- 06 Sep, 2016 1 commit
-
-
Nawaz Nazeer Ahamed authored
-
- 02 Sep, 2016 1 commit
-
-
Kailasnath Nagarkar authored
ISSUE: Heap corruption occurs and hence mysql server terminates abnormally in String variable destructor when ZEROFILL is used for a column. Though the abnormal termination is observed in the String destructor, heap corruption occurs at earlier stage when function Field_num::prepend_zeros() is called. This function, prepends zeros to the actual data and works on entire field length. Since the allocated memory could be less than the field length, heap corruption occurs. Later, when String destructor tries to free heap, the server terminates abnormally since the heap is corrupt. SOLUTION: In Field_num::prepend_zeros() function, if allocated memory is less than the field length, re-allocate memory enough to hold field length size data.
-
- 29 Aug, 2016 1 commit
-
-
Arun Kuruvila authored
USING CHARACTER-SET-SERVER=UTF16 This is a backport of Bug#15985752 to mysql-5.5
-
- 26 Aug, 2016 3 commits
-
-
Terje Rosten authored
Post push fix: Solaris 10 /bin/sh don't understand $().
-
Terje Rosten authored
Post push fix: Solaris 10 /bin/sh don't understand $().
-
Kailasnath Nagarkar authored
SUBSELECT_UNION_ENGINE::NO_ROWS This patch is specific for mysql-5.5 ISSUE: When max_join_size is used and union query results in evaluation of tuples greater than max_join_size, the join object is not created, and is set to NULL. However, this join object is further dereferenced by union logic to determine if query resulted in any number of rows being returned. Since, the object is NULL, it results in program terminating abnormally. SOLUTION: Added check to verify if join object is created. If join object is created, it will be used to determine if query resulted in any number of rows. Else, when join object is not created, we return 'false' indicating that there were no rows for the query.
-
- 25 Aug, 2016 3 commits
-
-
Sivert Sorumgard authored
[This is the 5.5/5.6 version of the bugfix]. The problem was that it was possible to write log files ending in .ini/.cnf that later could be parsed as an options file. This made it possible for users to specify startup options without the permissions to do so. This patch fixes the problem by disallowing general query log and slow query log to be written to files ending in .ini and .cnf.
-
Jon Olav Hauglid authored
During REPAIR TABLE of a MyISAM table, a temporary data file (.TMD) is created. When repair finishes, this file is renamed to the original .MYD file. The problem was that during this rename, we copied the stats from the old file to the new file with chmod/chown. If a user managed to replace the temporary file before chmod/chown was executed, it was possible to get an arbitrary file with the privileges of the mysql user. This patch fixes the problem by not copying stats from the old file to the new file. This is not needed as the new file was created with the correct stats. This fix only changes server behavior - external utilities such as myisamchk still does chmod/chown. No test case provided since the problem involves synchronization with file system operations.
-
Terje Rosten authored
Argument to malloc-lib must be included in restricted list of directories, symlink guards added, and mysqld and mysqld-version options restricted to command line only. Don't redirect errors to stderr.
-
- 24 Aug, 2016 2 commits
-
-
Jon Olav Hauglid authored
IS USED IN CREATE TABLE The problem was that using a very long subpartition name could lead to the server exiting abnormally. This patch fixes the problem by reporting ER_TOO_LONG_IDENT if a name with more than 64 characters are used as partition and subpartition name.
-
Sivert Sorumgard authored
[This is the 5.5/5.6 version of the bugfix]. The problem was that it was possible to write log files ending in .ini/.cnf that later could be parsed as an options file. This made it possible for users to specify startup options without the permissions to do so. This patch fixes the problem by disallowing general query log and slow query log to be written to files ending in .ini and .cnf.
-
- 19 Aug, 2016 1 commit
-
-
Jon Olav Hauglid authored
During REPAIR TABLE of a MyISAM table, a temporary data file (.TMD) is created. When repair finishes, this file is renamed to the original .MYD file. The problem was that during this rename, we copied the stats from the old file to the new file with chmod/chown. If a user managed to replace the temporary file before chmod/chown was executed, it was possible to get an arbitrary file with the privileges of the mysql user. This patch fixes the problem by not copying stats from the old file to the new file. This is not needed as the new file was created with the correct stats. This fix only changes server behavior - external utilities such as myisamchk still does chmod/chown. No test case provided since the problem involves synchronization with file system operations.
-
- 18 Aug, 2016 3 commits
-
-
Terje Rosten authored
Argument to malloc-lib must be included in restricted list of directories, symlink guards added, and mysqld and mysqld-version options restricted to command line only. Don't redirect errors to stderr.
-
mysql-builder@oracle.com authored
No commit message
-
Chaithra Gopalareddy authored
Problem: When build_equal_items_for_cond gets called for a big query recursively, the specified thread_stack_size exceeds. But optimizer does not handle this condition. As a result, server exits. Solution: Check if we exceed specified stack size and if yes exit gracefully by throwing an error.
-
- 08 Aug, 2016 1 commit
-
-
Balasubramanian Kandasamy authored
-
- 05 Aug, 2016 1 commit
-
-
Neha Kumari authored
It happens when you are trying to read two or more log files from a remote server using mysqlbinlog utility. The reason for this is no matching mysql_close() that concludes the life time of 'mysql' struct describing connection to the server. This happens when mysqlbinlog is invoked with connecting to the server and requesting more than one binlog file. In such case dump_remote_log_entries() keeps calling safe_connect() per eachfile, never caring to invoke mysql_close(). Only the final safe_connect()'s allocation effect are cleaned by the base code. That is with 2 files there's one 'mysql' connection descriptor struct uncleaned/deallocated. We are backporting the bug 21255763 (pushed in mysql-trunk) in the earlier version of MySQL starting from 5.5 to 5.7. which was pushed in mysql-trunk. Fix: Invoke mysql_close() just before mysql_init() in safe_connect() defined in mysqlbinlog.cc. That makes possibly previously used 'mysql' be reclaimed prior a new one is allocated.
-
- 04 Aug, 2016 1 commit
-
-
Kailasnath Nagarkar authored
Reverting the patch due to some issues.
-
- 03 Aug, 2016 2 commits
-
-
Kailasnath Nagarkar authored
ISSUE: Queries with mediumint as column when operated with long long type of data results in buffer overflow in store_long function. The merging rule specified for (MYSQL_TYPE_LONGLONG MYSQL_TYPE_INT24) is MYSQL_TYPE_LONG. Due to this store_long function was getting called which resulted in buffer overflow. SOLUTION: The correct merging rule for (MYSQL_TYPE_LONGLONG, MYSQL_TYPE_INT24) should be MYSQL_TYPE_LONGLONG. So, instead of function store_long, function store_longlong is called which correctly handles the type MYSQL_TYPE_LONGLONG. External Bug #23645238 is a duplicate of this issue.
-
Sreeharsha Ramanavarapu authored
DERIVED TABLE IN JOIN ISSUE: ------ This problem occurs under the following conditions: 1) A parameter is used in the select-list of a derived table. 2) The derived table is part of a JOIN. SOLUTION: --------- When a derived table is materialized, a temporary table is created. This temporary table creates a field each for the items in the select-list of the derived table. This set of fields is later used to setup the join. Currently no field is created in the temporary table if a parameter is used in the select-list. Create a field for the parameter. By default Item_param's result type in a prepared statement is set to STRING_RESULT. This can change during the execute phase depending on the user variable. But since the execute phase creates its own temporary table, it will be handled separately. This is a backport of the fix for BUG#22392374.
-
- 29 Jul, 2016 1 commit
-
-
Nawaz Nazeer Ahamed authored
-
- 25 Jul, 2016 2 commits
-
-
Neha Kumari authored
Problem: In debug builds, there is a chance that an out-of-bounds read is performed when tables are locked in LTM_PRELOCKED_UNDER_LOCK_TABLES mode. It can happen because the debug code uses enum values as index for an array of mode descriptions, but it only takes into consideration 3 out of 4 of the enum values. Fix: This patch fixes it by implementing a getter for the enum which returns a string representation of the enum, effectively removing the out-of-bounds read. Moreover, it also fixes the lock mode descriptions that would be print out in debug builds.
-
Thayumanavar S authored
Commit#ebd24626 obsoleted the THREAD and THREAD_SAFE_CLIENT preprocessor symbols. This is not removed in the sql/net_serv.cc thereby the code that retries on EINTR became dead code. Remove the THREAD_SAFE_CLIENT preprocessor directive form sql/net_serv.cc. Also check errno for EINTR only if there is an error in preceding read call.
-
- 22 Jul, 2016 2 commits
-
-
Arun Kuruvila authored
GET_SERVER_FROM_TABLE_TO_CACHE Description:- Server received SIG11 in the function, "get_server_from_table_to_cache()". Analysis:- Defining a server with a blank name is not handled properly. Fix:- Modified "get_server_from_table_to_cache()" to take care of blank server name.
-
Sreeharsha Ramanavarapu authored
FROM I_S Issue: ------ There is a difference in the field type created when the following DDLs are used: 1) CREATE TABLE t0 AS SELECT NULL; 2) CREATE TABLE t0 AS SELECT GREATEST(NULL,NULL); The first statement creates field of type Field_string and the second one creates a field of type Field_null. This creates a problem when the query mentioned in this bug is used. Since the null_ptr is calculated differently for Field_null. Solution: --------- When there is a function returning null in the select list as mentioned above, the field should be of type Field_string. This was fixed in 5.6+ as part of Bug#14021323. This is a backport to mysql-5.5. An incorrect comment in innodb_bug54044.test has been corrected in all versions.
-
- 19 Jul, 2016 1 commit
-
-
Chaithra Gopalareddy authored
ASSERTION `0' FAILED ON SELECT AREA Problem: Optimizer tries to get the points to calculate area without checking the return value of uint4korr for 0 "points". As a result server exits. Solution: Check the return value from uint4korr().
-
- 07 Jul, 2016 1 commit
-
-
Balasubramanian Kandasamy authored
Remove mysql_config from client sub-package (cherry picked from commit 45c4bfa0f3f1c70756591f48710bb3e76ffde9bc)
-
- 05 Jul, 2016 1 commit
-
-
Balasubramanian Kandasamy authored
Remove mysql_config from client sub-package
-
- 01 Jul, 2016 1 commit
-
-
Kailasnath Nagarkar authored
MY_TOSORT_UTF32 This patch is specific for mysql-5.5 ISSUE: When a charater that is larger than possible to handle is passed to function my_tosort_utf32(), it results in segmentation fault. In the scenario mentioned in the bug AES_ENCRYPT function is used which returns large value. This value is further passed to my_tosort_utf32 function. This causes to cross array bound for array uni_plane, resulting in segment violation. SOLUTION: This issue has got addressed in 5.6 onward releases through worklog 2673. The fix is similar backport of that. Check for maximum character before accessing the array uni_plane. In addition to function my_tosort_utf32, the same potential problem is also present in functions my_tolower_utf16, my_toupper_utf16, my_tosort_utf16, my_tolower_utf32, my_toupper_utf32, my_tosort_unicode, my_tolower_utf8mb4 and my_toupper_utf8mb4. Fixed these functions as well.
-
- 30 Jun, 2016 1 commit
-
-
Christopher Powers authored
Permanently removed test case perfschema.aggregate. The Performance Schema is generally lock-free, allowing for race conditions that might arise from multi-threaded operation which occasionally results in temporary and/or minor variances when aggregating statistics. This test needs to be redesigned to accommodate such variances.
-
- 27 Jun, 2016 1 commit
-
-
Balasubramanian Kandasamy authored
-
- 20 Jun, 2016 1 commit
-
-
Thayumanavar S authored
MYSQL-5.5 The bug asks for a backport of bug#1463594 and bug#20682959. This is required because of the fact that if replication is enabled, master transaction can commit whereas slave can't commit due to not exact 'enviroment'. This manifestation is seen in bug#22024200.
-
- 17 Jun, 2016 2 commits
-
-
Terje Rosten authored
Fix is a backport of BUG#18518216/72230 to MySQL 5.5 and 5.6. Will also resolve: BUG#23605713/81384 LIBMYSQLCLIENT.SO.18 MISSING FROM MYSQL 5.7 as mysql-community-libs-5.5 or mysql-community-libs-5.6 can installed on EL6 system with libmysqlclient.16 (from MySQL 5.1) libmysqlclient.20 (from MySQL 5.7) by doing: $ rpm --oldpackage -ivh mysql-community-libs-5.5.50-2.el6.x86_64.rpm Providing a way to have several versions of libmysqlclient installed on the same system. and help: BUG#23088014/80981 LIBS-COMPAT RPMS SHOULD BE INDEPENDENT OF ALL OTHER SUBPACKAGES due to less strict coupling between -libs-compat and -common package.
-
Shishir Jaiswal authored
DESCRIPTION =========== Buffer overflow is reported in Regex library. This can be triggered when the data corresponding to argv[1] is >= 512 bytes resutling in abnormal behaviour. ANALYSIS ======== Its a straight forward case of SEGFAULT where the target buffer is smaller than the source string to be copied. A simple pre-copy validation should do. FIX === A check is added before doing strcpy() to ensure that the target buffer is big enough to hold the to-be copied data. If the check fails, the program aborts.
-
- 03 Jun, 2016 1 commit
-
-
Arun Kuruvila authored
ERROR MESSAGE Post push patch to fix test case failure.
-
- 02 Jun, 2016 2 commits
-
-
Prashant Tekriwal authored
-
Arun Kuruvila authored
ERROR MESSAGE Post push patch to fix test case failure.
-
- 30 May, 2016 1 commit
-
-
Arun Kuruvila authored
ERROR MESSAGE Description:- Mtr test, "main.mysqldump" is failing with an assert when "mysqlimport" client utility is executed with the option "--use_threads". Analysis:- "mysqlimport" uses the option, "--use_threads", to spawn worker threads to complete its job in parallel. But currently the main thread is not waiting for the worker threads to complete its cleanup, rather just wait for the worker threads to say its done doing its job. So the cleanup is done in a race between the worker threads and the main thread. This lead to an assertion failure. Fix:- "my_thread_join()" is introduced in the main thread to join all the worker threads it have spawned. This will let the main thread to wait for all the worker threads to complete its cleanup before calling "my_end()".
-
- 24 May, 2016 1 commit
-
-
Sreeharsha Ramanavarapu authored
NAME_CONST QUERY ISSUE: ------ Using NAME_CONST with a non-constant negated expression as value can result in incorrect behavior. SOLUTION: --------- The problem can be avoided by checking whether the argument is a constant value. The fix is a backport of Bug#12735545.
-
- 20 May, 2016 1 commit
-
-
Terje Rosten authored
Remove mysql_config from client package to avoid conflict (file shipped in devel package any way).
-