Replace my_error/my_printf_error with
  sql_print_warning() which prints the warning in error log.
mysys/my_error.c:
  implementation of my_printf_warning
mysys/my_write.c:
  Adding logic to break infinite loop in the simulation
sql/mysqld.cc:
  Provision to call sql_print_warning from mysys files

Before this fix, configuring the server with:
- performance_schema_events_waits_history_size=0
- performance_schema_events_waits_history_long_size=0
could cause a crash in the performance schema.

These settings to 0 are intended to be valid and supported,
and are in fact working properly in mysql 5.6 and up already.

This fix backports the code fix and test cases from mysql 5.6
to the mysql 5.5 release.