- 11 Aug, 2009 4 commits
-
-
Davi Arnaut authored
-
Davi Arnaut authored
-
Davi Arnaut authored
-
unknown authored
-
- 10 Aug, 2009 2 commits
-
-
Davi Arnaut authored
-
unknown authored
-
- 08 Aug, 2009 1 commit
-
-
Davi Arnaut authored
The problem is that the lexer could inadvertently skip over the end of a query being parsed if it encountered a malformed multibyte character. A specially crated query string could cause the lexer to jump up to six bytes past the end of the query buffer. Another problem was that the laxer could use unfiltered user input as a signed array index for the parser maps (having upper and lower bounds 0 and 256 respectively). The solution is to ensure that the lexer only skips over well-formed multibyte characters and that the index value of the parser maps is always a unsigned value. mysql-test/r/ctype_recoding.result: Update test case result: ending backtick is not skipped over anymore. sql/sql_lex.cc: Characters being analyzed must be unsigned as they can be used as indexes for the parser maps. Only skip over if the string is a valid multi-byte sequence. tests/mysql_client_test.c: Add test case for Bug#45010
-
- 06 Aug, 2009 1 commit
-
-
Ignacio Galarza authored
- Remove offensive quotes.
-
- 04 Aug, 2009 2 commits
-
-
Davi Arnaut authored
-
Davi Arnaut authored
-
- 03 Aug, 2009 2 commits
-
-
Alfranio Correia authored
Install procedure does not copy *.inc files located under the mysql-test/t directory. Therefore, this patch moves the rpl_trigger.inc to the mysql-test/include directory.
-
Alfranio Correia authored
-
- 02 Aug, 2009 1 commit
-
-
Alfranio Correia authored
The test case fails sporadically on Windows while trying to overwrite an unused binary log. The problem stems from the fact that MySQL on Windows does not immediately unlock/release a file while the process that opened and closed it is still running. In BUG 38603, this issue was circumvented by stopping the MySQL process, copying the file and then restarting the MySQL process. Unfortunately, such facilities are not available in the 5.0. Other approaches such as stopping the slave and issuing change master do not work because the relay log file and index are not closed when a slave is stopped. So to fix the problem, we simply don't run on windows the part of the test that was failing.
-
- 31 Jul, 2009 1 commit
-
-
Ignacio Galarza authored
- Define and pass compile time path variables as pre-processor definitions to mimic the makefile build. - Set new CMake version and policy requirements explicitly. - Changed DATADIR to MYSQL_DATADIR to avoid conflicting definition in Platform SDK header ObjIdl.h which also defines DATADIR.
-
- 30 Jul, 2009 4 commits
-
-
Matthias Leich authored
-
Joerg Bruehe authored
-
Matthias Leich authored
-
Joerg Bruehe authored
correctly if the compiler optimizes too clever. This has happaned on HP-UX 11.23 (IA64) at optimization level "+O2", causing bug#42213: Check for "stack overrun" doesn't work, server crashes Fix it by adding a pragma that prevents this optimization. As a result, it should be safe to use "+O2" on this platform (unless there is some other, optimizer-related, bug which is just currently masked because we use resudec optimization). config/ac-macros/misc.m4: Our autoconf function "MYSQL_STACK_DIRECTION" is meant to determine whether the stack grows towards higher or towards lower addresses. It does this by comparing the addresses of a variable (which is local to a recursive function) on different nesting levels. This approach requires that the function is really implemented as a recursive function, with each nested call allocating a new stack frame containing the local variable. If, however, the compiler is optimizing so clever that the recursive function is implemented by a loop, then this test will not produce correct results. This has happened on HP-UX 11.23 (IA64) when HP's compiler was called with optimization "+O2" (not with "+O1"), reported as bug#42213. Rather than starting a race with the compiler and making the function so complicated that this optimization does not happen, the idea is to prevent the optimization by adding a pragma. For HP, this is "#pragma noinline". If we encounter other compilers which also optimize too clever, we may add their pragmas here. It is a debatable issue whether such pragmas should be guarded by conditional compiling or not, the reviewers voted to do it. It seems HP has different compilers, "ANSI C" and "aCC", on the affected platform "__HP_cc" ("ANSI C") is predefined. To be on the safe side, the pragma will also take effect if HP's "aCC" compiler is used, or any other compiler on HP-UX.
-
- 28 Jul, 2009 2 commits
-
-
Alexey Kopytov authored
-
Alexey Kopytov authored
compression Since uint3korr() may read 4 bytes depending on build flags and platform, allocate 1 extra "safety" byte in the network buffer for cases when uint3korr() in my_real_read() is called to read last 3 bytes in the buffer. It is practically hard to construct a reliable and reasonably small test case for this bug as that would require constructing input stream such that a certain sequence of bytes in a compressed packet happens to be the last 3 bytes of the network buffer. sql/net_serv.cc: Allocate 1 extra "safety" byte in the network buffer for cases when uint3korr() is used to read last 3 bytes in the buffer.
-
- 27 Jul, 2009 3 commits
-
-
Davi Arnaut authored
The maximum value of the max_join_size variable is set by converting a signed type (long int) with negative value (-1) to a wider unsigned type (unsigned long long), which yields the largest possible value of the wider unsigned type -- as per the language conversion rules. But, depending on build options, the type of the max_join_size might be a shorter type (ha_rows - unsigned long) which causes the warning to be thrown once the large value is truncated to fit. The solution is to ensure that the maximum value of the variable is always set to the maximum value of integer type of max_join_size. Furthermore, it would be interesting to always have a fixed type for this variable, but this would incur in a change of behavior which is not acceptable for a GA version. See Bug#35346. sql/mysqld.cc: Set max value for type.
-
Davi Arnaut authored
Post-merge fix: test case could fail due to a conversion of the max_join_size value to a integer. Fixed by preserving the value as a string for comparison purposes. tests/mysql_client_test.c: Preserve max_join_size value as a string instead of converting it to a integer -- value can be larger then the type used.
-
Satya B authored
-
- 24 Jul, 2009 5 commits
-
-
Gleb Shchepa authored
procedures causes crashes! The problem of that bugreport was mostly fixed by the patch for bug 38691. However, attached test case focused on another crash or valgrind warning problem: SHOW PROCESSLIST query accesses freed memory of SP instruction that run in a parallel connection. Changes of thd->query/thd->query_length in dangerous places have been guarded with the per-thread LOCK_thd_data mutex (the THD::LOCK_delete mutex has been renamed to THD::LOCK_thd_data). sql/ha_myisam.cc: Bug #38816: kill + flush tables with read lock + stored procedures causes crashes! Modification of THD::query/query_length has been guarded with the a THD::set_query() method call/LOCK_thd_data mutex. Unnecessary locking with the global LOCK_thread_count mutex has been removed. sql/log_event.cc: Bug #38816: kill + flush tables with read lock + stored procedures causes crashes! Modification of THD::query/query_length has been guarded with the THD::set_query()) method call/LOCK_thd_data mutex. sql/slave.cc: Bug #38816: kill + flush tables with read lock + stored procedures causes crashes! Modification of THD::query/query_length has been guarded with the THD::set_query() method call/LOCK_thd_data mutex. The THD::LOCK_delete mutex has been renamed to THD::LOCK_thd_data. sql/sp_head.cc: Bug #38816: kill + flush tables with read lock + stored procedures causes crashes! Modification of THD::query/query_length has been guarded with the a THD::set_query() method call/LOCK_thd_data mutex. sql/sql_class.cc: Bug #38816: kill + flush tables with read lock + stored procedures causes crashes! The new THD::LOCK_thd_data mutex and THD::set_query() method has been added to guard modifications of THD::query/ THD::query_length fields, also the Statement::set_statement() method has been overloaded in the THD class. The THD::LOCK_delete mutex has been renamed to THD::LOCK_thd_data. sql/sql_class.h: Bug #38816: kill + flush tables with read lock + stored procedures causes crashes! The new THD::LOCK_thd_data mutex and THD::set_query() method has been added to guard modifications of THD::query/ THD::query_length fields, also the Statement::set_statement() method has been overloaded in the THD class. The THD::LOCK_delete mutex has been renamed to THD::LOCK_thd_data. sql/sql_insert.cc: Bug #38816: kill + flush tables with read lock + stored procedures causes crashes! Modification of THD::query/query_length has been guarded with the a THD::set_query() method call/LOCK_thd_data mutex. sql/sql_parse.cc: Bug #38816: kill + flush tables with read lock + stored procedures causes crashes! Modification of THD::query/query_length has been guarded with the a THD::set_query() method call/LOCK_thd_data mutex. sql/sql_repl.cc: Bug #38816: kill + flush tables with read lock + stored procedures causes crashes! The THD::LOCK_delete mutex has been renamed to THD::LOCK_thd_data. sql/sql_show.cc: Bug #38816: kill + flush tables with read lock + stored procedures causes crashes! Inter-thread read of THD::query/query_length field has been protected with a new per-thread LOCK_thd_data mutex in the mysqld_list_processes function.
-
Alexey Kopytov authored
-
Alexey Kopytov authored
In create_myisam_from_heap() mark all errors as fatal except HA_ERR_RECORD_FILE_FULL for a HEAP table. Not doing so could lead to problems, e.g. in a case when a temporary MyISAM table gets overrun due to its MAX_ROWS limit while executing INSERT/REPLACE IGNORE ... SELECT. The SELECT execution was aborted, but the error was converted to a warning due to IGNORE clause, so neither 'ok' nor 'error' packet could be sent back to the client. This condition led to hanging client when using 5.0 server, or assertion failure in 5.1. mysql-test/r/insert_select.result: Added a test case for bug #46075. mysql-test/t/insert_select.test: Added a test case for bug #46075. sql/sql_select.cc: In create_myisam_from_heap() mark all errors as fatal except HA_ERR_RECORD_FILE_FULL for a HEAP table.
-
V Narayanan authored
-
Satya B authored
-
- 23 Jul, 2009 1 commit
-
-
Staale Smedseng authored
not logged Errors encountered during initialization of the SSL subsystem are printed to stderr, rather than to the error log. This patch adds a parameter to several SSL init functions to report the error (if any) out to the caller. The function init_ssl() in mysqld.cc is moved after the initialization of the log subsystem, so that any error messages can be logged to the error log. Printing of messages to stderr has been retained to get diagnostic output in a client context. include/violite.h: Adding an enumeration for the various errors that can occur during initialization of the SSL module. sql/mysqld.cc: Adding more logging of SSL init errors, and moving init_ssl() till after initialization of logging subsystem. vio/viosslfactories.c: Define error strings, provide an access method for these strings, and maintain an error parameter in several funcs to return the error (if any) to the caller.
-
- 21 Jul, 2009 6 commits
-
-
MySQL Build Team authored
> ------------------------------------------------------------ > revno: 2792 > revision-id: sergey.glukhov@sun.com-20090703083500-jq8vhw0tqr37j7te > parent: bernt.johnsen@sun.com-20090703083610-o7l4s8syz05rc4w0 > committer: Sergey Glukhov <Sergey.Glukhov@sun.com> > branch nick: mysql-5.0-bugteam > timestamp: Fri 2009-07-03 13:35:00 +0500 > message: > Bug#45806 crash when replacing into a view with a join! > The crash happend because for views which are joins > we have table_list->table == 0 and > table_list->table->'any method' call leads to crash. > The fix is to perform table_list->table->file->extra() > method for all tables belonging to view.
-
MySQL Build Team authored
> ------------------------------------------------------------ > revno: 2772 > revision-id: joro@sun.com-20090615133815-eb007p5793in33p5 > parent: joro@sun.com-20090612140659-4hj1tta9p8wvcw4k > committer: Georgi Kodinov <joro@sun.com> > branch nick: B44810-5.0-bugteam > timestamp: Mon 2009-06-15 16:38:15 +0300 > message: > Bug #44810: index merge and order by with low sort_buffer_size > crashes server! > > The problem affects the scenario when index merge is followed by a filesort > and the sort buffer is not big enough for all the sort keys. > In this case the filesort function will read the data to the end through the > index merge quick access method (and thus closing the cursor etc), > but will leave the pointer to the quick select method in place. > It will then create a temporary file to hold the results of the filesort and > will add it as a sort output file (in sort.io_cache). > Note that filesort will copy the original 'sort' structure in an automatic > variable and restore it after it's done. > As a result at exiting filesort() we have a sort.io_cache filled in and > nothing else (as a result of close of the cursors at end of reading data > through index merge). > Now create_sort_index() will note that there is a select and will clean it up > (as it's been used already by filesort() reading the data in). While doing that > a special case in the index merge destructor will clean up the sort.io_cache, > assuming it's an output of the index merge method and is not needed anymore. > As a result the code that tries to read the data back from the filesort output > will get no data in both memory and disk and will crash. > > Fixed similarly to how filesort() does it : by copying the sort.io_cache structure > to a local variable, removing the pointer to the io_cache (so that it's not freed > by QUICK_INDEX_MERGE_SELECT::~QUICK_INDEX_MERGE_SELECT) and restoring the original > structure (together with the valid pointer) after the cleanup is done. > This is a safe thing to do because all the structures are already cleaned up by > hitting the end of the index merge's read method (QUICK_INDEX_MERGE_SELECT::get_next()) > and the cleanup code being written in a way that tolerates repeating cleanups.
-
MySQL Build Team authored
> ------------------------------------------------------------ > revno: 2763 > revision-id: sergey.glukhov@sun.com-20090602063813-33mh88cz5vpa2jqe > parent: alexey.kopytov@sun.com-20090601124224-zgt3yov9wou590e9 > committer: Sergey Glukhov <Sergey.Glukhov@sun.com> > branch nick: mysql-5.0-bugteam > timestamp: Tue 2009-06-02 11:38:13 +0500 > message: > Bug#45152 crash with round() function on longtext column in a derived table > The crash happens due to wrong max_length value which is set on > Item_func_round::fix_length_and_dec() stage. The value is set to > args[0]->max_length which is too big in case of LONGTEXT(LONGBLOB) fields. > The fix is to set max_length using float_length() function.
-
MySQL Build Team authored
> ------------------------------------------------------------ > revno: 2733 > revision-id: gshchepa@mysql.com-20090430192037-9p1etcynkglte2j3 > parent: aelkin@mysql.com-20090430143246-zfqaz0t7uoluzdz2 > committer: Gleb Shchepa <gshchepa@mysql.com> > branch nick: mysql-5.0-bugteam > timestamp: Fri 2009-05-01 00:20:37 +0500 > message: > Bug #37362: Crash in do_field_eq > > EXPLAIN EXTENDED of nested query containing a error: > > 1054 Unknown column '...' in 'field list' > > may cause a server crash. > > > Parse error like described above forces a call to > JOIN::destroy() on malformed subquery. > That JOIN::destroy function closes and frees temporary > tables. However, temporary fields of these tables > may be listed in st_select_lex::group_list of outer > query, and that st_select_lex may not cleanup them > properly. So, after the JOIN::destroy call that > st_select_lex::group_list may have Item_field > objects with dangling pointers to freed temporary > table Field objects. That caused a crash.
-
unknown authored
-
Joerg Bruehe authored
into 5.0-build.
-
- 18 Jul, 2009 2 commits
-
-
Evgeny Potemkin authored
-
Evgeny Potemkin authored
When during the optimization an item is moved to the upper select the item's context left unchanged. This caused wrong result in the PS/SP mode. The Item_ident::remove_dependence_processor now sets the context of the select to which the item is moved to. mysql-test/r/subselect.result: The test case for the bug#46051 is adjusted. mysql-test/t/subselect.test: The test case for the bug#46051 is adjusted. sql/item.cc: Bug#46051: Incorrectly market field caused wrong result. The Item_ident::remove_dependence_processor now sets the context of the select to which the item is moved to.
-
- 17 Jul, 2009 3 commits
-
-
Evgeny Potemkin authored
-
Satya B authored
it returns misleading 'table is full' Innodb returns a misleading error message "table is full" when the number of active concurrent transactions is greater than 1024. Fixed by adding errorcode "ER_TOO_MANY_CONCURRENT_TRXS" to the error codes. Innodb should return HA_TOO_MANY_CONCURRENT_TRXS to mysql which is then mapped to ER_TOO_MANY_CONCURRENT_TRXS Note: testcase is not written as this was reproducible only by changing innodb code. extra/perror.c: Add error number and message for HA_ERR_TOO_MANY_CONCURRENT_TRXS include/my_base.h: Add error number and message for HA_ERR_TOO_MANY_CONCURRENT_TRXS sql/ha_innodb.cc: Return HA_ERR_TOO_MANY_CONCURRENT_TRXS to mysql server sql/handler.cc: Add error number and message for HA_ERR_TOO_MANY_CONCURRENT_TRXS sql/share/errmsg.txt: Add error message for ER_TOO_MANY_CONCURRENT_TRXS
-
V Narayanan authored
-