From 921e3fe8bf67105f7ac28d5d4bf990ee754de5d4 Mon Sep 17 00:00:00 2001 From: Andrei Elkin Date: Wed, 25 Mar 2009 12:53:56 +0200 Subject: [PATCH 01/14] Bug#42977 RBR logs for rows with more than 250 column results in corrupt binlog The issue happened to be two-fold. The table map event was recorded into binlog having an incorrect size when number of columns exceeded 251. The Row-based event had incorrect recording and restoring m_width member within the same as above conditions. Fixed with correcting m_data_size and m_width. --- .../suite/rpl/r/rpl_row_wide_table.result | 318 ++++++++++++++++ .../suite/rpl/t/rpl_row_wide_table.test | 339 ++++++++++++++++++ sql/log_event.cc | 14 +- sql/rpl_utility.h | 6 +- 4 files changed, 670 insertions(+), 7 deletions(-) create mode 100644 mysql-test/suite/rpl/r/rpl_row_wide_table.result create mode 100644 mysql-test/suite/rpl/t/rpl_row_wide_table.test diff --git a/mysql-test/suite/rpl/r/rpl_row_wide_table.result b/mysql-test/suite/rpl/r/rpl_row_wide_table.result new file mode 100644 index 00000000000..da96e84d1d5 --- /dev/null +++ b/mysql-test/suite/rpl/r/rpl_row_wide_table.result @@ -0,0 +1,318 @@ +stop slave; +drop table if exists t1,t2,t3,t4,t5,t6,t7,t8,t9; +reset master; +reset slave; +drop table if exists t1,t2,t3,t4,t5,t6,t7,t8,t9; +start slave; +DROP TABLE IF EXISTS t300; +create table t300 ( +f1 int, +f2 int, +f3 int, +f4 int, +f5 int, +f6 int, +f7 int, +f8 int, +f9 int, +f10 int, +f11 int, +f12 int, +f13 int, +f14 int, +f15 int, +f16 int, +f17 int, +f18 int, +f19 int, +f20 int, +f21 int, +f22 int, +f23 int, +f24 int, +f25 int, +f26 int, +f27 int, +f28 int, +f29 int, +f30 int, +f31 int, +f32 int, +f33 int, +f34 int, +f35 int, +f36 int, +f37 int, +f38 int, +f39 int, +f40 int, +f41 int, +f42 int, +f43 int, +f44 int, +f45 int, +f46 int, +f47 int, +f48 int, +f49 int, +f50 int, +f51 int, +f52 int, +f53 int, +f54 int, +f55 int, +f56 int, +f57 int, +f58 int, +f59 int, +f60 int, +f61 int, +f62 int, +f63 int, +f64 int, +f65 int, +f66 int, +f67 int, +f68 int, +f69 int, +f70 int, +f71 int, +f72 int, +f73 int, +f74 int, +f75 int, +f76 int, +f77 int, +f78 int, +f79 int, +f80 int, +f81 int, +f82 int, +f83 int, +f84 int, +f85 int, +f86 int, +f87 int, +f88 int, +f89 int, +f90 int, +f91 int, +f92 int, +f93 int, +f94 int, +f95 int, +f96 int, +f97 int, +f98 int, +f99 int, +f100 int, +f101 int, +f102 int, +f103 int, +f104 int, +f105 int, +f106 int, +f107 int, +f108 int, +f109 int, +f110 int, +f111 int, +f112 int, +f113 int, +f114 int, +f115 int, +f116 int, +f117 int, +f118 int, +f119 int, +f120 int, +f121 int, +f122 int, +f123 int, +f124 int, +f125 int, +f126 int, +f127 int, +f128 int, +f129 int, +f130 int, +f131 int, +f132 int, +f133 int, +f134 int, +f135 int, +f136 int, +f137 int, +f138 int, +f139 int, +f140 int, +f141 int, +f142 int, +f143 int, +f144 int, +f145 int, +f146 int, +f147 int, +f148 int, +f149 int, +f150 int, +f151 int, +f152 int, +f153 int, +f154 int, +f155 int, +f156 int, +f157 int, +f158 int, +f159 int, +f160 int, +f161 int, +f162 int, +f163 int, +f164 int, +f165 int, +f166 int, +f167 int, +f168 int, +f169 int, +f170 int, +f171 int, +f172 int, +f173 int, +f174 int, +f175 int, +f176 int, +f177 int, +f178 int, +f179 int, +f180 int, +f181 int, +f182 int, +f183 int, +f184 int, +f185 int, +f186 int, +f187 int, +f188 int, +f189 int, +f190 int, +f191 int, +f192 int, +f193 int, +f194 int, +f195 int, +f196 int, +f197 int, +f198 int, +f199 int, +f200 int, +f201 int, +f202 int, +f203 int, +f204 int, +f205 int, +f206 int, +f207 int, +f208 int, +f209 int, +f210 int, +f211 int, +f212 int, +f213 int, +f214 int, +f215 int, +f216 int, +f217 int, +f218 int, +f219 int, +f220 int, +f221 int, +f222 int, +f223 int, +f224 int, +f225 int, +f226 int, +f227 int, +f228 int, +f229 int, +f230 int, +f231 int, +f232 int, +f233 int, +f234 int, +f235 int, +f236 int, +f237 int, +f238 int, +f239 int, +f240 int, +f241 int, +f242 int, +f243 int, +f244 int, +f245 int, +f246 int, +f247 int, +f248 int, +f249 int, +f250 int, +f251 int, +f252 int, +f253 int, +f254 int, +f255 int, +f256 int, +f257 int, +f258 int, +f259 int, +f260 int, +f261 int, +f262 int, +f263 int, +f264 int, +f265 int, +f266 int, +f267 int, +f268 int, +f269 int, +f270 int, +f271 int, +f272 int, +f273 int, +f274 int, +f275 int, +f276 int, +f277 int, +f278 int, +f279 int, +f280 int, +f281 int, +f282 int, +f283 int, +f284 int, +f285 int, +f286 int, +f287 int, +f288 int, +f289 int, +f290 int, +f291 int, +f292 int, +f293 int, +f294 int, +f295 int, +f296 int, +f297 int, +f298 int, +f299 int, +f300 int, +primary key (f1)); +insert into t300 set f1= 1; +select f300 from t300; +f300 +NULL +select count(*) as one from t300; +one +1 +*** Cleanup *** +DROP TABLE t300; diff --git a/mysql-test/suite/rpl/t/rpl_row_wide_table.test b/mysql-test/suite/rpl/t/rpl_row_wide_table.test new file mode 100644 index 00000000000..7b17d7c4866 --- /dev/null +++ b/mysql-test/suite/rpl/t/rpl_row_wide_table.test @@ -0,0 +1,339 @@ +################################################################## +# rpl_row_wide_table +# +# This test verifies that the table with number of attributes more +# than 250 is replicated. +# Related bugs: +# Bug #42977 RBR logs for rows with more than 250 column results +# in corrupt binlog +################################################################## + +-- source include/master-slave.inc +-- source include/have_binlog_format_row.inc + +--disable_warnings +DROP TABLE IF EXISTS t300; +--enable_warnings + +connection master; + +create table t300 ( +f1 int, +f2 int, +f3 int, +f4 int, +f5 int, +f6 int, +f7 int, +f8 int, +f9 int, +f10 int, +f11 int, +f12 int, +f13 int, +f14 int, +f15 int, +f16 int, +f17 int, +f18 int, +f19 int, +f20 int, +f21 int, +f22 int, +f23 int, +f24 int, +f25 int, +f26 int, +f27 int, +f28 int, +f29 int, +f30 int, +f31 int, +f32 int, +f33 int, +f34 int, +f35 int, +f36 int, +f37 int, +f38 int, +f39 int, +f40 int, +f41 int, +f42 int, +f43 int, +f44 int, +f45 int, +f46 int, +f47 int, +f48 int, +f49 int, +f50 int, +f51 int, +f52 int, +f53 int, +f54 int, +f55 int, +f56 int, +f57 int, +f58 int, +f59 int, +f60 int, +f61 int, +f62 int, +f63 int, +f64 int, +f65 int, +f66 int, +f67 int, +f68 int, +f69 int, +f70 int, +f71 int, +f72 int, +f73 int, +f74 int, +f75 int, +f76 int, +f77 int, +f78 int, +f79 int, +f80 int, +f81 int, +f82 int, +f83 int, +f84 int, +f85 int, +f86 int, +f87 int, +f88 int, +f89 int, +f90 int, +f91 int, +f92 int, +f93 int, +f94 int, +f95 int, +f96 int, +f97 int, +f98 int, +f99 int, +f100 int, +f101 int, +f102 int, +f103 int, +f104 int, +f105 int, +f106 int, +f107 int, +f108 int, +f109 int, +f110 int, +f111 int, +f112 int, +f113 int, +f114 int, +f115 int, +f116 int, +f117 int, +f118 int, +f119 int, +f120 int, +f121 int, +f122 int, +f123 int, +f124 int, +f125 int, +f126 int, +f127 int, +f128 int, +f129 int, +f130 int, +f131 int, +f132 int, +f133 int, +f134 int, +f135 int, +f136 int, +f137 int, +f138 int, +f139 int, +f140 int, +f141 int, +f142 int, +f143 int, +f144 int, +f145 int, +f146 int, +f147 int, +f148 int, +f149 int, +f150 int, +f151 int, +f152 int, +f153 int, +f154 int, +f155 int, +f156 int, +f157 int, +f158 int, +f159 int, +f160 int, +f161 int, +f162 int, +f163 int, +f164 int, +f165 int, +f166 int, +f167 int, +f168 int, +f169 int, +f170 int, +f171 int, +f172 int, +f173 int, +f174 int, +f175 int, +f176 int, +f177 int, +f178 int, +f179 int, +f180 int, +f181 int, +f182 int, +f183 int, +f184 int, +f185 int, +f186 int, +f187 int, +f188 int, +f189 int, +f190 int, +f191 int, +f192 int, +f193 int, +f194 int, +f195 int, +f196 int, +f197 int, +f198 int, +f199 int, +f200 int, +f201 int, +f202 int, +f203 int, +f204 int, +f205 int, +f206 int, +f207 int, +f208 int, +f209 int, +f210 int, +f211 int, +f212 int, +f213 int, +f214 int, +f215 int, +f216 int, +f217 int, +f218 int, +f219 int, +f220 int, +f221 int, +f222 int, +f223 int, +f224 int, +f225 int, +f226 int, +f227 int, +f228 int, +f229 int, +f230 int, +f231 int, +f232 int, +f233 int, +f234 int, +f235 int, +f236 int, +f237 int, +f238 int, +f239 int, +f240 int, +f241 int, +f242 int, +f243 int, +f244 int, +f245 int, +f246 int, +f247 int, +f248 int, +f249 int, +f250 int, +f251 int, +f252 int, +f253 int, +f254 int, +f255 int, +f256 int, +f257 int, +f258 int, +f259 int, +f260 int, +f261 int, +f262 int, +f263 int, +f264 int, +f265 int, +f266 int, +f267 int, +f268 int, +f269 int, +f270 int, +f271 int, +f272 int, +f273 int, +f274 int, +f275 int, +f276 int, +f277 int, +f278 int, +f279 int, +f280 int, +f281 int, +f282 int, +f283 int, +f284 int, +f285 int, +f286 int, +f287 int, +f288 int, +f289 int, +f290 int, +f291 int, +f292 int, +f293 int, +f294 int, +f295 int, +f296 int, +f297 int, +f298 int, +f299 int, +f300 int, + primary key (f1)); + +insert into t300 set f1= 1; + +sync_slave_with_master; + +# +# prove that slave processed the create as well as the insert +# +eval select f300 from t300; +select count(*) as one from t300; + +--echo *** Cleanup *** +connection master; +DROP TABLE t300; +sync_slave_with_master; + +# END of Test Case + diff --git a/sql/log_event.cc b/sql/log_event.cc index aa7e8c84a0f..6220bc276a6 100644 --- a/sql/log_event.cc +++ b/sql/log_event.cc @@ -6993,8 +6993,8 @@ int Rows_log_event::get_data_size() { int const type_code= get_type_code(); - uchar buf[sizeof(m_width)+1]; - uchar *end= net_store_length(buf, (m_width + 7) / 8); + uchar buf[sizeof(m_width) + 1]; + uchar *end= net_store_length(buf, m_width); DBUG_EXECUTE_IF("old_row_based_repl_4_byte_map_id_master", return 6 + no_bytes_in_map(&m_cols) + (end - buf) + @@ -7583,7 +7583,7 @@ bool Rows_log_event::write_data_body(IO_CACHE*file) Note that this should be the number of *bits*, not the number of bytes. */ - uchar sbuf[sizeof(m_width)]; + uchar sbuf[sizeof(m_width) + 1]; my_ptrdiff_t const data_size= m_rows_cur - m_rows_buf; bool res= false; uchar *const sbuf_end= net_store_length(sbuf, (size_t) m_width); @@ -7745,6 +7745,8 @@ Table_map_log_event::Table_map_log_event(THD *thd, TABLE *tbl, ulong tid, m_null_bits(0), m_meta_memory(NULL) { + uchar cbuf[sizeof(m_colcnt) + 1]; + uchar *cbuf_end; DBUG_ASSERT(m_table_id != ~0UL); /* In TABLE_SHARE, "db" and "table_name" are 0-terminated (see this comment in @@ -7761,7 +7763,9 @@ Table_map_log_event::Table_map_log_event(THD *thd, TABLE *tbl, ulong tid, DBUG_EXECUTE_IF("old_row_based_repl_4_byte_map_id_master", m_data_size= 6;); m_data_size+= m_dblen + 2; // Include length and terminating \0 m_data_size+= m_tbllen + 2; // Include length and terminating \0 - m_data_size+= 1 + m_colcnt; // COLCNT and column types + cbuf_end= net_store_length(cbuf, (size_t) m_colcnt); + DBUG_ASSERT((cbuf_end - cbuf) <= sizeof(cbuf)); + m_data_size+= (cbuf_end - cbuf) + m_colcnt; // COLCNT and column types /* If malloc fails, caught in is_valid() */ if ((m_memory= (uchar*) my_malloc(m_colcnt, MYF(MY_WME)))) @@ -8053,7 +8057,7 @@ bool Table_map_log_event::write_data_body(IO_CACHE *file) uchar const dbuf[]= { (uchar) m_dblen }; uchar const tbuf[]= { (uchar) m_tbllen }; - uchar cbuf[sizeof(m_colcnt)]; + uchar cbuf[sizeof(m_colcnt) + 1]; uchar *const cbuf_end= net_store_length(cbuf, (size_t) m_colcnt); DBUG_ASSERT(static_cast(cbuf_end - cbuf) <= sizeof(cbuf)); diff --git a/sql/rpl_utility.h b/sql/rpl_utility.h index 8e2f4a7374f..1f4ca246ff1 100644 --- a/sql/rpl_utility.h +++ b/sql/rpl_utility.h @@ -294,12 +294,14 @@ namespace { } #endif +// NB. number of printed bit values is limited to sizeof(buf) - 1 #define DBUG_PRINT_BITSET(N,FRM,BS) \ do { \ char buf[256]; \ - for (uint i = 0 ; i < (BS)->n_bits ; ++i) \ + uint i; \ + for (i = 0 ; i < min(sizeof(buf) - 1, (BS)->n_bits) ; i++) \ buf[i] = bitmap_is_set((BS), i) ? '1' : '0'; \ - buf[(BS)->n_bits] = '\0'; \ + buf[i] = '\0'; \ DBUG_PRINT((N), ((FRM), buf)); \ } while (0) From 08626e800ef30a9246e8fb6fb4280b1f7ccbfb65 Mon Sep 17 00:00:00 2001 From: Georgi Kodinov Date: Wed, 25 Mar 2009 15:37:21 +0200 Subject: [PATCH 02/14] Bug#43748: crash when non-super user tries to kill the replication threads (Pushing for Azundris) We allow security-contexts with NULL users (for system-threads and for unauthenticated users). If a non-SUPER-user tried to KILL such a thread, we tried to compare the user-fields to see whether they owned that thread. Comparing against NULL was not a good idea. If KILLer does not have SUPER-privilege, we specifically check whether both KILLer and KILLee have a non-NULL user before testing for string- equality. If either is NULL, we reject the KILL. --- mysql-test/r/rpl_temporary.result | 18 ++++++++++++++++ mysql-test/t/rpl_temporary.test | 36 +++++++++++++++++++++++++++++++ sql/sql_parse.cc | 21 +++++++++++++++++- 3 files changed, 74 insertions(+), 1 deletion(-) diff --git a/mysql-test/r/rpl_temporary.result b/mysql-test/r/rpl_temporary.result index 15c069ab68d..5eefced7564 100644 --- a/mysql-test/r/rpl_temporary.result +++ b/mysql-test/r/rpl_temporary.result @@ -4,6 +4,24 @@ reset master; reset slave; drop table if exists t1,t2,t3,t4,t5,t6,t7,t8,t9; start slave; +FLUSH PRIVILEGES; +drop table if exists t999; +create temporary table t999( +id int, +user char(255), +host char(255), +db char(255), +Command char(255), +time int, +State char(255), +info char(255) +); +LOAD DATA INFILE "./tmp/bl_dump_thread_id" into table t999; +drop table t999; +GRANT USAGE ON *.* TO user43748@localhost; +KILL `select id from information_schema.processlist where command='Binlog Dump'`; +ERROR HY000: You are not owner of thread `select id from information_schema.processlist where command='Binlog Dump'` +DROP USER user43748@localhost; reset master; SET @save_select_limit=@@session.sql_select_limit; SET @@session.sql_select_limit=10, @@session.pseudo_thread_id=100; diff --git a/mysql-test/t/rpl_temporary.test b/mysql-test/t/rpl_temporary.test index 516f3a026c9..366fdf00c56 100644 --- a/mysql-test/t/rpl_temporary.test +++ b/mysql-test/t/rpl_temporary.test @@ -3,6 +3,42 @@ source include/add_anonymous_users.inc; source include/master-slave.inc; +# +# Bug#43748: crash when non-super user tries to kill the replication threads +# + +--connection master +save_master_pos; + +--connection slave +sync_with_master; + +--connection slave +FLUSH PRIVILEGES; + +# in 5.0, we need to do some hocus pocus to get a system-thread ID (-> $id) +--source include/get_binlog_dump_thread_id.inc + +# make a non-privileged user on slave. try to KILL system-thread as her. +GRANT USAGE ON *.* TO user43748@localhost; + +--connect (mysqltest_2_con,localhost,user43748,,test,$SLAVE_MYPORT,) +--connection mysqltest_2_con + +--replace_result $id "`select id from information_schema.processlist where command='Binlog Dump'`" +--error ER_KILL_DENIED_ERROR +eval KILL $id; + +--disconnect mysqltest_2_con + +--connection slave + +DROP USER user43748@localhost; + +--connection master + + + # Clean up old slave's binlogs. # The slave is started with --log-slave-updates # and this test does SHOW BINLOG EVENTS on the slave's diff --git a/sql/sql_parse.cc b/sql/sql_parse.cc index 2297283c92d..33adcfe3342 100644 --- a/sql/sql_parse.cc +++ b/sql/sql_parse.cc @@ -7386,8 +7386,27 @@ void kill_one_thread(THD *thd, ulong id, bool only_kill_query) VOID(pthread_mutex_unlock(&LOCK_thread_count)); if (tmp) { + + /* + If we're SUPER, we can KILL anything, including system-threads. + No further checks. + + thd..user could in theory be NULL while we're still in + "unauthenticated" state. This is more a theoretical case. + + tmp..user will be NULL for system threads (cf Bug#43748). + We need to check so Jane Random User doesn't crash the server + when trying to kill a) system threads or b) unauthenticated + users' threads. + + If user of both killer and killee are non-null, proceed with + slayage if both are string-equal. + */ + if ((thd->security_ctx->master_access & SUPER_ACL) || - !strcmp(thd->security_ctx->user, tmp->security_ctx->user)) + ((thd->security_ctx->user != NULL) && + (tmp->security_ctx->user != NULL) && + !strcmp(thd->security_ctx->user, tmp->security_ctx->user))) { tmp->awake(only_kill_query ? THD::KILL_QUERY : THD::KILL_CONNECTION); error=0; From de8042d0070f96c016b992df10a55298fed327e2 Mon Sep 17 00:00:00 2001 From: "Tatiana A. Nurnberg" Date: Wed, 25 Mar 2009 17:10:27 +0100 Subject: [PATCH 03/14] Bug#43748: crash when non-super user tries to kill the replication threads Fine-tuning. Broke out comparison into method by suggestion of Davi. Clarified comments. Reverting test-case which I find too brittle; proper test case in 5.1+. --- mysql-test/r/rpl_temporary.result | 18 ---------------- mysql-test/t/rpl_temporary.test | 36 ------------------------------- sql/sql_class.cc | 7 ++++++ sql/sql_class.h | 1 + sql/sql_parse.cc | 17 +++++++-------- 5 files changed, 16 insertions(+), 63 deletions(-) diff --git a/mysql-test/r/rpl_temporary.result b/mysql-test/r/rpl_temporary.result index 5eefced7564..15c069ab68d 100644 --- a/mysql-test/r/rpl_temporary.result +++ b/mysql-test/r/rpl_temporary.result @@ -4,24 +4,6 @@ reset master; reset slave; drop table if exists t1,t2,t3,t4,t5,t6,t7,t8,t9; start slave; -FLUSH PRIVILEGES; -drop table if exists t999; -create temporary table t999( -id int, -user char(255), -host char(255), -db char(255), -Command char(255), -time int, -State char(255), -info char(255) -); -LOAD DATA INFILE "./tmp/bl_dump_thread_id" into table t999; -drop table t999; -GRANT USAGE ON *.* TO user43748@localhost; -KILL `select id from information_schema.processlist where command='Binlog Dump'`; -ERROR HY000: You are not owner of thread `select id from information_schema.processlist where command='Binlog Dump'` -DROP USER user43748@localhost; reset master; SET @save_select_limit=@@session.sql_select_limit; SET @@session.sql_select_limit=10, @@session.pseudo_thread_id=100; diff --git a/mysql-test/t/rpl_temporary.test b/mysql-test/t/rpl_temporary.test index 366fdf00c56..516f3a026c9 100644 --- a/mysql-test/t/rpl_temporary.test +++ b/mysql-test/t/rpl_temporary.test @@ -3,42 +3,6 @@ source include/add_anonymous_users.inc; source include/master-slave.inc; -# -# Bug#43748: crash when non-super user tries to kill the replication threads -# - ---connection master -save_master_pos; - ---connection slave -sync_with_master; - ---connection slave -FLUSH PRIVILEGES; - -# in 5.0, we need to do some hocus pocus to get a system-thread ID (-> $id) ---source include/get_binlog_dump_thread_id.inc - -# make a non-privileged user on slave. try to KILL system-thread as her. -GRANT USAGE ON *.* TO user43748@localhost; - ---connect (mysqltest_2_con,localhost,user43748,,test,$SLAVE_MYPORT,) ---connection mysqltest_2_con - ---replace_result $id "`select id from information_schema.processlist where command='Binlog Dump'`" ---error ER_KILL_DENIED_ERROR -eval KILL $id; - ---disconnect mysqltest_2_con - ---connection slave - -DROP USER user43748@localhost; - ---connection master - - - # Clean up old slave's binlogs. # The slave is started with --log-slave-updates # and this test does SHOW BINLOG EVENTS on the slave's diff --git a/sql/sql_class.cc b/sql/sql_class.cc index 74bc669a049..aa796d6acbd 100644 --- a/sql/sql_class.cc +++ b/sql/sql_class.cc @@ -2144,6 +2144,13 @@ void Security_context::skip_grants() } +bool Security_context::user_matches(Security_context *them) +{ + return ((user != NULL) && (them->user != NULL) && + !strcmp(user, them->user)); +} + + /**************************************************************************** Handling of open and locked tables states. diff --git a/sql/sql_class.h b/sql/sql_class.h index 3e3dfcd08fa..47dbac0f17b 100644 --- a/sql/sql_class.h +++ b/sql/sql_class.h @@ -985,6 +985,7 @@ public: { return (*priv_host ? priv_host : (char *)"%"); } + bool user_matches(Security_context *); }; diff --git a/sql/sql_parse.cc b/sql/sql_parse.cc index 33adcfe3342..c2d789b30b5 100644 --- a/sql/sql_parse.cc +++ b/sql/sql_parse.cc @@ -7391,22 +7391,21 @@ void kill_one_thread(THD *thd, ulong id, bool only_kill_query) If we're SUPER, we can KILL anything, including system-threads. No further checks. - thd..user could in theory be NULL while we're still in - "unauthenticated" state. This is more a theoretical case. + KILLer: thd->security_ctx->user could in theory be NULL while + we're still in "unauthenticated" state. This is a theoretical + case (the code suggests this could happen, so we play it safe). - tmp..user will be NULL for system threads (cf Bug#43748). + KILLee: tmp->security_ctx->user will be NULL for system threads. We need to check so Jane Random User doesn't crash the server - when trying to kill a) system threads or b) unauthenticated - users' threads. + when trying to kill a) system threads or b) unauthenticated users' + threads (Bug#43748). - If user of both killer and killee are non-null, proceed with + If user of both killer and killee are non-NULL, proceed with slayage if both are string-equal. */ if ((thd->security_ctx->master_access & SUPER_ACL) || - ((thd->security_ctx->user != NULL) && - (tmp->security_ctx->user != NULL) && - !strcmp(thd->security_ctx->user, tmp->security_ctx->user))) + thd->security_ctx->user_matches(tmp->security_ctx)) { tmp->awake(only_kill_query ? THD::KILL_QUERY : THD::KILL_CONNECTION); error=0; From cf6c7262d014873e192b64151d71e03e814e8d29 Mon Sep 17 00:00:00 2001 From: Ramil Kalimullin Date: Wed, 25 Mar 2009 20:48:10 +0400 Subject: [PATCH 04/14] Fix for bug#35383: binlog playback and replication breaks due to name_const substitution Problem: "In general, statements executed within a stored procedure are written to the binary log using the same rules that would apply were the statements to be executed in standalone fashion. Some special care is taken when logging procedure statements because statement execution within procedures is not quite the same as in non-procedure context". For example, each reference to a local variable in SP's statements is replaced by NAME_CONST(var_name, var_value). Queries like "CREATE TABLE ... SELECT FUNC(local_var ..." are logged as "CREATE TABLE ... SELECT FUNC(NAME_CONST("local_var", var_value) ..." that leads to differrent field names and might result in "Incorrect column name" if var_value is long enough. Fix: in 5.x we'll issue a warning in such a case. In 6.0 we should get rid of NAME_CONST(). Note: this issue and change should be described in the documentation ("Binary Logging of Stored Programs"). --- mysql-test/r/binlog.result | 40 ++++++++++++++++++++++++++++++++++++++ mysql-test/t/binlog.test | 40 ++++++++++++++++++++++++++++++++++++++ sql/sp_head.cc | 5 +++++ sql/sql_class.cc | 1 + sql/sql_class.h | 3 +++ sql/sql_parse.cc | 36 ++++++++++++++++++++++++++++++++++ 6 files changed, 125 insertions(+) diff --git a/mysql-test/r/binlog.result b/mysql-test/r/binlog.result index 80890a19b86..baab30ebbdd 100644 --- a/mysql-test/r/binlog.result +++ b/mysql-test/r/binlog.result @@ -604,6 +604,8 @@ END// CALL p1(); c1 c2 c3 d1 d2 d3 utf8_general_ci utf8_unicode_ci utf8_unicode_ci 2 2 2 +Warnings: +Warning 1105 Invoked routine ran a statement that may cause problems with binary log, see 'NAME_CONST issues' in 'Binary Logging of Stored Programs' section of the manual. SHOW BINLOG EVENTS FROM 1285; Log_name Pos Event_type Server_id End_log_pos Info master-bin.000001 1285 Query 1 1483 use `bug39182`; CREATE TEMPORARY TABLE tmp1 @@ -613,4 +615,42 @@ DROP PROCEDURE p1; DROP TABLE t1; DROP DATABASE bug39182; USE test; +CREATE PROCEDURE p1(IN v1 INT) +BEGIN +CREATE TABLE t1 SELECT v1; +DROP TABLE t1; +END// +CREATE PROCEDURE p2() +BEGIN +DECLARE v1 INT; +CREATE TABLE t1 SELECT v1+1; +DROP TABLE t1; +END// +CREATE PROCEDURE p3(IN v1 INT) +BEGIN +CREATE TABLE t1 SELECT 1 FROM DUAL WHERE v1!=0; +DROP TABLE t1; +END// +CREATE PROCEDURE p4(IN v1 INT) +BEGIN +DECLARE v2 INT; +CREATE TABLE t1 SELECT 1, v1, v2; +DROP TABLE t1; +CREATE TABLE t1 SELECT 1, v1+1, v2; +DROP TABLE t1; +END// +CALL p1(1); +CALL p2(); +Warnings: +Warning 1105 Invoked routine ran a statement that may cause problems with binary log, see 'NAME_CONST issues' in 'Binary Logging of Stored Programs' section of the manual. +CALL p3(0); +Warnings: +Warning 1105 Invoked routine ran a statement that may cause problems with binary log, see 'NAME_CONST issues' in 'Binary Logging of Stored Programs' section of the manual. +CALL p4(0); +Warnings: +Warning 1105 Invoked routine ran a statement that may cause problems with binary log, see 'NAME_CONST issues' in 'Binary Logging of Stored Programs' section of the manual. +DROP PROCEDURE p1; +DROP PROCEDURE p2; +DROP PROCEDURE p3; +DROP PROCEDURE p4; End of 5.0 tests diff --git a/mysql-test/t/binlog.test b/mysql-test/t/binlog.test index b9893e02e14..8ceb219402a 100644 --- a/mysql-test/t/binlog.test +++ b/mysql-test/t/binlog.test @@ -161,4 +161,44 @@ DROP TABLE t1; DROP DATABASE bug39182; USE test; +# +# Bug#35383: binlog playback and replication breaks due to +# name_const substitution +# +DELIMITER //; +CREATE PROCEDURE p1(IN v1 INT) +BEGIN + CREATE TABLE t1 SELECT v1; + DROP TABLE t1; +END// +CREATE PROCEDURE p2() +BEGIN + DECLARE v1 INT; + CREATE TABLE t1 SELECT v1+1; + DROP TABLE t1; +END// +CREATE PROCEDURE p3(IN v1 INT) +BEGIN + CREATE TABLE t1 SELECT 1 FROM DUAL WHERE v1!=0; + DROP TABLE t1; +END// +CREATE PROCEDURE p4(IN v1 INT) +BEGIN + DECLARE v2 INT; + CREATE TABLE t1 SELECT 1, v1, v2; + DROP TABLE t1; + CREATE TABLE t1 SELECT 1, v1+1, v2; + DROP TABLE t1; +END// +DELIMITER ;// + +CALL p1(1); +CALL p2(); +CALL p3(0); +CALL p4(0); +DROP PROCEDURE p1; +DROP PROCEDURE p2; +DROP PROCEDURE p3; +DROP PROCEDURE p4; + --echo End of 5.0 tests diff --git a/sql/sp_head.cc b/sql/sp_head.cc index b51d97e66c5..76b0f2e22d2 100644 --- a/sql/sp_head.cc +++ b/sql/sp_head.cc @@ -894,6 +894,8 @@ subst_spvars(THD *thd, sp_instr *instr, LEX_STRING *query_str) qbuf.length(0); cur= query_str->str; prev_pos= res= 0; + thd->query_name_consts= 0; + for (Item_splocal **splocal= sp_vars_uses.front(); splocal < sp_vars_uses.back(); splocal++) { @@ -927,6 +929,8 @@ subst_spvars(THD *thd, sp_instr *instr, LEX_STRING *query_str) res|= qbuf.append(')'); if (res) break; + + thd->query_name_consts++; } res|= qbuf.append(cur + prev_pos, query_str->length - prev_pos); if (res) @@ -2621,6 +2625,7 @@ sp_instr_stmt::execute(THD *thd, uint *nextp) *nextp= m_ip+1; thd->query= query; thd->query_length= query_length; + thd->query_name_consts= 0; } DBUG_RETURN(res); } diff --git a/sql/sql_class.cc b/sql/sql_class.cc index 74bc669a049..07172dde549 100644 --- a/sql/sql_class.cc +++ b/sql/sql_class.cc @@ -219,6 +219,7 @@ THD::THD() one_shot_set= 0; file_id = 0; query_id= 0; + query_name_consts= 0; warn_id= 0; db_charset= global_system_variables.collation_database; bzero(ha_data, sizeof(ha_data)); diff --git a/sql/sql_class.h b/sql/sql_class.h index 3e3dfcd08fa..8a69e3729f2 100644 --- a/sql/sql_class.h +++ b/sql/sql_class.h @@ -1556,6 +1556,9 @@ public: sp_cache *sp_proc_cache; sp_cache *sp_func_cache; + /** number of name_const() substitutions, see sp_head.cc:subst_spvars() */ + uint query_name_consts; + /* If we do a purge of binary logs, log index info of the threads that are currently reading it needs to be adjusted. To do that diff --git a/sql/sql_parse.cc b/sql/sql_parse.cc index 33adcfe3342..4cfb41dbc76 100644 --- a/sql/sql_parse.cc +++ b/sql/sql_parse.cc @@ -3211,6 +3211,42 @@ mysql_execute_command(THD *thd) } if (select_lex->item_list.elements) // With select { + /* + If: + a) we inside an SP and there was NAME_CONST substitution, + b) binlogging is on, + c) we log the SP as separate statements + raise a warning, as it may cause problems + (see 'NAME_CONST issues' in 'Binary Logging of Stored Programs') + */ + if (thd->query_name_consts && + mysql_bin_log.is_open() && + !mysql_bin_log.is_query_in_union(thd, thd->query_id)) + { + List_iterator_fast it(select_lex->item_list); + Item *item; + uint splocal_refs= 0; + /* Count SP local vars in the top-level SELECT list */ + while ((item= it++)) + { + if (item->is_splocal()) + splocal_refs++; + } + /* + If it differs from number of NAME_CONST substitution applied, + we may have a SOME_FUNC(NAME_CONST()) in the SELECT list, + that may cause a problem with binary log (see BUG#35383), + raise a warning. + */ + if (splocal_refs != thd->query_name_consts) + push_warning(thd, + MYSQL_ERROR::WARN_LEVEL_WARN, + ER_UNKNOWN_ERROR, +"Invoked routine ran a statement that may cause problems with " +"binary log, see 'NAME_CONST issues' in 'Binary Logging of Stored Programs' " +"section of the manual."); + } + select_result *sel_result; select_lex->options|= SELECT_NO_UNLOCK; From c8338ad33d7128aa512cbaf6a0e2d67c59627f42 Mon Sep 17 00:00:00 2001 From: Andrei Elkin Date: Thu, 26 Mar 2009 11:25:43 +0200 Subject: [PATCH 05/14] bug#42977 compilation warning fixed --- sql/log_event.cc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sql/log_event.cc b/sql/log_event.cc index 6220bc276a6..89094da3e94 100644 --- a/sql/log_event.cc +++ b/sql/log_event.cc @@ -7764,7 +7764,7 @@ Table_map_log_event::Table_map_log_event(THD *thd, TABLE *tbl, ulong tid, m_data_size+= m_dblen + 2; // Include length and terminating \0 m_data_size+= m_tbllen + 2; // Include length and terminating \0 cbuf_end= net_store_length(cbuf, (size_t) m_colcnt); - DBUG_ASSERT((cbuf_end - cbuf) <= sizeof(cbuf)); + DBUG_ASSERT(static_cast(cbuf_end - cbuf) <= sizeof(cbuf)); m_data_size+= (cbuf_end - cbuf) + m_colcnt; // COLCNT and column types /* If malloc fails, caught in is_valid() */ From 99369b1027146585bdf3f2a48ab80037f9e8eae8 Mon Sep 17 00:00:00 2001 From: Sergey Glukhov Date: Thu, 26 Mar 2009 18:27:34 +0400 Subject: [PATCH 06/14] fixed archive test. It might be OOM error on boxes with low amount of memory. It leads to crash because there is no OOM check in ha_archive::unpack_row(). The fix: added OOM error check --- mysql-test/r/archive.result | 19 ------------------- mysql-test/std_data/bug32880.ARN | Bin 131 -> 0 bytes mysql-test/std_data/bug32880.ARZ | Bin 8744 -> 0 bytes mysql-test/std_data/bug32880.frm | Bin 8578 -> 0 bytes mysql-test/t/archive.test | 15 --------------- storage/archive/ha_archive.cc | 6 +++++- 6 files changed, 5 insertions(+), 35 deletions(-) delete mode 100644 mysql-test/std_data/bug32880.ARN delete mode 100644 mysql-test/std_data/bug32880.ARZ delete mode 100644 mysql-test/std_data/bug32880.frm diff --git a/mysql-test/r/archive.result b/mysql-test/r/archive.result index 02acccb234e..8c26ea1ff82 100644 --- a/mysql-test/r/archive.result +++ b/mysql-test/r/archive.result @@ -12695,22 +12695,3 @@ a b 1 NULL 2 NULL DROP TABLE t1; -# -# BUG#32880 - Repairing Archive table fails with internal error 144 -# - -# Test with an existing table which is corrupted -# Copy t1 from std_data -SHOW CREATE TABLE t1; -Table Create Table -t1 CREATE TABLE `t1` ( - `a` int(11) DEFAULT NULL, - `b` blob -) ENGINE=ARCHIVE DEFAULT CHARSET=latin1 -CHECK TABLE t1; -Table Op Msg_type Msg_text -test.t1 check error Corrupt -REPAIR TABLE t1; -Table Op Msg_type Msg_text -test.t1 repair error Corrupt -DROP TABLE t1; diff --git a/mysql-test/std_data/bug32880.ARN b/mysql-test/std_data/bug32880.ARN deleted file mode 100644 index 643b0dfbad59af05495571978acc8b5eeaf8b509..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 131 zcmeyz%qYO%$AAi8dqei4wVSWE@5vi;Yx=ZHHrNyljV=3 gvkA%YRCc;{PVKA|P+c6Av6_|P_LJg8GZ+~d03i_-e*gdg diff --git a/mysql-test/std_data/bug32880.ARZ b/mysql-test/std_data/bug32880.ARZ deleted file mode 100644 index 4e151822647f1b7e0f3f2b9952ef543f9a7954ce..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 8744 zcmeI&ze>YE90%}kE^WOwLQ_+U|G-v?pi7-QR7DDkP{ct*5RxuFL%>0bOI#ep7w|I1m=0(}aH((^7}($&Gi!uKHg{qC2`-SL@!GuQDk05EFlmmMEA5AD2YV{h9gHUv8Q z`pMQ~=9GO`*BoHqe5%gZ3yCt2?j*CS`S)`S)UraS12nSrP z3Q&Lo|5iXi<#(HBwzPz!i{q2i%YMFu2?Z!X0SZun0u-PC1t>rP3Q&Lo3nnmf(tdyi zyY=5)*MUG6rY)k1Qoiju8oF*q7p@TX-R3U`3J{U*nGi!1gy)$}HtzK{uI`{H3MtJQ zwTC(|Jpfdsh6=j-!j4H4hF@dZzFK<>&h~=%@NQ@It^K_9ep_1ET#l1|@{+`fS*+Bg Wb>pSU>r>;WvOc)BNhQ>$RK5X*A2h-M diff --git a/mysql-test/std_data/bug32880.frm b/mysql-test/std_data/bug32880.frm deleted file mode 100644 index 66a4c7d7538ef06353e4b38b8699203736844857..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 8578 zcmeI&u?oU45C-5s*H%+Hw8i4$($%TXT|`9CO&r|YClT?@dj)_ z@U6LrNs9<546x7zIYNj<3M77Shhm}0?Fy7bp=p46*l?u)1t>rP3Q&Lo6rcbFC_n)U zP~d9?1TMVooxMt9tPbn#?zjm@m{5QM6rcbFC_n)UP=Epypa2CZ@M8jJqo4kN90r0G z6BWoY3J!ZrweF)uBvQ@m4+Alz)0qkB5lfc&CbN^aiFAS@5o`S&<)s4dOTcxmcX$FK Cm=+HJ diff --git a/mysql-test/t/archive.test b/mysql-test/t/archive.test index 0d521f95b38..7139d95ab49 100644 --- a/mysql-test/t/archive.test +++ b/mysql-test/t/archive.test @@ -1599,18 +1599,3 @@ INSERT INTO t1 VALUES (NULL, NULL),(NULL, NULL); FLUSH TABLE t1; SELECT * FROM t1 ORDER BY a; DROP TABLE t1; - ---echo # ---echo # BUG#32880 - Repairing Archive table fails with internal error 144 ---echo # ---echo ---echo # Test with an existing table which is corrupted ---echo # Copy t1 from std_data -let $MYSQLD_DATADIR= `select @@datadir`; -copy_file std_data/bug32880.frm $MYSQLD_DATADIR/test/t1.frm; -copy_file std_data/bug32880.ARZ $MYSQLD_DATADIR/test/t1.ARZ; -copy_file std_data/bug32880.ARN $MYSQLD_DATADIR/test/t1.ARN; -SHOW CREATE TABLE t1; -CHECK TABLE t1; -REPAIR TABLE t1; -DROP TABLE t1; diff --git a/storage/archive/ha_archive.cc b/storage/archive/ha_archive.cc index d20ab3bf723..5e2a4ad5da3 100644 --- a/storage/archive/ha_archive.cc +++ b/storage/archive/ha_archive.cc @@ -1071,7 +1071,11 @@ int ha_archive::unpack_row(azio_stream *file_to_read, uchar *record) row_len= uint4korr(size_buffer); DBUG_PRINT("ha_archive",("Unpack row length %u -> %u", row_len, (unsigned int)table->s->reclength)); - fix_rec_buff(row_len); + + if (fix_rec_buff(row_len)) + { + DBUG_RETURN(HA_ERR_OUT_OF_MEM); + } DBUG_ASSERT(row_len <= record_buffer->length); read= azread(file_to_read, record_buffer->buffer, row_len, &error); From a22fb90c64320e300595940dfec192c2432ed3a6 Mon Sep 17 00:00:00 2001 From: Georgi Kodinov Date: Thu, 26 Mar 2009 16:47:58 +0200 Subject: [PATCH 07/14] removed an unix-ism in a test --- mysql-test/t/upgrade.test | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/mysql-test/t/upgrade.test b/mysql-test/t/upgrade.test index a96d1f47cb2..437b0f47cc0 100644 --- a/mysql-test/t/upgrade.test +++ b/mysql-test/t/upgrade.test @@ -53,7 +53,9 @@ drop table `txu#p#p1`; # let $MYSQLD_DATADIR= `select @@datadir`; -system cp $MYSQL_TEST_DIR/std_data/old_table-323.frm $MYSQLD_DATADIR/test/t1.frm; +--error 0,1 +--remove_file $MYSQLD_DATADIR/test/t1.frm +--copy_file std_data/old_table-323.frm $MYSQLD_DATADIR/test/t1.frm truncate t1; drop table t1; From d1b830d0fee2fb73ac5e2b086f27a1efd4542c93 Mon Sep 17 00:00:00 2001 From: Georgi Kodinov Date: Thu, 26 Mar 2009 17:49:06 +0200 Subject: [PATCH 08/14] fixed unupdated test suites. --- mysql-test/suite/funcs_1/r/processlist_priv_ps.result | 4 ++-- mysql-test/suite/funcs_1/r/processlist_val_ps.result | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/mysql-test/suite/funcs_1/r/processlist_priv_ps.result b/mysql-test/suite/funcs_1/r/processlist_priv_ps.result index 56230a0f806..2932467be2a 100644 --- a/mysql-test/suite/funcs_1/r/processlist_priv_ps.result +++ b/mysql-test/suite/funcs_1/r/processlist_priv_ps.result @@ -27,7 +27,7 @@ PROCESSLIST CREATE TEMPORARY TABLE `PROCESSLIST` ( `HOST` varchar(64) NOT NULL DEFAULT '', `DB` varchar(64) DEFAULT NULL, `COMMAND` varchar(16) NOT NULL DEFAULT '', - `TIME` bigint(7) NOT NULL DEFAULT '0', + `TIME` int(7) NOT NULL DEFAULT '0', `STATE` varchar(64) DEFAULT NULL, `INFO` longtext ) ENGINE=MyISAM DEFAULT CHARSET=utf8 @@ -97,7 +97,7 @@ PROCESSLIST CREATE TEMPORARY TABLE `PROCESSLIST` ( `HOST` varchar(64) NOT NULL DEFAULT '', `DB` varchar(64) DEFAULT NULL, `COMMAND` varchar(16) NOT NULL DEFAULT '', - `TIME` bigint(7) NOT NULL DEFAULT '0', + `TIME` int(7) NOT NULL DEFAULT '0', `STATE` varchar(64) DEFAULT NULL, `INFO` longtext ) ENGINE=MyISAM DEFAULT CHARSET=utf8 diff --git a/mysql-test/suite/funcs_1/r/processlist_val_ps.result b/mysql-test/suite/funcs_1/r/processlist_val_ps.result index 72ca56d0ffa..4e4cfa57e36 100644 --- a/mysql-test/suite/funcs_1/r/processlist_val_ps.result +++ b/mysql-test/suite/funcs_1/r/processlist_val_ps.result @@ -17,7 +17,7 @@ PROCESSLIST CREATE TEMPORARY TABLE `PROCESSLIST` ( `HOST` varchar(64) NOT NULL DEFAULT '', `DB` varchar(64) DEFAULT NULL, `COMMAND` varchar(16) NOT NULL DEFAULT '', - `TIME` bigint(7) NOT NULL DEFAULT '0', + `TIME` int(7) NOT NULL DEFAULT '0', `STATE` varchar(64) DEFAULT NULL, `INFO` longtext ) ENGINE=MyISAM DEFAULT CHARSET=utf8 From b1bc01825378de5bc3e3eb45e47c373468698fe3 Mon Sep 17 00:00:00 2001 From: Georgi Kodinov Date: Fri, 27 Mar 2009 12:59:31 +0200 Subject: [PATCH 09/14] Worked around the problem described in bug #43884. --- mysql-test/suite/rpl/r/rpl_loadfile.result | 2 +- mysql-test/suite/rpl/t/rpl_loadfile.test | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/mysql-test/suite/rpl/r/rpl_loadfile.result b/mysql-test/suite/rpl/r/rpl_loadfile.result index 63710326086..22f65c0b5e5 100644 --- a/mysql-test/suite/rpl/r/rpl_loadfile.result +++ b/mysql-test/suite/rpl/r/rpl_loadfile.result @@ -233,7 +233,7 @@ include/start_slave.inc SELECT repeat('x',20) INTO OUTFILE 'MYSQLTEST_VARDIR/tmp/bug_39701.data'; DROP TABLE IF EXISTS t1; CREATE TABLE t1 (t text); -CREATE PROCEDURE p(file TEXT) +CREATE PROCEDURE p(file varchar(4096)) BEGIN INSERT INTO t1 VALUES (LOAD_FILE(file)); END| diff --git a/mysql-test/suite/rpl/t/rpl_loadfile.test b/mysql-test/suite/rpl/t/rpl_loadfile.test index d12d43224df..adb23d2c2bc 100644 --- a/mysql-test/suite/rpl/t/rpl_loadfile.test +++ b/mysql-test/suite/rpl/t/rpl_loadfile.test @@ -73,7 +73,7 @@ enable_warnings; CREATE TABLE t1 (t text); DELIMITER |; -CREATE PROCEDURE p(file TEXT) +CREATE PROCEDURE p(file varchar(4096)) BEGIN INSERT INTO t1 VALUES (LOAD_FILE(file)); END| From 858b8af7399e5bf0032dc9a47d1c14aa0aaa7afd Mon Sep 17 00:00:00 2001 From: "Tatiana A. Nurnberg" Date: Fri, 27 Mar 2009 12:20:37 +0100 Subject: [PATCH 10/14] Bug#43748: crash when non-super user tries to kill the replication threads Test was flakey on some machines and showed spurious reds for races. New-and-improved test makes do with fewer statements, no mysqltest-variables, and no backticks. Should hope- fully be more robust. Heck, it's debatable whether we should have a test for this, anyway. --- mysql-test/suite/rpl/r/rpl_temporary.result | 19 +++++++++------- mysql-test/suite/rpl/t/rpl_temporary.test | 24 ++++++++++----------- 2 files changed, 22 insertions(+), 21 deletions(-) diff --git a/mysql-test/suite/rpl/r/rpl_temporary.result b/mysql-test/suite/rpl/r/rpl_temporary.result index c3b228e6089..8a9ddaec9f6 100644 --- a/mysql-test/suite/rpl/r/rpl_temporary.result +++ b/mysql-test/suite/rpl/r/rpl_temporary.result @@ -108,13 +108,16 @@ select * from t1; a 1 drop table t1; -Bug#43748 -make a non-privileged user on slave. +-- Bug#43748 +-- make a user on the slave that can list but not kill system threads. FLUSH PRIVILEGES; -GRANT USAGE ON *.* TO user43748@127.0.0.1 IDENTIFIED BY 'meow'; -try to KILL system-thread as non-privileged user. -KILL `select id from information_schema.processlist where command='Binlog Dump'`; -ERROR HY000: You are not owner of thread `select id from information_schema.processlist where command='Binlog Dump'` -throw out test-user on slave. +GRANT USAGE ON *.* TO user43748@127.0.0.1 IDENTIFIED BY 'meow'; +GRANT PROCESS ON *.* TO user43748@127.0.0.1; +-- try to KILL system-thread as that non-privileged user (on slave). +SELECT id INTO @id FROM information_schema.processlist WHERE user='system user' LIMIT 1; +KILL @id; +Got one of the listed errors +-- throw out test-user on slave. DROP USER user43748@127.0.0.1; -done. back to master. +-- done. back to master. +End of 5.1 tests diff --git a/mysql-test/suite/rpl/t/rpl_temporary.test b/mysql-test/suite/rpl/t/rpl_temporary.test index a236bcf3b7b..4e83d39710c 100644 --- a/mysql-test/suite/rpl/t/rpl_temporary.test +++ b/mysql-test/suite/rpl/t/rpl_temporary.test @@ -228,36 +228,34 @@ source include/delete_anonymous_users.inc; # Bug#43748: crash when non-super user tries to kill the replication threads # ---echo Bug#43748 +--echo -- Bug#43748 +--echo -- make a user on the slave that can list but not kill system threads. connection slave; ---echo make a non-privileged user on slave. - FLUSH PRIVILEGES; -GRANT USAGE ON *.* TO user43748@127.0.0.1 IDENTIFIED BY 'meow'; - -let $id = `SELECT id FROM information_schema.processlist WHERE user='system user' LIMIT 1`; +GRANT USAGE ON *.* TO user43748@127.0.0.1 IDENTIFIED BY 'meow'; +GRANT PROCESS ON *.* TO user43748@127.0.0.1; +--echo -- try to KILL system-thread as that non-privileged user (on slave). connect (cont43748,127.0.0.1,user43748,meow,test,$SLAVE_MYPORT,); connection cont43748; ---echo try to KILL system-thread as non-privileged user. +SELECT id INTO @id FROM information_schema.processlist WHERE user='system user' LIMIT 1; ---replace_result $id "`select id from information_schema.processlist where command='Binlog Dump'`" ---error ER_KILL_DENIED_ERROR -eval KILL $id; +--error ER_KILL_DENIED_ERROR,ER_NO_SUCH_THREAD +KILL @id; disconnect cont43748; +--echo -- throw out test-user on slave. connection slave; ---echo throw out test-user on slave. DROP USER user43748@127.0.0.1; +--echo -- done. back to master. connection master; ---echo done. back to master. -# End of tests +--echo End of 5.1 tests From 1b74eac6cbbc37f23d13025636561d6b75560361 Mon Sep 17 00:00:00 2001 From: Georgi Kodinov Date: Fri, 27 Mar 2009 14:12:33 +0200 Subject: [PATCH 11/14] disabled a failing test suite due to bug #42311 --- mysql-test/suite/rpl/t/disabled.def | 1 + 1 file changed, 1 insertion(+) diff --git a/mysql-test/suite/rpl/t/disabled.def b/mysql-test/suite/rpl/t/disabled.def index cb714c60ba4..b5f158b2257 100644 --- a/mysql-test/suite/rpl/t/disabled.def +++ b/mysql-test/suite/rpl/t/disabled.def @@ -12,3 +12,4 @@ rpl_binlog_corruption : BUG#41793 2008-12-30 sven rpl_binlog_corruption disabled in main (needs new mtr) rpl_temp_table_mix_row : BUG#43440 2009-03-23 joro rpl.rpl_temp_table_mix_row fails sporadicly +rpl_cross_version : BUG#42311 2009-03-27 joro rpl_cross_version fails on macosx From 5bc77b8b61c032133c29613242ddb6fdcca9bb7c Mon Sep 17 00:00:00 2001 From: Georgi Kodinov Date: Fri, 27 Mar 2009 16:25:16 +0200 Subject: [PATCH 12/14] fixed a compilation warning --- sql/sql_insert.cc | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/sql/sql_insert.cc b/sql/sql_insert.cc index b79f979df05..48438ba033c 100644 --- a/sql/sql_insert.cc +++ b/sql/sql_insert.cc @@ -1609,7 +1609,9 @@ public: uint query_length; delayed_row(enum_duplicates dup_arg, bool ignore_arg, bool log_query_arg) - :record(0), query(0), time_zone(0), dup(dup_arg), ignore(ignore_arg), log_query(log_query_arg) {} + :record(0), query(0), dup(dup_arg), ignore(ignore_arg), + log_query(log_query_arg), time_zone(0) + {} ~delayed_row() { x_free(record); From 14d905f9f475226daac688971251ac74ee932f9a Mon Sep 17 00:00:00 2001 From: Georgi Kodinov Date: Fri, 27 Mar 2009 16:29:56 +0200 Subject: [PATCH 13/14] tree name changed --- .bzr-mysql/default.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.bzr-mysql/default.conf b/.bzr-mysql/default.conf index 557df1b1ffe..f79c1cd6319 100644 --- a/.bzr-mysql/default.conf +++ b/.bzr-mysql/default.conf @@ -1,4 +1,4 @@ [MYSQL] post_commit_to = "commits@lists.mysql.com" post_push_to = "commits@lists.mysql.com" -tree_name = "mysql-5.0-bugteam" +tree_name = "mysql-5.0" From 22f240348d48f4ca0746b9570ee2c19b6086af5b Mon Sep 17 00:00:00 2001 From: Jonathan Perkin Date: Mon, 30 Mar 2009 13:27:23 +0200 Subject: [PATCH 14/14] Raise version number after cloning 5.1.34 --- configure.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configure.in b/configure.in index d86218bd782..391e9cb7a28 100644 --- a/configure.in +++ b/configure.in @@ -10,7 +10,7 @@ AC_CANONICAL_SYSTEM # # When changing major version number please also check switch statement # in mysqlbinlog::check_master_version(). -AM_INIT_AUTOMAKE(mysql, 5.1.34) +AM_INIT_AUTOMAKE(mysql, 5.1.35) AM_CONFIG_HEADER([include/config.h:config.h.in]) PROTOCOL_VERSION=10