1. 08 May, 2013 1 commit
    • Jon Olav Hauglid's avatar
      Bug#16779374: NEW ERROR MESSAGE ADDED TO 5.5 AFTER 5.6 GA - REUSING · 7df0ee6c
      Jon Olav Hauglid authored
                    NUMBER ALREADY USED BY 5.6
      
      The problem was that the patch for Bug#13004581 added a new error
      message to 5.5. This causes it to use an error number already used
      in 5.6 by ER_CANNOT_LOAD_FROM_TABLE_V2. Which means that error
      message number stability between GA releases is broken.
      
      This patch fixes the problem by removing the error message and
      using ER_UNKNOWN_ERROR instead.
      7df0ee6c
  2. 07 May, 2013 5 commits
    • Chaithra Gopalareddy's avatar
      Merge from 5.1 to 5.5 · c334bc8c
      Chaithra Gopalareddy authored
      c334bc8c
    • Chaithra Gopalareddy's avatar
      Bug #16119355: PREPARED STATEMENT: READ OF FREED MEMORY WITH · 266dd9c0
      Chaithra Gopalareddy authored
                                 STRING CONVERSION FUNCTIONS
                  
      Problem:
      While executing the prepared statement, user variable is
      set to memory which would be freed at the end of
      execution.
      If the statement is executed again, valgrind throws
      error when accessing this pointer.
                  
      Analysis:
                  
      1. First time when Item_func_set_user_var::check is called,
      memory is allocated for "value" to store the result.
      (In the call to copy_if_not_alloced).
      2. While sending the result, Item_func_set_user_var::check
      is called again. But, this time, its called with
      "use_result_field" set to true. 
      As a result, we call result_field->val_str(&value).
      3. Here memory allocated for "value" gets freed. And "value"
      gets set to "result_field", with "str_length" being that of
      result_field's.
      4. In the call to JOIN::cleanup, result_field's memory gets
      freed as this is allocated in a chunk as part of the
      temporary table which is needed to execute the query.
      5. Next time, when execute of the same statement is called,
      "value" will be set to memory which is already freed.
      Valgrind error occurs as "str_length" is positive 
      (set at Step 3)
                  
      Note that user variables list is stored as part of the Lex object
      in set_var_list. Hence the persistance across executions.
            
      Solution:
      Patch for Bug#11764371 fixed in mysql-5.6+ fixes this problem 
      as well.So backporting the same.
            
      In the solution for Bug#11764371, we create another object of 
      user_var and repoint it to temp_table's field. As a result while 
      deleting the alloced buffer in Step 3, since the cloned object 
      does not own the buffer, deletion will not happen.
      So at step 5 when we execute the statement second time, the 
      original object will be used and since deletion did not happen 
      valgrind will not complain about dangling pointer.
      
      
      sql/item_func.h:
        Add constructors.
      sql/sql_select.cc:
        Change user variable assignment functions to read from fields after
        tables have been unlocked.
      266dd9c0
    • Sergey Glukhov's avatar
      5.1 -> 5.5 merge · 7e2c2bb9
      Sergey Glukhov authored
      7e2c2bb9
    • Sergey Glukhov's avatar
      Bug#16095534 CRASH: PREPARED STATEMENT CRASHES IN ITEM_BOOL_FUNC2::FIX_LENGTH_AND_DEC · 2ec9dcf6
      Sergey Glukhov authored
      The problem happened due to broken left expression in Item_in_optimizer object.
      In case of the bug left expression is runtime created Item_outer_ref item which
      is deleted at the end of the statement and one of Item_in_optimizer arguments
      becomes bad when re-executed. The fix is to use real_item() instead of original
      left expression. Note: It feels a bit weird that after preparing, the field is
      directly part of the generated Item_func_eq, whereas in execution it is replaced
      with an Item_outer_ref wrapper object.
      
      
      sql/item_subselect.cc:
        use left_expr->real_item() instead of original left expression
        because left_expr can be runtime created Ref item which is deleted
        at the end of the statement. Thus one of 'substitution' arguments
        can be broken in case of PS.
      2ec9dcf6
    • Sujatha Sivakumar's avatar
      Bug#16513588:"PREPARE_COMMIT_MUTEX" IS NOT FREED DURING · e246b4a5
      Sujatha Sivakumar authored
      TRANSACTION ROLLBACK
      
      Problem:
      =======
      "prepare_commit_mutex" is acquired during "innobase_xa_prepare"
      and it is freed only in "innobase_commit". After prepare,
      if the commit operation fails the transaction is rolled back
      but the mutex is not released.
      
      Analysis:
      ========
      During transaction commit process transaction is prepared and
      the "prepare_commit_mutex" is acquired to preserve the order
      of commit. After prepare write to binlog is initiated.
      
      File: sql/handler.cc
            if (error || (is_real_trans && xid &&
      ----->             (error= !(cookie= tc_log->log_xid(thd, xid)))))
            {
              ha_rollback_trans(thd, all);
      
      In the above code "tc_log->log_xid" operation fails.
      
      When the write to binlog fails the transaction is rolled back
      with out freeing the mutex. A subsequent "INSERT" operation
      tries to acquire the same mutex during its commit process
      and the server aborts.
      
      Fix:
      ===
      "prepare_commit_mutex" is freed during "innobase_rollback".
      
      storage/innobase/handler/ha_innodb.cc:
        Added code to free "prepare_commit_mutex"
      e246b4a5
  3. 06 May, 2013 6 commits
    • Annamalai Gurusami's avatar
      Merge from mysql-5.1 to mysql-5.5 · 1b26d591
      Annamalai Gurusami authored
      1b26d591
    • Jon Olav Hauglid's avatar
      Bug#16757869: INNODB: POSSIBLE REGRESSION IN 5.5.31, BUG#16004999 · 05ca7f08
      Jon Olav Hauglid authored
      The problem was that if UPDATE with subselect caused a
      deadlock inside InnoDB, this deadlock was not properly
      handled by the SQL layer. This meant that the SQL layer
      would try to unlock the row after InnoDB had rolled
      back the transaction. This caused an assertion inside
      InnoDB.
        
      This patch fixes the problem by checking for errors
      reported by SQL_SELECT::skip_record() and not calling
      unlock_row() if any errors have been reported.
      
      This bug is similar to Bug#13586591, but for UPDATE
      rather than DELETE. Similar issues in filesort/opt_range/
      sql_select will be investigated and handled in the scope
      of Bug#16767929
      05ca7f08
    • Annamalai Gurusami's avatar
      Bug #16722314 FOREIGN KEY ID MODIFIED DURING EXPORT · bf7325bb
      Annamalai Gurusami authored
      Bug #16754901 PARS_INFO_FREE NOT CALLED IN DICT_CREATE_ADD_FOREIGN_TO_DICTIONARY
      
      Problem:
      
      There are two situations here.  The constraint name is explicitly
      given by the user and the constraint name is automatically generated
      by InnoDB.  In the case of generated constraint name, it is formed by
      adding table name as prefix.  The table names are stored internally in
      my_charset_filename.  In the case of constraint name explicitly given
      by the user, it is stored in UTF8 format itself.  So, in some
      situations the constraint name is in utf8 and in some situations it is
      in my_charset_filename format.  Hence this problem.
      
      Solution:
      
      Always store the foreign key constraint name in UTF-8 even when
      automatically generated.
      
      Bug #16754901 PARS_INFO_FREE NOT CALLED IN DICT_CREATE_ADD_FOREIGN_TO_DICTIONARY
      
      Problem:
      
      There was a memory leak in the function dict_create_add_foreign_to_dictionary().
      The allocated pars_info_t object is not freed in the error code path.
      
      Solution:
      
      Allocate the pars_info_t object after the error checking.
      
      rb#2368 in review
      
      bf7325bb
    • Murthy Narkedimilli's avatar
      Empty version change upmerge · 8b6b6b2c
      Murthy Narkedimilli authored
      8b6b6b2c
    • unknown's avatar
      Raise version number after cloning 5.1.70 · 1a552530
      unknown authored
      1a552530
    • unknown's avatar
      Raise version number after cloning 5.5.32 · 36f35e62
      unknown authored
      36f35e62
  4. 03 May, 2013 1 commit
  5. 30 Apr, 2013 5 commits
    • unknown's avatar
      merge from mysql-5.1 · 714d9bc5
      unknown authored
      714d9bc5
    • unknown's avatar
      Bug#16405422 - RECOVERY FAILURE, ASSERT !RECV_NO_LOG_WRITE · 92989fde
      unknown authored
      eliminate a race condition over recv_sys->n_addrs which might result in a database corruption
      in recovery, without reporting a recovery error.
      
      recv_recover_page_func(): move the code segment that decrements recv_sys->n_addrs
        to the end of the function, after the call to mtr_commit()
      
      rb://2282 approved by Inaam
      92989fde
    • Neeraj Bisht's avatar
      BUG#16222245 - CRASH WITH EXPLAIN FOR A QUERY WITH LOOSE SCAN FOR · 697029d1
      Neeraj Bisht authored
      GROUP BY, MYISAM 
      
      Merge fix for Bug#16222245 from mysql-5.1 to mysql-5.5
      697029d1
    • Neeraj Bisht's avatar
      BUG#16222245 - CRASH WITH EXPLAIN FOR A QUERY WITH LOOSE SCAN FOR · 0c9c76e9
      Neeraj Bisht authored
      GROUP BY, MYISAM 
      
      Problem:-
      In a query, where we are using loose index scan optimization and 
      we have MIN() causes segmentation fault(where table row length 
      is less then key_length).
      
      Analysis:
      
      While using loose index scan for MIN(), we call key_copy(), to copy 
      the key data from record.
      This function is using temporary record buffer to store key data 
      from the record buffer.But in case where the key length is greater 
      then the buffer length, this will cause a segmentation fault.
      
      
      Solution:
      Give a proper buffer to store a key record.
      
      
      sql/opt_range.cc:
        We can't use record buffer to store key data.So, give a proper buffer to store a key record.
      0c9c76e9
    • Marko Mäkelä's avatar
      Bug#16720368 INNODB IGNORES *.IBD FILE BREAKAGE AT STARTUP · 3d264bb1
      Marko Mäkelä authored
      After a clean shutdown, InnoDB will not check the *.ibd file headers,
      for maximum performance. This is unchanged before and after this
      patch.
      
      What this fix addresses is the case when crash recovery is
      needed. Previously, InnoDB could load a corrupted tablespace file.
      
      buf_page_is_corrupted(): Add the parameter check_lsn.
      
      fil_check_first_page(): New function, to perform a consistency check
      on the first page of a file. This can be overridden by setting
      innodb_force_recovery.
      
      fil_read_first_page(), fil_open_single_table_tablespace(),
      fil_load_single_table_tablespace(): Invoke fil_check_first_page().
      
      open_or_create_data_files(): Check the status of
      fil_open_single_table_tablespace().
      
      rb#2352 approved by Jimmy Yang
      3d264bb1
  6. 27 Apr, 2013 1 commit
    • Bill Qu's avatar
      Bug #13004581 BLACKHOLE BINARY LOG WITH ROW IGNORES UPDATE AND DELETE STATEMENTS · 975968e2
      Bill Qu authored
        
      When logging to the binary log in row, updates and deletes to a BLACKHOLE
      engine table are skipped.
        
      It is impossible to log binary log in row format for updates and deletes to
      a BLACKHOLE engine table, as no row events can be generated in these cases.
      After fix, generate a warning for UPDATE/DELETE statements that modify a
      BLACKHOLE table, as row events are not logged in row format.
      975968e2
  7. 25 Apr, 2013 1 commit
    • Venkatesh Duggirala's avatar
      BUG#16698172-CANNOT DO POINT-IN-TIME RECOVERY FOR · 2557f2c4
      Venkatesh Duggirala authored
      SINGLE DATABASE; MYSQLBINLOG
            
      Problem: If last subevent inside a RBR event
      is skipped while replaying a binary log
      using mysqlbinlog with --database=... option,
      generated output is missing end marker('/*!*/;)
      for that RBR event. Thence causing syntax error
      while replaying the generated output.
            
      Fix: Append end marker ('/*!*/;) if the last 
      subevent is getting skipped.
      Append end marker if the last 
      subevent is getting skipped.
      
      client/mysqlbinlog.cc:
        Append end marker if the last 
        subevent is getting skipped.
      2557f2c4
  8. 24 Apr, 2013 6 commits
  9. 22 Apr, 2013 2 commits
  10. 20 Apr, 2013 2 commits
    • Neeraj Bisht's avatar
      Bug#16073689 : CRASH IN ITEM_FUNC_MATCH::INIT_SEARCH · d5cb6649
      Neeraj Bisht authored
      Problem:
      In query like
      select 1 from .. order by match .. against ...;
      causes a debug assert failue.
      
      Analysis:
      In union type query like
      
      (select * from order by a) order by b;
      or
      (select * from order by a) union (select * from order by b);
      
      We skip resolving of order by a for 1st query and order by of a and b in 
      2nd query.
      
      
      This means that, in case when our order by have Item_func_match class, 
      we skip resolving it.
      But we maintain a ft_func_list and at the time of optimization, when we 
      Perform FULLTEXT search before all regular searches on the bases of the 
      list we call Item_func_match::init_search() which will cause debug assert 
      as the item is not resolved.
      
      
      Solution:
      We will skip execution if the item is not fixed and we will not 
      fix index(Item_func_match::fix_index()) for which 
      Item_func_match::fix_field() is not called so that on later changes 
      we can check the dependency on fix field.
      bz
      
      sql/item_func.cc:
        skiping execution, if item is not resolved.
      d5cb6649
    • Neeraj Bisht's avatar
      Bug#16073689 : CRASH IN ITEM_FUNC_MATCH::INIT_SEARCH · 89b1b508
      Neeraj Bisht authored
      Problem:
      In query like
      select 1 from .. order by match .. against ...;
      causes a debug assert failue.
      
      Analysis:
      In union type query like
      
      (select * from order by a) order by b;
      or
      (select * from order by a) union (select * from order by b);
      
      We skip resolving of order by a for 1st query and order by of a and b in 
      2nd query.
      
      
      This means that, in case when our order by have Item_func_match class, 
      we skip resolving it.
      But we maintain a ft_func_list and at the time of optimization, when we 
      Perform FULLTEXT search before all regular searches on the bases of the 
      list we call Item_func_match::init_search() which will cause debug assert 
      as the item is not resolved.
      
      
      Solution:
      We will skip execution if the item is not fixed and we will not 
      fix index(Item_func_match::fix_index()) for which 
      Item_func_match::fix_field() is not called so that on later changes 
      we can check the dependency on fix field.
      
      
      sql/item_func.cc:
        skiping execution, if item is not resolved.
      89b1b508
  11. 18 Apr, 2013 1 commit
  12. 17 Apr, 2013 1 commit
  13. 16 Apr, 2013 3 commits
  14. 14 Apr, 2013 2 commits
    • Chaithra Gopalareddy's avatar
      Merge from 5.1 to 5.5 · 51555d2a
      Chaithra Gopalareddy authored
      sql/sql_class.h:
        Parsing for group_concat's order by  is made independent.
        As a result, add_order_to_list cannot be used anymore.
      51555d2a
    • Chaithra Gopalareddy's avatar
      Bug#16347426:ASSERTION FAILED: (SELECT_INSERT && · 2d836633
      Chaithra Gopalareddy authored
                   !TABLES->NEXT_NAME_RESOLUTION_TABLE) || !TAB
            
      Problem:
      The context info of select query gets corrupted when a query
      with group_concat having order by is present in an order by
      clause of the select query. As a result, server crashes with
      an assert.
            
      Analysis:
      While parsing order by for group_concat, it is presumed that
      it is always present before the actual order by for the
      select query.
      As a result, parser uses select->order_list to populate the
      order by items of group_concat and creates a select->gorder_list
      to which select->order_list is copied onto. Once this is done,
      it empties the select->order_list.
      In the case presented in the bugpage, as order by is already
      parsed when group_concat's order by is encountered, parser
      presumes that it is the second order by in the select query
      and creates fake_lex_unit which results in the change of
      context info.
            
      Solution:
      Make group_concat's order by parsing independent of the select
      
      
      sql/item_sum.cc:
        Change the argument as, select->gorder_list is not pointer anymore
      sql/item_sum.h:
        Change the argument as, select->gorder_list is not pointer anymore
      sql/mysql_priv.h:
        Parsing for group_concat's order by is made independent.
        As a result, add_order_to_list cannot be used anymore.
      sql/sql_lex.cc:
        Parsing for group_concat's order by is made independent.
        As a result, add_order_to_list cannot be used anymore.
      sql/sql_lex.h:
        Parsing for group_concat's order by is made independent.
        As a result, add_order_to_list cannot be used anymore.
      sql/sql_yacc.yy:
         Make group_concat's order by parsing independent of the select
        queries order by.
      2d836633
  15. 12 Apr, 2013 3 commits
    • Balasubramanian Kandasamy's avatar
      e5055e22
    • Venkatesh Duggirala's avatar
      BUG#16615117 MYSQLDUMP PRODUCES A CHANGE MASTER STATEMENT · 0fe3128c
      Venkatesh Duggirala authored
      WITH A PORT NUMBER ENCLOSED IN QUOTES
      
      Problem: mysqldump --dump-slave --include-master-host-port
      prints the CHANGE MASTER command in the generated logical
      backup. The PORT number that is generated with this command
      is a string and should be an integer.
      
      Fix: Remove the Enclosed quotes for port number.
      0fe3128c
    • Jorgen Loland's avatar
      Bug#16540042: WRONG QUERY RESULT WHEN USING RANGE OVER · 2c780b46
      Jorgen Loland authored
                    PARTIAL INDEX
      
      Consider the following table definition:
      
      CREATE TABLE t (
        my_col CHAR(10),
        ...
        INDEX my_idx (my_col(1))
      )
      
      The my_idx index is not able to distinguish between rows with
      equal first-character my_col-values (e.g. "f", "foo", "fee").
      
      Prior to this CS, the range optimizer would translate
      
      "WHERE my_col NOT IN ('f', 'h')" into (optimizer trace syntax)
      
      "ranges": [
        "NULL < my_col < f",
        "f < my_col"
      ]
      
      But this was not correct because the rows with values "foo" 
      and "fee" would not belong to any of those ranges. However, the
      predicate "my_col != 'f' AND my_col != 'h'" would translate
      to 
      
      "ranges": [
        "NULL < my_col"
      ]
      
      because get_mm_leaf() changes from "<" to "<=" for partial
      keyparts. This CS changes the range optimizer implementation 
      for NOT IN to behave like a conjunction of NOT EQUAL: it 
      replaces "<" with "<=" for all but the first range when the
      keypart is partial.
      2c780b46