database/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-11-30 05:23:50 +03:00
Code Activity
176,729 Commits 3,296 Branches 1,099 Tags
cf333b7fda1b1f4990a68ddb51f84b879a773eaa
Commit Graph

1120 Commits

Author SHA1 Message Date
Sergei Golubchik
febe1e8503 Merge branch '10.0' into 10.1 2018-03-23 17:40:53 +01:00
Sergei Golubchik
a2e47f8c41 Merge branch '5.5' into 10.0 2018-03-23 11:44:29 +01:00
Alexander Barkov
0cba2c1ccb MDEV-15633 Memory leak after MDEV-15005 2018-03-22 16:23:37 +04:00
Varun Gupta
ddc5c65333 MDEV-14779: using left join causes incorrect results with materialization and derived tables 
Conversion of a subquery to a semi-join is blocked when we have an
IN subquery predicate in the on_expr of an outer join. Currently this
scenario is handled but the cases when an IN subquery predicate is wrapped
inside a Item_in_optimizer item then this blocking is not done.
 2018-03-22 03:01:53 +05:30
Alexander Barkov
f538a64817 MDEV-15005 ASAN: stack-buffer-overflow in my_strnncollsp_simple 
cmp_item_sort_string::store_value() did not cache the string returned
from item->val_str(), whose result can point to various private members
such as Item_char_typecast::tmp_value.

- cmp_item_sort_string::store_value() remembered the pointer returned
  from item->val_str() poiting to tmp_value into cmp_item_string::value_res.
- Later, cmp_item_real::store_value() was called, which called
  Item_str_func::val_real(), which called Item_char_typecast::val_str(&tmp)
  using a local stack variable "String tmp". Item_char_typecast::tmp_value
  was overwritten and become a link to "tmp":
  tmp_value.Ptr freed its own buffer and set to point to the buffer
  owned by "tmp".
- On return from Item_str_func::val_real(), "String tmp" was destructed,
  but "tmp_value" still pointed to the buffer owned by "tmp",
  So tmp_value.Ptr became invalid.
- Then cmp_item_sort_string() passed cmp_item_string::value_res to sortcmp().
  At this point, value_res still pointed to an invalid value of
  Item_char_typecast::tmp_value.

Fix:
changing cmp_item_sort_string::store_value() to force copying
to cmp_item_string::value if item->val_str(&value) returned
a different pointer (instead of &value).
 2018-03-19 13:07:41 +04:00
Sergei Golubchik
d4df7bc9b1 Merge branch 'github/10.0' into 10.1 2018-02-02 10:09:44 +01:00
Vicențiu Ciorbaru
d833bb65d5 Merge remote-tracking branch '5.5' into 10.0 2018-01-24 12:29:31 +02:00
Oleksandr Byelkin
76577e1e26 typo fix 2018-01-24 10:58:27 +01:00
Oleksandr Byelkin
ba8d0fa700 MDEV-14786: Server crashes in Item_cond::transform on 2nd execution of SP querying from a view 
MDEV-14957: JOIN::prepare gets unusable "conds" as argument

Do not touch merged derived (it is irreversible)

Fix first argument of in_optimizer for calls possible before fix_fields()
 2018-01-23 13:42:41 +01:00
Vicențiu Ciorbaru
e3d89652e5 Merge branch '10.0' into 10.1 2017-12-20 13:30:05 +02:00
Vicențiu Ciorbaru
042f763268 Merge remote-tracking branch '5.5' into 10.0 2017-12-20 12:51:57 +02:00
Alexander Barkov
20089f5a39 MDEV-14596 Crash in INTERVAL(ROW(..),ROW(..)) 2017-12-08 14:40:27 +04:00
Alexander Barkov
0fdb0bdf27 Merge remote-tracking branch 'origin/10.0' into 10.1 2017-11-09 14:05:53 +04:00
Oleksandr Byelkin
c2c93fc6e4 MDEV-14164: Unknown column error when adding aggregate to function in oracle style procedure FOR loop 
Make differentiation between pullout for merge and pulout of outer field during exists2in transformation.
In last case the field was outer and so we can safely start from name resolution context of the SELECT where it was pulled.
Old behavior lead to inconsistence between list of tables and outer name resolution context (which skips one SELECT for merge purposes) which creates problem vor name resolution.
 2017-11-09 09:31:03 +01:00
Sergei Golubchik
8e8d42ddf0 Merge branch '10.0' into 10.1 2017-08-08 10:18:43 +02:00
Sergei Golubchik
2fcd8c1252 MDEV-13173 An RLIKE that previously worked on 10.0 now returns "Got error 'pcre_exec: recursion limit of 100 exceeded' from regexp" 
1. use Regexp_processor_pcre::set_recursion_limit() to set the
   recursion limit depending on the current available stack size
2. make pcre stack frame to be estimated no less than 500 bytes.
   sometimes pcre estimates it too low, even though the manual
   says 500+16 bytes (it was estimated only 188 for me, actual
   frame size was 512).
3. do it for embedded too
 2017-07-20 20:13:28 +02:00
Sergei Golubchik
5e0038b376 cleanup: remove Regexp_processor_pcre::m_subpatterns_needed 
it's unused now.
 2017-05-29 21:07:54 +02:00
Marko Mäkelä
13a350ac29 Merge 10.0 into 10.1 2017-05-19 12:29:37 +03:00
Sergei Golubchik
52aa200919 MDEV-12420 max_recursive_iterations did not prevent a stack-overflow and segfault 
post-review fixes
* move pcre-specific variable out of mysys
* don't use current_thd
* move a commonly used macro to my_sys.h
* remove new sysvar
 2017-05-15 22:23:10 +02:00
Daniel Black
602b5e4c49 WIP: global readonly variable pcre_frame_size 2017-05-15 22:23:10 +02:00
Daniel Black
d672f88ef7 MDEV-12420: PCRE stack overflow 
It was possible to construct a PCRE expression that exceeded the stack.
resulting in a crash:

With fix:

MariaDB [(none)]> SELECT 1
    -> FROM dual
    -> WHERE ('Alpha,Bravo,Charlie,Delta,Echo,Foxtrot,StrataCentral,Golf,Hotel,India,Juliet,Kilo,Lima,Mike,StrataL3,November,Oscar,StrataL2,Sand,P3,P4SwitchTest,Arsys,Poppa,ExtensionMgr,Arp,Quebec,Romeo,StrataApiV2,PtReyes,Sierra,SandAcl,Arrow,Artools,BridgeTest,Tango,SandT,PAlaska,Namespace,Agent,Qos,PatchPanel,ProjectReport,Ark,Gimp,Agent,SliceAgent,Arnet,Bgp,Ale,Tommy,Central,AsicPktTestLib,Hsc,SandL3,Abuild,Pca9555,Standby,ControllerDut,CalSys,SandLib,Sb820,PointV2,BfnLib,Evpn,BfnSdk,Sflow,ManagementActive,AutoTest,GatedTest,Bgp,Sand,xinetd,BfnAgentLib,bf-utils,Hello,BfnState,Eos,Artest,Qos,Scd,ThermoMgr,Uniform,EosUtils,Eb,FanController,Central,BfnL3,BfnL2,tcp_wrappers,Victor,Environment,Route,Failover,Whiskey,Xray,Gimp,BfnFixed,Strata,SoCal,XApi,Msrp,XpProfile,tcpdump,PatchPanel,ArosTest,FhTest,Arbus,XpAcl,MacConc,XpApi,telnet,QosTest,Alpha2,BfnVlan,Stp,VxlanControllerTest,MplsAgent,Bravo2,Lanz,BfnMbb,Intf,XCtrl,Unicast,SandTunnel,L3Unicast,Ipsec,MplsTest,Rsvp,EthIntf,StageMgr,Sol,MplsUtils,Nat,Ira,P4NamespaceDut,Counters,Charlie2,Aqlc,Mlag,Power,OpenFlow,Lag,RestApi,BfdTest,strongs,Sfa,CEosUtils,Adt746,MaintenanceMode,MlagDut,EosImage,IpEth,MultiProtocol,Launcher,Max3179,Snmp,Acl,IpEthTest,PhyEee,bf-syslibs,tacc,XpL2,p4-ar-switch,p4-bf-switch,LdpTest,BfnPhy,Mirroring,Phy6,Ptp'
    ->
    -> REGEXP '^((?!\b(Strata|StrataApi|StrataApiV2)\b).)*$');
Empty set, 1 warning (0.00 sec)

MariaDB [(none)]> show warnings;
+---------+------+---------------------------------------------------------+
| Level   | Code | Message                                                 |
+---------+------+---------------------------------------------------------+
| Warning | 1139 | Got error 'pcre_exec: Internal error (-21)' from regexp |
+---------+------+---------------------------------------------------------+
 2017-05-15 22:23:10 +02:00
Marko Mäkelä
ad0c218a44 Merge 10.0 into 10.1 
Also, implement MDEV-11027 a little differently from 5.5 and 10.0:

recv_apply_hashed_log_recs(): Change the return type back to void
(DB_SUCCESS was always returned).

Report progress also via systemd using sd_notifyf().
 2017-03-09 08:53:08 +02:00
Sergei Golubchik
f7d030489d Merge branch '10.0' into 10.1 2017-01-17 20:17:35 +01:00
Sergei Golubchik
6728aae3b3 Merge branch '5.5' into 10.0 2017-01-17 16:22:25 +01:00
Sergei Golubchik
67e2028161 MDEV-9690 concurrent queries with virtual columns crash in temporal code 
Item_func_le included Arg_comparator. Arg_comparator remembered
the current_thd during fix_fields and used that value during
execution to allocate Item_cache in get_datetime_value().
But for vcols fix_fields and val_int can happen in different threads.

Same bug for Item_func_in using in_datetime or cmp_item_datetime,
both also remembered current_thd at fix_fields() to use it later
for get_datetime_value().

As a fix, these objects no longer remember the current_thd,
and get_datetime_value() uses current_thd at run time. This
should not increase the number of current_thd calls much, as
Item_cache is created only once anyway.
 2017-01-15 00:11:02 +01:00
Sergei Golubchik
2f20d297f8 Merge branch '10.0' into 10.1 2016-12-11 09:53:42 +01:00
Igor Babaev
748d993cca Fixed bug mdev-11364. 
The function Item_func_isnull::update_used_tables() must
handle the case when the predicate is over not nullable
column in a special way.
This is actually a bug of MariaDB 5.3/5.5, but it's probably
hard to demonstrate that it can cause problems there.
 2016-11-29 11:29:07 -08:00
Alexander Barkov
f0d8a4d29e MDEV-11219 main.null fails in buldbot and outside with ps-protocol 2016-11-03 22:02:24 +04:00
Alexander Barkov
c18054deb2 MDEV-10347 mysqld got signal 11 2016-11-02 08:20:15 +04:00
Alexander Barkov
3ccf8218bc Partial backporting of 7b50447aa6 
(MDEV-9407, MDEV-9408) from 10.1

Needed to fix MDEV-10317 easier.
 2016-07-03 11:20:46 +04:00
Alexander Barkov
a87507eec3 MDEV-9712 Performance degradation of nested NULLIF 
10.1 introduced a problem:
Execution time for various recursive stages
(walk, update_used_table, and propagate_equal_fields)
in NULLIF is O(recursion_level^2), because complexity is
doubled on every recursion level when we copy args[0] to args[2].

This change fixes to avoid unnecessary recursion in:
- Item_func_nullif::walk
- Item_func_nullif::update_used_tables
- Item_func_nullif::propagate_equal_fields
when possible.
 2016-05-05 15:39:04 +04:00
Sergei Golubchik
872649c7ba Merge branch '5.5' into 10.0 2016-04-26 23:05:26 +02:00
Alexander Barkov
9a987142f9 MDEV-9745 Crash with CASE WHEN TRUE THEN COALESCE(CAST(NULL AS UNSIGNED)) ELSE 4 END 
This is a backport of the patch for MDEV-9653 (fixed earlier in 10.1.13).

The code in Item_func_case::fix_length_and_dec() did not
calculate max_length and decimals properly.

In case of any numeric result (DECIMAL, REAL, INT) a generic method
Item_func_case::agg_num_lengths() was called, which could erroneously result
into a DECIMAL item with max_length==0 and decimals==0, so the constructor of
Field_new_decimals tried to create a field of DECIMAL(0,0) type,
which caused a crash.

Unlike Item_func_case, the code responsible for merging attributes in
Item_func_coalesce::fix_length_and_dec() works fine: it has specific execution
branches for all distinct numeric types and correctly creates a DECIMAL(1,0)
column instead of DECIMAL(0,0) for the same set of arguments.

The fix does the following:
- Moves the attribute merging code from Item_func_coalesce::fix_length_and_dec()
  to a new method Item_func_hybrid_result_type::fix_attributes()
- Removes the wrong code from Item_func_case::fix_length_and_dec()
  and reuses fix_attributes() in both Item_func_coalesce::fix_length_and_dec()
  and Item_func_case::fix_length_and_dec()
- Fixes count_real_length() and count_decimal_length() to get an array
  of Items as an argument, instead of using Item::args directly.
  This is needed for Item_func_case::fix_length_and_dec().
- Moves methods Item_func::count_xxx_length() from "public" to "protected".
- Removes Item_func_case::agg_num_length(), as it's not used any more.
- Additionally removes Item_func_case::agg_str_length(),
  as it also was not used (dead code).
 2016-04-20 08:53:30 +04:00
Alexander Barkov
9476854211 MDEV-9369 IN operator with ( num, NULL ) gives inconsistent result 
Based on this commit into MySQL-5.7:
> commit 8e51b845aafc8b4cdebd763c8aebda262ac2d4cd
> Author: Guilhem Bichot <guilhem.bichot@oracle.com>
> Date:   Mon Nov 4 15:44:55 2013 +0100
>
>    Bug#13944462 'NULL IN (XX)' RETURNS WRONG RESULTS
 2016-03-21 11:21:44 +04:00
Alexander Barkov
b25373beb5 MDEV-9653 Assertion `length || !scale' failed in uint my_decimal_length_to_precision(uint, uint, bool) 
MDEV-9752 Wrong data type for COALEASCE(?,1) in prepared statements
 2016-03-18 17:50:18 +04:00
Sergei Golubchik
ff93b77fd6 MDEV-9641 MDEV-9644 NULLIF assertions 
* only copy args[0] to args[2] after fix_fields (when all item
  substitutions have already happened)

* change QT_ITEM_FUNC_NULLIF_TO_CASE (that allows to print NULLIF
  as CASE) to QT_ITEM_ORIGINAL_FUNC_NULLIF (that prohibits it).
  So that NULLIF-to-CASE is allowed by default and only disabled
  explicitly for SHOW VIEW|FUNCTION|PROCEDURE and mysql_make_view.
  By default it is allowed (in particular in error messages and
  debug output, that can happen anytime before or after optimizer).
 2016-03-05 16:25:29 +01:00
Sergei Golubchik
a5679af1b1 Merge branch '10.0' into 10.1 2016-02-23 21:35:05 +01:00
Sergei Golubchik
271fed4106 Merge branch '5.5' into 10.0 2016-02-15 22:50:59 +01:00
Sergei Golubchik
f3444df415 Merge branch 'mysql/5.5' into 5.5 
reverted about half of commits as either not applicable or
outright wrong
 2016-02-09 11:27:40 +01:00
Alexander Barkov
ce40ccaf24 MDEV-9181 (NULLIF(count(table.col)), 0) gives wrong result on 10.1.x 
Wrapping args[0] and args[2] into an Item_cache for aggregate functions.
 2016-01-28 13:58:39 +04:00
Sergei Golubchik
a2bcee626d Merge branch '10.0' into 10.1 2015-12-21 21:24:22 +01:00
Sergei Golubchik
1623995158 Merge branch '5.5' into 10.0 2015-12-13 00:10:40 +01:00
Sergei Golubchik
abf9d35213 Merge branch 'mysql/5.5' into 5.5 2015-12-09 10:00:49 +01:00
Chaithra Gopalareddy
a7fb5aecfd Bug#19941403: FATAL_SIGNAL(SIG 6) IN BUILD_EQUAL_ITEMS_FOR_COND | IN SQL/SQL_OPTIMIZER.CC:1657 
Problem:
At the end of first execution select_lex->prep_where is pointing to
a runtime created object (temporary table field). As a result
server exits trying to access a invalid pointer during second
execution.

Analysis:
While optimizing the join conditions for the query, after the
permanent transformation, optimizer makes a copy of the new
where conditions in select_lex->prep_where. "prep_where" is what
is used as the "where condition" for the query at the start of execution.
W.r.t the query in question, "where" condition is actually pointing
to a field in the temporary table. As a result, for the  second
execution the pointer is no more valid resulting in server exit.

Fix:
At the end of the first execution, select_lex->where will have the
original item of the where condition.
Make prep_where the new place where the original item of select->where
has to be rolled back.
Fixed in 5.7 with the wl#7082 - Move permanent transformations from
JOIN::optimize to JOIN::prepare

Patch for 5.5 includes the following backports from 5.6:

Bugfix for Bug12603141 - This makes the first execute statement in the testcase
pass in 5.5

However it was noted later in in Bug16163596 that the above bugfix needed to
be modified. Although Bug16163596 is reproducible only with changes done for
Bug12582849, we have decided include the fix.

Considering that Bug12582849 is related to Bug12603141, the fix is
also included here. However this results in Bug16317817, Bug16317685,
Bug16739050. So fix for the above three bugs is also part of this patch.
 2015-11-20 12:30:15 +05:30
Alexander Barkov
23d4c95b50 MDEV-8896 Dead code in stored_field_cmp_to_item() 2015-10-05 16:16:13 +04:00
Alexander Barkov
ba0b668551 A clean-up for MDEV-7950: 
- Turning get_mm_tree_for_const() from a static function into
  a protected method in Item.
- Adding a new class Item_bool_func2_with_rev, for the functions and operators
  that have a reverse function and can use the range optimizer for
  to optimize "value OP field" as "field REV_OP value". Deriving
  Item_bool_rowready_func2 and Item_funt_spatial_rel from the new class.
- Removing Item_bool_func2::have_rev_func().
 2015-10-04 09:37:57 +04:00
Alexander Barkov
100d77e69d Clean-up: removing the unused "Item_result cmp_type" parameter from the methods: 
- Item_bool_func::get_func_mm_tree()
- Item_bool_func::get_mm_parts()
- Item_bool_func::get_ne_mm_tree()
 2015-10-02 14:48:32 +04:00
Alexander Barkov
22cc8f990b Changing a number of functions to aggregate argument character sets 
and collations from the global name space into private and protected
methods in Item_func_or_sum.
 2015-09-21 19:04:32 +04:00
Alexander Barkov
c8db0df2da Removing "DTCollation Arg_comparator::cmp_collation". 
Using a CHARSET_INFO pointer instead.
 2015-09-21 16:18:20 +04:00
Alexander Barkov
b75c003372 MDEV-8816 Equal field propagation is not applied for WHERE varbinary_column>=_utf8'a' COLLATE utf8_general_ci AND varbinary_column='A'; 
1. Removing the legacy code that disabled equal field propagation in cases
   when comparison is done as VARBINARY. This is now correctly handled by
   the new propagation code in Item_xxx::propagate_equal_fields() and
   Field_str::can_be_substituted_to_equal_item (the bug fix).
2. Also, removing legacy (pre-MySQL-4.1) Arg_comparator methods
   compare_binary_string() and compare_e_binary_string(), as VARBINARY
   comparison is correcty handled in compare_string() and compare_e_string() by
   the corresponding VARBINARY collation handler implemented in my_charset_bin.
   (not really a part of the bug fix)
 2015-09-18 23:03:35 +04:00