- 14 Jan, 2020 1 commit
-
-
Sergei Petrunia authored
(Variant #2 of the patch, which keeps the sp_head object inside the MEM_ROOT that sp_head object owns) (10.3 requires extra work due to sp_package, will commit a separate patch for it) sp_head::operator new() and operator delete() were dereferencing sp_head* pointers to memory that didn't hold a valid sp_head object (it was not created/already destroyed). This caused UBSan to crash when looking up type information. Fixed by providing static sp_head::create() and sp_head::destroy() methods.
-
- 07 Jan, 2020 10 commits
-
-
Sujatha authored
Problem: ======== SHOW BINLOG EVENTS FROM <pos> reports following ASAN error. AddressSanitizer: heap-buffer-overflow on address READ of size 1 at 0x60e00009cf71 thread T28 #0 0x55e37e034ae2 in net_field_length Fix: === **Part10: Avoid reading out of buffer**
-
Sujatha authored
Problem: ======== SHOW BINLOG EVENTS FROM <pos> reports following assert when ASAN is enabled. Query_log_event::Query_log_event(const char*, uint, const Format_description_log_event*, Log_event_type): Assertion `(pos) + (6) <= (end)' failed Fix: === **Part9: Removed additional DBUG_ASSERT**
-
Sujatha authored
Problem: ======== SHOW BINLOG EVENTS FROM <pos> reports following ASAN error AddressSanitizer: SEGV on unknown address The signal is caused by a READ memory access. User_var_log_event::User_var_log_event(char const*, unsigned int, Format_description_log_event const*) Implemented part of upstream patch. commit: mysql/mysql-server@a3a497ccf7ecacc900551fb1e47ea4078b45c351 Fix: === **Part8: added checks to avoid reading out of buffer limits**
-
Sujatha authored
Problem: ======== SHOW BINLOG EVENTS FROM <pos> reports following ASAN error "heap-buffer-overflow on address" and some times it asserts. Table_map_log_event::Table_map_log_event(const char*, uint, const Format_description_log_event*) Assertion `m_field_metadata_size <= (m_colcnt * 2)' failed. Fix: === **Part7: Avoid reading out of buffer** Converted debug assert to error handler code.
-
Sujatha authored
Problem: ======== SHOW BINLOG EVENTS FROM <pos> reports following ASAN error AddressSanitizer: heap-buffer-overflow on address 0x60400002acb8 Load_log_event::copy_log_event(char const*, unsigned long, int, Format_description_log_event const*) Fix: === **Part6: Moved the event_len validation to the begin of copy_log_event function**
-
Sujatha authored
Problem: ======== SHOW BINLOG EVENTS FROM <pos> reports following ASAN error AddressSanitizer: heap-buffer-overflow on address String::append(char const*, unsigned int) Query_log_event::pack_info(Protocol*) Fix: === **Part5: Added check to catch buffer overflow**
-
Sujatha authored
Problem: ======== SHOW BINLOG EVENTS FROM <pos> reports following ASAN error heap-buffer-overflow within "my_strndup" in Rotate_log_event my_strndup /mysys/my_malloc.c:254 Rotate_log_event::Rotate_log_event(char const*, unsigned int, Format_description_log_event const*) Fix: === **Part4: Improved the check for event_len validation**
-
Sujatha authored
Problem: ======== SHOW BINLOG EVENTS FROM <pos> reports following crash when ASAN is enabled. SEGV on unknown address in inline_mysql_mutex_destroy in my_bitmap_free in Update_rows_log_event::~Update_rows_log_event() Fix: === **Part3: Initialize m_cols_ai.bitmap to NULL**
-
Sujatha authored
Problem: ======== SHOW BINLOG EVENTS FROM <pos> reports following assert when ASAN is enabled. Rows_log_event::Rows_log_event(const char*, uint, const Format_description_log_event*): Assertion `var_header_len >= 2' Implemented part of upstream patch. commit: mysql/mysql-server@a3a497ccf7ecacc900551fb1e47ea4078b45c351 Fix: === **Part2: Avoid reading out of buffer limits**
-
Sujatha authored
Problem: ======== SHOW BINLOG EVENTS FROM <pos> causes a variety of failures, some of which are listed below. It is not a race condition issue, but there is some non-determinism in it. Analysis: ======== "show binlog events from <pos>" code considers the user given position as a valid event start position. The code starts reading data from this event start position onwards and tries to map it to a set of known events. Each event has a specific event structure and asserts have been added to ensure that read event data satisfies the event specific requirements. When a random position is supplied to "show binlog events command" the event structure specific checks will fail and they result in assert. Fix: ==== The fix is split into different parts. Each part addresses either an ASAN issue or an assert/crash. **Part1: Checksum based position validation when checksum is enabled** Using checksum validate the very first event read at the user specified position. If there is a checksum mismatch report an appropriate error for the invalid event.
-
- 03 Jan, 2020 3 commits
-
-
Varun Gupta authored
-
Oleksandr Byelkin authored
-
Oleksandr Byelkin authored
Moved to the next problematic year (2038).
-
- 02 Jan, 2020 1 commit
-
-
Varun Gupta authored
For Item_direct_view_ref , get value from val_* methods instead of result* family The val_* methods gets value from the item on which it is referred.
-
- 26 Dec, 2019 1 commit
-
-
Varun Gupta authored
MDEV-19680:: Assertion `!table || (!table->read_set || bitmap_is_set(table->read_set, field_index) || (!(ptr >= table->record[0] && ptr < table->record[0] + table->s->reclength)))' or alike failed upon SELECT with mix of functions from simple view Set read_set bitmap for view from the JOIN::all_fields list instead of JOIN::fields_list as split_sum_func would have added items to the all_fields list.
-
- 23 Dec, 2019 1 commit
-
-
Sergei Golubchik authored
-
- 20 Dec, 2019 1 commit
-
-
Sergei Golubchik authored
in 10.1+ one should use MY_CHECK_AND_SET_COMPILER_FLAG("-Wno-address-of-packed-member") and it's already done in storage/tokudb/PerconaFT/CMakeLists.txt
-
- 19 Dec, 2019 1 commit
-
-
Alexander Barkov authored
Item_ref::val_(datetime|time)_packed() erroneously called (*ref)->val_(datetime|time)_packed(). - Fixing to call (*ref)->val_(datetime|time)_packed_result(). - Backporting Item::val_(datetime|time)_packed_result() from 10.3. - Fixing Item_field::get_date_result() to handle null_value in the same way how Item_field::get_date() does.
-
- 18 Dec, 2019 5 commits
-
-
Eugene Kosov authored
-
Eugene Kosov authored
do not fallback to malloc(), always return properly aligned buffer
-
Sergei Petrunia authored
One may not call memcpy(dst, src=NULL, size), even if size==0.
-
Sergei Petrunia authored
Remove Query_tables_list::lock_tables_state - it is not used and it causes errors like this: sql_lex.h:1675:7: runtime error: load of value 2779096485, which is not a valid value for type 'enum_lock_tables_state'
-
Sergei Petrunia authored
Fix wrong typecast
-
- 17 Dec, 2019 1 commit
-
-
Vladislav Vaintroub authored
Fixed the condition for waking up/creating another thread. If there is some work to do (if the request queue is not empty), a thread should be woken or created. The condition was incorrect since 18c9b345
-
- 16 Dec, 2019 2 commits
-
-
Alexander Barkov authored
-
Alexander Barkov authored
-
- 13 Dec, 2019 2 commits
-
-
Sergei Golubchik authored
crashes on Debian 10
-
Sergei Golubchik authored
-
- 11 Dec, 2019 2 commits
-
-
Vladislav Vaintroub authored
-
Vladislav Vaintroub authored
-
- 06 Dec, 2019 1 commit
-
-
Sujatha authored
Problem: ======= Test "binlog.binlog_parallel_replication_marks_row" fails sporadically due to result length mismatch. Analysis: ========= Test generates a binary log and it looks for certain words within the binary log file and prints them. For example word like "GTID,BEGIN,COMMIT ...". Binary log output contains base64 encoded characters. Occasionally the encoded characters match with the above words and results in test failure. +XwoFWxMBAAAALgAAAGEDAAAAAB8AAAAAAAEABHRlc3QAAnQxAAIDAwACFGTIDQ== +AAAAAAAAAAAEEwQADQgICAoKCgGTIDw9 Fix: === Improve the regular expression to match exact words.
-
- 05 Dec, 2019 4 commits
-
-
Eugene Kosov authored
Let MTR check for error existence after running a test and return it back to user. Error reporting itset might be much better, but first of all we need to see that something went wrong.
-
Jan Lindström authored
wsrep_on parameter can be visible even when wsrep_on is set OFF so we need to check variable_value from I_S also.
-
Axel Schwenke authored
-
Axel Schwenke authored
Set an explicit start and stop timeout of 900 seconds for the MariaDB Server systemd service
-
- 04 Dec, 2019 2 commits
-
-
Elena Stepanova authored
-
Axel Schwenke authored
Set an explicit start and stop timeout of 900 seconds for the MariaDB Server systemd service
-
- 03 Dec, 2019 2 commits
-
-
Vladislav Vaintroub authored
It is C++, not Java, the order of includes is often important.
-
Vladislav Vaintroub authored
It is C++, not Java, the order of includes is often important.
-