1. 07 Sep, 2010 1 commit
    • Kristofer Pettersson's avatar
      Bug#55531 crash with conversions of geometry types / strings · 9a4a7cf1
      Kristofer Pettersson authored
      Convertion from a floating point number to a string caused a
      crash.
      
      During rare circumstances a String object could crash when
      it was requested to allocate new memory.
      A crash could occcur in Field_double::val_str() because of
      a pointer referencing memory inside a String object which was
      of unknown size.
      And finally, the geometric collection should not accept
      arguments which are non geometric.
      
      
      mysql-test/r/gis.result:
        * Test cases change because we intercept the error behind the
        previous crashes much earlier.
      sql/field.cc:
        * It makes no sense to impose a lower limit on the length
        and not setting a upper limit will cause crashes later.
      sql/item_geofunc.h:
        * Disallow for binding with field- and item types which
        differ from MYSQL_TYPE_GEOMETRY types.
      9a4a7cf1
  2. 24 Aug, 2010 2 commits
    • Alexey Kopytov's avatar
      Automerge. · 0012d0d8
      Alexey Kopytov authored
      0012d0d8
    • Alexey Kopytov's avatar
      Bug #55568: user variable assignments crash server when used · cd4ca4b7
      Alexey Kopytov authored
                  within query
      
      The server could crash after materializing a derived table
      which requires a temporary table for grouping.
      
      When destroying the temporary table used to execute a query for
      a derived table, JOIN::destroy() did not clean up Item_fields
      pointing to fields in the temporary table. This led to
      dereferencing a dangling pointer when printing out the items
      tree later in the outer SELECT.
      
      The solution is an addendum to the patch for bug37362: in
      addition to cleaning up items in tmp_all_fields3, do the same
      for items in tmp_all_fields1, since now we have an example
      where this is necessary.
      
      
      mysql-test/r/join.result:
        Added test cases for bug#55568 and a duplicate bug #54468.
      mysql-test/t/join.test:
        Added test cases for bug#55568 and a duplicate bug #54468.
      sql/field.cc:
        Make sure field->table_name is not set to NULL in
        Field::make_field() to avoid assertion failure in 
        Item_field::make_field() after cleaning up items
        (the assertion fired in udf.test when running
        the test suite with the patch applied).
      sql/sql_select.cc:
        In addition to cleaning up items in tmp_all_fields3, do the
        same for items in tmp_all_fields1.
        Introduce a new helper function to avoid code duplication.
      sql/sql_select.h:
        Introduce a new helper function to avoid code duplication in
        JOIN::destroy().
      cd4ca4b7
  3. 20 Aug, 2010 7 commits
    • Georgi Kodinov's avatar
      merge · b54bb190
      Georgi Kodinov authored
      b54bb190
    • Georgi Kodinov's avatar
      merge · 80e006cc
      Georgi Kodinov authored
      80e006cc
    • Georgi Kodinov's avatar
      merge · 2bd3d75a
      Georgi Kodinov authored
      2bd3d75a
    • Georgi Kodinov's avatar
      merge · 97e84715
      Georgi Kodinov authored
      97e84715
    • Georgi Kodinov's avatar
      merge · 7d3a9b4c
      Georgi Kodinov authored
      7d3a9b4c
    • Georgi Kodinov's avatar
      merge · 162b3837
      Georgi Kodinov authored
      162b3837
    • Georgi Kodinov's avatar
      Bug #55826: create table .. select crashes with when · 6bea77ae
      Georgi Kodinov authored
        KILL_BAD_DATA is returned
      
      Two problems discovered with the LEAST()/GREATEST() 
      functions:
      1. The check for a null value should happen even 
      after the second call to val_str() in the args. This is
      important because two subsequent calls to the same
      Item::val_str() may yield different results.
      Fixed by checking for NULL value before dereferencing
      the string result.
      
      2. While looping over the arguments and evaluating them 
      the loop should stop if there was an error evaluating so far
      or the statement was killed. Fixed by checking for error
      and bailing out.
      6bea77ae
  4. 19 Aug, 2010 3 commits
  5. 18 Aug, 2010 1 commit
    • unknown's avatar
      WL#5370 Keep forward-compatibility when changing · 9d681150
      unknown authored
              'CREATE TABLE IF NOT EXISTS ... SELECT' behaviour
      BUG#55474, BUG#55499, BUG#55598, BUG#55616 and BUG#55777 are fixed
      in this patch too.
      
      This is the 5.1 part.
      It implements:
      - if the table exists, binlog two events: CREATE TABLE IF NOT EXISTS
        and INSERT ... SELECT
      
      - Insert nothing and binlog nothing on master if the existing object
        is a view. It only generates a warning that table already exists.
      
      
      mysql-test/r/trigger.result:
        Ather this patch, 'CREATE TABLE IF NOT EXISTS ... SELECT' will not
        insert anything if the creating table already exists and is a view.
      sql/sql_class.h:
        Declare virtual function write_to_binlog() for select_insert.
        It's used to binlog 'create select'
      sql/sql_insert.cc:
        Implement write_to_binlog();
        Use write_to_binlog() instead of binlog_query() to binlog the statement.
        if the table exists, binlog two events: CREATE TABLE IF NOT EXISTS
        and INSERT ... SELECT
      sql/sql_lex.h:
        Declare create_select_start_with_brace and create_select_pos.
        They are helpful for binlogging 'create select'
      sql/sql_parse.cc:
        Do nothing on master if the existing object is a view.
      sql/sql_yacc.yy:
        Record the relative postion of 'SELECT' in the 'CREATE ...SELECT' statement.
        Record whether there is a '(' before the 'SELECT' clause.
      9d681150
  6. 16 Aug, 2010 1 commit
  7. 13 Aug, 2010 3 commits
    • Georgi Kodinov's avatar
      Bug #55615 and bug #55564 · 4bf81165
      Georgi Kodinov authored
      An user assignment variable expression that's 
      evaluated in a logical expression context 
      (Item::val_bool()) can be pre-calculated in a 
      temporary table for GROUP BY.
      However when the expression value is used after the
      temp table creation it was re-evaluated instead of
      being read from the temp table due to a missing 
      val_bool_result() method.
      Fixed by implementing the method.
      4bf81165
    • Georgi Kodinov's avatar
      Bug #55580 : segfault in read_view_sees_trx_id · 790852c0
      Georgi Kodinov authored
      The server was not checking for errors generated during
      the execution of Item::val_xxx() methods when copying
      data to the group, order, or distinct temp table's row.
      Fixed by extending the copy_funcs() to return an error
      code and by checking for that error code on the places
      copy_funcs() is called. 
      Test case added.
      790852c0
    • Georgi Kodinov's avatar
      Bug #55565: debug assertion when ordering by expressions with user · 8b25c0e4
      Georgi Kodinov authored
      variable assignments
      
      The assert() that is firing is checking if expressions that can't be
      null return a NULL when evaluated.
      MAKEDATE() function can return NULL if the second argument is 
      less then or equal to 0. Thus its nullability depends not only on 
      the nullability of its arguments but also on their values.
      Fixed by (overoptimistically) setting MAKEDATE() to be nullable 
      despite the nullability of its arguments.
      Test added.
      Had to update one test result to reflect the metadata change.
      8b25c0e4
  8. 11 Aug, 2010 1 commit
  9. 10 Aug, 2010 2 commits
  10. 09 Aug, 2010 1 commit
    • Jon Olav Hauglid's avatar
      Bug #54106 assert in Protocol::end_statement, · d62bfebc
      Jon Olav Hauglid authored
                 INSERT IGNORE ... SELECT ... UNION SELECT ...
      
      This assert was triggered by INSERT IGNORE ... SELECT. The assert checks that a
      statement either sends OK or an error to the client. If the bug was triggered
      on release builds, it caused OK to be sent to the client instead of the correct
      error message (in this case ER_FIELD_SPECIFIED_TWICE).
      
      The reason the assert was triggered, was that lex->no_error was set to TRUE
      during JOIN::optimize() because of IGNORE. This causes all errors to be ignored.
      However, not all errors can be ignored. Some, such as ER_FIELD_SPECIFIED_TWICE
      will cause the INSERT to fail no matter what. But since lex->no_error was set,
      the critical errors were ignored, the INSERT failed and neither OK nor the
      error message was sent to the client.
      
      This patch fixes the problem by temporarily turning off lex->no_error in
      places where errors cannot be ignored during processing of INSERT ... SELECT.
      
      Test case added to insert.test.
      d62bfebc
  11. 06 Aug, 2010 4 commits
    • Gleb Shchepa's avatar
      Bug #55424: convert_tz crashes when fed invalid data · 45a87c68
      Gleb Shchepa authored
      The CONVERT_TZ function crashes the server when the
      timezone argument is an empty SET field value.
      
      1) The CONVERT_TZ may find a timezone string in the
         tz_names hash.
      2) A string representation of the empty SET is a
         String of zero length with the NULL pointer.
      3) If the key argument length is zero, hash functions
         do comparison using the length of the record being
         compared against.
      
      I.e. a zero-length String buffer is an invalid
      argument for hash search functions, and if String
      points to NULL buffer, hashcmp() fails with SEGV
      accessing that memory.
      
      The my_tz_find function has been modified to
      treat empty Strings as invalid timezone values
      to skip unnecessary hash search.
      
      
      mysql-test/r/timezone2.result:
        Test case for bug #55424.
      mysql-test/t/timezone2.test:
        Test case for bug #55424.
      sql/sql_string.h:
        Bug #55424: convert_tz crashes when fed invalid data
        
        Added "const" modifier to String::is_empty().
      sql/tztime.cc:
        Bug #55424: convert_tz crashes when fed invalid data
        
        The my_tz_find function has been modified to
        treat empty Strings as invalid timezone values
        to skip unnecessary hash search.
      45a87c68
    • Georgi Kodinov's avatar
      Bug #54909: Confusing description about read_buffer_size and · ad97c62a
      Georgi Kodinov authored
      read_rnd_buffer_size
      
      Applied the updated description from Paul's patch.
      ad97c62a
    • Bjorn Munch's avatar
      Bug #55503 MTR fails to filter LEAK SUMMARY from valgrind report of restarted servers · 59a63f05
      Bjorn Munch authored
      Undo workaround as fix is being merged in
      59a63f05
    • Bjorn Munch's avatar
      merge from 5.1-mtr · 3d0819e2
      Bjorn Munch authored
      3d0819e2
  12. 05 Aug, 2010 4 commits
    • Georgi Kodinov's avatar
      7b3b8ae1
    • Martin Hansson's avatar
      Bug#54568: create view cause Assertion failed: 0, · 0c81dcf3
      Martin Hansson authored
      file .\item_subselect.cc, line 836
      
      IN quantified predicates are never executed directly. They are rather wrapped
      inside nodes called IN Optimizers (Item_in_optimizer) which take care of the
      execution. However, this is not done during query preparation. Unfortunately
      the LIKE predicate pre-evaluates constant right-hand side arguments even
      during name resolution. Likely this is meant as an optimization.
      
      Fixed by not pre-evaluating LIKE arguments in view prepare mode.
      0c81dcf3
    • Sunny Bains's avatar
      Fix Bug #55277 - Failing assertion: auto_inc > 0 · 09eb23d5
      Sunny Bains authored
      Handle overflow when reading value from SELECT MAX(C) FROM T;
      
      Call ha_innobase::info() after initializing the autoinc value
      in ha_innobase::open().
      
      Fix for both the builtin and plugin.
      
      rb://402
      09eb23d5
    • Sunny Bains's avatar
      Fix bug# 55543 - InnoDB Plugin: Signal 6: Assertion failure in file fil/fil0fil.c line 4306 · b37256b1
      Sunny Bains authored
      The bug is due to a double delete of a BLOB, once via:
      
          rollback -> btr_cur_pessimistic_delete()
      
      and the second time via purge.
      
      The bug is in row_upd_clust_rec_by_insert(). There we relinquish ownership
      of the non-updated BLOB columns in btr_cur_mark_extern_inherited_fields()
      before building the row entry that will be inserted and whose contents will
      be logged in the UNDO log. However, we don't set the BLOB column later to
      INHERITED so that a possible rollback will not free the original row's
      non-updated BLOB entries. This is because the condition that checks for
      that is in :
      
      	if (node->upd_ext) {}.
      
      node->upd_ext is non-NULL only if a BLOB column was updated and that column
      is part of some key ordering (see row_upd_replace()). This results in the
      non-update BLOB columns being deleted during a rollback and subsequently by
      purge again.
      
      rb://413
      b37256b1
  13. 04 Aug, 2010 5 commits
  14. 03 Aug, 2010 5 commits