1. 22 Mar, 2018 13 commits
  2. 21 Mar, 2018 5 commits
  3. 20 Mar, 2018 17 commits
  4. 19 Mar, 2018 5 commits
    • Jacob Mathew's avatar
      MDEV-10991: Server crashes in spider_udf_direct_sql_create_conn - tests in... · 7cf2428d
      Jacob Mathew authored
      MDEV-10991: Server crashes in spider_udf_direct_sql_create_conn - tests in spider/oracle* suites crash the server
      
      The crash occurs due to code that is #ifdef'd out with HAVE_ORACLE_OCI that
      pertains to the use of Spider with an Oracle data tier. Enabling this code
      eliminates the crash.
      
      The reason that MariaDB needs to support Oracle storage at the data tier is
      to help customers migrate from Oracle. It is necessary to build Spider with
      the additional build flag -DHAVE_ORACLE_OCI, and install and start Oracle
      before running the Oracle test suite or any tests within it. Nevertheless,
      if Spider is built normally and Oracle has not been started, these tests
      should not cause the MariaDB server to crash. The bug fix replaces the
      crash with the following error:
        ERROR 12501 (HY000) at line 4: The connect info 'ORACLE' is invalid
      
      Author:
        Jacob Mathew.
      
      Reviewer:
        Kentoku Shiba.
      7cf2428d
    • Vicențiu Ciorbaru's avatar
      Merge branch '10.0-galera' into 10.1 · 24b35316
      Vicențiu Ciorbaru authored
      24b35316
    • Eugene Kosov's avatar
      MDEV-15030 Add ASAN instrumentation · 75c76dbb
      Eugene Kosov authored
      Learn both valgrind and asan to catch this bug:
      
        mem_heap_t* heap = mem_heap_create(1024);
        byte* p = reinterpret_cast<byte*>(heap) + sizeof(mem_heap_t);
        *p = 123;
      
      Overflows of the last allocation in a block will be catched too.
      
      mem_heap_create_block(): poison newly allocated memory
      75c76dbb
    • Alexander Barkov's avatar
      MDEV-15005 ASAN: stack-buffer-overflow in my_strnncollsp_simple · f538a648
      Alexander Barkov authored
      cmp_item_sort_string::store_value() did not cache the string returned
      from item->val_str(), whose result can point to various private members
      such as Item_char_typecast::tmp_value.
      
      - cmp_item_sort_string::store_value() remembered the pointer returned
        from item->val_str() poiting to tmp_value into cmp_item_string::value_res.
      - Later, cmp_item_real::store_value() was called, which called
        Item_str_func::val_real(), which called Item_char_typecast::val_str(&tmp)
        using a local stack variable "String tmp". Item_char_typecast::tmp_value
        was overwritten and become a link to "tmp":
        tmp_value.Ptr freed its own buffer and set to point to the buffer
        owned by "tmp".
      - On return from Item_str_func::val_real(), "String tmp" was destructed,
        but "tmp_value" still pointed to the buffer owned by "tmp",
        So tmp_value.Ptr became invalid.
      - Then cmp_item_sort_string() passed cmp_item_string::value_res to sortcmp().
        At this point, value_res still pointed to an invalid value of
        Item_char_typecast::tmp_value.
      
      Fix:
      changing cmp_item_sort_string::store_value() to force copying
      to cmp_item_string::value if item->val_str(&value) returned
      a different pointer (instead of &value).
      f538a648
    • Jan Lindström's avatar
      MDEV-13549: Galera test failures · 31e2ab51
      Jan Lindström authored
      Fix test failure on galera_flush_local.
      31e2ab51