1. 29 Oct, 2010 5 commits
    • Georgi Kodinov's avatar
      merge to 5.1-security · 860c9d9c
      Georgi Kodinov authored
      860c9d9c
    • Georgi Kodinov's avatar
      merge to 5.1-security · 5ddd6c07
      Georgi Kodinov authored
      5ddd6c07
    • Sergey Glukhov's avatar
      Bug#57688 Assertion `!table || (!table->write_set || bitmap_is_set(table->write_set, field · e3917c3d
      Sergey Glukhov authored
      Lines below which were added in the patch for Bug#56814 cause this crash:
      
      +      if (table->table)
      +        table->table->maybe_null= FALSE;
      
      Consider following test case:
      --
      CREATE TABLE t1(f1 INT NOT NULL);
      INSERT INTO t1 VALUES (16777214),(0);
      
      SELECT COUNT(*) FROM t1 LEFT JOIN t1 t2
      ON 1 WHERE t2.f1 > 1 GROUP BY t2.f1;
      
      DROP TABLE t1;
      --
      
      We set TABLE::maybe_null to FALSE for t2 table
      and in create_tmp_field() we create appropriate tmp table field
      using create_tmp_field_from_item() function instead of
      create_tmp_field_from_field. As a result we have
      LONGLONG field. As we have GROUP BY clause we calculate
      group buffer length, see calc_group_buffer().
      Item from group list which is used for calculation
      refer to the field from real tables and have LONG type.
      So group buffer length become insufficient for storing of
      LONGLONG value. It leads to overwriting of wrong memory
      area in do_field_int() function which is called from
      end_update().
      After some investigation I found out that
      create_tmp_field_from_item() is used only for OLAP
      grouping and can not be used for common grouping
      as it could be an incompatibility between tmp
      table fields and group buffer length.
      We can not remove create_tmp_field_from_item() call from
      create_tmp_field as OLAP needs it and we can not use this
      function for common grouping. So we should remove setting
      TABLE::maybe_null to FALSE from simplify_joins().
      In this case we'll get wrong behaviour of
      list_contains_unique_index() back. To fix it we
      could use Field::real_maybe_null() check instead of
      Field::maybe_null() and add addition check of
      TABLE_LIST::outer_join.
      e3917c3d
    • Vasil Dimov's avatar
      Merge mysql-5.1-innodb -> mysql-5.1-bugteam · 9cff440d
      Vasil Dimov authored
      9cff440d
    • Sergey Glukhov's avatar
      Bug#57194 group_concat cause crash and/or invalid memory reads with type errors · 3a61843a
      Sergey Glukhov authored
      The problem is caused by bug49487 fix and became visible
      after after bug56679 fix.
      Items are cleaned up and set to unfixed state after filling derived table.
      So we can not rely on item::fixed state in Item_func_group_concat::print
      and we can not use 'args' array as items there may be cleaned up.
      The fix is always to use orig_args array of items as it
      always should contain the correct data.
      3a61843a
  2. 28 Oct, 2010 2 commits
    • Calvin Sun's avatar
      Bug#52062: Compiler warning in os0file.c on windows 64-bit · bc921dd7
      Calvin Sun authored
      On Windows, the parameter for number of bytes passed into WriteFile()
      and ReadFile() is DWORD. Casting is needed to silence the warning on
      64-bit Windows.
      
      Also, adding several asserts to ensure the variable for number of bytes
      is no more than 32 bits, even on 64-bit Windows.
      
      This is for InnoDB Plugin.
      
      rb://415
      Approved by: Inaam
      bc921dd7
    • Calvin Sun's avatar
      Bug#52062: Compiler warning in os0file.c on windows 64-bit · 6cc24b9a
      Calvin Sun authored
      On Windows, the parameter for number of bytes passed into WriteFile()
      and ReadFile() is DWORD. Casting is needed to silence the warning on
      64-bit Windows.
      
      Also, adding several asserts to ensure the variable for number of bytes
      is no more than 32 bits, even on 64-bit Windows.
      
      This is for built-in InnoDB.
      
      rb://415
      Approved by: Inaam
      6cc24b9a
  3. 27 Oct, 2010 3 commits
  4. 26 Oct, 2010 1 commit
  5. 25 Oct, 2010 3 commits
  6. 23 Oct, 2010 1 commit
    • 's avatar
      Bug#27606 GRANT statement should be replicated with DEFINER information · 180e74bd
      authored
      "Grantor" columns' data is lost when replicating mysql.tables_priv.
      Slave SQL thread used its default user ''@'' as the grantor of GRANT|REVOKE
      statements executing on it.
      
      In this patch, current user is put in query log event for all GRANT and REVOKE
      statement, SQL thread uses the user in query log event as grantor.
      180e74bd
  7. 21 Oct, 2010 4 commits
    • Bjorn Munch's avatar
      Follow-up to Bug #55582 which allows checking strings in if · bad7fa7c
      Bjorn Munch authored
        Simplified cases where a select was used to compare variable against ''
      bad7fa7c
    • 's avatar
      Bug#55478 Row events wrongly apply on the temporary table of the same name · aa235b1b
      authored
      Rows events were applied wrongly on the temporary table with the same name.
      But rows events are generated only for base tables. As temporary
      table's data never be binlogged on row mode. Normally, base table of the
      same name cannot be updated if a temporary table has the same name.
      But there are two cases which can generate rows events on 
      the base table of same name.
            
      Case1: 'CREATE TABLE ... SELECT' statement.
      In mixed format, it will generate rows events if it is unsafe.
            
      Case2: Drop a transactional temporary table in a transaction
             (happens only on 5.5+).
      BEGIN;
      DROP TEMPORARY TABLE t1;       # t1 is a InnoDB table
      INSERT INTO t1 VALUES(rand()); # t1 is a MyISAM table
      COMMIT;
      'DROP TEMPORARY TABLE' will be put in the transaction cache and
      binlogged after the rows events generated by the 'INSERT' statement.
            
      After this patch, slave opens only base table when applying a rows event.
      aa235b1b
    • Jimmy Yang's avatar
      Fix Bug #57616 Sig 11 in dict_load_table() when failed to load · 59f35ce8
      Jimmy Yang authored
      index or foreign key
      
      Approved by Sunny Bains
      59f35ce8
    • Jimmy Yang's avatar
      Fix bug #57616 Sig 11 in dict_load_table() when failed to load index · 56c30837
      Jimmy Yang authored
      or foreign key
      
      Fix approved by Sunny Bains
      56c30837
  8. 20 Oct, 2010 6 commits
  9. 19 Oct, 2010 14 commits
    • Davi Arnaut's avatar
      Bug#45288: pb2 returns a lot of compilation warnings · 39e9bde2
      Davi Arnaut authored
      Tag or remove unused arguments and variables.
      39e9bde2
    • Davi Arnaut's avatar
      Bug#45288: pb2 returns a lot of compilation warnings · 71a8764a
      Davi Arnaut authored
      Ensure that fdatasync is properly declared as on Mac OS X, the
      function is available but there is no prototype. Also, port a
      fix for a warning from the InnoDB plugin over to the builtin. 
      71a8764a
    • Vasil Dimov's avatar
      Fix Bug#53916 storage/innodb_plugin does not compile on NetBSD/sparc64 · e9eeebc5
      Vasil Dimov authored
      Just check for all the functions that we are going to use, not a subset
      of them.
      
      Reviewed by:	Davi (via IRC)
      e9eeebc5
    • Davi Arnaut's avatar
      Bug#45288: pb2 returns a lot of compilation warnings on linux · 162dd506
      Davi Arnaut authored
      Tag unused arguments.
            
      Approved by: Marko (via IRC)
      162dd506
    • Davi Arnaut's avatar
      Bug#45288: pb2 returns a lot of compilation warnings on linux · 2cebd47e
      Davi Arnaut authored
      Tag unused arguments.
      
      Approved by: Marko (via IRC)
      2cebd47e
    • Davi Arnaut's avatar
      Bug#45288: pb2 returns a lot of compilation warnings on linux · d6204eca
      Davi Arnaut authored
      Fix assorted compiler warnings on Mac OS X.
      d6204eca
    • Bjorn Munch's avatar
      Bug #56654 pb2 log is very hard to read · 5c42b3c9
      Bjorn Munch authored
      Added some more info in a number of fail cases
      (re-commit for administrative reasons)
      5c42b3c9
    • Bjorn Munch's avatar
      Bug #52828 Tests that use perl fail when perl is not in path · e85b54a4
      Bjorn Munch authored
      main.mysqltest skipped on Windows because a perl intentionally does exit(1)
      Use exit(2), as exit(1) on Windows is indistinguishable from failing to
      execute perl.
      e85b54a4
    • Bjorn Munch's avatar
    • Magne Mahre's avatar
      Bug #46941 crash with lower_case_table_names=2 and foreign key · 1c68d2ef
      Magne Mahre authored
                 data dictionary confusion
      
      On file systems with case insensitive file names, and
      lower_case_table_names set to '2', the server could crash
      due to a table definition cache inconsistency.  This is 
      the default setting on MacOSX, but may also be set and
      used on MS Windows.
      
      The bug is caused by using two different strategies for
      creating the hash key for the table definition cache, resulting
      in failure to look up an entry which is present in the cache,
      or failure to delete an existing entry.  One strategy was to
      use the real table name (with case preserved), and the other
      to use a normalized table name (i.e a lower case version).
      
      This is manifested in two cases.  One is  during 'DROP DATABASE', 
      where all known files are removed.  The removal from
      the table definition cache is done via a generated list of
      TABLE_LIST with keys (wrongly) created using the case preserved 
      name.  The other is during CREATE TABLE, where the cache lookup
      is also (wrongly) based on the case preserved name.
         
      The fix was to use only the normalized table name when
      creating hash keys.
      1c68d2ef
    • Jon Olav Hauglid's avatar
      Bug #57274 SET GLOBAL debug crashes on Solaris in embedded server mode · 6da8a65b
      Jon Olav Hauglid authored
                 (variables_debug fails)
      
      The problem was that "SET GLOBAL debug" could cause a crash on Solaris.
      The crash happened if the server failed to open the trace file given in 
      the "SET GLOBAL debug" statement. This caused an error message to be
      printed to stderr containing the process name. However, printing to
      stderr crashed the server since the pointer to the process name had
      not been initialized.
      
      This patch fixes the problem by initializing the process name 
      properly when doing "SET GLOBAL debug".
      
      No test case added as this bug was repeatable with existing test
      coverage in variables_debug.test.
      6da8a65b
    • Tor Didriksen's avatar
      a3357b55
    • Marko Mäkelä's avatar
      Bug #56680 wrong InnoDB results from a case-insensitive covering index · b568369d
      Marko Mäkelä authored
      row_search_for_mysql(): When a secondary index record might not be
      visible in the current transaction's read view and we consult the
      clustered index and optionally some undo log records, return the
      relevant columns of the clustered index record to MySQL instead of the
      secondary index record.
      
      ibuf_insert_to_index_page_low(): New function, refactored from
      ibuf_insert_to_index_page().
      
      ibuf_insert_to_index_page(): When we are inserting a record in place
      of a delete-marked record and some fields of the record differ, update
      that record just like row_ins_sec_index_entry_by_modify() would do.
      
      btr_cur_update_alloc_zip(): Make the function public.
      
      mysql_row_templ_t: Add clust_rec_field_no.
      
      row_sel_store_mysql_rec(), row_sel_push_cache_row_for_mysql(): Add the
      flag rec_clust, for returning data at clust_rec_field_no instead of
      rec_field_no. Resurrect the debug assertion that the record not be
      marked for deletion. (Bug #55626)
      
      [UNIV_DEBUG || UNIV_IBUF_DEBUG] ibuf_debug, buf_page_get_gen(),
      buf_flush_page_try():
      Implement innodb_change_buffering_debug=1 for evicting pages from the
      buffer pool, so that change buffering will be attempted more
      frequently.
      b568369d
    • Marko Mäkelä's avatar
      Bug #56680 wrong InnoDB results from a case-insensitive covering index · f2d39c9e
      Marko Mäkelä authored
      row_search_for_mysql(): When a secondary index record might not be
      visible in the current transaction's read view and we consult the
      clustered index and optionally some undo log records, return the
      relevant columns of the clustered index record to MySQL instead of the
      secondary index record.
      
      REC_INFO_DELETED_FLAG: Move the definition from rem0rec.ic to rem0rec.h.
      
      ibuf_insert_to_index_page_low(): New function, refactored from
      ibuf_insert_to_index_page().
      
      ibuf_insert_to_index_page(): When we are inserting a record in place
      of a delete-marked record and some fields of the record differ, update
      that record just like row_ins_sec_index_entry_by_modify() would do.
      
      mysql_row_templ_t: Add clust_rec_field_no.
      
      row_sel_store_mysql_rec(), row_sel_push_cache_row_for_mysql(): Add the
      flag rec_clust, for returning data at clust_rec_field_no instead of
      rec_field_no. Resurrect the debug assertion that the record not be
      marked for deletion. (Bug #55626)
      
      buf_LRU_free_block(): Refactored from
      buf_LRU_search_and_free_block(). This is needed for the
      innodb_change_buffering_debug diagnostics.
      
      [UNIV_DEBUG || UNIV_IBUF_DEBUG] ibuf_debug, buf_page_get_gen(),
      buf_flush_page_try():
      Implement innodb_change_buffering_debug=1 for evicting pages from the
      buffer pool, so that change buffering will be attempted more
      frequently.
      f2d39c9e
  10. 18 Oct, 2010 1 commit