1. 27 Jan, 2012 1 commit
    • Tor Didriksen's avatar
      Bug#13580775 ASSERTION FAILED: RECORD_LENGTH == M_RECORD_LENGTH · 1422d0b0
      Tor Didriksen authored
      Bug#13011410 CRASH IN FILESORT CODE WITH GROUP BY/ROLLUP
      
      The assert in 13580775 is visible in 5.6 only, 
      but shows that all versions are vulnerable.
      13011410 crashes in all versions.
      
      filesort tries to re-use the sort buffer between invocations in order to save
      malloc/free overhead.
      The fix for Bug 11748783 - 37359: FILESORT CAN BE MORE EFFICIENT.
      added an assert that buffer properties (num_records, record_length) are
      consistent between invocations. Indeed, they are not necessarily consistent.
        
      Fix: re-allocate the sort buffer if properties change.
      1422d0b0
  2. 12 Jan, 2012 4 commits
  3. 11 Jan, 2012 3 commits
  4. 10 Jan, 2012 2 commits
    • Nirbhay Choubey's avatar
      BUG#11760384 - 52792: mysqldump in XML mode does not dump · 7faf69dd
      Nirbhay Choubey authored
                           routines.
      
      mysqldump in xml mode did not dump routines, events or
      triggers.
      
      This patch fixes this issue by fixing the if conditions
      that disallowed the dump of above mentioned objects in
      xml mode, and added the required code to enable dump
      in xml format.
      7faf69dd
    • Yasufumi Kinoshita's avatar
      Bug#12400341 INNODB CAN LEAVE ORPHAN IBD FILES AROUND · 40203bd5
      Yasufumi Kinoshita authored
      If we meet DB_TOO_MANY_CONCURRENT_TRXS during the execution tab_create_graph from row_create_table_for_mysql(), .ibd file for the table should be created already but was not deleted for the error handling.
      
      rb:875 approved by Jimmy Yang
      40203bd5
  5. 09 Jan, 2012 1 commit
    • Jon Olav Hauglid's avatar
      Backport from mysql-trunk of: · 6c1bbb50
      Jon Olav Hauglid authored
      ------------------------------------------------------------
      revno: 3258
      committer: Jon Olav Hauglid <jon.hauglid@oracle.com>
      branch nick: mysql-trunk-bug12663165
      timestamp: Thu 2011-07-14 10:05:12 +0200
      message:
        Bug#12663165 SP DEAD CODE REMOVAL DOESN'T UNDERSTAND CONTINUE HANDLERS
        
        When stored routines are loaded, a simple optimizer tries to locate
        and remove dead code. The problem was that this dead code removal
        did not work correctly with CONTINUE handlers.
        
        If a statement triggers a CONTINUE handler, the following statement
        will be executed after the handler statement has completed. This
        means that the following statement is not dead code even if the
        previous statement unconditionally alters control flow. This fact
        was lost on the dead code removal routine, which ended up with
        removing instructions that could have been executed. This could
        then lead to assertions, crashes and generally bad behavior when
        the stored routine was executed.
        
        This patch fixes the problem by marking as live code all stored
        routine instructions that are in the same scope as a CONTINUE handler.
        
        Test case added to sp.test.
      6c1bbb50
  6. 06 Jan, 2012 2 commits
  7. 02 Jan, 2012 1 commit
    • Tatjana Azundris Nuernberg's avatar
      BUG#11755281/47032: ERROR 2006 / ERROR 2013 INSTEAD OF PROPER ERROR MESSAGE · 1666da4b
      Tatjana Azundris Nuernberg authored
      If init_command was incorrect, we couldn't let users execute
      queries, but we couldn't report the issue to the client either
      as it does not expect error messages before even sending a
      command. Thus, we simply disconnected them without throwing
      a clear error.
      
      We now go through the proper sequence once (without executing
      any user statements) so we can report back what the problem
      is. Only then do we disconnect the user.
      
      As always, root remains unaffected by this as init_command is
      (still) not executed for them.
      1666da4b
  8. 28 Dec, 2011 1 commit
    • Marko Mäkelä's avatar
      Bug#13418934 REMOVE HAVE_PURIFY DEPENDENCES FROM INNODB · a290a844
      Marko Mäkelä authored
      InnoDB: Remove HAVE_purify, UNIV_INIT_MEM_TO_ZERO, UNIV_SET_MEM_TO_ZERO.
      
      The compile-time setting HAVE_purify can mask potential bugs.
      It is being set in PB2 Valgrind runs. We should simply get rid of it,
      and replace it with UNIV_MEM_INVALID() to declare uninitialized memory
      as such in Valgrind-instrumented binaries.
      
      os_mem_alloc_large(), ut_malloc_low(): Remove the parameter set_to_zero.
      
      ut_malloc(): Define as a macro that invokes ut_malloc_low().
      
      buf_pool_init(): Never initialize the buffer pool frames. All pages
      must be initialized before flushing them to disk.
      
      mem_heap_alloc(): Never initialize the allocated memory block.
      
      os_mem_alloc_nocache(), ut_test_malloc(): Unused function, remove.
      
      rb:813 approved by Jimmy Yang
      a290a844
  9. 23 Dec, 2011 2 commits
  10. 22 Dec, 2011 3 commits
    • Vasil Dimov's avatar
      Fix Bug#13510739 63775: SERVER CRASH ON HANDLER READ NEXT AFTER DELETE RECORD. · 43ea968d
      Vasil Dimov authored
      CREATE TABLE bug13510739 (c INTEGER NOT NULL, PRIMARY KEY (c)) ENGINE=INNODB;
      INSERT INTO bug13510739 VALUES (1), (2), (3), (4);
      DELETE FROM bug13510739 WHERE c=2;
      HANDLER bug13510739 OPEN;
      HANDLER bug13510739 READ `primary` = (2);
      HANDLER bug13510739 READ `primary` NEXT;  <-- crash
      
      The bug is that in the particular testcase row_search_for_mysql() picked up
      a delete-marked record and quit, leaving the cursor non-positioned state and
      on the subsequent 'get next' call the code crashed because of the
      non-positioned cursor.
      
      In row0sel.cc (line numbers from mysql-trunk):
      
      4653         if (rec_get_deleted_flag(rec, comp)) {
      ...
      4679                 if (index == clust_index && unique_search) {
      4680 
      4681                         err = DB_RECORD_NOT_FOUND;
      4682                         
      4683                         goto normal_return;
      4684                 }       
      
      it quit from here, not storing the cursor position.
      
      In contrast, if the record=2 is not found at all (e.g. sleep(1) after DELETE
      to let the purge wipe it away completely) then 'get = 2' does find record=3
      and quits from here:
      
      4366                 if (0 != cmp_dtuple_rec(search_tuple, rec, offsets)) {
      ...
      4394                         btr_pcur_store_position(pcur, &mtr);
      4395 
      4396                         err = DB_RECORD_NOT_FOUND;
      4397 #if 0
      4398                         ut_print_name(stderr, trx, FALSE, index->name);
      4399                         fputs(" record not found 3\n", stderr);
      4400 #endif
      4401 
      4402                         goto normal_return;
      
      Another fix could be to extend the condition on line 4366 to hold only if
      seach_tuple matches rec AND if rec is not delete marked.
      
      Notice that in the above test case if we wait about 1 second somewhere after
      DELETE and before 'get = 2', then the testcase does not crash and returns 4
      instead. Not sure if this is the correct behavior, but this bugfix removes
      the crash and makes the code return what it also returns in the non-crashing
      case (if rec=2 is not found during 'get = 2', e.g. we have sleep(1) there).
      
      Approved by:	Marko (http://bur03.no.oracle.com/rb/r/863/)
      43ea968d
    • Inaam Rana's avatar
      Add ChangeLog message. · 51078332
      Inaam Rana authored
      51078332
    • Inaam Rana's avatar
      Bug#11866367 FPE WHEN SETTING INNODB_SPIN_WAIT_DELAY · 2cdcb18b
      Inaam Rana authored
      rb://865
      approved by: Jimmy
      
      Integer overflow causes division by zero.
      2cdcb18b
  11. 16 Dec, 2011 8 commits
  12. 15 Dec, 2011 2 commits
  13. 14 Dec, 2011 2 commits
  14. 13 Dec, 2011 1 commit
    • Annamalai Gurusami's avatar
      Bug #13117023: Innodb increments handler_read_key when it should not · 22b38304
      Annamalai Gurusami authored
      The counter handler_read_key (SSV::ha_read_key_count) is incremented 
      incorrectly.
      
      The mysql server maintains a per thread system_status_var (SSV)
      object.  This object contains among other things the counter
      SSV::ha_read_key_count. The purpose of this counter is to measure the
      number of requests to read a row based on a key (or the number of
      index lookups).
      
      This counter was wrongly incremented in the
      ha_innobase::innobase_get_index(). The fix removes
      this increment statement (for both innodb and innodb_plugin).
      
      The various callers of the innobase_get_index() was checked to
      determine if anybody must increment this counter (if they first call
      innobase_get_index() and then perform an index lookup).  It was found
      that no caller of innobase_get_index() needs to worry about the
      SSV::ha_read_key_count counter.
      22b38304
  15. 12 Dec, 2011 3 commits
  16. 30 Nov, 2011 2 commits
  17. 29 Nov, 2011 2 commits
    • Tor Didriksen's avatar
      Build broken for gcc 4.5.1 in optimized mode. · cfef24eb
      Tor Didriksen authored
      readline.cc: In function char* batch_readline(LINE_BUFFER*):
      readline.cc:60:9: error: out_length may be used uninitialized in this function
      log.cc: In function int find_uniq_filename(char*):
      log.cc:1857:8: error: number may be used uninitialized in this function
      cfef24eb
    • Nirbhay Choubey's avatar
      Bug#11756764 48726: MYSQLD KEEPS CRASHING WITH SIGSEGV · c9761d08
      Nirbhay Choubey authored
                          WITH MYISAM_USE_MMAP ENABLED
      
      MySQL server can crash due to segmentation fault when
      started with myisam_use_mmap.
      
      The reason behind this being, while making a request to
      unmap (munmap) the previously mapped memory (mmap), the
      size passed was 7 bytes larger than the size requested at
      the time of mapping. This can eventually unmap the adjacent
      memory mapped block, belonging to some other memory-map pool.
      Hence the subsequent call to mmap can map a region which was
      still a valid memory mapped area.
      
      Fixed by removing the extra 7-byte margin which was erroneously
      added to the size, used for unmappping.
      c9761d08