- 16 Dec, 2010 1 commit
-
-
Georgi Kodinov authored
-
- 15 Dec, 2010 1 commit
-
-
Sunanda Menon authored
-
- 14 Dec, 2010 10 commits
-
-
Gleb Shchepa authored
-
Gleb Shchepa authored
Original revid: alexey.kopytov@sun.com-20100723115254-jjwmhq97b9wl932l > Bug #54476: crash when group_concat and 'with rollup' in > prepared statements > > Using GROUP_CONCAT() together with the WITH ROLLUP modifier > could crash the server. > > The reason was a combination of several facts: > > 1. The Item_func_group_concat class stores pointers to ORDER > objects representing the columns in the ORDER BY clause of > GROUP_CONCAT(). > > 2. find_order_in_list() called from > Item_func_group_concat::setup() modifies the ORDER objects so > that their 'item' member points to the arguments list > allocated in the Item_func_group_concat constructor. > > 3. In some cases (e.g. in JOIN::rollup_make_fields) a copy of > the original Item_func_group_concat object could be created by > using the Item_func_group_concat::Item_func_group_concat(THD > *thd, Item_func_group_concat *item) copy constructor. The > latter essentially creates a shallow copy of the source > object. Memory for the arguments array is allocated on > thd->mem_root, but the pointers for arguments and ORDER are > copied verbatim. > > What happens in the test case is that when executing the query > for the first time, after a copy of the original > Item_func_group_concat object has been created by > JOIN::rollup_make_fields(), find_order_in_list() is called for > this new object. It then resolves ORDER BY by modifying the > ORDER objects so that they point to elements of the arguments > array which is local to the cloned object. When thd->mem_root > is freed upon completing the execution, pointers in the ORDER > objects become invalid. Those ORDER objects, however, are also > shared with the original Item_func_group_concat object which is > preserved between executions of a prepared statement. So the > first call to find_order_in_list() for the original object on > the second execution tries to dereference an invalid pointer. > > The solution is to create copies of the ORDER objects when > copying Item_func_group_concat to not leave any stale pointers > in other instances with different lifecycles. mysql-test/r/func_gconcat.result: Test case for bug #54476. mysql-test/t/func_gconcat.test: Test case for bug #54476. sql/item_sum.cc: Copy the ORDER objects pointed to by the elements of the 'order' array in the copy constructor of Item_func_group_concat. sql/table.h: Removed the unused 'item_copy' member of the ORDER class.
-
Luis Soares authored
Autmoerging into latest mysql-5.1-bugteam.
-
Luis Soares authored
Addressing review comments.
-
Luis Soares authored
-
Sergey Glukhov authored
Bug#57913 large negative number to string conversion functions crash String object which is used as result container of the item has uninitialized 'str_charset' field. This object might be used later to preform some internal operations and str_charset field is involved in these operations. It leads to crash. The fix is to intialize str_charset in my_decimal2string() func. mysql-test/r/func_str.result: test case mysql-test/t/func_str.test: test case sql/my_decimal.cc: intialize str_charset field for result string in my_decimal2string() func.
-
Mattias Jonsson authored
-
Mattias Jonsson authored
-
Mattias Jonsson authored
Backport from 5.5. OK from Anitha G. to push to 5.1. Removed floor(float_col) tests, enabled floor(decimal_col) tests
-
Sergey Glukhov authored
--Bug#52157 various crashes and assertions with multi-table update, stored function --Bug#54475 improper error handling causes cascading crashing failures in innodb/ndb --Bug#57703 create view cause Assertion failed: 0, file .\item_subselect.cc, line 846 --Bug#57352 valgrind warnings when creating view --Recently discovered problem when a nested materialized derived table is used before being populated and it leads to incorrect result We have several modes when we should disable subquery evaluation. The reasons for disabling are different. It could be uselessness of the evaluation as in case of 'CREATE VIEW' or 'PREPARE stmt', or we should disable subquery evaluation if tables are not locked yet as it happens in bug#54475, or too early evaluation of subqueries can lead to wrong result as it happened in Bug#19077. Main problem is that if subquery items are treated as const they are evaluated in ::fix_fields(), ::fix_length_and_dec() of the parental items as a lot of these methods have Item::val_...() calls inside. We have to make subqueries non-const to prevent unnecessary subquery evaluation. At the moment we have different methods for this. Here is a list of these modes: 1. PREPARE stmt; We use UNCACHEABLE_PREPARE flag. It is set during parsing in sql_parse.cc, mysql_new_select() for each SELECT_LEX object and cleared at the end of PREPARE in sql_prepare.cc, init_stmt_after_parse(). If this flag is set subquery becomes non-const and evaluation does not happen. 2. CREATE|ALTER VIEW, SHOW CREATE VIEW, I_S tables which process FRM files We use LEX::view_prepare_mode field. We set it before view preparation and check this flag in ::fix_fields(), ::fix_length_and_dec(). Some bugs are fixed using this approach, some are not(Bug#57352, Bug#57703). The problem here is that we have a lot of ::fix_fields(), ::fix_length_and_dec() where we use Item::val_...() calls for const items. 3. Derived tables with subquery = wrong result(Bug19077) The reason of this bug is too early subquery evaluation. It was fixed by adding Item::with_subselect field The check of this field in appropriate places prevents const item evaluation if the item have subquery. The fix for Bug19077 fixes only the problem with convert_constant_item() function and does not cover other places(::fix_fields(), ::fix_length_and_dec() again) where subqueries could be evaluated. Example: CREATE TABLE t1 (i INT, j BIGINT); INSERT INTO t1 VALUES (1, 2), (2, 2), (3, 2); SELECT * FROM (SELECT MIN(i) FROM t1 WHERE j = SUBSTRING('12', (SELECT * FROM (SELECT MIN(j) FROM t1) t2))) t3; DROP TABLE t1; 4. Derived tables with subquery where subquery is evaluated before table locking(Bug#54475, Bug#52157) Suggested solution is following: -Introduce new field LEX::context_analysis_only with the following possible flags: #define CONTEXT_ANALYSIS_ONLY_PREPARE 1 #define CONTEXT_ANALYSIS_ONLY_VIEW 2 #define CONTEXT_ANALYSIS_ONLY_DERIVED 4 -Set/clean these flags when we perform context analysis operation -Item_subselect::const_item() returns result depending on LEX::context_analysis_only. If context_analysis_only is set then we return FALSE that means that subquery is non-const. As all subquery types are wrapped by Item_subselect it allow as to make subquery non-const when it's necessary. mysql-test/r/derived.result: test case mysql-test/r/multi_update.result: test case mysql-test/r/view.result: test case mysql-test/suite/innodb/r/innodb_multi_update.result: test case mysql-test/suite/innodb/t/innodb_multi_update.test: test case mysql-test/suite/innodb_plugin/r/innodb_multi_update.result: test case mysql-test/suite/innodb_plugin/t/innodb_multi_update.test: test case mysql-test/t/derived.test: test case mysql-test/t/multi_update.test: test case mysql-test/t/view.test: test case sql/item.cc: --removed unnecessary code sql/item_cmpfunc.cc: --removed unnecessary checks --THD::is_context_analysis_only() is replaced with LEX::is_ps_or_view_context_analysis() sql/item_func.cc: --refactored context analysis checks sql/item_row.cc: --removed unnecessary checks sql/item_subselect.cc: --removed unnecessary code --added DBUG_ASSERT into Item_subselect::exec() which asserts that subquery execution can not happen if LEX::context_analysis_only is set, i.e. at context analysis stage. --Item_subselect::const_item() Return FALSE if LEX::context_analysis_only is set. It prevents subquery evaluation in ::fix_fields & ::fix_length_and_dec at context analysis stage. sql/item_subselect.h: --removed unnecessary code sql/mysql_priv.h: --Added new set of flags. sql/sql_class.h: --removed unnecessary code sql/sql_derived.cc: --added LEX::context_analysis_only analysis intialization/cleanup sql/sql_lex.cc: --init LEX::context_analysis_only field sql/sql_lex.h: --New LEX::context_analysis_only field sql/sql_parse.cc: --removed unnecessary code sql/sql_prepare.cc: --removed unnecessary code --added LEX::context_analysis_only analysis intialization/cleanup sql/sql_select.cc: --refactored context analysis checks sql/sql_show.cc: --added LEX::context_analysis_only analysis intialization/cleanup sql/sql_view.cc: --added LEX::context_analysis_only analysis intialization/cleanup
-
- 13 Dec, 2010 3 commits
-
-
Tor Didriksen authored
On this platform we seem to get lots of other signals while waiting for SIGKILL to be delivered. Solution: use sigsuspend(<all signals blocked>) dbug/dbug.c: New function _db_suicide_() which does kill(myself, -9) and then waits forever. include/my_dbug.h: Let DBUG_SUICE wait forever until the KILL signal is delivered, and process dies.
-
Sergey Glukhov authored
Auto increment value wraps when performing a bulk insert with auto_increment_increment and auto_increment_offset greater than one. The fix: If overflow happened then return MAX_ULONGLONG value as an indication of overflow and check this before storing the value into the field in update_auto_increment(). mysql-test/r/auto_increment.result: test case mysql-test/suite/innodb/r/innodb-autoinc.result: test case fix mysql-test/suite/innodb/t/innodb-autoinc.test: test case fix mysql-test/suite/innodb_plugin/r/innodb-autoinc.result: test case fix mysql-test/suite/innodb_plugin/t/innodb-autoinc.test: test case fix mysql-test/t/auto_increment.test: test case sql/handler.cc: If overflow happened then return MAX_ULONGLONG value as an indication of overflow and check this before storing the value into the field in update_auto_increment().
-
Sergey Glukhov authored
Explain fails at fix_fields stage and some items are left unfixed, particulary Item_group_concat. Item_group_concat::orig_args field is uninitialized in this case and Item_group_concat::print call leads to crash. The fix: move the initialization of Item_group_concat::orig_args into constructor. mysql-test/r/func_gconcat.result: test case mysql-test/t/func_gconcat.test: test case sql/item_sum.cc: move the initialization of Item_group_concat::orig_args into constructor.
-
- 09 Dec, 2010 2 commits
-
-
Mattias Jonsson authored
The tests generates 4 Billion rows which timeouts. Removed the test from the default weekly run.
-
Ramil Kalimullin authored
my_seek() and my_tell() functions now honour MY_WME flag. include/mysys_err.h: Fix for bug#48451: my_seek and my_tell ignore MY_WME flag - EE_CANT_SEEK added, used in my_seek() and my_tell() functions. mysys/errors.c: Fix for bug#48451: my_seek and my_tell ignore MY_WME flag - EE_CANT_SEEK added, used in my_seek() and my_tell() functions. mysys/my_seek.c: Fix for bug#48451: my_seek and my_tell ignore MY_WME flag - my_seek() and my_tell() handle MY_WME flag. mysys/my_symlink.c: Fix for bug#48451: my_seek and my_tell ignore MY_WME flag - __attribute__((unused)) removed, as myf MyFlags is actually used in the my_realpath() function. storage/myisam/ha_myisam.cc: Fix for bug#48451: my_seek and my_tell ignore MY_WME flag - check my_seek() result.
-
- 07 Dec, 2010 1 commit
-
-
Davi Arnaut authored
Do not use the same maintainer mode flags for both GCC and ICC. The -Wall option for ICC enables more warnings than its GCC counterpart.
-
- 10 Dec, 2010 1 commit
-
-
Dmitry Shulga authored
DROP/CREATE SCHEMA, CREATE TABLE, REPAIR. The cause of assert was concurrent execution of DROP DATABASE and REPAIR TABLE where first statement deleted table's file .TMD at the same time as REPAIR TABLE tried to read file details from the old file that was just removed. Additionally was fixed trouble when DROP TABLE try delete all files belong to table being dropped at the same time when REPAIR TABLE statement has just deleted .TMD file. No regression test added because this would require adding a sync point to mysys/my_redel.c. Since this bug is not present in 5.5+, adding test coverage was considered unnecessary. The patch has been verified using RQG testing. sql/sql_db.cc: mysql_rm_known_files() modified: ignore possible ENOENT error when trying delete all table's files. Such aggressive algorithm permits skip already deleted (in another thread) files. Installation of Drop_table_error_handler as internal error handler moved from mysql_rm_db() to mysql_rm_knowns_files() near to place where source of possible errors (call to mysql_rm_table_part2) located. storage/myisam/mi_check.c: mi_repair() was modified: set param->retry_repair= 0 in order to don't call following failover procedure in ha_myisam::repair().
-
- 09 Dec, 2010 4 commits
-
-
Bjorn Munch authored
-
Bjorn Munch authored
mysqltest checks if the stmt is one that should be run in ps mode, but regexp doesn't match if preceeded by /* */ comment. Fix: match function will jump over /*..*/ if found at start
-
Bjorn Munch authored
Backported use of setenv() from 5.5 This will remove the leak on systems that have setenv() I have not fixed the string.c leak, it's a local variable that the cleanup function cannot access.
-
Bjorn Munch authored
Fixed some errors Added note about 'no' prefix to options See also follow-up comment to bug report
-
- 07 Dec, 2010 1 commit
-
-
Luis Soares authored
Automerging bzr bundle from bug report into latest mysql-5.1-bugteam.
-
- 03 Dec, 2010 1 commit
-
-
Luis Soares authored
When a query fails with a different error on the slave, the sql thread outputs a message (M) containing: 1. the error message format for the master error code 2. the master error code 3. the error message for the slave's error code 4. the slave error code Given that the slave has no information on the error message itself that the master outputs, it can only print its own version of the message format (but stripped from the additional data if the message format requires). This may confuse users. To fix this we augment the slave's message (M) to explicitly state that the master's message is actually an error message format, the one associated with the given master error code and that the slave server knows about.
-
- 02 Dec, 2010 3 commits
-
-
Mats Kindahl authored
-
Mats Kindahl authored
Fixing test case that fails on Windows because .dll is used.
-
Tor Didriksen authored
-
- 01 Dec, 2010 4 commits
-
-
Mats Kindahl authored
-
Mats Kindahl authored
When installing plugins, there is a missing check for slash (/) in the path on Windows. Note that on Windows, both / and \ can be used to separate directories. This patch fixes the issue by: - Adding a FN_DIRSEP symbol for all platforms consisting of a string of legal directory separators. - Adding a charset-aware version of strcspn(). - Adding a check_valid_path() function that uses my_strcspn() to check if any FN_DIRSEP character is in the supplied string. - Using the check_valid_path() function in sql_plugin.cc and sql_udf.cc (which means replacing the existing test there). include/config-netware.h: Adding FN_DIRSEP ****** Adding FN_DIRSEP include/config-win.h: Adding FN_DIRSEP ****** Adding FN_DIRSEP include/m_ctype.h: Adding my_strspn() and my_strcspn(). ****** Adding my_strspn() and my_strcspn(). include/my_global.h: Adding FN_DIRSEP ****** Adding FN_DIRSEP mysql-test/t/plugin_not_embedded.test: Adding test that file names containing / is disallowed on *all* platforms. ****** Adding test that file names containing / is disallowed on *all* platforms. sql/sql_plugin.cc: Introducing check_if_path() function for checking if filename is a path to include / on Windows. ****** Introducing check_if_path() function for checking if filename is a path to include / on Windows. sql/sql_udf.cc: Switching to use check_if_path() function. ****** Switching to use check_if_path() function. strings/my_strchr.c: Adding my_strspn() and my_strcspn(). ****** Adding my_strspn() and my_strcspn().
-
Bjorn Munch authored
I am not fixing the test failure Adds printing of my_errno when commands fail, could hopefully help
-
Nirbhay Choubey authored
Fixing the testcase to use the database name as connected_db instead of 'test' database. mysql-test/r/mysql.result: Additional fix in the test for bug#54899. mysql-test/t/mysql.test: Additional fix in the test for bug#54899.
-
- 30 Nov, 2010 3 commits
-
-
Davi Arnaut authored
integral type. Use intptr which is designed to hold pointer values and pass it to off_t. mysys/stacktrace.c: Add a compile time assert to ensure that off_t is large enough to hold the pointer value.
-
Christopher Powers authored
-
Christopher Powers authored
Improved error handling such that queries against Information_Schema.Tables won't fail if a Federated table is unable to connect to remote host. sql/sql_show.cc: If Handler::Info() fails, save error text in TABLE COMMENTS column, clear error.
-
- 29 Nov, 2010 2 commits
-
-
Georgi Kodinov authored
will not display "indicated result file not found" due to wrongly named var directory.
-
Georgi Kodinov authored
-
- 27 Nov, 2010 1 commit
-
-
Luis Soares authored
win x86 debug_max The windows MTR run exhibited a different test execution ordering (due to the fact that in these platforms MTR is invoked with --parallel > 1). This uncovered a bug in the aforementioned test case, which is triggered by the following conditions: 1. server is not restarted between two different tests; 2. the test before binlog.binlog_row_failure_mixing_engines issues flush logs; 3. binlog.binlog_row_failure_mixing_engines uses binlog positions to limit the output of show_binlog_events; 4. binlog.binlog_row_failure_mixing_engines does not state which binlog file to use, thence it uses a wrong binlog file with the correct position. There are two possible fixes: 1. make sure that the test start from a clean slate - binlog wise; 2. in addition to the position, also state the binary log file before sourcing show_binlog_events.inc . We go for fix #1, ie, deploy a RESET MASTER before the test is actually started.
-
- 26 Nov, 2010 1 commit
-
-
Davi Arnaut authored
The problem is that the logic which checks if a pointer is valid relies on a poor heuristic based on the start and end addresses of the data segment and heap. Apart from miscalculating the heap bounds, this approach also suffers from the fact that memory can come from places other than the heap. See Bug#58528 for a more detailed explanation. On Linux, the solution is to access the process's memory through /proc/self/task/<tid>/mem, which allows for retrieving the contents of pages within the virtual address space of the calling process. If a address range is not mapped, a input/output error is returned. client/mysqltest.cc: Use new interface to my_safe_print_str. include/my_stacktrace.h: Drop name from my_safe_print_str. mysys/stacktrace.c: Access the process's memory through a file descriptor and dump the contents of the memory range. The file descriptor offset is equivalent to a offset into the address space. Do not print the name of the variable associated with the address. It can be better accomplished at a higher level. sql/mysqld.cc: Put the variable dumping information within its own newline block. Use symbolic names which better convey information to the user.
-
- 30 Nov, 2010 1 commit
-
-
Luis Soares authored
-