1. 30 Sep, 2009 2 commits
    • MySQL Build Team's avatar
      Backport into build-200909301147-5.0.84sp1 · 9d827fef
      MySQL Build Team authored
      > ------------------------------------------------------------
      > revno: 2791.2.3
      > revision-id: joro@sun.com-20090827114042-h55n7qp9990bl6ge
      > parent: anurag.shekhar@sun.com-20090831073231-e55y1hsck6n08ux8
      > committer: Georgi Kodinov <joro@sun.com>
      > branch nick: B46749-5.0-bugteam
      > timestamp: Thu 2009-08-27 14:40:42 +0300
      > message:
      >   Bug #46749: Segfault in add_key_fields() with outer subquery level 
      >     field references
      >   
      >   This error requires a combination of factors : 
      >   1. An "impossible where" in the outermost SELECT
      >   2. An aggregate in the outermost SELECT
      >   3. A correlated subquery with a WHERE clause that includes an outer 
      >   field reference as a top level WHERE sargable predicate
      >   
      >   When JOIN::optimize detects an "impossible WHERE" it will bail out
      >   without doing the rest of the work and initializations. It will not
      >   call make_join_statistics() as well.  And make_join_statistics fills 
      >   in various structures for each table referenced.
      >   When processing the result of the "impossible WHERE" the query must
      >   send a single row of data if there are aggregate functions in it.
      >   In this case the server marks all the aggregates as having received 
      >   no rows and calls the relevant Item::val_xxx() method on the SELECT
      >   list. However if this SELECT list happens to contain a correlated 
      >   subquery this subquery is evaluated in a normal evaluation mode.
      >   And if this correlated subquery has a reference to a field from the 
      >   outermost "impossible where" SELECT the add_key_fields will mistakenly
      >   consider the outer field reference as a "local" field reference when 
      >   looking for sargable predicates.
      >   But since the SELECT where the outer field reference refers to is not
      >   completely initialized due to the "impossible WHERE" in this level
      >   we'll get a NULL pointer reference.
      >   Fixed by making a better condition for discovering if a field is "local"
      >   to the SELECT level being processed. 
      >   It's not enough to look for OUTER_REF_TABLE_BIT in this case since 
      >   for outer references to constant tables the Item_field::used_tables() 
      >   will return 0 regardless of whether the field reference is from the 
      >   local SELECT or not.
      9d827fef
    • sunanda.menon@sun.com's avatar
      c18746a4
  2. 07 Jul, 2009 1 commit
  3. 06 Jul, 2009 7 commits
  4. 03 Jul, 2009 3 commits
  5. 02 Jul, 2009 1 commit
  6. 01 Jul, 2009 1 commit
    • Staale Smedseng's avatar
      Bug #45790 Potential DoS vector: Writing of user input to log · 490f4432
      Staale Smedseng authored
      without proper formatting
            
      The problem is that a suitably crafted database identifier
      supplied to COM_CREATE_DB or COM_DROP_DB can cause a SIGSEGV,
      and thereby a denial of service. The database name is printed
      to the log without using a format string, so potential
      attackers can control the behavior of my_b_vprintf() by
      supplying their own format string. A CREATE or DROP privilege
      would be required.
            
      This patch supplies a format string to the printing of the
      database name. A test case is added to mysql_client_test.
      490f4432
  7. 29 Jun, 2009 2 commits
  8. 26 Jun, 2009 1 commit
  9. 25 Jun, 2009 2 commits
    • Satya B's avatar
      Applying InnoDB snashot 5.0-ss5406, part 2. Fixes BUG#40565 · c4170358
      Satya B authored
      BUG#40565 - Update Query Results in "1 Row Affected" But Should Be "Zero Rows"
      
      Detailed revision comments:
      
      r5232 | marko | 2009-06-03 14:31:04 +0300 (Wed, 03 Jun 2009) | 21 lines
      branches/5.0: Merge r3590 from branches/5.1 in order to fix Bug #40565
      (Update Query Results in "1 Row Affected" But Should Be "Zero Rows").
      
      Also, add a test case for Bug #40565.
      
      rb://128 approved by Heikki Tuuri
        ------------------------------------------------------------------------
        r3590 | marko | 2008-12-18 15:33:36 +0200 (Thu, 18 Dec 2008) | 11 lines
      
        branches/5.1: When converting a record to MySQL format, copy the default
        column values for columns that are SQL NULL.  This addresses failures in
        row-based replication (Bug #39648).
      
        row_prebuilt_t: Add default_rec, for the default values of the columns in
        MySQL format.
      
        row_sel_store_mysql_rec(): Use prebuilt->default_rec instead of
        padding columns.
      
        rb://64 approved by Heikki Tuuri
        ------------------------------------------------------------------------
      c4170358
    • Satya B's avatar
      Applying InnoDB snashot 5.0-ss5406, part 1. Fixes BUG#38479 · 663e41ae
      Satya B authored
      BUG#38479 - valgrind warnings in show table status for innodb tables
      
      Detailed revision comments:
      
      r5080 | vasil | 2009-05-22 14:45:34 +0300 (Fri, 22 May 2009) | 6 lines
      branches/5.0:
      
      Fix Bug#38479 valgrind warnings in show table status for innodb tables
      
      by initializing prebuilt->hint_need_to_fetch_extra_cols.
      663e41ae
  10. 22 Jun, 2009 1 commit
  11. 19 Jun, 2009 6 commits
    • Matthias Leich's avatar
      584c1fb3
    • Matthias Leich's avatar
    • Matthias Leich's avatar
      Fix for Bug#40545, Bug#40209, Bug#40618, Bug#38346 · eb910845
      Matthias Leich authored
        Details:
        - Limit the queries to character sets and collations
          which are most probably available in all build types.
          But try to preserve the intention of the tests.
        - Remove the variants adjusted to some build types.
      
        Note:
        1. The results of the review by Bar are included.
        2. I am not able to check the correctness of this patch
           on any existing build type and any MySQL version.
           So it could happen that the new test fails somewhere.
      eb910845
    • Georgi Kodinov's avatar
      Bug #36654: mysqld_multi cannot start instances with different versions · c5d904eb
      Georgi Kodinov authored
      occasionally.
      
      mysql_multi can call mysqld_safe. In doing this it's not changing the 
      current working directory. This may cause confusion in the case where 
      mysqld_multi is handling instances of servers of different versions 
      and the current working directory is the installation directory of one 
      of these servers.
      
      Fixed by enhancing the meaning of basedir in [mysqldN] sections of 
      mysqld_multi. If specified, mysqld_multi will change the current 
      working directory to the basedir directory before starting the server 
      in mysqld_multi ... start ... and then change it back to what it was.
      c5d904eb
    • V Narayanan's avatar
      Bug#43572 Handle failures from hash_init · 728d3c39
      V Narayanan authored
            
      Failure to allocate memory for the hash->array element,
      caused hash_init to return without initializing the other
      members of the hash. Thus although the dynamic array
      buffer may be allocated at a later point in the code, the
      incompletely initialized hash caused fatal failures.
      
      This patch moves the initialization of the other members
      of the hash above the array allocation, so that the usage
      of this hash will not result in fatal failures.
      728d3c39
    • Staale Smedseng's avatar
      Bug #32223 SETting max_allowed_packet variable · 2b48caa4
      Staale Smedseng authored
            
      Inconsistent behavior of session variable max_allowed_packet 
      (and net_buffer_length); only assignment to the global variable 
      has any effect, without this being obvious to the user.
            
      The patch for Bug#22891 is backported to 5.0, making the two
      session variables read-only. As this is a backport to GA 
      software, the error used when trying to assign to the read-
      only variable is ER_UNKNOWN_ERROR. The error message is the 
      same as in 5.1+.
      2b48caa4
  12. 18 Jun, 2009 2 commits
    • Alfranio Correia's avatar
    • Alexey Kopytov's avatar
      Bug #41710: MySQL 5.1.30 crashes on the latest OpenSolaris 10 · 7a512334
      Alexey Kopytov authored
       
      Change the default optimization level for Sun Studio to "-O1". 
      This is a workaround for a Sun Studio bug (see bug #41710 
      comments for details): 
       
      1. Use $GCC instead of $ac_cv_prog_gcc to check for gcc, since 
      the first one is the only documented way to do it. 
       
      2. Use $GXX instead of $ac_cv_prog_cxx_g to check for g++, 
      since the latter is set to "yes" when the C++ compiler accepts 
      "-g" which is the case for both g++ and CC. 
       
      3. When building with Sun Studio, set the default values for 
      CFLAGS/CXXFLAGS to "-O1", since unlike GCC, Sun Studio 
      interprets "-O" as "-xO3" (see the manual pages for cc and CC). 
      7a512334
  13. 17 Jun, 2009 4 commits
  14. 16 Jun, 2009 1 commit
  15. 15 Jun, 2009 4 commits
    • Georgi Kodinov's avatar
      automerge · 9a49934a
      Georgi Kodinov authored
      9a49934a
    • Georgi Kodinov's avatar
      merged 5.0-main to 5.0-bugteam · e008ba64
      Georgi Kodinov authored
      e008ba64
    • Bernt M. Johnsen's avatar
      f014fa02
    • Georgi Kodinov's avatar
      Bug #44810: index merge and order by with low sort_buffer_size · b1560b9f
      Georgi Kodinov authored
      crashes server!
      
      The problem affects the scenario when index merge is followed by a filesort
      and the sort buffer is not big enough for all the sort keys.
      In this case the filesort function will read the data to the end through the 
      index merge quick access method (and thus closing the cursor etc), 
      but will leave the pointer to the quick select method in place.
      It will then create a temporary file to hold the results of the filesort and
      will add it as a sort output file (in sort.io_cache).
      Note that filesort will copy the original 'sort' structure in an automatic
      variable and restore it after it's done.
      As a result at exiting filesort() we have a sort.io_cache filled in and 
      nothing else (as a result of close of the cursors at end of reading data 
      through index merge).
      Now create_sort_index() will note that there is a select and will clean it up
      (as it's been used already by filesort() reading the data in). While doing that
      a special case in the index merge destructor will clean up the sort.io_cache,
      assuming it's an output of the index merge method and is not needed anymore.
      As a result the code that tries to read the data back from the filesort output 
      will get no data in both memory and disk and will crash.
            
      Fixed similarly to how filesort() does it : by copying the sort.io_cache structure
      to a local variable, removing the pointer to the io_cache (so that it's not freed 
      by QUICK_INDEX_MERGE_SELECT::~QUICK_INDEX_MERGE_SELECT) and restoring the original 
      structure (together with the valid pointer) after the cleanup is done.
      This is a safe thing to do because all the structures are already cleaned up by
      hitting the end of the index merge's read method (QUICK_INDEX_MERGE_SELECT::get_next()) 
      and the cleanup code being written in a way that tolerates repeating cleanups.
      b1560b9f
  16. 12 Jun, 2009 2 commits
    • Georgi Kodinov's avatar
      fixed the build-tags command · 67384e7f
      Georgi Kodinov authored
      67384e7f
    • Georgi Kodinov's avatar
      Bug #45386: Wrong query result with MIN function in field list, · 1f2b5b30
      Georgi Kodinov authored
      WHERE and GROUP BY clause
      
      Loose index scan may use range conditions on the argument of 
      the MIN/MAX aggregate functions to find the beginning/end of 
      the interval that satisfies the range conditions in a single go.
      These range conditions may have open or closed minimum/maximum 
      values. When the comparison returns 0 (equal) the code should 
      check the type of the min/max values of the current interval 
      and accept or reject the row based on whether the limit is 
      open or not.
      There was a wrong composite condition on checking this and it was
      not working in all cases.
      Fixed by simplifying the conditions and reversing the logic.
      1f2b5b30