1. 08 Aug, 2009 1 commit
    • Davi Arnaut's avatar
      Bug#45010: invalid memory reads during parsing some strange statements · 357430de
      Davi Arnaut authored
      The problem is that the lexer could inadvertently skip over the
      end of a query being parsed if it encountered a malformed multibyte
      character. A specially crated query string could cause the lexer
      to jump up to six bytes past the end of the query buffer. Another
      problem was that the laxer could use unfiltered user input as
      a signed array index for the parser maps (having upper and lower
      bounds 0 and 256 respectively).
      
      The solution is to ensure that the lexer only skips over well-formed
      multibyte characters and that the index value of the parser maps
      is always a unsigned value.
      
      mysql-test/r/ctype_recoding.result:
        Update test case result: ending backtick is not skipped over anymore.
      sql/sql_lex.cc:
        Characters being analyzed must be unsigned as they can be
        used as indexes for the parser maps. Only skip over if the
        string is a valid multi-byte sequence.
      tests/mysql_client_test.c:
        Add test case for Bug#45010
      357430de
  2. 06 Aug, 2009 1 commit
  3. 04 Aug, 2009 1 commit
  4. 03 Aug, 2009 2 commits
  5. 02 Aug, 2009 1 commit
    • Alfranio Correia's avatar
      BUG#43264 Test rpl_trigger is failing randomly w/ use of copy_file in 5.0 · f8d7a710
      Alfranio Correia authored
      The test case fails sporadically on Windows while trying to overwrite an unused
      binary log. The problem stems from the fact that MySQL on Windows does not
      immediately unlock/release a file while the process that opened and closed it is
      still running. In BUG 38603, this issue was circumvented by stopping the MySQL
      process, copying the file and then restarting the MySQL process. 
      
      Unfortunately, such facilities are not available in the 5.0.  Other approaches
      such as stopping the slave and issuing change master do not work because the relay
      log file and index are not closed when a slave is stopped. So to fix the problem,
      we simply don't run on windows the part of the test that was failing.
      f8d7a710
  6. 31 Jul, 2009 1 commit
  7. 30 Jul, 2009 4 commits
    • Matthias Leich's avatar
      8e410185
    • Joerg Bruehe's avatar
      Merge the fix for bug#42213 into 5.0-build. · bdf6ecc4
      Joerg Bruehe authored
      bdf6ecc4
    • Matthias Leich's avatar
      Merge of fix for bug 44493 into GCA tree · a800612b
      Matthias Leich authored
      a800612b
    • Joerg Bruehe's avatar
      Our autoconf function "MYSQL_STACK_DIRECTION" will not work · 53b114c2
      Joerg Bruehe authored
      correctly if the compiler optimizes too clever.
      
      This has happaned on HP-UX 11.23 (IA64) at optimization
      level "+O2", causing bug#42213:
         Check for "stack overrun" doesn't work, server crashes
      
      Fix it by adding a pragma that prevents this optimization.
      As a result, it should be safe to use "+O2" on this platform
      (unless there is some other, optimizer-related, bug which
      is just currently masked because we use resudec optimization).
      
      
      config/ac-macros/misc.m4:
        Our autoconf function "MYSQL_STACK_DIRECTION" is meant to
        determine whether the stack grows towards higher or towards
        lower addresses.
        It does this by comparing the addresses of a variable
        (which is local to a recursive function) on different
        nesting levels.
        
        This approach requires that the function is really
        implemented as a recursive function, with each nested call
        allocating a new stack frame containing the local variable.
        If, however, the compiler is optimizing so clever that the
        recursive function is implemented by a loop, then this
        test will not produce correct results.
        
        This has happened on HP-UX 11.23 (IA64) when HP's compiler
        was called with optimization "+O2" (not with "+O1"),
        reported as bug#42213.
        
        Rather than starting a race with the compiler and making
        the function so complicated that this optimization does
        not happen, the idea is to prevent the optimization
        by adding a pragma. For HP, this is "#pragma noinline".
        
        If we encounter other compilers which also optimize
        too clever, we may add their pragmas here.
        
        It is a debatable issue whether such pragmas should be
        guarded by conditional compiling or not, the reviewers
        voted to do it.
        It seems HP has different compilers, "ANSI C" and "aCC",
        on the affected platform "__HP_cc" ("ANSI C") is predefined.
        To be on the safe side, the pragma will also take effect
        if HP's "aCC" compiler is used, or any other compiler on HP-UX.
      53b114c2
  8. 28 Jul, 2009 2 commits
    • Alexey Kopytov's avatar
      Automerge. · 6084ee27
      Alexey Kopytov authored
      6084ee27
    • Alexey Kopytov's avatar
      Bug #45031: invalid memory reads in my_real_read using protocol · 3e2d8d93
      Alexey Kopytov authored
                  compression 
       
      Since uint3korr() may read 4 bytes depending on build flags and 
      platform, allocate 1 extra "safety" byte in the network buffer 
      for cases when uint3korr() in my_real_read() is called to read
      last 3 bytes in the buffer. 
       
      It is practically hard to construct a reliable and reasonably 
      small test case for this bug as that would require constructing 
      input stream such that a certain sequence of bytes in a 
      compressed packet happens to be the last 3 bytes of the network 
      buffer. 
      
      
      sql/net_serv.cc:
        Allocate 1 extra "safety" byte in the network buffer for cases 
        when uint3korr() is used to read last 3 bytes in the buffer.
      3e2d8d93
  9. 27 Jul, 2009 3 commits
    • Davi Arnaut's avatar
      Bug#46385: [Warning] option 'max_join_size': unsigned value 18446744073709551615 adjusted t · f9551a9c
      Davi Arnaut authored
      The maximum value of the max_join_size variable is set by converting
      a signed type (long int) with negative value (-1) to a wider unsigned
      type (unsigned long long), which yields the largest possible value of
      the wider unsigned type -- as per the language conversion rules. But,
      depending on build options, the type of the max_join_size might be a
      shorter type (ha_rows - unsigned long) which causes the warning to be
      thrown once the large value is truncated to fit.
      
      The solution is to ensure that the maximum value of the variable is
      always set to the maximum value of integer type of max_join_size.
      
      Furthermore, it would be interesting to always have a fixed type for
      this variable, but this would incur in a change of behavior which is
      not acceptable for a GA version. See Bug#35346.
      
      sql/mysqld.cc:
        Set max value for type.
      f9551a9c
    • Davi Arnaut's avatar
      Bug#20023: mysql_change_user() resets the value of SQL_BIG_SELECTS · f1133179
      Davi Arnaut authored
      Post-merge fix: test case could fail due to a conversion of the
      max_join_size value to a integer. Fixed by preserving the value
      as a string for comparison purposes.
      
      tests/mysql_client_test.c:
        Preserve max_join_size value as a string instead of converting
        it to a integer -- value can be larger then the type used.
      f1133179
    • Satya B's avatar
      merging with mysql-5.0-bugteam · c36c4e49
      Satya B authored
      c36c4e49
  10. 24 Jul, 2009 5 commits
    • Gleb Shchepa's avatar
      Bug #38816: kill + flush tables with read lock + stored · 065732ee
      Gleb Shchepa authored
                  procedures causes crashes!
      
      The problem of that bugreport was mostly fixed by the
      patch for bug 38691.
      However, attached test case focused on another crash or
      valgrind warning problem: SHOW PROCESSLIST query accesses
      freed memory of SP instruction that run in a parallel
      connection.
      
      Changes of thd->query/thd->query_length in dangerous
      places have been guarded with the per-thread
      LOCK_thd_data mutex (the THD::LOCK_delete mutex has been
      renamed to THD::LOCK_thd_data).
      
      
      sql/ha_myisam.cc:
        Bug #38816: kill + flush tables with read lock + stored
                    procedures causes crashes!
        
        Modification of THD::query/query_length has been guarded
        with the a THD::set_query() method call/LOCK_thd_data
        mutex.
        Unnecessary locking with the global LOCK_thread_count
        mutex has been removed.
      sql/log_event.cc:
        Bug #38816: kill + flush tables with read lock + stored
                    procedures causes crashes!
        
        Modification of THD::query/query_length has been guarded
        with the THD::set_query()) method call/LOCK_thd_data
        mutex.
      sql/slave.cc:
        Bug #38816: kill + flush tables with read lock + stored
                    procedures causes crashes!
        
        Modification of THD::query/query_length has been guarded
        with the THD::set_query() method call/LOCK_thd_data mutex.
        
        The THD::LOCK_delete mutex has been renamed to
        THD::LOCK_thd_data.
      sql/sp_head.cc:
        Bug #38816: kill + flush tables with read lock + stored
                    procedures causes crashes!
        
        Modification of THD::query/query_length has been guarded
        with the a THD::set_query() method call/LOCK_thd_data
        mutex.
      sql/sql_class.cc:
        Bug #38816: kill + flush tables with read lock + stored
                    procedures causes crashes!
        
        The new THD::LOCK_thd_data mutex and THD::set_query()
        method has been added to guard modifications of THD::query/
        THD::query_length fields, also the Statement::set_statement()
        method has been overloaded in the THD class.
        
        The THD::LOCK_delete mutex has been renamed to
        THD::LOCK_thd_data.
      sql/sql_class.h:
        Bug #38816: kill + flush tables with read lock + stored
                    procedures causes crashes!
        
        The new THD::LOCK_thd_data mutex and THD::set_query()
        method has been added to guard modifications of THD::query/
        THD::query_length fields, also the Statement::set_statement()
        method has been overloaded in the THD class.
        
        The THD::LOCK_delete mutex has been renamed to
        THD::LOCK_thd_data.
      sql/sql_insert.cc:
        Bug #38816: kill + flush tables with read lock + stored
                    procedures causes crashes!
        
        Modification of THD::query/query_length has been guarded
        with the a THD::set_query() method call/LOCK_thd_data
        mutex.
      sql/sql_parse.cc:
        Bug #38816: kill + flush tables with read lock + stored
                    procedures causes crashes!
        
        Modification of THD::query/query_length has been guarded
        with the a THD::set_query() method call/LOCK_thd_data mutex.
      sql/sql_repl.cc:
        Bug #38816: kill + flush tables with read lock + stored
                    procedures causes crashes!
        
        The THD::LOCK_delete mutex has been renamed to
        THD::LOCK_thd_data.
      sql/sql_show.cc:
        Bug #38816: kill + flush tables with read lock + stored
                    procedures causes crashes!
        
        Inter-thread read of THD::query/query_length field has
        been protected with a new per-thread LOCK_thd_data
        mutex in the mysqld_list_processes function.
      065732ee
    • Alexey Kopytov's avatar
      Automerge. · 05e6e0aa
      Alexey Kopytov authored
      05e6e0aa
    • Alexey Kopytov's avatar
      Bug #46075: Assertion failed: 0, file .\protocol.cc, line 416 · df9eac9e
      Alexey Kopytov authored
      In create_myisam_from_heap() mark all errors as fatal except 
      HA_ERR_RECORD_FILE_FULL for a HEAP table.
      
      Not doing so could lead to problems, e.g. in a case when a
      temporary MyISAM table gets overrun due to its MAX_ROWS limit
      while executing INSERT/REPLACE IGNORE ... SELECT. 
      The SELECT execution was aborted, but the error was 
      converted to a warning due to IGNORE clause, so neither 'ok' 
      nor 'error' packet could be sent back to the client. This 
      condition led to hanging client when using 5.0 server, or 
      assertion failure in 5.1.
      
      
      mysql-test/r/insert_select.result:
        Added a test case for bug #46075.
      mysql-test/t/insert_select.test:
        Added a test case for bug #46075.
      sql/sql_select.cc:
        In create_myisam_from_heap() mark all errors as fatal except 
        HA_ERR_RECORD_FILE_FULL for a HEAP table.
      df9eac9e
    • V Narayanan's avatar
      merging with mysql-5.0-bugteam · feec1106
      V Narayanan authored
      feec1106
    • Satya B's avatar
      merge to mysql-5.0-bugteam · 7fd6a2e6
      Satya B authored
      7fd6a2e6
  11. 23 Jul, 2009 1 commit
    • Staale Smedseng's avatar
      Bug #45770 errors reading server SSL files are printed, but · 94db736d
      Staale Smedseng authored
      not logged
              
      Errors encountered during initialization of the SSL subsystem
      are printed to stderr, rather than to the error log.
              
      This patch adds a parameter to several SSL init functions to
      report the error (if any) out to the caller. The function
      init_ssl() in mysqld.cc is moved after the initialization of
      the log subsystem, so that any error messages can be logged to
      the error log. Printing of messages to stderr has been 
      retained to get diagnostic output in a client context.
      
      
      include/violite.h:
        Adding an enumeration for the various errors that can
        occur during initialization of the SSL module.
      sql/mysqld.cc:
        Adding more logging of SSL init errors, and moving
        init_ssl() till after initialization of logging 
        subsystem.
      vio/viosslfactories.c:
        Define error strings, provide an access method for these
        strings, and maintain an error parameter in several funcs
        to return the error (if any) to the caller.
      94db736d
  12. 21 Jul, 2009 1 commit
  13. 18 Jul, 2009 2 commits
    • Evgeny Potemkin's avatar
      Merged corrected fix for the bug#46051. · bb55b34b
      Evgeny Potemkin authored
      bb55b34b
    • Evgeny Potemkin's avatar
      Bug#46051: Incorrectly market field caused wrong result. · 486d9303
      Evgeny Potemkin authored
      When during the optimization an item is moved to the upper select
      the item's context left unchanged. This caused wrong result in the 
      PS/SP mode.
      The Item_ident::remove_dependence_processor now sets the context
      of the select to which the item is moved to.
      
      mysql-test/r/subselect.result:
        The test case for the bug#46051 is adjusted.
      mysql-test/t/subselect.test:
        The test case for the bug#46051 is adjusted.
      sql/item.cc:
        Bug#46051: Incorrectly market field caused wrong result.
        The Item_ident::remove_dependence_processor now sets the context
        of the select to which the item is moved to.
      486d9303
  14. 17 Jul, 2009 3 commits
    • Evgeny Potemkin's avatar
      Merged fix for the bug#46051. · dc1c164f
      Evgeny Potemkin authored
      dc1c164f
    • Satya B's avatar
      Fix for BUG#18828 - If InnoDB runs out of undo slots, · 6c50be21
      Satya B authored
                          it returns misleading 'table is full'
      
      Innodb returns a misleading error message "table is full" 
      when the number of active concurrent transactions is greater
      than 1024.
      
      Fixed by adding errorcode "ER_TOO_MANY_CONCURRENT_TRXS" to the
      error codes. Innodb should return HA_TOO_MANY_CONCURRENT_TRXS
      to mysql which is then mapped to ER_TOO_MANY_CONCURRENT_TRXS
      
      
      Note: testcase is not written as this was reproducible only by
            changing innodb code.
      
      extra/perror.c:
        Add error number and message for HA_ERR_TOO_MANY_CONCURRENT_TRXS
      include/my_base.h:
        Add error number and message for HA_ERR_TOO_MANY_CONCURRENT_TRXS
      sql/ha_innodb.cc:
        Return HA_ERR_TOO_MANY_CONCURRENT_TRXS to mysql server
      sql/handler.cc:
        Add error number and message for HA_ERR_TOO_MANY_CONCURRENT_TRXS
      sql/share/errmsg.txt:
        Add error message for ER_TOO_MANY_CONCURRENT_TRXS
      6c50be21
    • V Narayanan's avatar
      merging with mysql-5.0-bugteam · 00a56499
      V Narayanan authored
      00a56499
  15. 16 Jul, 2009 4 commits
    • Evgeny Potemkin's avatar
      Bug#46051: Incorrectly market field caused wrong result. · c288559c
      Evgeny Potemkin authored
      In a subselect all fields from outer selects are marked as dependent on
      selects they are belong to. In some cases optimizer substitutes it for an
      equivalent expression. For example "a_field IN (SELECT outer_field)" is
      substituted with "a_field = outer_field". As we moved the outer_field to the
      upper select it's not really outer anymore. But it was left marked as outer.
      If exists an index over a_field optimizer choose wrong execution plan and thus
      return wrong result.
      
      Now the Item_in_subselect::single_value_transformer function removes dependent
      marking from fields when a subselect is optimized away.
      
      mysql-test/r/subselect.result:
        Added a test case for the bug#46051.
      mysql-test/t/subselect.test:
        Added a test case for the bug#46051.
      sql/item_subselect.cc:
        Bug#46051: Incorrectly market field caused wrong result.
        Now the Item_in_subselect::single_value_transformer function removes dependent
        marking from fields when a subselect is optimized away.
      c288559c
    • Georgi Kodinov's avatar
    • Georgi Kodinov's avatar
    • Joerg Bruehe's avatar
      Merge main 5.0 into 5.0-build · 7e567425
      Joerg Bruehe authored
      7e567425
  16. 13 Jul, 2009 2 commits
  17. 12 Jul, 2009 1 commit
    • V Narayanan's avatar
      Bug#43572 Handle failures from hash_init · 58e77cb4
      V Narayanan authored
      This patch is a follow up to http://lists.mysql.com/commits/76678.
      When an allocation failure occurs for the buffer in the dynamic
      array, an error condition was being set. The dynamic array is
      usable even if the memory allocation fails. Since in most cases
      the thread can continue to work without any problems the error
      condition should not be set here.
      
      This patch adds logic to remove the error condition from being set
      when the memory allocation for the buffer in dynamic array fails.
      
      mysys/array.c:
        Bug#43572 Handle failures from hash_init
        
        Remove the MY_WME flag from the call to malloc in order to
        prevent the error status from being set in the init_dynamic_array
        method. Since this memory allocation failure is no longer
        fatal this method has been modified to return FALSE
        (indicate success) irrespective of array->buffer being
        allocated.
      58e77cb4
  18. 10 Jul, 2009 4 commits
  19. 09 Jul, 2009 1 commit