1. 09 Oct, 2012 2 commits
    • Harin Vadodaria's avatar
      Bug #14211140: CRASH WHEN GRANTING OR REVOKING PROXY · 5427d33e
      Harin Vadodaria authored
                     PRIVILEGES
      
      Description: (user,host) pair from security context is used
                   privilege checking at the time of granting or
                   revoking proxy privileges. This creates problem
                   when server is started with
                   --skip-name-resolve option because host will not
                   contain any value. Checks should be dependent on
                   consistent values regardless the way server is
                   started. Further, privilege check should use
                   (priv_user,priv_host) pair rather than values
                   obtained from inbound connection because
                   this pair represents the correct account context
                   obtained from mysql.user table.
      5427d33e
    • Annamalai Gurusami's avatar
      Fixing a compilation issue. · d5d53d19
      Annamalai Gurusami authored
      d5d53d19
  2. 08 Oct, 2012 4 commits
    • Praveenkumar Hulakund's avatar
      Bug#11756600 - SLAVE THREAD CAN CRASH IF EVENT SCHEDULER · 35a05a60
      Praveenkumar Hulakund authored
                     FAILS TO READ EVENT TABLE AT STARTUP.
      
      This issue is fixed in 5.5+ versions. This patch adds a test
      case for this scenario.
      35a05a60
    • Annamalai Gurusami's avatar
      Bug #14036214 MYSQLD CRASHES WHEN EXECUTING UPDATE IN TRX WITH · 378a7d1e
      Annamalai Gurusami authored
      CONSISTENT SNAPSHOT OPTION
      
      A transaction is started with a consistent snapshot.  After 
      the transaction is started new indexes are added to the 
      table.  Now when we issue an update statement, the optimizer
      chooses an index.  When the index scan is being initialized
      via ha_innobase::change_active_index(), InnoDB reports 
      the error code HA_ERR_TABLE_DEF_CHANGED, with message 
      stating that "insufficient history for index".
      
      This error message is propagated up to the SQL layer.  But
      the my_error() api is never called.  The statement level
      diagnostics area is not updated with the correct error 
      status (it remains in Diagnostics_area::DA_EMPTY).  
      
      Hence the following check in the Protocol::end_statement()
      fails.
      
       516   case Diagnostics_area::DA_EMPTY:
       517   default:
       518     DBUG_ASSERT(0);
       519     error= send_ok(thd->server_status, 0, 0, 0, NULL);
       520     break;
      
      The fix is to backport the fix of bugs 14365043, 11761652 
      and 11746399. 
      
      14365043 PROTOCOL::END_STATEMENT(): ASSERTION `0' FAILED
      11761652 HA_RND_INIT() RESULT CODE NOT CHECKED
      11746399 RETURN VALUES OF HA_INDEX_INIT() AND INDEX_INIT() IGNORED
      
      rb://1227 approved by guilhem and mattiasj.
      378a7d1e
    • Marko Mäkelä's avatar
      Merge mysql-5.1 to mysql-5.5. · 52a4ef95
      Marko Mäkelä authored
      Also, add debug check for trx_id sanity to row_upd_rec_sys_fields().
      52a4ef95
    • Marko Mäkelä's avatar
      Bug#14731482 UPDATE OR DELETE CORRUPTS A RECORD WITH A LONG PRIMARY KEY · b0662086
      Marko Mäkelä authored
      We did not allocate enough bits for index->trx_id_offset, causing an
      UPDATE or DELETE of a table with a PRIMARY KEY longer than 1024 bytes
      to corrupt the PRIMARY KEY.
      
      dict_index_t: Allocate enough bits.
      
      dict_index_build_internal_clust(): Check for overflow of
      index->trx_id_offset. Trip a debug assertion when overflow occurs.
      
      rb:1380 approved by Jimmy Yang
      b0662086
  3. 04 Oct, 2012 1 commit
    • Jon Olav Hauglid's avatar
      Bug#14640599 MEMORY LEAK WHEN EXECUTING STORED ROUTINE EXCEPTION HANDLER · bfba296d
      Jon Olav Hauglid authored
      When a SP handler is activated, memory is allocated to hold the
      MESSAGE_TEXT for the condition that caused the activation.
      
      The problem was that this memory was allocated on the MEM_ROOT belonging
      to the stored program. Since this MEM_ROOT is not freed until the
      stored program ends, a stored program that causes lots of handler
      activations can start using lots of memory. In 5.1 and earlier the
      problem did not exist as no MESSAGE_TEXT was allocated if a condition
      was raised with a handler present. However, this behavior lead to
      a number of other issues such as Bug#23032.
      
      This patch fixes the problem by allocating enough memory for the
      necessary MESSAGE_TEXTs in the SP MEM_ROOT when the SP starts and
      then re-using this memory each time a handler is activated.
            
      This is the 5.5 version of the patch.
      bfba296d
  4. 03 Oct, 2012 2 commits
    • Tor Didriksen's avatar
      Bug#13713525 CREATE_INITIAL_DB.CMAKE IS FAILING ON WINDOWS, STILL "DEVENV" RETURNS 0 · 30d35590
      Tor Didriksen authored
      This bug depends on cmake version.
      
      For cmake 2.6 (which is still in use for some pushbuild trees)
      the main build would succeed, even if create_initial_db failed.
      
      The problem was the chaining of commands in the CUSTOM_COMMAND
      to produce 'initdb.dep'. It first invokes cmake to run mysqld,
      then invokes 'touch' to create the file. Moving the 'touch'
      command makes the error propagate properly for both cmake 2.6 and 2.8
      
      30d35590
    • Jon Olav Hauglid's avatar
      Bug#14495351: CRASH IN HA_PARTITION::HANDLE_UNORDERED_NEXT · 2943c813
      Jon Olav Hauglid authored
      Follow-up patch - Fix broken build:
      error: format ‘%u’ expects argument of type ‘unsigned int’,
      but argument 2 has type ‘key_part_map {aka long unsigned int}’
      [-Werror=format]
      2943c813
  5. 01 Oct, 2012 2 commits
  6. 28 Sep, 2012 1 commit
    • Annamalai Gurusami's avatar
      Bug #13249921 ASSERT !BPAGE->FILE_PAGE_WAS_FREED, USUALLY IN · b59a64e2
      Annamalai Gurusami authored
      TRANSACTION ROLLBACK
      
      Description:  During the rollback operation, a blob page 
      is removed earlier than desired.  Consider following scenario:
      
      1. create table t1(a int primary key,b blob) engine=innodb;
      2. insert into t1 values (1,repeat('b',9000));
      3. begin;
      4. update t1 set b=concat(b,'b');
      5. update t1 set a=a+1;
      6. insert into t1 values (1,repeat('b',9000));
      7. rollback;
      
      The update operation in line 5 produces 2 undo log record. The first
      undo record (TRX_UNDO_DEL_MARK_REC) goes to trx->update_undo and the
      second undo record (TRX_UNDO_INSERT_REC) goes to trx->insert_undo.
      During rollback, they are executed out of order.
      
      When the undo record TRX_UNDO_DEL_MARK_REC is applied/executed,
      the blob ownership is also reset.  Because of this the blob page
      is released earlier than desired.  This blob page must have been
      freed only as part of applying/executing the undo record
      TRX_UNDO_INSERT_REC.
      
      This problem can be avoided by executing the undo records in
      order.  This patch will make innodb to execute the undo records
      in order.
      
      rb://1125 approved by Marko.
      b59a64e2
  7. 26 Sep, 2012 2 commits
    • unknown's avatar
      No commit message · faca6ed8
      unknown authored
      No commit message
      faca6ed8
    • Akhila Maddukuri's avatar
      Description: · 422e6b52
      Akhila Maddukuri authored
      ```--------
      After compiling from source, during make test I got the following error:
      
      test main.loaddata failed with error
      CURRENT_TEST: main.loaddata
      mysqltest: At line 592: query 'LOAD DATA INFILE 'tmpp.txt' INTO TABLE t1
      CHARACTER SET ucs2
      (@b) SET a=REVERSE(@b)' failed: 1115: Unknown character set: 'ucs2'
      
      I noticed other tests are skipped because of no ucs2
      main.mix2_myisam_ucs2                    [ skipped ]  Test requires:'
      have_ucs2'
      
      Should main.loaddata be skipped if there is no ucs2
      
      How To Repeat:
      ```
      
      ----------
      Run make test on compiled source that doesn't have ucs2
      
      Suggested fix:
      -------------
      the failing piece of the test should be moved from mysql-test/t/loaddata.test to
      mysql-test/t/ctype_ucs.test.
      422e6b52
  8. 25 Sep, 2012 5 commits
    • Tor Didriksen's avatar
      Backport · b079b388
      Tor Didriksen authored
      Bug #11764313 57135: CRASH IN ITEM_FUNC_CASE::FIND_ITEM WITH CASE WHEN
      Bug #11764818 57692: Crash in item_func_in::val_int() with ZEROFILL
      b079b388
    • unknown's avatar
      No commit message · 66c7b315
      unknown authored
      No commit message
      66c7b315
    • unknown's avatar
      No commit message · bb11c81b
      unknown authored
      No commit message
      bb11c81b
    • Jon Olav Hauglid's avatar
      Bug#14621627 THREAD CACHE IS UNFAIR · 58de1660
      Jon Olav Hauglid authored
      When a client connects to a MySQL server, first a THD object is created.
      If there are any idle server threads waiting, the THD object is then added
      to a list and a server thread is woken up. This thread then retrieves the 
      THD object from the list and starts executing.
      
      The problem was that this list of THD objects waiting for a server thread,
      was not working in a FIFO fashion, but rather LIFO. This is unfair, as it means
      that the last THD added (=last client connected) will be assigned a  server 
      thread first.
      
      Note however that for this to be a problem, several clients must be able
      to connect and have THD objects constructed before any server threads
      manages to be woken up. This is not a very likely scenario.
      
      This patch fixes the problem by changing the THD list to work FIFO
      rather than LIFO.
      
      This is the 5.1/5.5 version of the patch.
      58de1660
    • Raghav Kapoor's avatar
      BUG#13864642: DROP/CREATE USER BEHAVING ODDLY · 815aad69
      Raghav Kapoor authored
      BACKGROUND:
      In certain situations DROP USER fails to remove all privileges
      belonging to user being dropped from in-memory structures.
      Current workaround is to do DROP USER twice in scenario below
      OR doing FLUSH PRIVILEGES after doing DROP USER.
      
      ANALYSIS:
      In MySQL, When we grant some stored routines privileges to a
      user they are stored in their respective hash.
      When doing DROP USER all the stored routine privilege entries
      associated with that user has to be deleted from its respective 
      hash.
      The root cause for this bug is some entries from the hash
      are not getting deleted. 
      The problem is that code that deletes entries from the hash tries
      to do so while iterating over it, without taking enough measures
      to address the fact that such deletion can reshuffle elements in 
      the hash. If the user/administrator creates the same user again 
      he is thrown an  error 'Error 1396 ER_CANNOT_USER' from MySQL.
      This prompts the user to either do FLUSH PRIVILEGES or do DROP USER 
      again. This behaviour is not desirable as it is a workaround and
      does not solves the problem mentioned above.
      
      FIX:
      This bug is fixed by introducing a dynamic array to store the 
      pointersto all stored routine privilege objects that either have
      to be deleted or updated. This is done in 3 steps.
      Step 1: Fetching the element from the hash and checking whether 
      it is to be deleted or updated.
      Step 2: Storing the pointer to that privilege object in dynamic array.
      Step 3: Traversing the dynamic array to perform the appropriate action 
      either delete or update.
      This is a much cleaner way to delete or update the privilege entries 
      associated with some user and solves the problem mentioned above.
      Also the code has been refactored a bit by introducing an enum
      instead of hard coded numbers used for respective dynamic arrays 
      and hashes in handle_grant_struct() function.
      815aad69
  9. 23 Sep, 2012 1 commit
  10. 22 Sep, 2012 1 commit
    • Rohit Kalhans's avatar
      BUG#14548159: NUMEROUS CASES OF INCORRECT IDENTIFIER · 5530c5e3
      Rohit Kalhans authored
      QUOTING IN REPLICATION 
      
      Problem: Misquoting or unquoted identifiers may lead to
      incorrect statements to be logged to the binary log.
      
      Fix: we use specialized functions to append quoted identifiers in
      the statements generated by the server.
      5530c5e3
  11. 21 Sep, 2012 1 commit
    • Nirbhay Choubey's avatar
      Bug#14645196 MYSQL CLIENT'S USE COMMAND FAILS · f820334b
      Nirbhay Choubey authored
      WHEN DBNAME CONTAINS MULTIPLE QUOTES
      
      MySQL client's USE command might fail if the
      database name contains multiple quotes (backticks).
      
      The reason behind the failure being the method
      that client uses to remove/escape the quotes
      while parsing the USE command's option (dbname),
      where the option parsing might terminate if a
      matching quote is found.
      
      Also, C-APIs like mysql_select_db() expect a
      normalized dbname. Now, in certain cases, client
      might fail to normalize dbname similar to that of
      server and hence mysql_select_db() would fail.
      
      Fixed by getting the normalized dbname (indirectly)
      from the server by directly sending the "USE dbanme"
      as query to the server followed by a "SELECT DATABASE()".
      The above steps are only performed if number of quotes
      in the dbname is greater than 2. Once the normalized
      dbname is received, the original db is restored.
      f820334b
  12. 20 Sep, 2012 1 commit
  13. 19 Sep, 2012 1 commit
    • Marko Mäkelä's avatar
      Bug#14636528 INNODB CHANGE BUFFERING IS NOT ENTIRELY CRASH-SAFE · 6bbe24e9
      Marko Mäkelä authored
      Delete-mark change buffer records when resorting to a pessimistic
      delete from the change buffer B-tree. Skip delete-marked records in
      the change buffer merge and when estimating whether an operation can
      be buffered. Without this fix, we could try to apply the same buffered
      changes multiple times if the server was killed at the right moment.
      
      In MySQL 5.5 and later: ibuf_get_volume_buffered_count_func(): Ignore
      delete-marked (already processed) records.
      
      ibuf_delete_rec(): Add a crash point before optimistic delete. If the
      optimistic delete fails, flag the record processed before
      mtr_commit().
      
      ibuf_merge_or_delete_for_page(): Ignore delete-marked (already
      processed) records.
      
      Backport to 5.1: Rename btr_cur_del_unmark_for_ibuf() to
      btr_cur_set_deleted_flag_for_ibuf() and add a parameter.
      
      rb:1307 approved by Jimmy Yang
      6bbe24e9
  14. 17 Sep, 2012 4 commits
    • Marko Mäkelä's avatar
      Merge mysql-5.1 to working copy. · a5f36f4c
      Marko Mäkelä authored
      a5f36f4c
    • Harin Vadodaria's avatar
      Bug#11753779: MAX_CONNECT_ERRORS WORKS ONLY WHEN 1ST · 9d007e07
      Harin Vadodaria authored
                    INC_HOST_ERRORS() IS CALLED.
      
      Issue       : Sequence of calling inc_host_errors()
                    and reset_host_errors() required some
                    changes in order to maintain correct
                    connection error count.
      
      Solution    : Call to reset_host_errors() is shifted
                    to a location after which no calls to
                    inc_host_errors() are made.
      9d007e07
    • Marko Mäkelä's avatar
      Bug#12701488 ASSERT PAGE_ZIP_VALIDATE, UNIV_ZIP_DEBUG · 300f3fb7
      Marko Mäkelä authored
      page_zip_validate(), page_zip_validate_low(): Add a parameter for the
      B-tree index.
      
      page_zip_validate_low(): If the page contents does not match, check
      that the record link chains match. Furthermore, if dict_index_t is
      passed, check that the records match. (This reduces coverage a bit: if
      index=NULL, we will ignore differences in record contents, that is,
      the page payload.)
      
      rb:1264 approved by Inaam Rana
      300f3fb7
    • Sujatha Sivakumar's avatar
      Bug#11750014:ASSERTION TRX_DATA->EMPTY() IN BINLOG_CLOSE_CONNECTION · 5cbdb908
      Sujatha Sivakumar authored
      Problem:
      =======
      
      trx_data->empty() assert happens at `binlog_close_connection'
      
      Analysis:
      ========
      
      trx_data->empty() function checks for no pending events
      and the transaction cache to be empty.This function returns
      "true" if no pending events are present and cache is empty.
      Otherwise it returns false. `binlog_close_connection' call
      expects the above function to return true. But if the
      return value is false then assert is raised.
      
      This bug was reproducible in a diskfull scenario. In this
      disk full scenario try to do an insert operation so that
      a new pending event is created and flushing this pending
      event fails. Due to this failure the server goes down
      and invokes `binlog_close_connection' for clean closure.
      Since the pending event still remains the assert is caused.
      This assert is caused only in non transactional databases.
      
      
      Fix:
      ===
      
      In a disk full scenario when the insertion fails the
      transaction is rolled back and `binlog_end_trans`
      is called to flush the pending events. But flush operation
      fails as the disk is full and the function simply returns
      `1' without taking any action to delete the pending event.
      
      This leaves the event to remain till the closure of
      connection.  `delete pending' statement has been added to 
      do the required clean up action.
      
      sql/log.cc:
        Added "delete pending" statement to clean pending event
      5cbdb908
  15. 12 Sep, 2012 2 commits
  16. 11 Sep, 2012 1 commit
  17. 10 Sep, 2012 3 commits
    • Andrei Elkin's avatar
      merge bug14597605 to the main repo. · 8a048ecb
      Andrei Elkin authored
      8a048ecb
    • Andrei Elkin's avatar
      Bug#14597605 Issue with Null-value user on slave · 0678a68b
      Andrei Elkin authored
      An "orthographic" typo in User_var::set_deferred() was made in fixes for
      bug@14275000. While editing the signature of the initial patch to remove
      the only argument, the assigned value of the argument remained in the body ... 
      to be successfully compiled (!) thanks to names coincidence:
      the arg to User_var method and its member.
      
      Fixed with correcting the typo.
      0678a68b
    • Mattias Jonsson's avatar
      Bug#14495351: CRASH IN HA_PARTITION::HANDLE_UNORDERED_NEXT · 8ce6582c
      Mattias Jonsson authored
      The partitioning engine does not implement index_next for partitions
      which return HA_ERR_KEY_NOT_FOUND in index_read_map.
      
      If HA_ERR_KEY_NOT_FOUND was returned by a partition during
      index_read_map, that partition would not be included in following
      calls to index_next. If no partition returned a row in index_read_map,
      then the subsequent call to index_next would try to use a non existing
      handler (index out of bound).
      Even after fixing the index out of bound if at least one partition
      returned.
      
      So it is really two connected bugs
      1) crash due to index out of bound (-1 unsigned).
      2) not including partitions that returned HA_ERR_KEY_NOT_FOUND.
      
      Fixed by recording the partitions that returned HA_ERR_KEY_NOT_FOUND,
      and include them too when doing handle_ordered_next the first time.
      8ce6582c
  18. 02 Oct, 2012 1 commit
  19. 01 Oct, 2012 3 commits
  20. 28 Sep, 2012 1 commit
  21. 27 Sep, 2012 1 commit