1. 16 Jan, 2014 1 commit
  2. 13 Jan, 2014 1 commit
    • Thayumanavar's avatar
      BUG#18054998 - BACKPORT FIX FOR BUG#11765785 to 5.5 · 819eb3e0
      Thayumanavar authored
      This is a backport of the patch of bug#11765785. Commit message
      by Prabakaran Thirumalai from bug#11765785 is reproduced below:
      Description:
      ------------
      Global Query ID (global_query_id ) is not incremented for PING and 
      statistics command. These two query types are filtered before 
      incrementing the global query id. This causes race condition and 
      results in duplicate query id for different queries originating from 
      different connections.
            
      Analysis:
      ---------
      sqlparse.cc::dispath_command() is the only place in code which sets 
      thd->query_ id to global_query_id and then increments it based on the 
      query type. In all other places it is incremented first and then 
      assigned to thd->query_id.
            
      This is done such that global_query_id is not incremented for PING 
      and statistics commands in dispatch_command() function.
            
      Fix:
      ----
      As per suggestion from Serg, "There is no reason to skip query_id for 
      the PING and STATISTICS command.", removing the check which filters 
      PING and statistics commands.
            
      Instead of using get_query_id() and next_query_id() which can still 
      cause race condition if context switch happens soon after executing 
      get_query_id(), changing the code to use next_query_id() instead of 
      get_query_id() as it is done in other parts of code which deals with 
      global_query_id.
            
      Removed get_query_id() function and forced next_query_id() caller 
      to use the return value by specifying warn_unused_result attribute.
      819eb3e0
  3. 11 Jan, 2014 1 commit
    • Venkata Sidagam's avatar
      Bug #17760379 COLLATIONS WITH CONTRACTIONS BUFFER-OVERFLOW THEMSELVES IN THE FOOT · ff6b117c
      Venkata Sidagam authored
      Description: A typo in create_tailoring() causes the "contraction_flags" to be written
      into cs->contractions in the wrong place. This causes two problems:
      (1) Anyone relying on `contraction_flags` to decide "could this character be
      part of a contraction" is 100% broken.
      (2) Anyone relying on `contractions` to determine the weight of a contraction
      is mostly broken
      
      Analysis: When we are preparing the contraction in create_tailoring(), we are corrupting the 
      cs->contractions memory location which is supposed to store the weights(8k) + contraction information(256 bytes). We started storing the contraction information after the 4k location. This is because of logic flaw in the code.
      
      Fix: When we create the contractions, we need to calculate the contraction with (char*) (cs->contractions + 0x40*0x40) from ((char*) cs->contractions) + 0x40*0x40. This makes the "cs->contractions" to move to 8k bytes and stores the contraction information from there. Similarly when we are calculating it for like range queries we need to calculate it from the 8k bytes onwards, this can be done by changing the logic to (const char*) (cs->contractions + 0x40*0x40). And for ucs2 charsets we need to modify the my_cs_can_be_contraction_head() and my_cs_can_be_contraction_tail() to point to 8k+ locations.
      ff6b117c
  4. 10 Jan, 2014 1 commit
    • Sujatha Sivakumar's avatar
      Bug#17081415:>=4GB ROW EVENT CRASHES SERVER WITH WILD MEMCPY · 8765bec5
      Sujatha Sivakumar authored
      OF ROW DATA
      
      Problem:
      ========
      Inserting a row larger than 4G when server uses RBR leads
      to crash.
      
      Analysis:
      ========
      Row-based binary logging logs changes in individual table
      rows. During the execution of DML statements in RBR the
      actual row data will be stored within "m_rows_buf" buffer
      and this buffer contents will be written to binary log.
      "m_rows_buf" is prepared within the following function
      "Rows_log_event::do_add_row_data".
      
      When a huge row is specified as in this bug scenario where
      row size is 4294971520 > UINT_MAX (4294967295) then the
      "m_rows_buf" is reallocated to accommodate the row data and
      then the row is copied to the buffer. During this realloc
      call, the length is getting type casted to "uint" which
      results in overflow. Because of the overflow the reallocated
      memory happens to be incorrect than what was requested
      and it results in a crash during copy of rowdata to buffer.
      
      Hence rows of size > 4GB cannot be written to binary log.
      By default the event_length can be stored within 4 bytes
      which in turn restricts an event's size to grow. Hence large
      rows cannot be replicated using row based replication.
      
      Fix:
      ===
      An error is generated if the row size exceeds 4GB value.
      
      sql/log_event.cc:
        An error is generated if the row size exceeds 4GB value.
        Debug simulations are added to test the fix.
      8765bec5
  5. 09 Jan, 2014 4 commits
    • Luis Soares's avatar
      BUG#17066269 · fcf33b60
      Luis Soares authored
      - Automerged from bug branch into latest mysql-5.5.
      - Fixed trailing whitespaces.
      - Updated the copyright notice year to 2014.
      fcf33b60
    • Murthy Narkedimilli's avatar
    • mithun's avatar
      Bug #17307201 : FAILING ASSERTION: PREBUILT->TRX->CONC_STATE == 1 · 672f18c1
      mithun authored
                      FROM SUBSELECT
      ISSUE         : In function find_all_keys.
                      If selected row do not satisfy condition
                      then we call unlock_row to release the locked
                      row. Suppose if we have subquery in condition
                      and we have an innodb error during its execution.
                      Then we should not call the unlock_row. If the error
                      is because of deadlock, innodb will rollback the
                      transaction. And calling unlock_row without
                      transaction is an invalid case hence an assertion
                      failure.
      SOLUTION      : We call unlock_row only if only there is no
                      error occurred previously.
                      The solution is back ported from 5.6
                      defect number 14226481
      
      
      sql/filesort.cc:
        Now we call unlock_row only if there is no
        previous error.
      672f18c1
    • unknown's avatar
      No commit message · f176092c
      unknown authored
      No commit message
      f176092c
  6. 08 Jan, 2014 3 commits
    • Aditya A's avatar
      Bug#16287752 INNODB_DATA_FILE_PATH MINIMUM SIZE · dc1365d6
      Aditya A authored
                      IN DOCUMENTATION
      Problem 
      -------
      The documentation says that we support 'K' prefix 
      while specifiying size for innodb datafile in the
      server variable for innodb_data_file_path ,but the
      function srv_parse_megabytes() only handles only 
      'M' (megabytes) and 'G' (gigabytes) .
      
      Fix
      ---
      Modify srv_parse_megabytes() to handle Kilobytes. 
      
      Add in documentation that while specifying size 
      in KB it should be mentioned in multiples of 1024
      other wise they will be rounded off to nearest
      MB (megabyte) boundry .(eg if size mentioned
      as 2313KB will be considered as 2 MB ).
      
      [ Approved by Marko #rb 2387 ]
      dc1365d6
    • Anirudh Mangipudi's avatar
      Bug#16715064 MYSQL COMMUNITY UTILITIES CANNOT CONNECT TO MYSQL ENTERPRISE · 634bb833
      Anirudh Mangipudi authored
      WITH SSL ENABLED
      Problem:
      It was reported that MySQL community utilities cannot connect to a MySQL
      Enterprise 5.6.x server with SSL configured. We can reproduce the issue
      when we try to connect an MySQL Enterprise Server with a MySQL Client with
      --ssl-ca parameter enabled.
      We get an ERROR 2026 (HY000): SSL connection error: unknown error number.
      
      Solution:
      The root cause of the problem was determined to be the difference in handling
      of the certificates by OpenSSL(Enterprise) and yaSSL(Community). OpenSSL expects
      a blank certificate to be sent when a parameter (ssl-ca, or ssl-cert or ssl-key)
      has not been specified.On the other hand yaSSL doesn't send any certificate and 
      since OpenSSL does not expect this behaviour it returns an Unknown SSL error.
      The issue was resolved by yaSSL adding capability to send blank certificate when
      any of the parameter is missing.
      634bb833
    • Nisha Gopalakrishnan's avatar
      BUG#17324415:GETTING MYSQLD --HELP AS ROOT EXITS WITH 1 · df1df7ea
      Nisha Gopalakrishnan authored
      Analysis
      --------
      
      Running 'MYSQLD --help --verbose' as ROOT user without
      using '--user' option displays the help contents but
      aborts at the end with an exit code '1'.
      
      While starting the server, a validation is performed to
      ensure when the server is started as root user, it should
      be done using '--user' option. Else we abort. In case
      of help, we dump the help contents and abort.
      
      Fix:
      ---
      During the validation, we skip aborting the server incase
      we are using the help option under the condition mentioned
      above.
      
      NOTE: Test case has not been added since it requires using 
            'root' user.
      df1df7ea
  7. 07 Jan, 2014 1 commit
  8. 06 Jan, 2014 2 commits
  9. 30 Dec, 2013 1 commit
    • Arun Kuruvila's avatar
      Bug #16324629 : SERVER CRASHES ON UPDATE/JOIN FEDERATED + · 1f8d86b4
      Arun Kuruvila authored
                      LOCAL TABLE WHEN ONLY 1 LOCAL ROW
      
      Description: When updating a federated table with UPDATE...
      JOIN, the server consistently crashes with Signal 11 when
      only 1 row exists in the local table involved in the join 
      and that 1 row can be joined with a row in the federated 
      table.
      
      Analysis: Interaction between the federated engine and the
      optimizer results in the crash. In our scenario, ie, local
      table having only one row, the program is following a 
      different path because the table is treated as a constant
      table by the join optimizer. So in this scenario 
      "index_read()" is happening in the prepare phase,
      since optimizer plan is different for constant table joins.
      In this case, "index_read_idx_map()" (inside handler.cc) is
      calling "index_read()" and inside "index_read()", matching 
      rows are fetched and "stored_result" gets populated by 
      calling "store_result()". And just after "index_read()", 
      "index_end()" function is called. And in the "index_end()",
      its freeing the "stored_result" by calling "free_result()".
      So when it reaches the execution phase, in "position()" 
      function, we are getting assertion at 
      "DBUG_ASSERT(stored_result);". In all other scenarios (ie, 
      table with more than 1 row), optimizer plan is different 
      and "index_read()" is happening in the execution phase.
      
      Fix: So my fix is to have a separate ha_federated member
      function for "index_read_idx_map()" which will handle 
      federated engine separately. So that position() will be 
      called before index_end() call in constant table scenario.
      1f8d86b4
  10. 29 Dec, 2013 1 commit
    • Aditya A's avatar
      Bug#12762390 SHOW INNODB STATUS REPORTS NON-FK · 64b697ca
      Aditya A authored
                   ERRORS IN THE FK SECTION
      
      ANALYSIS
      --------
      
      Any error during the renaming of the table was 
      incorrectly logged in the dict_foreign_err_file
      and it showed up in foreign key section when
      we give the query "show engine innodb status".
      
      FIX
      ---
      Prevent renaming error from being logged in 
      dict_foreign_err_file section.  
      
      [Aprooved by marko #rb 2501 ]
      64b697ca
  11. 26 Dec, 2013 1 commit
  12. 19 Dec, 2013 1 commit
  13. 18 Dec, 2013 5 commits
    • Bjorn Munch's avatar
      Followup fix for Bug 17827378 MTR DOES NOT REPORT IF A TEST · b430aaba
      Bjorn Munch authored
                                    FAILS TO DROP CREATED EVENTS:
      
      - Check for triggers should exclude mtr's own
      - Move the code to before checksum table as it might affect result
        of some autdit_log tests (does in 5.6)
      - Replace SHOW STATUS LIKE 'slave_open_temp_tables' to be like in 5.6
      b430aaba
    • Luis Soares's avatar
      BUG#17066269: AUTO_INC VALUE NOT PROPERLY GENERATED WITH RBR AND · 7481cf6c
      Luis Soares authored
      AUTO_INC COLUMN ONLY ON SLAVE
      
      In RBR, if the slave's table as one additional auto_inc column,
      then, it will insert the value 0 instead of generating the next
      auto_inc number.
      
      We fix this by checking that if an auto_inc extra column exists,
      when compared to column data of the row event, we explicitly set
      it to NULL and flag the engine that a nulled auto_inc column will
      be inserted.
      7481cf6c
    • Tor Didriksen's avatar
      MTR's internal check of the test case 'main.events_trans' failed. · 48bec2a9
      Tor Didriksen authored
      fix: DROP EVENT e1;
      
      48bec2a9
    • Tor Didriksen's avatar
      Bug#16316074 RFE: MAKE TMPDIR A BUILD-TIME CONFIGURABLE OPTION · ba22c3f2
      Tor Didriksen authored
      Bug#68338    RFE: make tmpdir a build-time configurable option
      
      Background: Some distributions use tmpfs for mounting /tmp by
      default, which has some advantages, but brings also new
      issues. Fedora started using tmpfs on /tmp in version 18 for
      example. If not configured otherwise in my.cnf, MySQL uses
      system's constant P_tmpdir expanded to /tmp on Linux. This can
      introduce some problems with limited space in /tmp and also some
      data loss in case of replication slave [1].
      
      In case distributions would like to use /var/tmp, which should be
      better for MySQL purposes, then we have to patch the source or
      change tmpdir option in my.cnf, which is however not updated in
      case it has already existed.
      
      Thus, it would be useful to be able to specify default tmpdir
      path using a configure option, while using P_tmpdir in case it is
      not defined explicitly.
      
      Based on a contribution from Honza Horak
      ba22c3f2
    • Venkatesh Duggirala's avatar
      Bug17632978 SLAVE CRASHES IF ROW EVENT IS CORRUPTED · 11c0805e
      Venkatesh Duggirala authored
      (MYSQLBINLOG -V CRASHES WITH THAT BINLOG)
      
      Post Push: Fixing Werror compiler issue 
      11c0805e
  14. 17 Dec, 2013 1 commit
    • Venkatesh Duggirala's avatar
      Bug#17632978 SLAVE CRASHES IF ROW EVENT IS CORRUPTED · 5fa9664b
      Venkatesh Duggirala authored
      (MYSQLBINLOG -V CRASHES WITH THAT BINLOG)
      
      Problem: If slave receives a corrupted row event,
      slave server is crashing.
      
      Analysis: When slave is unpacking the row event, it is
      not validating the data before applying the event. If the
      data is corrupted for eg: the length of a field is wrong,
      it could end up reading wrong data leading to a crash.
      A similar problem happens when mysqlbinlog tool is used
      against a corrupted binlog using '-v' option. Due to -v
      option, the tool tries to print the values of all the
      fields. Corrupted field length could lead to a crash.
      
      Fix: Before unpacking the field, a verification
      will be made on the length. If it falls into the event
      range, only then it will be unpacked. Otherwise,
      "ER_SLAVE_CORRUPT_EVENT" error will be thrown.
      Incase mysqlbinlog -v case, the field value will not be
      printed and the processing of the file will be stopped.
      
      sql/field.h:
        Removed a function which is not required anymore
      sql/log_event.cc:
        Adding a validation on the field length before
        the tool tries to print the value.
      sql/log_event.h:
        Changing unpack_row call according to the new arguments
      sql/log_event_old.h:
        Changing unpack_row call according to the new arguments
      sql/rpl_record.cc:
        Adding a new argument 'row_end' which tells
        the end position of the complete data in the
        row event. It will be used to do validation
        before doing 'unpack' field.
      sql/rpl_record.h:
        Adding a new argument 'row_end' which tells
        the end position of the complete data in the
        row event. It will be used to do validation
        before doing 'unpack' field.
      sql/rpl_utility.cc:
        Now calc_field_size() is required for client too.
      5fa9664b
  15. 14 Dec, 2013 1 commit
  16. 13 Dec, 2013 1 commit
  17. 12 Dec, 2013 1 commit
  18. 11 Dec, 2013 1 commit
    • Marc Alff's avatar
      Bug#17928281 'CHECK_PERFORMANCE_SCHEMA()' LEAVES 'CURRENT_THD' REFERRING · 82eed657
      Marc Alff authored
      DESTRUCTED THD OBJ 
      
      Prior to fix, function check_performance_schema() could leave
      behind stale pointers in thread local storage, for the following keys:
      - THR_THD (used by _current_thd)
      - THR_MALLOC (used for memory allocation)
      This is an unsafe practice, which can potentially cause crashes,
      and that can cause other bugs when code is modified during maintenance.
      
      With this fix, thread local storage keys used temporarily within
      function check_performance_schema() are cleaned up after use.
      82eed657
  19. 04 Dec, 2013 2 commits
    • Guilhem Bichot's avatar
      Bug#16539979 - BASIC SELECT COUNT(DISTINCT ID) IS BROKEN · c90cdf5d
      Guilhem Bichot authored
      Bug#17867117 - ERROR RESULT WHEN "COUNT + DISTINCT + CASE WHEN" NEED MERGE_WALK 
      
      Problem:
      COUNT DISTINCT gives incorrect result when it uses a Unique
      Tree and its last inserted record has null value.
      
      Here is how COUNT DISTINCT is processed, given that this query is not
      using loose index scan.
      
      When a row is produced as a result of joining tables (there is only
      one table here), we store the SELECTed value in a Unique tree. This
      allows elimination of any duplicates, and thus implements DISTINCT.
      
      When we have processed all rows like this, we walk the Unique tree,
      counting its elements, in Aggregator_distinct::endup() (tree->walk());
      for each element we call Item_sum_count::add(). Such function wants to
      ignore any NULL value, for that it checks item_sum -> args[0] ->
      null_value. It is a mistake: when walking the Unique tree, the value
      to be aggregated is not item_sum ->args[0] but rather table ->
      field[0].
      
      Solution:
      instead of item_sum -> args[0] -> null_value, use arg_is_null(), which
      knows where to look (like in fix for bug 57932).
      
      As a consequence of this solution, we have to make arg_is_null() a
      little more general:
      1) Because it was so far only used for AVG() (which always has a
      single argument), this function was looking at a single argument; now
      that it has to work with COUNT(DISTINCT expression1,expression2), it
      must look at all arguments.
      2) Because we start using arg_is_null () for COUNT(DISTINCT), i.e. in
      Item_sum_count::add (), it implies that we are also using it for
      COUNT(no DISTINCT) (same add ()). For COUNT(no DISTINCT), the
      nullness to check is that of item_sum -> args[0]. But the null_value
      of such item is reliable only if val_*() has been called on it. So far
      arg_is_null() was always used after a call to arg_val*(), so could
      rely on null_value; but for COUNT, there is no call to arg_val*(), so
      arg_is_null() has to call is_null() instead.
      
      Testcase for 16539979 by Neeraj. Testcase for 17867117 contributed by
      Xiaobin Lin from Taobao.
      c90cdf5d
    • Hery Ramilison's avatar
      Upmerge of the mysql-5.1.73 build · 494d0247
      Hery Ramilison authored
      494d0247
  20. 03 Dec, 2013 1 commit
  21. 29 Nov, 2013 2 commits
  22. 27 Nov, 2013 1 commit
  23. 25 Nov, 2013 5 commits
    • Balasubramanian Kandasamy's avatar
      4fe19a25
    • Balasubramanian Kandasamy's avatar
      fac6e3ea
    • Anirudh Mangipudi's avatar
      Bug#12428404 MYSQLD.EXE CRASHES WHEN EXTRACTVALUE() IS CALLED WITH · df202830
      Anirudh Mangipudi authored
      MALFORMED XPATH EXP
      Problem:
      A malformed XPATH expression in the ExtractValue query is causing
      a server crash. This malformed XPATH expression is resulted when 
      the position attribute in the substring function contains ".." in
      the beginning.
      Solution:
      The original crash is happening because the "../" is being evaluated
      prematurely. It tries to access XML while it hasn't been parsed yet.
      The premature evaluation is happening because the val_nodeset function
      is being set to constant, in which case we proceed to evaluate them in
      JOIN:prepare stage only. The solution to this is setting the val_nodeset
      functions as non-constant. This forces us to evaluate the function in
      the JOIN:exec stage and thus avoid any premature evaluation of the 
      XML strings.
      df202830
    • Anirudh Mangipudi's avatar
      Bug#12428404 MYSQLD.EXE CRASHES WHEN EXTRACTVALUE() IS CALLED · f80d5653
      Anirudh Mangipudi authored
      WITH MALFORMED XPATH EXP
      Problem:
      A malformed XPATH expression in the ExtractValue query is 
      causing a server crash. This malformed XPATH expression is
      resulted when the position attribute in the substring function
      contains ".." in the beginning.
      Solution:
      The original crash is happening because the "../" is being 
      evaluated prematurely. It tries to access XML while it 
      hasn't been parsed yet. The premature evaluation is happening
      because the val_nodeset function is being set to constant, 
      in which case we proceed to evaluate them in JOIN:prepare
      stage only. The solution to this is setting the val_nodeset
      functions as non-constant. This forces us to evaluate the function
       in the JOIN:exec stage and thus avoid any premature evaluation of
      the XML strings.
      f80d5653
    • Arun Kuruvila's avatar
      Bug #17168602 MYSQL_PLUGIN REMOVES NON-DIRECTORY TYPE FILES · 946c2468
      Arun Kuruvila authored
                    SPECIFIED WITH THE BASEDIR OPTION 
      
      Description: The mysql_plugin client attempts to remove any
      filename specified to the --basedir option. The problem is
      that if the filename does not end with a slash, it will 
      attempt to unlink it, which succeeds for files, but not for
      directories.
      
      Analysis: When we are starting mysql_plugin with basedir 
      option and if we are giving path of a file as basedir, it 
      deletes that file. It was because it uses a function 
      my_delete which unlinks the file path given.
      
      Fix:  As a fix we replace that line using another function 
      my_free, which will only free the  pointer which is having 
      that file path.
      946c2468
  24. 20 Nov, 2013 1 commit
    • Mattias Jonsson's avatar
      backport of Bug#17401628 · dc7db799
      Mattias Jonsson authored
      revid:mattias.jonsson@oracle.com-20131119103616-u6t82s8cpgp0q3ex
      
      Use of uninitialized memory in the priority queue used for returning records
      in sorted order.
      
      It happens if no previous partition have returned a row since the
      beginning of index_init + an index_read* call returned
      HA_ERR_KEY_NOT_FOUND for all partitions (otherwise the record
      buffer/priority queue would be initialized) + an index_next/prev
      call where all partitions returns HA_ERR_END_OF_FILE.
      dc7db799