1. 24 Jul, 2009 4 commits
    • Gleb Shchepa's avatar
      Bug #38816: kill + flush tables with read lock + stored · dc0a87fd
      Gleb Shchepa authored
                  procedures causes crashes!
      
      The problem of that bugreport was mostly fixed by the
      patch for bug 38691.
      However, attached test case focused on another crash or
      valgrind warning problem: SHOW PROCESSLIST query accesses
      freed memory of SP instruction that run in a parallel
      connection.
      
      Changes of thd->query/thd->query_length in dangerous
      places have been guarded with the per-thread
      LOCK_thd_data mutex (the THD::LOCK_delete mutex has been
      renamed to THD::LOCK_thd_data).
      
      
      sql/ha_myisam.cc:
        Bug #38816: kill + flush tables with read lock + stored
                    procedures causes crashes!
        
        Modification of THD::query/query_length has been guarded
        with the a THD::set_query() method call/LOCK_thd_data
        mutex.
        Unnecessary locking with the global LOCK_thread_count
        mutex has been removed.
      sql/log_event.cc:
        Bug #38816: kill + flush tables with read lock + stored
                    procedures causes crashes!
        
        Modification of THD::query/query_length has been guarded
        with the THD::set_query()) method call/LOCK_thd_data
        mutex.
      sql/slave.cc:
        Bug #38816: kill + flush tables with read lock + stored
                    procedures causes crashes!
        
        Modification of THD::query/query_length has been guarded
        with the THD::set_query() method call/LOCK_thd_data mutex.
        
        The THD::LOCK_delete mutex has been renamed to
        THD::LOCK_thd_data.
      sql/sp_head.cc:
        Bug #38816: kill + flush tables with read lock + stored
                    procedures causes crashes!
        
        Modification of THD::query/query_length has been guarded
        with the a THD::set_query() method call/LOCK_thd_data
        mutex.
      sql/sql_class.cc:
        Bug #38816: kill + flush tables with read lock + stored
                    procedures causes crashes!
        
        The new THD::LOCK_thd_data mutex and THD::set_query()
        method has been added to guard modifications of THD::query/
        THD::query_length fields, also the Statement::set_statement()
        method has been overloaded in the THD class.
        
        The THD::LOCK_delete mutex has been renamed to
        THD::LOCK_thd_data.
      sql/sql_class.h:
        Bug #38816: kill + flush tables with read lock + stored
                    procedures causes crashes!
        
        The new THD::LOCK_thd_data mutex and THD::set_query()
        method has been added to guard modifications of THD::query/
        THD::query_length fields, also the Statement::set_statement()
        method has been overloaded in the THD class.
        
        The THD::LOCK_delete mutex has been renamed to
        THD::LOCK_thd_data.
      sql/sql_insert.cc:
        Bug #38816: kill + flush tables with read lock + stored
                    procedures causes crashes!
        
        Modification of THD::query/query_length has been guarded
        with the a THD::set_query() method call/LOCK_thd_data
        mutex.
      sql/sql_parse.cc:
        Bug #38816: kill + flush tables with read lock + stored
                    procedures causes crashes!
        
        Modification of THD::query/query_length has been guarded
        with the a THD::set_query() method call/LOCK_thd_data mutex.
      sql/sql_repl.cc:
        Bug #38816: kill + flush tables with read lock + stored
                    procedures causes crashes!
        
        The THD::LOCK_delete mutex has been renamed to
        THD::LOCK_thd_data.
      sql/sql_show.cc:
        Bug #38816: kill + flush tables with read lock + stored
                    procedures causes crashes!
        
        Inter-thread read of THD::query/query_length field has
        been protected with a new per-thread LOCK_thd_data
        mutex in the mysqld_list_processes function.
      dc0a87fd
    • Alexey Kopytov's avatar
      Automerge. · 85c97e6c
      Alexey Kopytov authored
      85c97e6c
    • Alexey Kopytov's avatar
      Bug #46075: Assertion failed: 0, file .\protocol.cc, line 416 · 885292e4
      Alexey Kopytov authored
      In create_myisam_from_heap() mark all errors as fatal except 
      HA_ERR_RECORD_FILE_FULL for a HEAP table.
      
      Not doing so could lead to problems, e.g. in a case when a
      temporary MyISAM table gets overrun due to its MAX_ROWS limit
      while executing INSERT/REPLACE IGNORE ... SELECT. 
      The SELECT execution was aborted, but the error was 
      converted to a warning due to IGNORE clause, so neither 'ok' 
      nor 'error' packet could be sent back to the client. This 
      condition led to hanging client when using 5.0 server, or 
      assertion failure in 5.1.
      
      
      mysql-test/r/insert_select.result:
        Added a test case for bug #46075.
      mysql-test/t/insert_select.test:
        Added a test case for bug #46075.
      sql/sql_select.cc:
        In create_myisam_from_heap() mark all errors as fatal except 
        HA_ERR_RECORD_FILE_FULL for a HEAP table.
      885292e4
    • V Narayanan's avatar
      merging with mysql-5.0-bugteam · 74d4c331
      V Narayanan authored
      74d4c331
  2. 23 Jul, 2009 1 commit
    • Staale Smedseng's avatar
      Bug #45770 errors reading server SSL files are printed, but · 1e32574c
      Staale Smedseng authored
      not logged
              
      Errors encountered during initialization of the SSL subsystem
      are printed to stderr, rather than to the error log.
              
      This patch adds a parameter to several SSL init functions to
      report the error (if any) out to the caller. The function
      init_ssl() in mysqld.cc is moved after the initialization of
      the log subsystem, so that any error messages can be logged to
      the error log. Printing of messages to stderr has been 
      retained to get diagnostic output in a client context.
      
      
      include/violite.h:
        Adding an enumeration for the various errors that can
        occur during initialization of the SSL module.
      sql/mysqld.cc:
        Adding more logging of SSL init errors, and moving
        init_ssl() till after initialization of logging 
        subsystem.
      vio/viosslfactories.c:
        Define error strings, provide an access method for these
        strings, and maintain an error parameter in several funcs
        to return the error (if any) to the caller.
      1e32574c
  3. 18 Jul, 2009 2 commits
    • Evgeny Potemkin's avatar
      Merged corrected fix for the bug#46051. · dbe855d0
      Evgeny Potemkin authored
      dbe855d0
    • Evgeny Potemkin's avatar
      Bug#46051: Incorrectly market field caused wrong result. · 50323800
      Evgeny Potemkin authored
      When during the optimization an item is moved to the upper select
      the item's context left unchanged. This caused wrong result in the 
      PS/SP mode.
      The Item_ident::remove_dependence_processor now sets the context
      of the select to which the item is moved to.
      
      mysql-test/r/subselect.result:
        The test case for the bug#46051 is adjusted.
      mysql-test/t/subselect.test:
        The test case for the bug#46051 is adjusted.
      sql/item.cc:
        Bug#46051: Incorrectly market field caused wrong result.
        The Item_ident::remove_dependence_processor now sets the context
        of the select to which the item is moved to.
      50323800
  4. 17 Jul, 2009 2 commits
  5. 16 Jul, 2009 3 commits
    • Evgeny Potemkin's avatar
      Bug#46051: Incorrectly market field caused wrong result. · 63e6a59d
      Evgeny Potemkin authored
      In a subselect all fields from outer selects are marked as dependent on
      selects they are belong to. In some cases optimizer substitutes it for an
      equivalent expression. For example "a_field IN (SELECT outer_field)" is
      substituted with "a_field = outer_field". As we moved the outer_field to the
      upper select it's not really outer anymore. But it was left marked as outer.
      If exists an index over a_field optimizer choose wrong execution plan and thus
      return wrong result.
      
      Now the Item_in_subselect::single_value_transformer function removes dependent
      marking from fields when a subselect is optimized away.
      
      mysql-test/r/subselect.result:
        Added a test case for the bug#46051.
      mysql-test/t/subselect.test:
        Added a test case for the bug#46051.
      sql/item_subselect.cc:
        Bug#46051: Incorrectly market field caused wrong result.
        Now the Item_in_subselect::single_value_transformer function removes dependent
        marking from fields when a subselect is optimized away.
      63e6a59d
    • Georgi Kodinov's avatar
    • Georgi Kodinov's avatar
  6. 12 Jul, 2009 1 commit
    • V Narayanan's avatar
      Bug#43572 Handle failures from hash_init · 5a0a258e
      V Narayanan authored
      This patch is a follow up to http://lists.mysql.com/commits/76678.
      When an allocation failure occurs for the buffer in the dynamic
      array, an error condition was being set. The dynamic array is
      usable even if the memory allocation fails. Since in most cases
      the thread can continue to work without any problems the error
      condition should not be set here.
      
      This patch adds logic to remove the error condition from being set
      when the memory allocation for the buffer in dynamic array fails.
      
      mysys/array.c:
        Bug#43572 Handle failures from hash_init
        
        Remove the MY_WME flag from the call to malloc in order to
        prevent the error status from being set in the init_dynamic_array
        method. Since this memory allocation failure is no longer
        fatal this method has been modified to return FALSE
        (indicate success) irrespective of array->buffer being
        allocated.
      5a0a258e
  7. 10 Jul, 2009 4 commits
  8. 08 Jul, 2009 1 commit
  9. 16 Jul, 2009 1 commit
  10. 15 Jul, 2009 3 commits
    • Georgi Kodinov's avatar
      automerge · b7445ff6
      Georgi Kodinov authored
      b7445ff6
    • Georgi Kodinov's avatar
      Bug #45287: phase 1 : 32 bit compilation warnings · 45b687c0
      Georgi Kodinov authored
      Fixed the following problems:
      1. cmake 2.6 warning because of a changed default on
      how the dependencies to libraries with a specified 
      path are resolved.
      Fixed by requiring cmake 2.6.
      2. Removed an obsolete pre-NT4 hack including defining
      Windows system defines to alter the behavior of windows.h.
      3. Disabled warning C4065 on compiling sql_yacc.cc because
      of a know incompatibility in some of the newer bison binaries.
      45b687c0
    • Anurag Shekhar's avatar
      Bug#37740 Server crashes on execute statement with full text search and · c77b836a
      Anurag Shekhar authored
                match against.
      
      
      Server crashes when executing prepared statement with duplicating
      MATCH() function calls in SELECT and ORDER BY expressions, e.g.:
      SELECT MATCH(a) AGAINST('test') FROM t1 ORDER BY MATCH(a) AGAINST('test')
      
      This query gets optimized by the server, so the value returned
      by MATCH() from the SELECT list is reused for ORDER BY purposes.
      To make this optimization server is comparing items from
      SELECT and ORDER BY lists. We were getting server crash because
      comparision function for MATCH() item is not intended to be called
      at this point of execution.
      
      In 5.0 and 5.1 this problem is workarounded by resetting MATCH()
      item to the state as it was during PREPARE.
      
      In 6.0 correct comparision function will be implemented and
      duplicating MATCH() items from the ORDER BY list will be
      optimized.
      
      mysql-test/r/fulltext.result:
        Updated with the test case for Bug#37740
      mysql-test/t/fulltext.test:
        A test case for Bug#37740.
      sql/item_func.h:
        True initialization of 'table' happens in ::fix_fields(). As
        Item_func_match::eq() may be called before ::fix_fields(), it is
        expected that 'table' is initialized to 0 when it is reused.
        
        This is mostly affecting prepared statements, when the same item
        doesn't get destroyed, but rather cleaned up and reused.
      c77b836a
  11. 14 Jul, 2009 1 commit
  12. 13 Jul, 2009 2 commits
    • Georgi Kodinov's avatar
      Bug #40113: Embedded SELECT inside UPDATE or DELETE can timeout · 410e1a72
      Georgi Kodinov authored
      without error
      
      When using quick access methods for searching rows in UPDATE or 
      DELETE there was no check if a fatal error was not already sent 
      to the client while evaluating the quick condition.
      As a result a false OK (following the error) was sent to the 
      client and the error was thus transformed into a warning.
      
      Fixed by checking for errors sent to the client during 
      SQL_SELECT::check_quick() and treating them as real errors.
      
      Fixed a wrong test case in group_min_max.test
      Fixed a wrong return code in mysql_update() and mysql_delete()
      
      mysql-test/r/bug40113.result:
        Bug #40013: test case
      mysql-test/r/group_min_max.result:
        Bug #40013: fixed a wrong test case
      mysql-test/t/bug40113-master.opt:
        Bug #40013: test case
      mysql-test/t/bug40113.test:
        Bug #40013: test case
      mysql-test/t/group_min_max.test:
        Bug #40013: fixed a wrong test case
      sql/sql_delete.cc:
        Bug #40113: check for errors evaluating the quick select
      sql/sql_update.cc:
        Bug #40113: check for errors evaluating the quick select
      410e1a72
    • Georgi Kodinov's avatar
  13. 07 Jul, 2009 2 commits
  14. 06 Jul, 2009 7 commits
  15. 03 Jul, 2009 3 commits
  16. 02 Jul, 2009 1 commit
  17. 01 Jul, 2009 1 commit
    • Staale Smedseng's avatar
      Bug #45790 Potential DoS vector: Writing of user input to log · 3cd431d5
      Staale Smedseng authored
      without proper formatting
            
      The problem is that a suitably crafted database identifier
      supplied to COM_CREATE_DB or COM_DROP_DB can cause a SIGSEGV,
      and thereby a denial of service. The database name is printed
      to the log without using a format string, so potential
      attackers can control the behavior of my_b_vprintf() by
      supplying their own format string. A CREATE or DROP privilege
      would be required.
            
      This patch supplies a format string to the printing of the
      database name. A test case is added to mysql_client_test.
      
      
      sql/sql_parse.cc:
        Added format strings.
      tests/mysql_client_test.c:
        Added new test case.
      3cd431d5
  18. 29 Jun, 2009 1 commit