From 34ebf981abaa8a0b9e5557a56d17e8daa0273bdf Mon Sep 17 00:00:00 2001 From: Sergei Golubchik Date: Fri, 24 May 2013 17:35:30 +0200 Subject: [PATCH 1/5] MDEV-4575 MySQL client doesn't strip off 5.5.5- prefix while connecting to 10.x server extend 5.1 client library to read 4 byte capabilities from the first handshake packet. two higher bytes are always zeros for 5.1 servers. --- sql-common/client.c | 1 + 1 file changed, 1 insertion(+) diff --git a/sql-common/client.c b/sql-common/client.c index a1f3909c023..55c73eb382c 100644 --- a/sql-common/client.c +++ b/sql-common/client.c @@ -2221,6 +2221,7 @@ CLI_MYSQL_REAL_CONNECT(MYSQL *mysql,const char *host, const char *user, /* New protocol with 16 bytes to describe server characteristics */ mysql->server_language=end[2]; mysql->server_status=uint2korr(end+3); + mysql->server_capabilities|= uint2korr(end+5) << 16; } end+= 18; if (pkt_length >= (uint) (end + SCRAMBLE_LENGTH - SCRAMBLE_LENGTH_323 + 1 - From 782d86af44a314c8c60d6c017d500f4f214f665b Mon Sep 17 00:00:00 2001 From: Sergei Golubchik Date: Fri, 5 Jul 2013 16:02:02 +0200 Subject: [PATCH 2/5] MDEV-4257 Assertion `!table || (!table->read_set || bitmap_is_set(table->read_set, field_index))' fails on FROM subquery with fulltext search, derived_merge=on remove emtpty Item_func_match::update_used_tables() method --- mysql-test/r/fulltext_derived_4257.result | 6 ++++++ mysql-test/t/fulltext_derived_4257.test | 6 ++++++ sql/item_func.h | 1 - 3 files changed, 12 insertions(+), 1 deletion(-) create mode 100644 mysql-test/r/fulltext_derived_4257.result create mode 100644 mysql-test/t/fulltext_derived_4257.test diff --git a/mysql-test/r/fulltext_derived_4257.result b/mysql-test/r/fulltext_derived_4257.result new file mode 100644 index 00000000000..8479baef388 --- /dev/null +++ b/mysql-test/r/fulltext_derived_4257.result @@ -0,0 +1,6 @@ +set optimizer_switch = 'derived_merge=on'; +create table t1 (c1 char(8), c2 char(8)) engine=myisam; +insert into t1 values ('test1','test2'),('test3','test4'); +select * from (select c1 from t1 where match (c2) against ('hello' in boolean mode)) as alias; +c1 +drop table t1; diff --git a/mysql-test/t/fulltext_derived_4257.test b/mysql-test/t/fulltext_derived_4257.test new file mode 100644 index 00000000000..07626b8b557 --- /dev/null +++ b/mysql-test/t/fulltext_derived_4257.test @@ -0,0 +1,6 @@ +set optimizer_switch = 'derived_merge=on'; +create table t1 (c1 char(8), c2 char(8)) engine=myisam; +insert into t1 values ('test1','test2'),('test3','test4'); +select * from (select c1 from t1 where match (c2) against ('hello' in boolean mode)) as alias; +drop table t1; + diff --git a/sql/item_func.h b/sql/item_func.h index 6cd036920f8..c4b21b6287d 100644 --- a/sql/item_func.h +++ b/sql/item_func.h @@ -1704,7 +1704,6 @@ public: bool is_expensive_processor(uchar *arg) { return TRUE; } enum Functype functype() const { return FT_FUNC; } const char *func_name() const { return "match"; } - void update_used_tables() {} table_map not_null_tables() const { return 0; } bool fix_fields(THD *thd, Item **ref); bool eq(const Item *, bool binary_cmp) const; From d3157e239a3fc15e68ea90c65ed0b94ebb53fc81 Mon Sep 17 00:00:00 2001 From: Sergei Golubchik Date: Fri, 5 Jul 2013 17:54:25 +0200 Subject: [PATCH 3/5] MDEV-4665 crash when referencing missing function in a subquery don't ignore the return value fix_fields() --- mysql-test/r/sp_missing_4665.result | 6 ++++++ mysql-test/t/sp_missing_4665.test | 9 +++++++++ sql/table.cc | 12 +++++++----- 3 files changed, 22 insertions(+), 5 deletions(-) create mode 100644 mysql-test/r/sp_missing_4665.result create mode 100644 mysql-test/t/sp_missing_4665.test diff --git a/mysql-test/r/sp_missing_4665.result b/mysql-test/r/sp_missing_4665.result new file mode 100644 index 00000000000..47587c180c6 --- /dev/null +++ b/mysql-test/r/sp_missing_4665.result @@ -0,0 +1,6 @@ +create table t (a int); +create or replace view v as select 1 from t where a; +delete from v where (select g()); +ERROR 42000: FUNCTION test.g does not exist +drop view v; +drop table t; diff --git a/mysql-test/t/sp_missing_4665.test b/mysql-test/t/sp_missing_4665.test new file mode 100644 index 00000000000..19e845e58c7 --- /dev/null +++ b/mysql-test/t/sp_missing_4665.test @@ -0,0 +1,9 @@ +# +# MDEV-4665 crash when referencing missing function in a subquery +# +create table t (a int); +create or replace view v as select 1 from t where a; +--error ER_SP_DOES_NOT_EXIST +delete from v where (select g()); +drop view v; +drop table t; diff --git a/sql/table.cc b/sql/table.cc index 32549568086..7c5f9ac82cb 100644 --- a/sql/table.cc +++ b/sql/table.cc @@ -3683,6 +3683,7 @@ bool TABLE_LIST::prep_where(THD *thd, Item **conds, bool no_where_clause) { DBUG_ENTER("TABLE_LIST::prep_where"); + bool res= FALSE; for (TABLE_LIST *tbl= merge_underlying_list; tbl; tbl= tbl->next_local) { @@ -3731,10 +3732,11 @@ bool TABLE_LIST::prep_where(THD *thd, Item **conds, if (tbl == 0) { if (*conds && !(*conds)->fixed) - (*conds)->fix_fields(thd, conds); - *conds= and_conds(*conds, where->copy_andor_structure(thd)); - if (*conds && !(*conds)->fixed) - (*conds)->fix_fields(thd, conds); + res= (*conds)->fix_fields(thd, conds); + if (!res) + *conds= and_conds(*conds, where->copy_andor_structure(thd)); + if (*conds && !(*conds)->fixed && !res) + res= (*conds)->fix_fields(thd, conds); } if (arena) thd->restore_active_arena(arena, &backup); @@ -3742,7 +3744,7 @@ bool TABLE_LIST::prep_where(THD *thd, Item **conds, } } - DBUG_RETURN(FALSE); + DBUG_RETURN(res); } /** From 58fa29e0ff35b10bbbdf605faf2592a0040214c1 Mon Sep 17 00:00:00 2001 From: Sergei Golubchik Date: Fri, 5 Jul 2013 20:45:42 +0200 Subject: [PATCH 4/5] MDEV-4610 SQL query crashes MariaDB with derived_with_keys MDEV-4643 MariaDB crashes consistently when trying a SELECT on VIEW with a UNION and an additional JOIN in SELECT open derived temp tables *before* trying QUICK_SELECT for them, handler::multi_range_read_info() needs an open table. --- mysql-test/r/mrr_derived_crash_4610.result | 19 +++++++++++++++++++ mysql-test/t/mrr_derived_crash_4610.test | 16 ++++++++++++++++ sql/sql_select.cc | 5 +++-- 3 files changed, 38 insertions(+), 2 deletions(-) create mode 100644 mysql-test/r/mrr_derived_crash_4610.result create mode 100644 mysql-test/t/mrr_derived_crash_4610.test diff --git a/mysql-test/r/mrr_derived_crash_4610.result b/mysql-test/r/mrr_derived_crash_4610.result new file mode 100644 index 00000000000..8dcdfda9276 --- /dev/null +++ b/mysql-test/r/mrr_derived_crash_4610.result @@ -0,0 +1,19 @@ +create table t1 (f1 char(4) primary key) engine=innodb charset=utf8 ; +insert into t1 values ('aaaa'); +create table t2 (f2 text, f3 char(4) not null) engine=innodb charset=utf8 ; +create table t3 (id int not null) engine=innodb charset=utf8 ; +create table t4 (val int not null) engine=innodb charset=utf8; +explain select 1 from +(select f2, f3, val, count(id) from t4 join t2 left join t3 on 0) top +join t1 on f1 = f3 where f3 = 'aaaa' order by val; +id select_type table type possible_keys key key_len ref rows Extra +1 PRIMARY t1 const PRIMARY PRIMARY 12 const 1 Using index; Using filesort +1 PRIMARY ref key0 key0 13 const 0 Using where +2 DERIVED t4 ALL NULL NULL NULL NULL 1 +2 DERIVED t2 ALL NULL NULL NULL NULL 1 Using join buffer (flat, BNL join) +2 DERIVED t3 ALL NULL NULL NULL NULL 1 Using where; Using join buffer (incremental, BNL join) +select 1 from +(select f2, f3, val, count(id) from t4 join t2 left join t3 on 0) top +join t1 on f1 = f3 where f3 = 'aaaa' order by val; +1 +drop table t1, t2, t3, t4; diff --git a/mysql-test/t/mrr_derived_crash_4610.test b/mysql-test/t/mrr_derived_crash_4610.test new file mode 100644 index 00000000000..88882b57cf7 --- /dev/null +++ b/mysql-test/t/mrr_derived_crash_4610.test @@ -0,0 +1,16 @@ +# +# MDEV-4610 SQL query crashes MariaDB with derived_with_keys +# +--source include/have_innodb.inc +create table t1 (f1 char(4) primary key) engine=innodb charset=utf8 ; +insert into t1 values ('aaaa'); +create table t2 (f2 text, f3 char(4) not null) engine=innodb charset=utf8 ; +create table t3 (id int not null) engine=innodb charset=utf8 ; +create table t4 (val int not null) engine=innodb charset=utf8; +explain select 1 from + (select f2, f3, val, count(id) from t4 join t2 left join t3 on 0) top + join t1 on f1 = f3 where f3 = 'aaaa' order by val; +select 1 from + (select f2, f3, val, count(id) from t4 join t2 left join t3 on 0) top + join t1 on f1 = f3 where f3 = 'aaaa' order by val; +drop table t1, t2, t3, t4; diff --git a/sql/sql_select.cc b/sql/sql_select.cc index cc94df82095..40021baa954 100644 --- a/sql/sql_select.cc +++ b/sql/sql_select.cc @@ -18941,6 +18941,9 @@ create_sort_index(THD *thd, JOIN *join, ORDER *order, MYF(MY_WME | MY_ZEROFILL)); table->status=0; // May be wrong if quick_select + if (!tab->preread_init_done && tab->preread_init()) + goto err; + // If table has a range, move it to select if (select && !select->quick && tab->ref.key >= 0) { @@ -18977,8 +18980,6 @@ create_sort_index(THD *thd, JOIN *join, ORDER *order, get_schema_tables_result(join, PROCESSED_BY_CREATE_SORT_INDEX)) goto err; - if (!tab->preread_init_done && tab->preread_init()) - goto err; if (table->s->tmp_table) table->file->info(HA_STATUS_VARIABLE); // Get record count table->sort.found_records=filesort(thd, table,join->sortorder, length, From 48b403cd65a680c5ea526225cad82a44779d0178 Mon Sep 17 00:00:00 2001 From: Sergei Golubchik Date: Sat, 6 Jul 2013 15:28:11 +0200 Subject: [PATCH 5/5] Bug #69682 - mysqld crashes after uninstall of plugin with "first" status var --- mysql-test/r/fulltext_plugin.result | 2 ++ mysql-test/t/fulltext_plugin.test | 6 ++++++ plugin/fulltext/plugin_example.c | 2 +- sql/sql_show.cc | 5 ++--- 4 files changed, 11 insertions(+), 4 deletions(-) diff --git a/mysql-test/r/fulltext_plugin.result b/mysql-test/r/fulltext_plugin.result index 69ebbe07e9e..2c104c98676 100644 --- a/mysql-test/r/fulltext_plugin.result +++ b/mysql-test/r/fulltext_plugin.result @@ -3,3 +3,5 @@ CREATE TABLE t1(a TEXT, b TEXT, FULLTEXT(a) WITH PARSER simple_parser); ALTER TABLE t1 ADD FULLTEXT(b) WITH PARSER simple_parser; DROP TABLE t1; UNINSTALL PLUGIN simple_parser; +show status like 'a%status'; +Variable_name Value diff --git a/mysql-test/t/fulltext_plugin.test b/mysql-test/t/fulltext_plugin.test index 0e2f53d5b15..e9b4343e0dc 100644 --- a/mysql-test/t/fulltext_plugin.test +++ b/mysql-test/t/fulltext_plugin.test @@ -9,3 +9,9 @@ CREATE TABLE t1(a TEXT, b TEXT, FULLTEXT(a) WITH PARSER simple_parser); ALTER TABLE t1 ADD FULLTEXT(b) WITH PARSER simple_parser; DROP TABLE t1; UNINSTALL PLUGIN simple_parser; + +# +# Bug #69682 - mysqld crashes after uninstall of plugin with "first" status var +# +show status like 'a%status'; + diff --git a/plugin/fulltext/plugin_example.c b/plugin/fulltext/plugin_example.c index de951375820..cc685cdaefb 100644 --- a/plugin/fulltext/plugin_example.c +++ b/plugin/fulltext/plugin_example.c @@ -210,7 +210,7 @@ static struct st_mysql_ftparser simple_parser_descriptor= static struct st_mysql_show_var simple_status[]= { - {"static", (char *)"just a static text", SHOW_CHAR}, + {"A_static", (char *)"just a static text", SHOW_CHAR}, {"called", (char *)&number_of_calls, SHOW_LONG}, {0,0,0} }; diff --git a/sql/sql_show.cc b/sql/sql_show.cc index f9c2d114596..6193085e110 100644 --- a/sql/sql_show.cc +++ b/sql/sql_show.cc @@ -2199,12 +2199,11 @@ void remove_status_vars(SHOW_VAR *list) { pthread_mutex_lock(&LOCK_status); SHOW_VAR *all= dynamic_element(&all_status_vars, 0, SHOW_VAR *); - int a= 0, b= all_status_vars.elements, c= (a+b)/2; for (; list->name; list++) { - int res= 0; - for (a= 0, b= all_status_vars.elements; b-a > 1; c= (a+b)/2) + int res= 0, a= 0, b= all_status_vars.elements, c= (a+b)/2; + for (; b-a > 0; c= (a+b)/2) { res= show_var_cmp(list, all+c); if (res < 0)