1. 19 May, 2023 4 commits
    • Vlad Lesin's avatar
      MDEV-31185 rw_trx_hash_t::find() unpins pins too early · b54e7b0c
      Vlad Lesin authored
      rw_trx_hash_t::find() acquires element->mutex, then unpins pins, used for
      lf_hash element search. After that the "element" can be deallocated and
      reused by some other thread.
      
      If we take a look rw_trx_hash_t::insert()->lf_hash_insert()->lf_alloc_new()
      calls, we will not find any element->mutex acquisition, as it was not
      initialized yet before it's allocation. rw_trx_hash_t::insert() can reuse
      the chunk, unpinned in rw_trx_hash_t::find().
      
      The scenario is the following:
      
      1. Thread 1 have just executed lf_hash_search() in
      rw_trx_hash_t::find(), but have not acquired element->mutex yet.
      2. Thread 2 have removed the element from hash table with
      rw_trx_hash_t::erase() call.
      3. Thread 1 acquired element->mutex and unpinned pin 2 pin with
      lf_hash_search_unpin(pins) call.
      4. Some thread purged memory of the element.
      5. Thread 3 reused the memory for the element, filled element->id,
      element->trx.
      6. Thread 1 crashes with failed "DBUG_ASSERT(trx_id == trx->id)"
      assertion.
      
      Note that trx_t objects are also reused, see the code around trx_pools
      for details.
      
      The fix is to invoke "lf_hash_search_unpin(pins);" after element->trx is
      stored in local variable in rw_trx_hash_t::find().
      
      Reviewed by: Nikita Malyavin, Marko Mäkelä.
      b54e7b0c
    • Robin Newhouse's avatar
      All-green GitLab CI in 10.4 branch · f4ce1e48
      Robin Newhouse authored
      Note to mergers: Do not merge this commit to 10.5+. An additional PR
      will be created for the 10.5 branch which is compatible with later
      branches.
      
      Include cppcheck and FlawFinder for SAST scanning.
      
      From 10.6, cherry-picked 12bf5c46 (Remove unused French translations in
      Connect engine) and c6072ed9 (Ensure that source files contain only
      valid UTF8 encodings). Necessary for FlawFinder to execute and useful
      anyway.
      
      Removing MSAN build and test as it was not introduced until 10.5 and
      does not successfully build.
      
      Remove failing upgrade test since Fedora installs MariaDB 10.5 and the
      10.5->10.4 upgrade rightfully complains
      
      Add to skiplist failing test: main.func_math (MDEV-20966)
      
      All new code of the whole pull request, including one or several files
      that are either new files or modified ones, are contributed under the
      BSD-new license. I am contributing on behalf of my employer
      Amazon Web Services, Inc.
      f4ce1e48
    • anson1014's avatar
      Ensure that source files contain only valid UTF8 encodings (#2188) · 1db4fc54
      anson1014 authored
      Modern software (including text editors, static analysis software,
      and web-based code review interfaces) often requires source code files
      to be interpretable via a consistent character encoding, with UTF-8 or
      ASCII (a strict subset of UTF-8) as the default. Several of the MariaDB
      source files contain bytes that are not valid in either the UTF-8 or
      ASCII encodings, but instead represent strings encoded in the
      ISO-8859-1/Latin-1 or ISO-8859-2/Latin-2 encodings.
      
      These inconsistent encodings may prevent software from correctly
      presenting or processing such files. Converting all source files to
      valid UTF8 characters will ensure correct handling.
      
      Comments written in Czech were replaced with lightly-corrected
      translations from Google Translate. Additionally, comments describing
      the proper handling of special characters were changed so that the
      comments are now purely UTF8.
      
      All new code of the whole pull request, including one or several files
      that are either new files or modified ones, are contributed under the
      BSD-new license. I am contributing on behalf of my employer
      Amazon Web Services, Inc.
      Co-authored-by: default avatarAndrew Hutchings <andrew@linuxjedi.co.uk>
      1db4fc54
    • anson1014's avatar
      Remove unused French translations in Connect engine (#2252) · c205f6c1
      anson1014 authored
      These files are currently not being used nor compiled in MariaDB. The
      use of large lists of 'case' statements in these source files are also
      not a great way to represent translated strings. This git history can
      be referred to when a better translation interface can be implemented
      in the future.
      
      Therefore, these files can be removed to cleanup the MariaDB codebase.
      
      All new code of the whole pull request, including one or several files
      that are either new files or modified ones, are contributed under the
      BSD-new license. I am contributing on behalf of my employer
      Amazon Web Services, Inc.
      c205f6c1
  2. 16 May, 2023 2 commits
  3. 15 May, 2023 3 commits
  4. 12 May, 2023 6 commits
    • Mikhail Chalov's avatar
      Fix insecure use of strcpy, strcat and sprintf in Connect · 2ff01e76
      Mikhail Chalov authored
      Old style C functions `strcpy()`, `strcat()` and `sprintf()` are vulnerable to
      security issues due to lacking memory boundary checks. Replace these in the
      Connect storage engine with safe new and/or custom functions such as
      `snprintf()` `safe_strcpy()` and `safe_strcat()`.
      
      With this change FlawFinder and other static security analyzers report 287
      fewer findings.
      
      All new code of the whole pull request, including one or several files that are
      either new files or modified ones, are contributed under the BSD-new license. I
      am contributing on behalf of my employer Amazon Web Services, Inc.
      2ff01e76
    • Alexander Barkov's avatar
      MDEV-31250 ROW variables do not get assigned from subselects · b3cdb612
      Alexander Barkov authored
      ROW variables did not get assigned from subselects in these contexts:
      
      BEGIN
        DECLARE r ROW TYPE OF t1;
        SET r=(SELECT * FROM t1 WHERE a=1);
      END;
      
      BEGIN
        DECLARE r ROW TYPE OF t1 DEFAULT (SELECT * FROM t1 WHERE a=1);
      END;
      
      All fields of the ROW variable remained NULL.
      b3cdb612
    • Igor Babaev's avatar
      MDEV-31240 Crash with condition pushable into derived and containing outer reference · 0474466b
      Igor Babaev authored
      This bug could affect queries containing a subquery over splittable derived
      tables and having an outer references in its WHERE clause. If such subquery
      contained an equality condition whose left part was a reference to a column
      of the derived table and the right part referred only to outer columns
      then the server crashed in the function st_join_table::choose_best_splitting()
      The crashing code was added in the commit ce7ffe61
      that made the code of the function sensitive to presence of the flag
      OUTER_REF_TABLE_BIT in the KEYUSE_EXT::needed_in_prefix fields.
      
      The field needed_in_prefix of the KEYUSE_EXT structure should not contain
      table maps with OUTER_REF_TABLE_BIT or RAND_TABLE_BIT.
      
      Note that this fix is quite conservative: for affected queries it just
      returns the query plans that were used before the above mentioned commit.
      In fact the equalities causing crashes should be pushed into derived tables
      without any usage of split optimization.
      
      Approved by Sergei Petrunia <sergey@mariadb.com>
      0474466b
    • Jan Lindström's avatar
      MDEV-28433 : Server crashes when wsrep_sst_donor and wsrep_cluster_address set to NULL · f102b595
      Jan Lindström authored
      Do not allow setting wsrep_sst_donor as NULL as it is
      incorrect value. User can use value '' (default) that represents
      same as NULL. Setting wsrep_cluster_address to NULL is
      already handled correctly.
      Signed-off-by: default avatarJulius Goryavsky <julius.goryavsky@mariadb.com>
      f102b595
    • Daniele Sciascia's avatar
      MDEV-30473 Remove test galera.MDEV-27713 · 7d55eb00
      Daniele Sciascia authored
      Remove test galera.MDEV-27713. This test relies on GET_LOCK() and has
      stopped working since commit 844ddb11 (see MDEV-30473). This commit
      disabled GET_LOCK() in combination with Galera.
      Signed-off-by: default avatarJulius Goryavsky <julius.goryavsky@mariadb.com>
      7d55eb00
    • Julius Goryavsky's avatar
      3a7b3113
  5. 11 May, 2023 3 commits
    • Jan Lindström's avatar
      MDEV-30388 : Assertion `!wsrep_has_changes(thd) || (thd->lex->sql_command ==... · 28eaf66e
      Jan Lindström authored
      MDEV-30388 : Assertion `!wsrep_has_changes(thd) || (thd->lex->sql_command == SQLCOM_CREATE_TABLE && !thd->is_current_stmt_binlog_format_row()) || thd->wsrep_cs().transaction().state() == wsrep::transaction::s_aborted' failed
      
      Problem for Galera is the fact that sequences are not really
      transactional. Sequence operation is committed immediately
      in sql_sequence.cd and later Galera could find out that
      we have changes but actual statement is not there anymore.
      
      Therefore, we must make some restrictions what kind
      of sequences Galera can support.
      
      (1) Galera cluster supports only sequences implemented
      by InnoDB storage engine. This is because Galera replication
      supports currently only InnoDB.
      
      (2) We do not allow LOCK TABLE on sequence object and
      we do not allow sequence creation under LOCK TABLE, instead
      lock is released and we issue warning.
      
      (3) We allow sequences with NOCACHE definition or with
      INCREMEMENT BY 0 CACHE=n definition. This makes sure that
      sequence values are unique accross Galera cluster.
      Signed-off-by: default avatarJulius Goryavsky <julius.goryavsky@mariadb.com>
      28eaf66e
    • Oleksandr Byelkin's avatar
      de703a2b
    • Oleg Smirnov's avatar
      MDEV-30765 SHOW TABLES not working properly with lower_case_table_names=2 · 7e7e12e7
      Oleg Smirnov authored
      lower_case_table_names=2 means "table names and database names are
      stored as declared, but they are compared in lowercase".
      But names of objects in grants are stored in lowercase for any value
      of lower_case_table_names. This caused an error when checking grants
      for objects containing uppercase letters since table_hash_search()
      didn't take into account lower_case_table_names value
      7e7e12e7
  6. 10 May, 2023 2 commits
  7. 08 May, 2023 1 commit
    • Igor Babaev's avatar
      MDEV-31181 Crash with EXPLAIN EXTENDED for single-table DELETE using IN predicand · a09f661f
      Igor Babaev authored
      This bug affected EXPLAIN EXTENDED command for single-table DELETE that
      used an IN subquery in its WHERE clause. A crash happened if the optimizer
      chose to employ index_subquery or unique_subquery access when processing
      such command.
      The crash happened when the command tried to print the transformed query.
      In the current code of 10.4 for single-table DELETE statements the output
      of any explain command is produced after the join structures of all used
      subqueries have been destroyed. JOIN::destroy() sets the field tab of the
      JOIN_TAB structures created for subquery tables to NULL. As a result
      subselect_indexsubquery_engine::print(), subselect_indexsubquery_engine()
      cannot use this field to get the alias name of the joined table.
      
      This patch suggests to use the field TABLE_LIST::TAB that can be accessed
      from JOIN_TAB::tab_list to get the alias name of the joined table.
      
      Approved by Oleksandr Byelkin <sanja@mariadb.com>
      a09f661f
  8. 05 May, 2023 5 commits
    • Monty's avatar
      Fixed wrong test cases (embedded and ASAN) · 84b9fc25
      Monty authored
      - main.selectivity failed because one test produced different result with
        embedded (missing feature). Fixed by moving the failing part to
        selectivity_notembedded.
      - Disabled maria.encrypt-no-key for embedded as embedded does not support
        encryption
      - Moved test from join_cache to join_cache_notasan that tried to alloc()
        a buffer bigger than available memory.
      84b9fc25
    • Monty's avatar
      Added missing test file · c874d5c6
      Monty authored
      c874d5c6
    • Monty's avatar
      Cleanup of sql_join_cache code (no logic changes) · e74390d9
      Monty authored
      - Remove virtual from get_min_join_buffer_size() and
        get_max_join_buffer_size().
      - Avoid some calls to get_min_buffer_size()
      - Simply cache usage in get_..._join_buffer_size()
      - Simplify get_max_join_buffer_size() when using optimize_buff_size
      - Reindented some long comments
      
      Reviewer: Sergei Petrunia <sergey@mariadb.com>
      e74390d9
    • Monty's avatar
      Fixed calculation of JOIN_CACHE::max_records · 5fd46be5
      Monty authored
      The old code did set max_records to either number_of_rows
      (partial_join_cardinality) or memory size (join_buffer_space_limit)
      which did not make sense.
      
      Fixed by setting max_records to number of rows that fits into
      join_buffer_size.
      
      Other things:
      - Initialize buffer cache values in JOIN_CACHE constructors (safety)
      
      Reviewer: Sergei Petrunia <sergey@mariadb.com>
      5fd46be5
    • Sergei Petrunia's avatar
      MDEV-31194: Server crash or assertion failure with join_cache_level=4 · 2594da7a
      Sergei Petrunia authored
      The problem, introduced in patch for MDEV-26301:
      
      When check_join_cache_usage() decides not to use join buffer, it must
      adjust the access method accordingly. For BNL-H joins this means switching
      from pseudo-"ref access"(with index=MAX_KEY) to some other access method.
      
      Failing to do this will cause assertions down the line when code that is
      not aware of BNL-H will try to initialize index use for ref access with
      index=MAX_KEY.
      
      The fix is to follow the regular code path to disable the join buffer for
      the join_tab ("goto no_join_cache") instead of just returning from
      check_join_cache_usage().
      2594da7a
  9. 04 May, 2023 6 commits
  10. 03 May, 2023 6 commits
  11. 02 May, 2023 2 commits
    • Monty's avatar
      MDEV-6768 Wrong result with aggregate with join with no result set · 7f96dd50
      Monty authored
      When a query does implicit grouping and join operation produces an empty
      result set, a NULL-complemented row combination is generated.
      However, constant table fields still show non-NULL values.
      
      What happens in the is that end_send_group() is called with a
      const row but without any rows matching the WHERE clause.
      This last part is shown by 'join->first_record' not being set.
      
      This causes item->no_rows_in_result() to be called for all items to reset
      all sum functions to their initial state. However fields are not set
      to NULL.
      
      The used fix is to produce NULL-complemented records for constant tables
      as well. Also, reset the constant table's records back in case we're
      in a subquery which may get re-executed.
      An alternative fix would have item->no_rows_in_result() also work
      with Item_field objects.
      
      There is some other issues with the code:
      - join->no_rows_in_result_called is used but never set.
      - Tables that are used with group functions are not properly marked as
        maybe_null, which is required if the table rows should be regarded as
        null-complemented (not existing).
      - The code that tries to detect if mixed_implicit_grouping should be set
        didn't take into account all usage of fields and sum functions.
      - Item_func::restore_to_before_no_rows_in_result() called the wrong
        function.
      - join->clear() does not use a table_map argument to clear_tables(),
        which caused it to ignore constant tables.
      - unclear_tables() does not correctly restore status to what is
        was before clear_tables().
      
      Main bug fix was to always use a table_map argument to clear_tables() and
      always use join->clear() and clear_tables() together with unclear_tables().
      
      Other fixes:
      - Fixed Item_func::restore_to_before_no_rows_in_result()
      - Set 'join->no_rows_in_result_called' when no_rows_in_result_set()
        is called.
      - Removed not used argument from setup_end_select_func().
      - More code comments
      - Ensure that end_send_group() modifies the same fields as are in the
        result set.
      - Changed return_zero_rows() to use pointers instead of references,
        similar to the rest of the code.
      7f96dd50
    • Monty's avatar
      Fixed "Trying to lock uninitialized mutex' in parallel replication · 4f731757
      Monty authored
      The problem was that mutex_init() was called after the worker was
      put into the domain_hash, which allowed other threads to access it
      before mutex was initialized.
      4f731757