1. 14 Apr, 2022 2 commits
  2. 13 Apr, 2022 2 commits
  3. 12 Apr, 2022 3 commits
  4. 11 Apr, 2022 4 commits
    • Shunpoco's avatar
      MDEV-27448 MTR returns success (zero) upon invalid option · 767d8d83
      Shunpoco authored
      I change from `exit;` to `exit(1);` on a function `usage()`.
      When we try to run mtr with a wrong option, a function `usage()` is called with the wrong option as its argument. In this case, because the function call `exit` in a first if statement, we get exit status 0.
      767d8d83
    • Alexander Barkov's avatar
      MDEV-27690 Crash on `CHARACTER SET csname COLLATE DEFAULT` in column definition · 833f4486
      Alexander Barkov authored
      This is a temporary fix for 10.2.
      This problem was permanently fixed in 10.9 under terms of MDEV-27743.
      
      This patch should propagate up to 10.8 then null-merged to 10.9.
      833f4486
    • Monty's avatar
      MDEV-28269 Assertion `save_errno' in maria_write or ER_GET_ERRNO · 6891c487
      Monty authored
      The issue was that the value of MARIA_FOUND_WRONG_KEY was a value
      that could be returned by ha_key_cmp.
      
      This was already fixed in MyISAM, now using the same fix in Aria:
      Setting the value to INT_MAX32, which should be impossible in any
      normal cases.
      
      I also fixed so that if there is a wrong key, we now get a proper error
      message and not an assert.
      6891c487
    • KiyoshiTakeda's avatar
      MDEV-28225 Disallow user to create Spider temporary table · 4d1955d3
      KiyoshiTakeda authored
      Creating a temporary table with Spider is non-sense because a Spider
      table cannot hold any physical data and it requires an additional
      effort to manage even if it is configured correctly.
      
      Set HTON_TEMPORARY_NOT_SUPPORTED to spider_hton->flags.  
      
      Reviewed-by: nayuta.yanagisawa@hey.com
      Co-authored-by: d8sk4ueun@gmail.com
      4d1955d3
  5. 09 Apr, 2022 2 commits
    • Alexander Barkov's avatar
      MDEV-28267 ASAN heap-use-after-free in Item_sp::func_name_cstring · 2ae92e89
      Alexander Barkov authored
      This crash happens on a combination of multiple conditions:
      
      - There is a thead#1 running an "ANALYZE FORMAT=JSON" query for a
        "SELECT .. FROM INFORMATION_SCHEMA.COLUMNS WHERE .. "
      - The WHERE clause contains a stored function call, say f1().
      - The WHERE clause is built in the way so that the function f1()
        is never actually called, e.g.
          WHERE .. AND (TRUE OR f1()=expr)
      - The database contains multiple VIEWs that have the function f1() call,
        e.g. in their <select list>
      - The WHERE clause is built in the way so that these VIEWs match
        the condition.
      - There is a parallel thread#2 running. It creates or drops or recreates
        some other stored routine, say f2(), which is not used in the ANALYZE query.
        It effectively invalidates the stored routine cache for thread#1
        without locking.
        Note, it is important that f2() is NOT used by ANALYZE query.
        Otherwise, thread#2 would be locked until the ANALYZE query
        finishes.
      
      When all of the above conditions are met, the following happens:
      
      1. thread#1 starts the ANALYZE query. It notices a call for the stored function
         f1() in the WHERE condition. The function f1() gets parsed and cached
         to the SP cache. Its address also gets assigned to Item_func_sp::m_sp.
      
      2. thread#1 starts iterating through all tables that
         match the WHERE condition to find the information about their columns.
      
      3. thread#1 processes columns of the VIEW v1.
         It notices a call for f1() in the VIEW v1 definition.
         But f1() is already cached in the step#1 and it is up to date.
         So nothing happens with the SP cache.
      
      4. thread#2 re-creates f2() in a non-locking mode.
         It effectively invalidates the SP cache in thread#1.
      
      5. thread#1 processes columns of the VIEW v2.
         It notices a call for f1() in the VIEW v2 definition.
         It also notices that the cached version of f1() is not up to date.
         It frees the old definition of f1(), parses it again, and puts a
         new version of f1() to the SP cache.
      
      6. thread#1 finishes processing rows and generates the JSON output.
         When printing the "attached_condition" value, it calls
         Item_func_sp::print() for f1(). But this Item_func_sp links
         to the old (freed) version of f1().
      
      The above scenario demonstrates that Item_func_sp::m_sp can point to an
      alredy freed instance when Item_func_sp::func_name() is called,
      so accessing to Item_sp::m_sp->m_handler is not safe.
      
      This patch rewrites the code to use Item_func_sp::m_handler instead,
      which is always reliable.
      
      Note, this patch is only a cleanup for MDEV-28166 to quickly fix the regression.
      It fixes MDEV-28267. But it does not fix the core problem:
      The code behind I_S does not take into account that the SP
      cache can be updated while evaluating rows of the COLUMNS table.
      This is a corner case and it never happens with any other tables.
      I_S.COLUMNS is very special.
      
      Another example of the core problem is reported in MDEV-25243.
      The code accesses to Item_sp::m_sp->m_chistics of an
      already freed m_sp, again. It will be addressed separately.
      2ae92e89
    • Sergei Golubchik's avatar
      MDEV-22282 When using mysqldump to backup a view that contains derived tables,... · d623b5a1
      Sergei Golubchik authored
      MDEV-22282 When using mysqldump to backup a view that contains derived tables, the database name is prepended to each table in the view
      
      derived tables have db = "", table_name = "*", those aren't real names
      to be compared with.
      d623b5a1
  6. 08 Apr, 2022 3 commits
    • Nayuta Yanagisawa's avatar
      MDEV-27065 Partitioning tables with custom data directories moves data back to default directory · 27b5d814
      Nayuta Yanagisawa authored
      The partitioning engine does not support the table-level DATA/INDEX
      DIRECTORY specification.
      
      If one create a non-partitioned table with the DATA/INDEX DIRECTORY
      option and then performs ALTER TABLE ... PARTITION BY on it, the
      DATA/INDEX DIRECTORY specification of the old schema is ignored.
      
      The behavior might be a bit surprising for users because the value
      of a usual table option applies to all the partitions. Thus, we raise
      a warning on such ALTER TABLE ... PARTITION BY.
      27b5d814
    • Alexander Barkov's avatar
      MDEV-28062 Assertion `(length % 4) == 0' failed in my_lengthsp_utf32 on INSERT..SELECT · 3814b04d
      Alexander Barkov authored
      Adding an MTR test only.
      
      This problem was earlier fixed by the patch for:
        MDEV-28078 Garbage on multiple equal ENUMs with tricky character sets
      3814b04d
    • Nayuta Yanagisawa's avatar
      MDEV-25116 Spider: IF(COUNT( trigger SQL Error (1054)_ Unknown column '' in field list · 4194f7b6
      Nayuta Yanagisawa authored
      The original query "SELECT IF(COUNT(a.`id`)>=0,'Y','N') FROM t" is
      transformed to "SELECT COUNT(a.`id`), IF(ref >= 0, 'Y', 'N') FROM t",
      where ref is Item_ref to "COUNT(a.`id`)", by split_sum_func().
      
      Spider walks the item list twice, invoking spider_db_print_item_type().
      The first invocation is in spider_create_group_by_handler() with
      str == NULL. The second one is in spider_group_by_handler::init_scan()
      with str != NULL.
      
      spider_db_print_item_type() prints nothing at the first invocation,
      and it prints item at the second invocation. However, at the second
      invocation, the above mentioned ref to "COUNT(a.`id`)" points to
      a field in a temporary table where the result will be stored. Thus,
      to look behind the item_ref, Spider need to generate the query earlier.
      
      A possible fix would be to generate a query to send in
      spider_create_group_by_handler(). However, the fix requires a
      considerable amount of changes of the Spider's GROUP BY handler.
      I'd like to avoid that.
      
      So, I fix the problem by not to use the GROUP BY handler when a
      query contains Item_ref whose table_name, name, and alias_name_used
      are not set.
      4194f7b6
  7. 07 Apr, 2022 5 commits
  8. 06 Apr, 2022 4 commits
    • Oleg Smirnov's avatar
      MDEV-28077 'Wrong create options' error with 'big_tables' enabled · 53b580a9
      Oleg Smirnov authored
      The cause of the bug is overflow of uint16 KEY_PART_INFO::length and/or
      uint16 KEY_PART_INFO::store_length. The solution is to increase the size
      of those variables to the 'uint' type (which is 32-bit long)
      53b580a9
    • Oleg Smirnov's avatar
      MDEV-24560 SIGSEGV in st_join_table::cleanup · 85192553
      Oleg Smirnov authored
      If JOIN::create_postjoin_aggr_table encounters errors during execution
      then free_tmp_table() is then called twice for JOIN_TAB::aggr.
      The solution is to initialize JOIN_TAB::aggr only on successful completion
      of JOIN::create_postjoin_aggr_table
      85192553
    • Marko Mäkelä's avatar
      MDEV-25975 innodb_disallow_writes causes shutdown to hang · e9735a81
      Marko Mäkelä authored
      We will remove the parameter innodb_disallow_writes because it is badly
      designed and implemented. The parameter was never allowed at startup.
      It was only internally used by Galera snapshot transfer.
      If a user executed
      SET GLOBAL innodb_disallow_writes=ON;
      the server could hang even on subsequent read operations.
      
      During Galera snapshot transfer, we will block writes
      to implement an rsync friendly snapshot, as follows:
      
      sst_flush_tables() will acquire a global lock by executing
      FLUSH TABLES WITH READ LOCK, which will block any writes
      at the high level.
      
      sst_disable_innodb_writes(), invoked via ha_disable_internal_writes(true),
      will suspend or disable InnoDB background tasks or threads that could
      initiate writes. As part of this, log_make_checkpoint() will be invoked
      to ensure that anything in the InnoDB buf_pool.flush_list will be written
      to the data files. This has the nice side effect that the Galera joiner
      will avoid crash recovery.
      
      The changes to sql/wsrep.cc and to the tests are based on a prototype
      that was developed by Jan Lindström.
      
      Reviewed by: Jan Lindström
      e9735a81
    • Marko Mäkelä's avatar
      Merge 10.2 into 10.3 · 7c584d82
      Marko Mäkelä authored
      7c584d82
  9. 05 Apr, 2022 3 commits
  10. 04 Apr, 2022 3 commits
  11. 03 Apr, 2022 1 commit
    • Daniel Black's avatar
      MDEV-26136: Correct AIX/macOS cast warning (my_time.h) · 75b9014f
      Daniel Black authored
      tv_usec is a (suseconds_t) so we cast to it. Prevents the AIX(gcc-10) warning:
      
      include/my_time.h: In function 'void my_timeval_trunc(timeval*, uint)':
      include/my_time.h:249:65: warning: conversion from 'long int' to 'suseconds_t' {aka 'int'} may change value [-Wconversion]
        249 |   tv->tv_usec-= my_time_fraction_remainder(tv->tv_usec, decimals);
            |
      
      macOS is: conversion from 'long int' to '__darwin_suseconds_t' {aka 'int'} may change value
      
      On Windows suseconds_t isn't defined so we use the existing
      long return type of my_time_fraction_remainder.
      
      Reviewed by Marko Mäkelä
      
      Closes: #2079
      75b9014f
  12. 02 Apr, 2022 1 commit
    • Dmitry Shulga's avatar
      MDEV-28220: Assert failure in sp_head::~sp_head on parsing a syntax incorrect... · 8c169f5e
      Dmitry Shulga authored
      MDEV-28220: Assert failure in sp_head::~sp_head on parsing a syntax incorrect statement CREATE SEQUENCE ... RESTART inside CREATE PROCEDURE/CREATE FUNCTION
      
      This bug report is about the same issue as MDEV-28129 and MDEV-21173.
      The issue is that the macros YYABORT is called instead of MYSQL_YYABORT
      on parse error. In result the method LEX::cleanup_lex_after_parse_error
      is not called to clean up data structures created on parsing of
      the statement.
      8c169f5e
  13. 01 Apr, 2022 1 commit
  14. 30 Mar, 2022 3 commits
    • Vlad Lesin's avatar
      MDEV-27343 Useless warning "InnoDB: Allocated tablespace ID <id> for... · c1ab0e6f
      Vlad Lesin authored
      MDEV-27343 Useless warning "InnoDB: Allocated tablespace ID <id> for <tablename>, old maximum was 0" during backup stage
      
      mariabackup does not load dictionary during backup, but it loads
      tablespaces, that is why fil_system.max_assigned_id is not set with
      dict_check_tablespaces_and_store_max_id(). There is no sense to issue the
      warning during backup.
      c1ab0e6f
    • Marko Mäkelä's avatar
      Cleanup: Remove some unused functions · 35425cfc
      Marko Mäkelä authored
      35425cfc
    • Dmitry Shulga's avatar
      MDEV-19631: Assertion `0' failed in st_select_lex_unit::optimize or different... · bdba1d46
      Dmitry Shulga authored
      MDEV-19631: Assertion `0' failed in st_select_lex_unit::optimize or different plan upon 2nd execution of PS with EXPLAIN
      
      Second execution of a prepared statement for a query containing a constant
      subquery with union that can be optimized away, could result in server abnormal
      termination for debug build or incorrect result set output for release build.
      
      For example, the following test case crashes a server built with debug on second
      run of the statement EXECUTE stmt
        CREATE TABLE t1 (a INT);
        PREPARE stmt FROM 'EXPLAIN SELECT * FROM t1 HAVING 6 IN ( SELECT 6 UNION SELECT 5 )';
        EXECUTE stmt;
        EXECUTE stmt;
      
      The reason for incorrect result set output or abnormal server termination
      is careless working with the data member fake_select_lex->options inside
      the function mysql_explain_union(). Once the flag SELECT_DESCRIBE is set in
      the data member fake_select_lex->option before calling the methods
        SELECT_LEX_UNIT::prepare/SELECT_LEX_UNIT::execute
      the original value of the option is no longer restored.
      As a consequence, next time the prepared statement is re-executed we have
      the fake_select_lex with the flag SELECT_DESCRIBE set in the data member
      fake_select_lex->option, that is incorrect. In result, the method
        Item_subselect::assigned()
      is not invoked during evaluation of a constant condition (constant subquery
      with union) that being performed on OPTIMIZE phase of query handling.
      
      This leads to the fact that records in the temporary table are not deleted
      before calling
        table->file->ha_enable_indexes(HA_KEY_SWITCH_ALL)
      in the method st_select_lex_unit::optimize().
      In result table->file->ha_enable_indexes(HA_KEY_SWITCH_ALL) returns error
      and DBUG_ASSERT(0) is fired.
      
      Stack trace to the line where the error generated on re-enabling indexes
      for next subselect iteration is below:
      st_select_lex_unit::optimize (at sql_union.cc:954)
        handler::ha_enable_indexes (at handler.cc:4338)
          ha_heap::enable_indexes (at ha_heap.cc:519)
            heap_enable_indexes (at hp_clear.c:164)
      
      The code snippet to clarify raising the error is also listed:
      int heap_enable_indexes(HP_INFO *info)
      {
        int error= 0;
        HP_SHARE *share= info->s;
      
        if (share->data_length || share->index_length)
          error= HA_ERR_CRASHED; <<== set error the value HA_ERR_CRASHED
                                      since share->data_length != 0
      
      To fix this issue the original value of unit->fake_select_lex->options
      has to be saved before setting the flag SELECT_DESCRIBE and restored
      on return from invocation of SELECT_LEX_UNIT::prepare/SELECT_LEX_UNIT::execute
      bdba1d46
  15. 29 Mar, 2022 3 commits