memory reference
There are two issues present here.
1) There is a possibility that we test a byte beyond the
allocated buffer
2) We compare a byte that might never have been
initalized to see if it's 0.
The first issue is not triggered by existing code, but an
ASSERT has been added to safe-guard against introducing
new code that triggers it.
The second issue is what triggers the Valgrind warnings
reported in the bug report. A buffer is allocated in
class String to hold the value. This buffer is populated
by the character data constituting the string, but is not
zero-terminated in most cases. Testing if it is indeed
zero-terminated means that we check a byte that has never
been explicitly set, thus causing Valgrind to trigger.
Note that issue 2 is not a serious problem. The variable
is read, and if it's not zero, we will set it to zero.
There are no further consequences.
Note that this patch does not fix the underlying problems
with issue 1, as it is deemed too risky to fix at this
point (as noted in the bug report). As discussed in
the report, the c_ptr() method should probably be
replaced, but this requires a thorough analysis of the
~200 calls to the method.
sql/set_var.cc:
These two cases have been reported to fail
with Valgrind.
attempt to create spatial index on char > 31 bytes".
Attempt to create spatial index on char field with length
greater than 31 byte led to assertion failure on server
compiled with safemutex support.
The problem occurred in mi_create() function which was called
to create a new version of table being altered. This function
failed since it detected an attempt to create a spatial key
on non-binary column and tried to return an error.
On its error path it tried to unlock THR_LOCK_myisam mutex
which has not been not locked at this point. Indeed such an
incorrect behavior was caught by safemutex wrapper and caused
assertion failure.
This patch fixes the problem by ensuring that mi_create()
doesn't releases THR_LOCK_myisam mutex on error path if it was
not acquired.
mysql-test/r/gis.result:
Added test for bug @59888 "debug assertion when attempt to
create spatial index on char > 31 bytes".
mysql-test/t/gis.test:
Added test for bug @59888 "debug assertion when attempt to
create spatial index on char > 31 bytes".
storage/myisam/mi_create.c:
Changed mi_create() not to release THR_LOCK_myisam mutex on
error path if it was not acquired.
rw_lock_create_func(): Initialize lock->writer_thread, so that Valgrind
will not complain even when Valgrind instrumentation is not enabled.
Flag lock->writer_thread uninitialized, so that Valgrind can complain
when it is used uninitialized.
rw_lock_set_writer_id_and_recursion_flag(): Revert the bogus Valgrind
instrumentation that was pushed in the first attempt to fix this bug.
Fixed that connection string is returned for partitioned federated tables.
mysql-test/r/partition_federated.result:
Fixed error message
mysql-test/suite/federated/federated_partition.result:
Added test to show that connection string is returned in 'show create'.
sql/ha_partition.cc:
Fixed a set of bugs introduced by the last federated patch:
- We can't allocate m_ordered_rec_buffer in memroot as it has to survive call to clear_handler_file()
sql/partition_element.h:
Ensure that connect_string is properly initialized.
(This caused crashed in partition tests)
sql/sql_partition.cc:
Print CONNECTION option for federated partitioned tables
- Fixed Partition engine to store CONNECTION string for partitions.
Removed HA_NO_PARTITION flag from FederatedX.
Added test 'federated_partition' to suite.
- lp:#585688 - maridb crashes in federatedx code
FederatedX handler instances, created on one thread and used on
another thread (via table cache) when "show table status" is executed
crashed because txn member was not initialized for current thread.
Added test 'federated_bug_585688' to suite.
Author for the patch is Antony Curtis
mysql-test/suite/federated/federated_bug_585688.result:
Test for lp:585688
mysql-test/suite/federated/federated_bug_585688.test:
Test for lp:585688
mysql-test/suite/federated/federated_partition-slave.opt:
Test for partition support in federatedx
mysql-test/suite/federated/federated_partition.result:
Test for partition support in federatedx
mysql-test/suite/federated/federated_partition.test:
Test for partition support in federatedx
mysql-test/t/partition_federated.test:
Updated error message
sql/ha_partition.cc:
Added support for connection strings to partitions for federatedx
sql/ha_partition.h:
Added support for connection strings to partitions for federatedx
sql/partition_element.h:
Added support for connection strings to partitions for federatedx
sql/sql_yacc.yy:
Added support for connection strings to partitions for federatedx
storage/federatedx/ha_federatedx.cc:
Added support for partitions.
FederatedX handler instances, created on one thread and used on another thread (via table cache) when "show table status"
is executed crashed because txn member was not initialized for current thread.
- Fixed bug lp:624099 ma_close.c:75: maria_close: Assertion `share->in_trans == 0' failed on UNLOCK TABLES
- Fixed bug that caused table to be marked as not closed (crashed) during recovery testing.
- Use maria_delete_table_files() instead of maria_delete_table() to delete tempoary tables (faster and safer)
- Added checks to ensure that bitmap and internal mutex are always taken in right order.
- For transactional tables, only mark the table as changed before page for table is to be written to disk (and thus the log is flushed).
This speeds up things a bit and fixes a problem where open_count was incremented on disk but there was no log entry to fix it during recovery -> table was crashed.
- Fixed a bug in repair() where table was not automaticly repaired.
- Ensure that state->global_changed, share->changed and share->state.open_count are set and reset properly.
- Added option --ignore-control-file to maria_chk to be able to run maria_chk even if the control file is locked.
mysql-test/suite/maria/r/maria-recover.result:
Test result changed as we now force checkpoint before copying table, which results in pagecache getting flushed and we have more rows to recover.
mysql-test/suite/maria/r/maria.result:
Added new tests
mysql-test/suite/maria/t/maria-recover.test:
Force checkpoint before copying table.
This is needed as now the open-count is increased first when first page is flushed.
mysql-test/suite/maria/t/maria.test:
Added tests to verify fix for lp:624099
storage/maria/ha_maria.cc:
Use table->in_use instead of current_thd (trivial optimization)
Use maria_delete_table_files() instead of maria_delete_table() to delete tempoary tables (faster and safer)
More DBUG_ASSERT()
Reset locked tables count after locked tables have been moved to new transaction. This fixed lp:624099
storage/maria/ma_bitmap.c:
Temporarly unlock bitmap mutex when calling _ma_mark_file_changed() and pagecache_delete_pages() to ensure right mutex lock order.
Call _ma_bitmap_unpin_all() when bitmap->non_flusable is set to 0. This fixed a case when bitmap was not proparly unpinned.
More comments
Added DBUG_ASSERT() for detecting wrong share->bitmap usage
storage/maria/ma_blockrec.c:
More DBUG_ASSERT()
Moved code around in _ma_apply_redo_insert_row_head_or_tail() to make things safer on error conditions.
storage/maria/ma_check.c:
Changed parameter for _ma_set_uuid()
Corrected test for detecting if we lost many rows. This fixed some cases where auto-recovery failed.
share->changed need to be set if state.open_count is changed.
Removed setting of share->changed= 0 as called function sets it.
storage/maria/ma_close.c:
- Added code to properly decrement open_count and have it written by _ma_state_info_write() for transactional tables.
(This is more correct and also saves us one extra write by _ma_decrement_open_count() at close.
- Added DBUG_ASSERT() to detect if open_count is wrong at maria_close().
storage/maria/ma_delete.c:
Updated argument to _ma_mark_file_changed()
storage/maria/ma_delete_all.c:
Updated argument to _ma_mark_file_changed()
For transactional tables, call _ma_mark_file_changed() after log entry has been written (to allow recover to fix open_count)
Reset more needed variables in _ma_reset_status()
storage/maria/ma_delete_table.c:
Moved deletion of Aria files to maria_delete_table_files().
Remove RAID usage (old not working code)
storage/maria/ma_extra.c:
Set share->changed=1 when state needs to be updated on disk.
Don't reset share->changed after call to _ma_state_info_write() as this calls sets share->changed.
Set share->state.open_count to 1 to force table to be auto repaired if drop fails.
Set share->global_changed before call to _ma_flush_table_files() to ensure that we don't try to mark the table changed during flush.
Added DBUG_ENTER
storage/maria/ma_locking.c:
Split _ma_mark_file_changed() into two functions to delay marking transactional tables as changed on disk until first disk write.
Added argument to _ma_decrement_open_count() to tell if we should call ma_lock_database() or not.
Don't decrement open count for transactional tables during _ma_decrement_open_count(). This will be done during close.
Changed parameter for _ma_set_uuid()
storage/maria/ma_open.c:
Set share->open_count_not_zero_on_open if state.open_count is not zero.
This is needed for DBUG_ASSERT() in maria_close() that is there to enforce that open_count is always 0 at close.
This test doesn't however work for tables that had open_count != 0 already on disk (ie, crashed tables).
Enforce right mutex order for share->intern_lock and share->bitmap.bitmap_lock
Don't set share->changed to 0 if share->state.open_count != 0, as state needs to be be written at close
storage/maria/ma_pagecache.c:
Moved a bit of code in find_block() to avoid one if.
More DBUG_ASSERT()
(I left a comment in the code for Sanja to look at; The code probably works but we need to check if it's optimal)
storage/maria/ma_pagecrc.c:
For transactional tables, just before first write to disk, but after log is flushed, mark the file changed.
This fixes some cases where recovery() did not detect that table was marked as changed and could thus not recover the marker.
storage/maria/ma_recovery.c:
Set share->changed when share->global_changed is set.
storage/maria/ma_update.c:
Updated parameter for _ma_mark_file_changed()
storage/maria/ma_write.c:
Updated parameter for _ma_mark_file_changed()
storage/maria/maria_chk.c:
Added option --ignore-control-file to be able to run maria_chk even if the control file is locked.
storage/maria/maria_def.h:
Updated function prototypes.
Added open_count_not_zero_on_open to MARIA_SHARE.
storage/myisam/ha_myisam.cc:
current_thd -> table->in_use
Test failed on a certain Linux platform in automated environment. It turns out that this platform has an old version of Perl modules DBI and DBD::mysql installed, as well as the OS itself being relatively old.
Allowing error code 11 to be returned from mysqlhotcopy on expected error seems harmless and will make the test pass also with older libraries.
Added --debug-server and use $opt_debug_server where appropriate
Let --debug imply --debug-server
When merging to 5.5, must adapt fix for 59148
Oops, set debug => debug-server too late, fixed
privileges".
The first problem was that DROP USER didn't properly remove privileges
on stored functions from in-memory structures. So the dropped user
could have called stored functions on which he had privileges before
being dropped while his connection was still around.
Even worse if a new user with the same name was created he would
inherit privileges on stored functions from the dropped user.
Similar thing happened with old user name and function privileges
during RENAME USER.
This problem stemmed from the fact that the handle_grant_data() function
which handled DROP/RENAME USER didn't take any measures to update
in-memory hash with information about function privileges after
updating them on disk.
This patch solves this problem by adding code doing just that.
The second problem was that RENAME USER didn't properly update in-memory
structures describing table-level privileges and privileges on stored
procedures. As result such privileges could have been lost after a rename
(i.e. not associated with the new name of user) and inherited by a new
user with the same name as the old name of the original user.
This problem was caused by code handling RENAME USER in
handle_grant_struct() which [sic!]:
a) tried to update wrong (tables) hash when updating stored procedure
privileges for new user name.
b) passed wrong arguments to function performing the hash update and
didn't take into account the way in which such update could have
changed the order of the hash elements.
This patch solves this problem by ensuring that a) the correct hash
is updated, b) correct arguments are used for the hash_update()
function and c) we take into account possible changes in the order
of hash elements.
mysql-test/r/grant.result:
Added test coverage for bug#36544 "DROP USER does not remove stored
function privileges".
mysql-test/suite/funcs_1/r/innodb_storedproc_06.result:
Since after fixing bug#36544 "DROP USER does not remove stored function
privileges" in-memory structures are correctly updated by DROP USER,
DROP FUNCTION performed after DROP USER for its definer no longer
produces unwarranted warning/error messages.
mysql-test/suite/funcs_1/r/memory_storedproc_06.result:
Since after fixing bug#36544 "DROP USER does not remove stored function
privileges" in-memory structures are correctly updated by DROP USER,
DROP FUNCTION performed after DROP USER for its definer no longer
produces unwarranted warning/error messages.
mysql-test/suite/funcs_1/r/myisam_storedproc_06.result:
Since after fixing bug#36544 "DROP USER does not remove stored function
privileges" in-memory structures are correctly updated by DROP USER,
DROP FUNCTION performed after DROP USER for its definer no longer
produces unwarranted warning/error messages.
mysql-test/t/grant.test:
Added test coverage for bug#36544 "DROP USER does not remove stored
function privileges".
sql/sql_acl.cc:
Changed handle_grant_data() to also update hash with function
privileges. This allows DROP/RENAME USER correctly keep this
in-memory structure up-to-date.
To do this extended handle_grant_struct() to support updating of this
hash. In addition fixed code in this function which is responsible for
handling of column and routine hashes during RENAME USER, ensured that
we correctly update these hashes after changing user name and that we
don't skip elements while iterating through the hash and doing updates.
Also fix bug#59110: Memory leak of QUICK_SELECT_I allocated memory.
Includes Jørgen Lølands review comments.
Root cause of these bugs are that test_if_skip_sort_order() decided to
revert the 'skip_sort_order' descision (and use filesort) after the
query plan has been updated to reflect a 'skip' of the sort order.
This might happen in 'check_reverse_order:' if we have a
select->quick which could not be made descending by appending
a QUICK_SELECT_DESC. ().
The original 'save_quick' was then restored after the QEP has been modified,
which caused:
- An incorrect 'precomputed_group_by= TRUE' may have been set,
and not reverted, as part of the already modifified QEP (Bug#59308)
- A 'select->quick' might have been created which we fail to delete (bug#59110).
This fix is a refactorication of test_if_skip_sort_order() where all logic
related to modification of QEP (controlled by argument 'bool no_changes'), is
moved to the end of test_if_skip_sort_order(), and done after *all* 'test_if_skip'
checks has been performed - including the 'check_reverse_order:' checks.
The refactorication above contains now intentional changes to the logic which
has been moved to the end of the function.
Furthermore, a smaller part of the fix address the handling of the
select->quick objects which may already exists when we call
'test_if_skip_sort_order()' (save_quick) -and
new select->quick's created during test_if_skip_sort_order():
- Before new select->quick may be created by calling ::test_quick_select(), we
set 'select->quick= 0' to avoid that ::test_quick_select() prematurely
delete the save_quick's. (After this call we may have both a 'save_quick'
and 'select->quick')
- All returns from ::test_if_skip_sort_order() where we may have both a
'save_quick' and a 'select->quick' has been changed to goto's to the
exit points 'skiped_sort_order:' or 'need_filesort:' where we
decide which of the QUICK_SELECT's to keep, and delete the other.
if the standard input is a directory.
The problem is that mysql monitor try to read from stdin without
checking input source type.
The solution is to stop reading data from standard input if a call
to read(2) failed.
A new test case was added into mysql.test.
client/my_readline.h:
Data members error and truncated was added to LINE_BUFFER structure.
These data members used instead of out parameters in functions
batch_readline, intern_read_line.
client/mysql.cc:
read_and_execute() was modified: set status.exit_status to 1
when the error occured while reading the next command line in
non-interactive mode. Also the value of the truncated attribute
of structure LINE_BUFF is taken into account only for non-iteractive mode.
client/readline.cc:
intern_read_line() was modified: cancel reading from input if
fill_buffer() returns -1, e.g. if call to read failed.
batch_readline was modified: set the error data member of LINE_BUFFER
structure to value of my_errno when system error happened during call
to my_read/my_realloc.
mysql-test/t/mysql.test:
Test for bug#57450 was added.
handling.
The problem was that parsing of nested regular expression involved
recursive calls. Such recursion didn't take into account the amount of
available stack space, which ended up leading to stack overflow crashes.
mysql-test/t/not_embedded_server.test:
Added test for bug#58026.
regex/my_regex.h:
added pointer to function as last argument of my_regex_init() for check
enough memory in stack.
regex/regcomp.c:
p_ere() was modified: added call to function for check enough memory
in stack. Function for check available stack space specified by
global variable my_regex_enough_mem_in_stack. This variable set to
NULL for embedded mysqld and to a pointer to function
check_enough_stack_size otherwise.
regex/reginit.c:
my_regex_init was modified: pass a pointer to a function for check
enough memory in stack space. Reset this pointer to NULL in my_regex_end.
sql/mysqld.cc:
Added function check_enough_stack_size() for check enough memory in stack.
Passed this function as second argument to my_regex_init. For embedded
mysqld passed NULL as second argument.
There is one part of the test case that needs to break
and re-establish the circular topology. For this the test
stops the slave threads on a couple of servers and restarts
them with START SLAVE. However, no check is done on the
status of the IO or SQL threads before proceeding with
the subsequent commands.
Because rpl_only_running_threads is set to 1 this can lead
to silently not syncing all slave threads as expected,
ultimately resulting in unexpected results (and consequently
on a failing test run).
We fix this by replacing the START SLAVE instructions with
calls to --source include/start_slave.inc, which will wait
for the slave threads to be running (show 'Yes' in
Slave_IO|SQL_Running fields of SHOW SLAVE STATUS) before
proceeding. Additionally, we change rpl_sync.inc to make the
IO thread report that it is running when its running status
is any other than 'No'.
Fixed error in Maria unittest
Fixes other issues found by test case for lp:700623 "Aria recovery: ma_blockrec.c:3930: _ma_update_at_original_place: Assertion `block->org_bitmap_value == .."
Fixes lp:670356 "Aria table "is marked as crashed and should be repaired"
mysql-test/lib/v1/mysql-test-run.pl:
Don't delete directory mysql-test/var if we use mysql-test-run --vardir=
mysql-test/mysql-test-run.pl:
Don't delete directory mysql-test/var if we use mysql-test-run --vardir=
(Needed to be able to run multiple concurrent mysql-test-run's/randgen on the same server)
Added extra supression
storage/maria/ma_pagecache.c:
Removed duplicate DBUG_PRINT information
Added KEYCACHE_PRINT for printing information that was already printed to DBUG log (to get rid of some duplicated output)
More comments
Fixed bug that caused page block to be used by two treads at the same time (with different page information)
Mark block->status with PCBLOCK_DIRECT_W independent of the block is changed or not. (Safety fix)
storage/maria/maria_chk.c:
Better --help
storage/maria/unittest/ma_test_recovery.pl:
Ignore differences in 'recover time'.
Fixed error in Maria unittest
Bug #55755 : Date STD variable signness breaks server on FreeBSD and OpenBSD
* Added a check to configure on the size of time_t
* Created a macro to check for a valid time_t that is safe to use with datetime
functions and store in TIMESTAMP columns.
* Used the macro consistently instead of the ad-hoc checks introduced by 52315
* Fixed compliation warnings on platforms where the size of time_t is smaller than
the size of a long (e.g. OpenBSD 4.8 64 amd64).
Bug #52315: utc_date() crashes when system time > year 2037
* Added a correct check for the timestamp range instead of just variable size check to
SET TIMESTAMP.
* Added overflow checking before converting to time_t.
* Using a correct localized error message in this case instead of the generic error.
* Added a test suite.
* fixed the checks so that they check for unsigned time_t as well. Used the checks
consistently across the source code.
* fixed the original test case to expect the new error code.
primary_key_no == 0".
Attempt to create InnoDB table with non-nullable column of
geometry type having an unique key with length 12 on it and
with some other candidate key led to server crash due to
assertion failure in both non-debug and debug builds.
The problem was that such a non-candidate key could have
been sorted as the first key in table/.FRM, before any legit
candidate keys. This resulted in assertion failure in InnoDB
engine which assumes that primary key should either be the
first key in table/.FRM or should not exist at all.
The reason behind such an incorrect sorting was an wrong
value of Create_field::key_length member for geometry field
(which was set to its pack_length == 12) which confused code
in mysql_prepare_create_table(), so it would skip marking
such key as a key with partial segments.
This patch fixes the problem by ensuring that this member
gets the same value of Create_field::key_length member as
for other blob fields (from which geometry field class is
inherited), and as result unique keys on geometry fields
are correctly marked as having partial segments.
mysql-test/include/gis_keys.inc:
Added test case for bug #58650 "Failing assertion:
primary_key_no == -1 || primary_key_no == 0".
mysql-test/r/gis.result:
Added test case for bug #58650 "Failing assertion:
primary_key_no == -1 || primary_key_no == 0".
mysql-test/suite/innodb/r/innodb_gis.result:
Added test case for bug #58650 "Failing assertion:
primary_key_no == -1 || primary_key_no == 0".
mysql-test/suite/innodb_plugin/r/innodb_gis.result:
Added test case for bug #58650 "Failing assertion:
primary_key_no == -1 || primary_key_no == 0".
sql/field.cc:
Changed Create_field::create_length_to_internal_length() to
correctly set Create_field::key_length member for geometry
fields. Similar to the blob types key_length for such fields
should be the same as length and not field's packed length
(which is always 12 for geometry).
As result of this change code handling table creation now
always correctly identifies btree/unique keys on geometry
fields as partial keys, so such keys can't be erroneously
treated as candidate keys and sorted in keys array in .FRM
before legit candidate keys.
This fixes bug #58650 "Failing assertion: primary_key_no ==
-1 || primary_key_no == 0" in which incorrect candidate key
sorting led to assertion failure in InnoDB code.
Root cause for this bug is that the optimizer try to detect&
optimize the special case:
'<field> BETWEEN c1 AND c1' and handle this as the condition '<field> = c1'
This was implemented inside add_key_field(.. *field, *value[]...)
which assumed field to refer key Field, and value[] to refer a [low...high]
constant pair. value[0] and value[1] was then compared for equality.
In a 'normal' BETWEEN condition of the form '<field> BETWEEN val1 and val2' the
BETWEEN operation is represented with an argementlist containing the
values [<field>, val1, val2] - add_key_field() is then called with
parameters field=<field>, *value=val1.
However, if the BETWEEN predicate specified:
1) '<const1> BETWEEN<const2> AND<field>
the 'field' and 'value' arguments to add_key_field() had to be swapped.
This was implemented by trying to cheat add_key_field() to handle it like:
2) '<const1> GE<const2> AND<const1> LE<field>'
As we didn't really replace the BETWEEN operation with 'ge' and 'le',
add_key_field() still handled it as a 'BETWEEN' and compared the (swapped)
arguments<const1> and<const2> for equality. If they was equal, the
condition 1) was incorrectly 'optimized' to:
3) '<field> EQ <const1>'
This fix moves this optimization of '<field> BETWEEN c1 AND c1' into
add_key_fields() which then calls add_key_equal_fields() to collect
key equality / comparison for the key fields in the BETWEEN condition.
Third updated patch - this version also includes copyright notice in added Perl script.
This patch implements a check for such modules at runtime. If modules are not found or unable to load, the test is skipped with
the following message:
[ skipped ] Test needs Perl modules DBI and DBD::mysql
Checks are done via a helper Perl script which looks for the module in a runtime environment that is as similar to that of the
mysqlhotcopy script as possible (thus not intended for Windows environments at this time).
The helper script tells mysql-test about the result by writing information to a temporary file that is later read by mysql-test.
See comments in added files (have_dbi_dbd-mysql.inc and checkDBI_DBD-mysql.pl) for details.
The patch also removes the mysqlhotcopy tests from the list of disabled tests.
In SBR, if a statement does not fail, it is always written to the binary
log, regardless if rows are changed or not. If there is a failure, a
statement is only written to the binary log if a non-transactional (.e.g.
MyIsam) engine is updated.
INSERT ON DUPLICATE KEY UPDATE and INSERT IGNORE were not following the
rule above and were not written to the binary log, if then engine was
Innodb.
mysql-test/extra/rpl_tests/rpl_insert_duplicate.test:
Added test case.
mysql-test/extra/rpl_tests/rpl_insert_ignore.test:
Updated test case.
mysql-test/include/commit.inc:
Updated test case as the calls to the binary log have changed
for INSERT ON DUPLICATE and INSERT IGNORE.
mysql-test/r/commit_1innodb.result:
Updated result file.
mysql-test/suite/rpl/r/rpl_insert_duplicate.result:
Added test case.
mysql-test/suite/rpl/r/rpl_insert_ignore.result:
Updated result file.
mysql-test/suite/rpl/t/rpl_insert_duplicate.test:
Added test case.
mysql-test/suite/rpl/t/rpl_insert_ignore.test:
Improved test case.
