1. 17 Oct, 2013 2 commits
    • Luis Soares's avatar
      BUG#17460821: ASSERTION ERROR WHEN STOPPING SLAVE AFTER SEMI-SYNC ON MASTER IS DISABLED · 62e39c39
      Luis Soares authored
      The assertion happens when: (i) the master and slave are configured to
      use the semisync plugin; (ii) the DBA disables semisync on the master;
      (iii) and he also unsets the option to wait for slaves ACK even if the
      semisync slave count reaches 0 during the waiting period. This
      combination of factors makes the server run into an assertion as soon
      as the last semisync slave disconnects and its dump thread exits.
        
      The root of the problem is the fact that when the dump thread
      disconnects and calls the observer hook transmit_stop, which ends up
      calling ReplSemiSyncMaster::remove_slave, there is no check whether
      the master has already disabled semisync or not. If it has, the then a
      second call to the switch_off member function must be avoided.
        
      The quick fix is to avoid calling switch_off if the DBA has disabled
      the semisync plugin interactively on the master. Also, the switch_off
      member function should only be called if the plugin has not been
      switched off already. This is basically the pattern throughout the
      rest of the semisync plugin and no other calls seem vulnerable to
      similar crashes/assertions.
      
      (This a backport of the patch to 5.5, which is also vulnerable.)
      62e39c39
    • Luis Soares's avatar
      BUG#17508351 · 92222add
      Luis Soares authored
      Merging mysql-5.5 bug branch into latest mysql-5.5.
      92222add
  2. 16 Oct, 2013 6 commits
    • Venkatesh Duggirala's avatar
      Bug#17234370 LAST_INSERT_ID IS REPLICATED INCORRECTLY IF · 4c78a6db
      Venkatesh Duggirala authored
      REPLICATION FILTERS ARE USED.
      Merging fix from mysql-5.1
      4c78a6db
    • Venkatesh Duggirala's avatar
      Bug#17234370 LAST_INSERT_ID IS REPLICATED INCORRECTLY IF · 29e45f15
      Venkatesh Duggirala authored
      REPLICATION FILTERS ARE USED.
      
      Problem:
      When Filtered-slave applies Int_var_log_event and when it
      tries to write the event to its own binlog, LAST_INSERT_ID
      value is written wrongly.
      
      Analysis:
      THD::stmt_depends_on_first_successful_insert_id_in_prev_stmt
      is a variable which is set when LAST_INSERT_ID() is used by
      a statement. If it is set, first_successful_insert_id_in_
      prev_stmt_for_binlog will be stored in the statement-based
      binlog. This variable is CUMULATIVE along the execution of
      a stored function or trigger: if one substatement sets it
      to 1 it will stay 1 until the function/trigger ends,
      thus making sure that first_successful_insert_id_in_
      prev_stmt_for_binlog does not change anymore and is
      propagated to the caller for binlogging. This is achieved
      using the following code
      if(!stmt_depends_on_first_successful_insert_id_in_prev_stmt)               
      {                                                                           
        /* It's the first time we read it */                                      
        first_successful_insert_id_in_prev_stmt_for_binlog=                       
        first_successful_insert_id_in_prev_stmt;                                
        stmt_depends_on_first_successful_insert_id_in_prev_stmt= 1;               
      }
      
      Slave server, after receiving Int_var_log_event event from
      master, it is setting
      stmt_depends_on_first_successful_insert_id_in_prev_stmt
      to true(*which is wrong*) and not setting
      first_successful_insert_id_in_prev_stmt_for_binlog. Because
      of this problem, when the actual DML statement with
      LAST_INSERT_ID() is parsed by slave SQL thread,
      first_successful_insert_id_in_prev_stmt_for_binlog is not
      set. Hence the value zero (default value) is written to
      slave's binlog.
      
      Why only *Filtered slave* is effected when the code is
      in common place:
      -------------------------------------------------------
      In Query_log_event::do_apply_event,
      THD::stmt_depends_on_first_successful_insert_id_in_prev_stmt
      is reset to zero at the end of the function. In case of
      normal slave (No Filters), this variable will be reset. 
      In Filtered slave, Slave SQL thread defers all IRU events's
      execution until IRU's Query_log event is received. Once it
      receives Query_log_event it executes all pending IRU events
      and then it executes Query_log_event. Hence the variable is
      not getting reset to 0, causing this bug.
      
      Fix: As described above, the root cause was setting 
      THD::stmt_depends_on_first_successful_insert_id_in_prev_stmt
      when Int_var_log_event was executed by a SQL thread. Hence
      removing the problematic line from the code.
      29e45f15
    • Venkata Sidagam's avatar
      Bug#16900358 FIX FOR CVE-2012-5611 IS INCOMPLETE · f8e27655
      Venkata Sidagam authored
      Merging from mysql-5.1 to mysql-5.5
      f8e27655
    • Venkata Sidagam's avatar
      Bug#16900358 FIX FOR CVE-2012-5611 IS INCOMPLETE · 9fc51224
      Venkata Sidagam authored
      Description: Fix for bug CVE-2012-5611 (bug 67685) is 
      incomplete. The ACL_KEY_LENGTH-sized buffers in acl_get() and 
      check_grant_db() can be overflown by up to two bytes. That's 
      probably not enough to do anything more serious than crashing 
      mysqld.
      Analysis: In acl_get() when "copy_length" is calculated it 
      just adding the variable lengths. But when we are using them 
      with strmov() we are adding +1 to each. This will lead to a 
      three byte buffer overflow (i.e two +1's at strmov() and one 
      byte for the null added by strmov() function). Similarly it 
      happens for check_grant_db() function as well.
      Fix: We need to add "+2" to "copy_length" in acl_get() 
      and "+1" to "copy_length" in check_grant_db(). 
      9fc51224
    • Sujatha Sivakumar's avatar
      Bug#17429677:LAST ARGUMENT OF LOAD DATA ...SET ...STATEMENT · bdb62daa
      Sujatha Sivakumar authored
      REPEATED TWICE IN BINLOG
      
      Problem:
      =======
      If LOAD DATA ... SET ... is used the last argument of SET is
      repeated twice in replication binlog.
      
      Analysis:
      ========
      LOAD DATA statements are reconstructed once again before
      they are written to the binary log. When SET clauses are
      specified as part of LOAD DATA statement, these SET clause
      user command strings need to be stored in order to rebuild
      the original user command. During parsing each column and
      the value in the SET command are stored in two differenet
      lists. All the values are stored in a string list.
      
      When SET expression has more than one value as shown in the
      following example:
      SET a = @A, b = CONCAT(@b, '| 123456789');
      
      Parser extracts values in the following manner i.e Item name
      , value string, actual length of the value of the item with
      in the string.
      
      Item a:
      Value for a:"= @A, b = CONCAT(@b, '| 123456789')
      str_length = 4
      Item b:
      Value for b:"= CONCAT(@b, '| 123456789')
      str_length = 27
      
      During reconstructing the LOAD DATA command the above
      strings are retrived as it is and appended to the LOAD DATA
      statement. Hence it becomes as shown below.
      
      SET `a`= @A, b = CONCAT(@b, '| 123456789'),
      `b`= CONCAT(@b, '| 123456789')
      
      Fix:
      ===
      During reconstruction of SET command, retrieve exact item
      value string rather than reading the entire string.
      bdb62daa
    • Sreedhar.S's avatar
  3. 14 Oct, 2013 2 commits
    • Nuno Carvalho's avatar
      WL#7266: Dump-thread additional concurrency tests · af8a8ca6
      Nuno Carvalho authored
      Merge from mysql-5.1 into mysql-5.5.
      af8a8ca6
    • Nuno Carvalho's avatar
      WL#7266: Dump-thread additional concurrency tests ... · 3f587452
      Nuno Carvalho authored
      WL#7266: Dump-thread additional concurrency tests                                                                                                                           
      
      This worklog aims at testing the two following scenarios:
      
      1) Whenever the mysql_binlog_send method (dump thread)
      reaches the end of file when reading events from the binlog, before
      checking if it should wait for more events, there was a test to
      check if the file being read was still active, i.e, it was the last
      known binlog. However, it was possible that something was written to
      the binary log and then a rotation would happen, after EOF was
      detected and before the check for active was performed. In this
      case, the end of the binary log would not be read by the dump
      thread, and this would cause the slave to lose updates.
      This test verifies that the problem has been fixed. It waits during
      this window while forcing a rotation in the binlog.
      
      2) Verify dump thread can send events in active file, correctly after
      encountering an IO error.
      3f587452
  4. 09 Oct, 2013 4 commits
  5. 08 Oct, 2013 1 commit
  6. 07 Oct, 2013 8 commits
  7. 06 Oct, 2013 1 commit
  8. 05 Oct, 2013 1 commit
    • Praveenkumar Hulakund's avatar
      Bug#11745656 - KILL THREAD -> ERROR: "SERVER SHUTDOWN IN PROGRESS" · fa833a09
      Praveenkumar Hulakund authored
      Description:
      ------------
      There are 2 issues reported in the bug report,
      
      1. One session running a "long" select, then, from the other
      session, you kill that first one, while select is
      running, and it receives that message "Server shutdown in
      progress".
      Reported Date: 02-Apr-2006
      
      => Looks like this isuse is already fixed in 2009 by the patch
         pushed for bug28141. 
      
      2. Killing query which goes to filesort, logs error entries like:
      
      120416  9:17:28 [ERROR] mysqld: Sort aborted: Server shutdown in
                                                    progress 
      120416  9:18:48 [ERROR] mysqld: Sort aborted: Server shutdown in
                                                    progress 
      120416  9:19:39 [ERROR] mysqld: Sort aborted: Server shutdown in
                                                    progress 
      Reported Date: 16-Apr-2012                                              
      
      => This issue is introduced in 5.5+ versions. Fixing this issue
         in this patch.
      
      
      Analysis:
      ---------
      In function "filesort()", on error we are logging error message.
      To the error message, the message related THD::killed_errno is
      also appeneded, if it is set.(THD::kill_errno value is obtained
      by calling member function THD::killed_errno)
      
      In the scenario mentioned in this bug report, when we kill the
      connection, THD::kill_errno is set to the THD::KILL_CONNECTION.
      Enum type THD::KILL_CONNECTION corressponds to value 
      ER_SERVER_SHUTDOWN. Because of this, "Server shutdown in ...." is
      appended to the message logged.
      
      Fix:
      ----
      Modified code of "filesort()" function to append "KILL_QUERY"
      status to error message when thread is killed and server
      shutdown is not in progress.
      fa833a09
  9. 04 Oct, 2013 1 commit
  10. 01 Oct, 2013 2 commits
    • mysql-builder@oracle.com's avatar
      No commit message · a1c6ddc8
      mysql-builder@oracle.com authored
      No commit message
      a1c6ddc8
    • Mattias Jonsson's avatar
      Bug#14621190: HA_INNOBASE::INDEX_NEXT SKIPS A RECORD IF PREVIOUS · 261268d8
      Mattias Jonsson authored
      INDEX_READ_MAP HAD NO MATCH
      
      If index_read_map is called for exact search and no matching records
      exists it will position the cursor on the next record, but still having the
      relative position to BTR_PCUR_ON.
      This will make a call for index_next to read yet another next record,
      instead of returning the record the cursor points to.
      
      Fixed by setting pcur->rel_pos = BTR_PCUR_BEFORE if an exact
      [prefix] search is done, but failed.
      
      Also avoids optimistic restoration if rel_pos != BTR_PCUR_ON,
      since btr_cur may be different than old_rec.
      
      rb#3324, approved by Marko and Jimmy
      261268d8
  11. 30 Sep, 2013 5 commits
  12. 27 Sep, 2013 2 commits
    • Satya Bodapati's avatar
      Merge fix for BUG#17446090 from mysql-5.1 to mysql-5.5 · 57df886c
      Satya Bodapati authored
      The testcase for this bug fails randomly due to two reasons.
      1. Due to ibuf merge happening background
      2. Due to dict stats update which brings the evicted page back into
         buffer pool.
      
      Fix ibuf_contract_ext() to not do any merges with ibuf_debug enabled and
      also changed dict_stats_update() to return fake statistics without
      bringing the secondary index pages into buffer pool.
      
      Approved by Marko. rb#3419
      57df886c
    • mysql-builder@oracle.com's avatar
      No commit message · 84484d29
      mysql-builder@oracle.com authored
      No commit message
      84484d29
  13. 26 Sep, 2013 1 commit
    • Shivji Kumar Jha's avatar
      BUG#16580366- MTR TESTS FAILING SPORADICALLY ON PB2 (5.5, 5.6 AND 5.7) · 2ccb5370
      Shivji Kumar Jha authored
                    DURING INNODB RECOVERY
      
      Problem:
      =======
      The connection 'master' is dropped by mysqltest after
      rpl_end.inc. At this point, dropping temporary tables
      at the connection 'master' are not synced at slave.
      So, the temporary tables replicated from master remain
      on slave leading to an inconsistent close of the test.
      The following test thus complains about the presence of
      temporary table(s) left over from the previous test.
      
      Fix:
      ===
      - Put explicit drop commands in replication tests so
        that the temporary tables are dropped at slave as well.
      - Added the check for Slave_open_temp_tables in
        mtr_check.sql to warn about the remaining temporary
        table, if any, at the close of a test.
      2ccb5370
  14. 23 Sep, 2013 1 commit
    • Sujatha Sivakumar's avatar
      Bug#17327454:SEMI-SYNC REPLICATION MASTER CRASH WHEN SET · 5a5024a6
      Sujatha Sivakumar authored
      RPL_SEMI_SYNC_MASTER_ENABLED OFF.
      
      Problem:
      =======
      If master is waiting for a reply from slave, at this time
      set global rpl_semi_sync_master_enabled=OFF, the master
      server will crash.
      
      Analysis:
      ========
      When master is waiting for a reply from slave, at this time
      if semi sync is switched off on master, during switch off if
      active transactions are present the transactions will be
      cleared and "active_tranxs_" variable will be set to NULL.
      
      When the waiting master connection finds that semi sync is
      switched of it tries to access "active_tranxs_" without
      checking if the transaction list exists or not. Accessing
      NULL transaction list causes the crash.
      
      Fix:
      ===
      A check has been added to see a valid list exists before
      accessing the "active_tranxs_".
      5a5024a6
  15. 20 Sep, 2013 3 commits