------------------------------------------------------------ revno: 3472 [merge] tags: clone-5.1.50-build committer: Alfranio Correia branch nick: mysql-5.1-security timestamp: Tue 2010-08-03 12:52:02 +0100 message: auto-merge mysql-5.1-security (local) --> mysql-5.1-security ------------------------------------------------------------ revno: 3452.3.1 committer: Alfranio Correia branch nick: mysql-5.1-bugteam timestamp: Mon 2010-08-02 20:48:56 +0100 message: BUG#55625 RBR breaks on failing 'CREATE TABLE' A CREATE...SELECT that fails is written to the binary log if a non-transactional statement is updated. If the logging format is ROW, the CREATE statement and the changes are written to the binary log as distinct events and by consequence the created table is not rolled back in the slave. In this patch, we opted to let the slave goes out of sync by not writting to the binary log the CREATE statement. We do this by simply reseting the binary log's cache. ------------------------------------------------------------ revno: 3471 [merge] committer: Georgi Kodinov branch nick: merge-5.1-security timestamp: Mon 2010-08-02 11:03:41 +0300 message: merge ------------------------------------------------------------ revno: 1810.3987.35 [merge] committer: Georgi Kodinov branch nick: merge-5.0-security timestamp: Mon 2010-08-02 10:45:43 +0300 message: merge ------------------------------------------------------------ revno: 3470 [merge] committer: Georgi Kodinov branch nick: merge-5.1-security timestamp: Mon 2010-08-02 10:50:15 +0300 message: merge mysql-5.1-bugteam into mysql-5.1-security ------------------------------------------------------------ revno: 3452.1.17 committer: Davi Arnaut branch nick: 42733-5.1 timestamp: Fri 2010-07-30 17:33:10 -0300 message: Bug#45288: pb2 returns a lot of compilation warnings on linux Fix compiler warnings. ------------------------------------------------------------ revno: 3452.1.16 [merge] committer: Luis Soares branch nick: mysql-5.1-bugteam-push timestamp: Fri 2010-07-30 15:32:28 +0100 message: Automerge mysql-5.1-bugteam into mysql-5.1-bugteam latest. ------------------------------------------------------------ revno: 3452.2.1 committer: Luis Soares branch nick: mysql-5.1-bugteam timestamp: Fri 2010-07-30 14:44:39 +0100 message: Revert patch for BUG#34283. Causing lots of test failures in PB2, mostly because existing test result files were not updated. ------------------------------------------------------------ revno: 3452.1.15 committer: Georgi Kodinov branch nick: B55188-5.1-bugteam timestamp: Fri 2010-07-30 17:09:24 +0300 message: Disable the tests failing under valgrind because of bug #55503 ------------------------------------------------------------ revno: 3452.1.14 committer: Georgi Kodinov branch nick: B55188-5.1-bugteam timestamp: Fri 2010-07-30 16:35:06 +0300 message: Bug #55188: GROUP BY, GROUP_CONCAT and TEXT - inconsistent results In order to be able to check if the set of the grouping fields in a GROUP BY has changed (and thus to start a new group) the optimizer caches the current values of these fields in a set of Cached_item derived objects. The Cached_item_str, used for caching varchar and TEXT columns, is limited in length by the max_sort_length variable. A String buffer to store the value with an alloced length of either the max length of the string or the value of max_sort_length (whichever is smaller) in Cached_item_str's constructor. Then, at compare time the value of the string to compare to was truncated to the alloced length of the string buffer inside Cached_item_str. This is all fine and valid, but only if you're not assigning values near or equal to the alloced length of this buffer. Because when assigning values like this the alloced length is rounded up and as a result the next set of data will not match the group buffer, thus leading to wrong results because of the changed alloced_length. Fixed by preserving the original maximum length in the Cached_item_str's constructor and using this instead of the alloced_length to limit the string to compare to. Test case added. ------------------------------------------------------------ revno: 3452.1.13 [merge] committer: Davi Arnaut branch nick: mysql-5.1-bugteam timestamp: Fri 2010-07-30 09:38:18 -0300 message: Merge of mysql-5.0-bugteam into mysql-5.1-bugteam. ------------------------------------------------------------ revno: 1810.3995.4 committer: Davi Arnaut branch nick: mysql-5.0-bugteam timestamp: Fri 2010-07-30 09:34:40 -0300 message: Bug#54041: MySQL 5.0.92 fails when tests from Connector/C suite run Fix a regression (due to a typo) which caused spurious incorrect argument errors for long data stream parameters if all forms of logging were disabled (binary, general and slow logs). ------------------------------------------------------------ revno: 3452.1.12 committer: Davi Arnaut branch nick: mysql-5.1-bugteam timestamp: Fri 2010-07-30 09:17:10 -0300 message: Bug#54041: MySQL 5.0.92 fails when tests from Connector/C suite run Fix a regression (due to a typo) which caused spurious incorrect argument errors for long data stream parameters if all forms of logging were disabled (binary, general and slow logs). ------------------------------------------------------------ revno: 3452.1.11 committer: branch nick: mysql-5.1-bugteam timestamp: Fri 2010-07-30 11:59:34 +0800 message: Bug #34283 mysqlbinlog leaves tmpfile after termination if binlog contains load data infile With statement- or mixed-mode logging, "LOAD DATA INFILE" queries are written to the binlog using special types of log events. When mysqlbinlog reads such events, it re-creates the file in a temporary directory with a generated filename and outputs a "LOAD DATA INFILE" query where the filename is replaced by the generated file. The temporary file is not deleted by mysqlbinlog after termination. To fix the problem, in mixed mode we go to row-based. In SBR, we document it to remind user the tmpfile is left in a temporary directory. ------------------------------------------------------------ revno: 3452.1.10 committer: Davi Arnaut branch nick: 53463-5.1 timestamp: Wed 2010-07-28 12:59:19 -0300 message: Bug#53463: YaSSL patch appears to be reverted The problem is that the fix Bug#29784 was mistakenly reverted when updating YaSSL to a newer version. The solution is to re-apply the fix and this time actually add a meaningful test case so that possible regressions are caught. ------------------------------------------------------------ revno: 3452.1.9 [merge] committer: Vasil Dimov branch nick: mysql-5.1-bugteam timestamp: Thu 2010-07-29 11:57:33 +0300 message: Merge mysql-5.1-innodb -> mysql-5.1-bugteam ------------------------------------------------------------ revno: 3351.14.179 [merge] committer: Vasil Dimov branch nick: mysql-5.1-innodb timestamp: Thu 2010-07-29 11:51:00 +0300 message: Merge mysql-5.1-bugteam -> mysql-5.1-innodb ------------------------------------------------------------ revno: 3351.14.178 committer: Jimmy Yang branch nick: mysql-5.1-innodb timestamp: Wed 2010-07-28 03:20:44 -0700 message: Fix bug #55581 by backporting fix of #52546 from mysql-trunk-innodb to mysql-5.1-innodb plugin. ------------------------------------------------------------ revno: 3351.14.177 committer: Vasil Dimov branch nick: mysql-5.1-innodb timestamp: Fri 2010-07-23 19:32:38 +0300 message: Increment InnoDB Plugin version to 1.0.11. InnoDB Plugin 1.0.10 has been released with MySQL 5.1.49. ------------------------------------------------------------ revno: 3351.14.176 [merge] committer: Vasil Dimov branch nick: mysql-5.1-innodb timestamp: Fri 2010-07-23 12:51:14 +0300 message: Merge mysql-5.1 -> mysql-5.1-innodb ------------------------------------------------------------ revno: 3351.14.175 [merge] committer: Vasil Dimov branch nick: mysql-5.1-innodb timestamp: Fri 2010-07-09 15:15:09 +0300 message: Merge mysql-5.1 -> mysql-5.1-innodb (no changes introduced by this merge) ------------------------------------------------------------ revno: 3351.14.174 committer: Vasil Dimov branch nick: mysql-5.1-innodb timestamp: Wed 2010-07-07 20:51:30 +0300 message: Add the innodb_plugin tests to "make dist". ------------------------------------------------------------ revno: 3351.14.173 committer: Jimmy Yang branch nick: mysql-5.1-innodb timestamp: Mon 2010-07-05 19:26:38 -0700 message: Add innodb_bug53756-master.opt for innodb_bug53756 test. ------------------------------------------------------------ revno: 3351.14.172 committer: Jimmy Yang branch nick: mysql-5.1-innodb timestamp: Wed 2010-06-30 22:06:01 -0700 message: Port fix for bug #54311 from mysql-trunk-innodb to mysql-5.1-innodb codeline. Bug #54311: Crash on CHECK PARTITION after concurrent LOAD DATA and adaptive_hash_index=OFF ------------------------------------------------------------ revno: 3351.14.171 committer: Marko Mäkelä branch nick: 5.1-innodb timestamp: Wed 2010-06-30 12:38:47 +0300 message: Bug#54358 follow-up: Correct some error handling. ------------------------------------------------------------ revno: 3351.14.170 committer: Marko Mäkelä branch nick: 5.1-innodb timestamp: Wed 2010-06-30 12:31:49 +0300 message: Correct some comments that were added in the fix of Bug #54358 (READ UNCOMMITTED access failure of off-page DYNAMIC or COMPRESSED columns). Records that lack incompletely written externally stored columns may be accessed by READ UNCOMMITTED transaction even without involving a crash during an INSERT or UPDATE operation. I verified this as follows. (1) added a delay after the mini-transaction for writing the clustered index 'stub' record was committed (patch attached) (2) started mysqld in gdb, setting breakpoints to the where the assertions about READ UNCOMMITTED were added in the bug fix (3) invoked ibtest3 --create-options=key_block_size=2 to create BLOBs in a COMPRESSED table (4) invoked the following: yes 'set transaction isolation level read uncommitted; checksum table blobt3;select sleep(1);'|mysql -uroot test (5) noted that one of the breakpoints was triggered (return(NULL) in btr_rec_copy_externally_stored_field()) === modified file 'storage/innodb_plugin/row/row0ins.c' --- storage/innodb_plugin/row/row0ins.c 2010-06-30 08:17:25 +0000 +++ storage/innodb_plugin/row/row0ins.c 2010-06-30 08:17:25 +0000 @@ -2120,6 +2120,7 @@ function_exit: rec_t* rec; ulint* offsets; mtr_start(&mtr); + os_thread_sleep(5000000); btr_cur_search_to_nth_level(index, 0, entry, PAGE_CUR_LE, BTR_MODIFY_TREE, &cursor, 0, === modified file 'storage/innodb_plugin/row/row0upd.c' --- storage/innodb_plugin/row/row0upd.c 2010-06-30 08:11:55 +0000 +++ storage/innodb_plugin/row/row0upd.c 2010-06-30 08:11:55 +0000 @@ -1763,6 +1763,7 @@ row_upd_clust_rec( rec_offs_init(offsets_); mtr_start(mtr); + os_thread_sleep(5000000); ut_a(btr_pcur_restore_position(BTR_MODIFY_TREE, pcur, mtr)); rec = btr_cur_get_rec(btr_cur); ------------------------------------------------------------ revno: 3351.14.169 committer: Marko Mäkelä branch nick: 5.1-innodb timestamp: Tue 2010-06-29 16:12:19 +0300 message: ChangeLog entry for Bug #54408 ------------------------------------------------------------ revno: 3351.14.168 committer: Marko Mäkelä branch nick: 5.1-innodb timestamp: Tue 2010-06-29 16:00:58 +0300 message: Bug#54408: txn rollback after recovery: row0umod.c:673 dict_table_get_format(index->table) The REDUNDANT and COMPACT formats store a local 768-byte prefix of each externally stored column. No row_ext cache is needed, but we initialized one nevertheless. When the BLOB pointer was zero, we would ignore the locally stored prefix as well. This triggered an assertion failure in row_undo_mod_upd_exist_sec(). row_build(): Allow ext==NULL when a REDUNDANT or COMPACT table contains externally stored columns. row_undo_search_clust_to_pcur(), row_upd_store_row(): Invoke row_build() with ext==NULL on REDUNDANT and COMPACT tables. rb://382 approved by Jimmy Yang ------------------------------------------------------------ revno: 3351.14.167 committer: Marko Mäkelä branch nick: 5.1-innodb timestamp: Tue 2010-06-29 15:56:53 +0300 message: ChangeLog entry for Bug #54358 ------------------------------------------------------------ revno: 3351.14.166 committer: Marko Mäkelä branch nick: 5.1-innodb timestamp: Tue 2010-06-29 15:55:18 +0300 message: Bug#54358: READ UNCOMMITTED access failure of off-page DYNAMIC or COMPRESSED columns When the server crashes after a record stub has been inserted and before all its off-page columns have been written, the record will contain incomplete off-page columns after crash recovery. Such records may only be accessed at the READ UNCOMMITTED isolation level or when rolling back a recovered transaction in recv_recovery_rollback_active(). Skip these records at the READ UNCOMMITTED isolation level. TODO: Add assertions for checking the above assumptions hold when an incomplete BLOB is encountered. btr_rec_copy_externally_stored_field(): Return NULL if the field is incomplete. row_prebuilt_t::templ_contains_blob: Clarify what "BLOB" means in this context. Hint: MySQL BLOBs are not the same as InnoDB BLOBs. row_sel_store_mysql_rec(): Return FALSE if not all columns could be retrieved. Previously this function always returned TRUE. Assert that the record is not delete-marked. row_sel_push_cache_row_for_mysql(): Return FALSE if not all columns could be retrieved. row_search_for_mysql(): Skip records containing incomplete off-page columns. Assert that the transaction isolation level is READ UNCOMMITTED. rb://380 approved by Jimmy Yang ------------------------------------------------------------ revno: 3351.14.165 committer: Jimmy Yang branch nick: mysql-5.1-innodb timestamp: Mon 2010-06-28 19:41:37 -0700 message: Check in fix for bug #53756: "ALTER TABLE ADD PRIMARY KEY affects crash recovery" rb://369 approved by Marko ------------------------------------------------------------ revno: 3452.1.8 committer: Alexander Barkov branch nick: mysql-5.1-bugteam.b45012 timestamp: Thu 2010-07-29 10:12:44 +0400 message: Postfix for BUG#45012. Problem: The original patch didn't compile on debug_werror due to wrong format in printf("%d") for size_t variables. Fix: Adding cast to (int). ------------------------------------------------------------ revno: 3452.1.7 committer: branch nick: mysql-5.1-bugteam timestamp: Thu 2010-07-29 11:00:57 +0800 message: BUG#49124 Security issue with /*!-versioned */ SQL statements on Slave /*![:version:] Query Code */, where [:version:] is a sequence of 5 digits representing the mysql server version(e.g /*!50200 ... */), is a special comment that the query in it can be executed on those servers whose versions are larger than the version appearing in the comment. It leads to a security issue when slave's version is larger than master's. A malicious user can improve his privileges on slaves. Because slave SQL thread is running with SUPER privileges, so it can execute queries that he/she does not have privileges on master. This bug is fixed with the logic below: - To replace '!' with ' ' in the magic comments which are not applied on master. So they become common comments and will not be applied on slave. - Example: 'INSERT INTO t1 VALUES (1) /*!10000, (2)*/ /*!99999 ,(3)*/ will be binlogged as 'INSERT INTO t1 VALUES (1) /*!10000, (2)*/ /* 99999 ,(3)*/ ------------------------------------------------------------ revno: 3452.1.6 committer: Davi Arnaut branch nick: mysql-5.1-bugteam timestamp: Fri 2010-07-23 21:55:03 -0300 message: Bug#55501: Disable innodb plugin usage in the embedded server on certain OSes Do not attempt to test the innodb plugin with the embedded server, it's not supported for now. ------------------------------------------------------------ revno: 3452.1.5 [merge] committer: Sven Sandberg branch nick: 5.1-bugteam timestamp: Mon 2010-07-26 11:56:30 +0200 message: merged BUG#55322 to 5.1-bugteam ------------------------------------------------------------ revno: 3408.1.4 committer: Sven Sandberg branch nick: 5.1 timestamp: Tue 2010-07-20 17:27:13 +0200 message: BUG#55322: SHOW BINLOG EVENTS increases @@SESSION.MAX_ALLOWED_PACKET Problem: when SHOW BINLOG EVENTS was issued, it increased the value of @@session.max_allowed_packet. This allowed a non-root user to increase the amount of memory used by her thread arbitrarily. Thus, it removes the bound on the amount of system resources used by a client, so it presents a security risk (DoS attack). Fix: it is correct to increase the value of @@session.max_allowed_packet while executing SHOW BINLOG EVENTS (see BUG 30435). However, the increase should only be temporary. Thus, the fix is to restore the value when SHOW BINLOG EVENTS ends. The value of @@session.max_allowed_packet is also increased in mysql_binlog_send (i.e., the binlog dump thread). It is not clear if this can cause any trouble, since normally the client that issues COM_BINLOG_DUMP will not issue any other commands that would be affected by the increased value of @@session.max_allowed_packet. However, we restore the value just in case. ------------------------------------------------------------ revno: 3452.1.4 committer: Alexander Barkov branch nick: mysql-5.1-bugteam.b45012 timestamp: Mon 2010-07-26 09:06:18 +0400 message: Bug#45012 my_like_range_cp932 generates invalid string Problem: The functions my_like_range_xxx() returned badly formed maximum strings for Asian character sets, which made problems for storage engines. Fix: - Removed a number my_like_range_xxx() implementations, which were in fact dumplicate code pieces. - Using generic my_like_range_mb() instead. - Setting max_sort_char member properly for Asian character sets - Adding unittest/strings/strings-t.c, to test that my_like_range_xxx() return well-formed min and max strings. Notes: - No additional tests in mysql/t/ available. Old tests cover the affected code well enough. ------------------------------------------------------------ revno: 3452.1.3 [merge] committer: Dmitry Shulga branch nick: 5.1-bugteam-bug42496 timestamp: Fri 2010-07-23 18:15:56 +0700 message: Merge 5.1-bugteam -> 5.1-bug-42496 ------------------------------------------------------------ revno: 3457.4.2 [merge] committer: kevin.lewis@oracle.com branch nick: mysql-5.1-bugteam timestamp: Thu 2010-07-22 11:17:26 -0500 message: Merge ------------------------------------------------------------ revno: 3457.4.1 committer: kevin.lewis@oracle.com branch nick: mysql-5.1-bugteam timestamp: Thu 2010-07-22 11:15:15 -0500 message: Bug#49542 - Do as the comment suggests and downgrade directory errors from find_file() to a warning unless they happen during a SHOW command. ------------------------------------------------------------ revno: 3452.1.2 committer: Dmitry Shulga branch nick: 5.1-bugteam-bug42496 timestamp: Wed 2010-07-21 14:56:43 +0700 message: Fixed bug #42496 - the server could crash on a debug assert after a failure to write into a closed socket ------------------------------------------------------------ revno: 3452.1.1 committer: Dmitry Shulga branch nick: 5.1-bugteam-bug51855 timestamp: Tue 2010-06-29 16:32:03 +0700 message: Fixed bug #51855. Race condition in XA START. If several threads concurrently execute the statement XA START 'x', then mysqld server could crash. ------------------------------------------------------------ revno: 3469 committer: Gleb Shchepa branch nick: mysql-5.1-security timestamp: Sun 2010-08-01 22:12:36 +0400 message: Bug #54461: crash with longblob and union or update with subquery Queries may crash, if 1) the GREATEST or the LEAST function has a mixed list of numeric and LONGBLOB arguments and 2) the result of such a function goes through an intermediate temporary table. An Item that references a LONGBLOB field has max_length of UINT_MAX32 == (2^32 - 1). The current implementation of GREATEST/LEAST returns REAL result for a mixed list of numeric and string arguments (that contradicts with the current documentation, this contradiction was discussed and it was decided to update the documentation). The max_length of such a function call was calculated as a maximum of argument max_length values (i.e. UINT_MAX32). That max_length value of UINT_MAX32 was used as a length for the intermediate temporary table Field_double to hold GREATEST/LEAST function result. The Field_double::val_str() method call on that field allocates a String value. Since an allocation of String reserves an additional byte for a zero-termination, the size of String buffer was set to (UINT_MAX32 + 1), that caused an integer overflow: actually, an empty buffer of size 0 was allocated. An initialization of the "first" byte of that zero-size buffer with '\0' caused a crash. The Item_func_min_max::fix_length_and_dec() has been modified to calculate max_length for the REAL result like we do it for arithmetical operators. ****** Bug #54461: crash with longblob and union or update with subquery Queries may crash, if 1) the GREATEST or the LEAST function has a mixed list of numeric and LONGBLOB arguments and 2) the result of such a function goes through an intermediate temporary table. An Item that references a LONGBLOB field has max_length of UINT_MAX32 == (2^32 - 1). The current implementation of GREATEST/LEAST returns REAL result for a mixed list of numeric and string arguments (that contradicts with the current documentation, this contradiction was discussed and it was decided to update the documentation). The max_length of such a function call was calculated as a maximum of argument max_length values (i.e. UINT_MAX32). That max_length value of UINT_MAX32 was used as a length for the intermediate temporary table Field_double to hold GREATEST/LEAST function result. The Field_double::val_str() method call on that field allocates a String value. Since an allocation of String reserves an additional byte for a zero-termination, the size of String buffer was set to (UINT_MAX32 + 1), that caused an integer overflow: actually, an empty buffer of size 0 was allocated. An initialization of the "first" byte of that zero-size buffer with '\0' caused a crash. The Item_func_min_max::fix_length_and_dec() has been modified to calculate max_length for the REAL result like we do it for arithmetical operators. ------------------------------------------------------------ revno: 3468 committer: Alexey Kopytov branch nick: mysql-5.1-security timestamp: Fri 2010-07-23 15:52:54 +0400 message: Bug #54476: crash when group_concat and 'with rollup' in prepared statements Using GROUP_CONCAT() together with the WITH ROLLUP modifier could crash the server. The reason was a combination of several facts: 1. The Item_func_group_concat class stores pointers to ORDER objects representing the columns in the ORDER BY clause of GROUP_CONCAT(). 2. find_order_in_list() called from Item_func_group_concat::setup() modifies the ORDER objects so that their 'item' member points to the arguments list allocated in the Item_func_group_concat constructor. 3. In some cases (e.g. in JOIN::rollup_make_fields) a copy of the original Item_func_group_concat object could be created by using the Item_func_group_concat::Item_func_group_concat(THD *thd, Item_func_group_concat *item) copy constructor. The latter essentially creates a shallow copy of the source object. Memory for the arguments array is allocated on thd->mem_root, but the pointers for arguments and ORDER are copied verbatim. What happens in the test case is that when executing the query for the first time, after a copy of the original Item_func_group_concat object has been created by JOIN::rollup_make_fields(), find_order_in_list() is called for this new object. It then resolves ORDER BY by modifying the ORDER objects so that they point to elements of the arguments array which is local to the cloned object. When thd->mem_root is freed upon completing the execution, pointers in the ORDER objects become invalid. Those ORDER objects, however, are also shared with the original Item_func_group_concat object which is preserved between executions of a prepared statement. So the first call to find_order_in_list() for the original object on the second execution tries to dereference an invalid pointer. The solution is to create copies of the ORDER objects when copying Item_func_group_concat to not leave any stale pointers in other instances with different lifecycles. ------------------------------------------------------------ revno: 3467 [merge] committer: Georgi Kodinov branch nick: merge-5.1-security timestamp: Wed 2010-07-21 18:56:48 +0300 message: merge ------------------------------------------------------------ revno: 1810.3987.34 [merge] committer: Georgi Kodinov branch nick: merge-5.0-security timestamp: Wed 2010-07-21 18:49:24 +0300 message: merge ------------------------------------------------------------ revno: 3466 [merge] committer: Georgi Kodinov branch nick: merge-5.1-security timestamp: Wed 2010-07-21 18:54:11 +0300 message: merge ------------------------------------------------------------ revno: 3457.1.42 [merge] committer: Georgi Kodinov branch nick: merge-5.1-bugteam timestamp: Wed 2010-07-21 18:36:10 +0300 message: merge ------------------------------------------------------------ revno: 1810.3995.3 [merge] committer: Georgi Kodinov branch nick: merge-5.0-bugteam timestamp: Wed 2010-07-21 18:31:28 +0300 message: merge ------------------------------------------------------------ revno: 3457.1.41 [merge] committer: Georgi Kodinov branch nick: merge-5.1-bugteam timestamp: Wed 2010-07-21 18:34:20 +0300 message: merge ------------------------------------------------------------ revno: 3457.1.40 committer: Georgi Kodinov branch nick: fix-5.1-bugteam timestamp: Wed 2010-07-21 18:05:57 +0300 message: Addendum #4 to bug #53095 SHOW DATABASES LIKE ... was not converting to lowercase on comparison as the documentation is suggesting. Fixed it to behave similarly to SHOW TABLES LIKE ... and updated the failing on MacOSX lowercase_table2 test case. ------------------------------------------------------------ revno: 3457.1.39 [merge] committer: Alexey Kopytov branch nick: mysql-5.1-bugteam timestamp: Wed 2010-07-21 14:14:11 +0400 message: Automerge. ------------------------------------------------------------ revno: 3457.3.1 committer: Alexey Kopytov branch nick: 55061-5.1-bugteam timestamp: Mon 2010-07-12 18:58:55 +0400 message: Bug#55061: Build failing on sol 8 x86 - assembler code vs compiler problem GCC-style inline assembly is not supported by the Sun Studio compilers prior to version 12. Added a check for the Sun Studio version to avoid using _FPU_GETCW() / _FPU_SETCW() when inline assembly is unsupported. This can lead to some differences in floating point calculations on Solaris 8/x86 which, however, is not worth bothering with Sun-style assembly .il templates. ------------------------------------------------------------ revno: 3457.1.38 committer: Davi Arnaut branch nick: 45288-5.1 timestamp: Tue 2010-07-20 15:07:36 -0300 message: Bug#45288: pb2 returns a lot of compilation warnings on linux Fix warnings flagged by the new warning option -Wunused-but-set-variable that was added to GCC 4.6 and that is enabled by -Wunused and -Wall. The option causes a warning whenever a local variable is assigned to but is later unused. It also warns about meaningless pointer dereferences. ------------------------------------------------------------ revno: 3457.1.37 committer: Davi Arnaut branch nick: 52514-5.1 timestamp: Tue 2010-07-20 14:44:29 -0300 message: Bug#52514: mysql 5.1 do_abi_check does not compile w/ gcc4.5 due to GCC preprocessor change The problem is that newer GCC versions treats missing headers as fatal errors. The solution is to use a guard macro to prevent the inclusion of system headers when checking the ABI with the C Preprocessor. Reference: http://gcc.gnu.org/bugzilla/show_bug.cgi?id=15638 http://gcc.gnu.org/bugzilla/show_bug.cgi?id=44836 ------------------------------------------------------------ revno: 3457.1.36 committer: Davi Arnaut branch nick: 54453-5.1 timestamp: Tue 2010-07-20 14:36:15 -0300 message: Bug#54453: Failing assertion: trx->active_trans when renaming a table with active trx Essentially, the problem is that InnoDB does a implicit commit when a cursor (table handler) is unlocked/closed, creating a dissonance between the transaction state within the server layer and the storage engine layer. Theoretically, a statement transaction can encompass several table instances in a similar manner to a multiple statement transaction, hence it does not make sense to limit a statement transaction to the lifetime of the table instances (cursors) used within it. Since this particular instance of the problem is only triggerable on 5.1 and is masked on 5.5 due 2PC being skipped (assertion is in the prepare phase of a 2PC), the solution (which is less risky) is to explicitly end the transaction before the cached table is unlock on rename table. The patch is to be null merged into trunk. ------------------------------------------------------------ revno: 3457.1.35 [merge] committer: Davi Arnaut branch nick: mysql-5.1-bugteam timestamp: Mon 2010-07-19 15:34:28 -0300 message: Merge of mysql-5.1 into mysql-5.1-bugteam. ------------------------------------------------------------ revno: 3457.1.34 committer: Jon Olav Hauglid branch nick: mysql-5.1-bugteam-bug54734 timestamp: Mon 2010-07-19 11:03:52 +0200 message: Bug #54734 assert in Diagnostics_area::set_ok_status This assert checks that the server does not try to send OK to the client if there has been some error during processing. This is done to make sure that the error is in fact sent to the client. The problem was that view errors during processing of WHERE conditions in UPDATE statements where not detected by the update code. It therefore tried to send OK to the client, triggering the assert. The bug was only noticeable in debug builds. This patch fixes the problem by making sure that the update code checks for errors during condition processing and acts accordingly. ------------------------------------------------------------ revno: 3457.1.33 committer: Davi Arnaut branch nick: mysql-5.1-bugteam timestamp: Fri 2010-07-16 14:33:35 -0300 message: Bug#48327: Some crashes specific to FreeBSD ("embedded") Bug#47139: Test "merge" crashes in "embedded" run Backport patch for Bug#47139 ------------------------------------------------------------ revno: 3457.1.32 committer: Georgi Kodinov branch nick: fix-5.1-bugteam timestamp: Fri 2010-07-16 16:56:33 +0300 message: Addendum to bug #53814 : test results updates ------------------------------------------------------------ revno: 3457.1.31 committer: Ramil Kalimullin branch nick: mysql-5.1-bugteam timestamp: Fri 2010-07-16 11:15:22 +0400 message: Fix for bug #50667: The InnoDB plugin prevents initialization of the "embedded" server Problem: mysqltest_embedded failed to load ha_innodb_plugin library on some platforms (due to some unresolved references). Fix: on FreeBSD use -export-dynamic flag building mysqltest_embedded. That allows to use its global symbols to resolve references in the dynamically loaded plugin library. ------------------------------------------------------------ revno: 3457.1.30 committer: Georgi Kodinov branch nick: B53814-5.1-bugteam timestamp: Wed 2010-06-23 19:25:31 +0300 message: Bug #53814: NUMERIC_PRECISION for unsigned bigint field is 19, should be 20 Fixed the numeric precision of the unsigned BIGINT column to be 20 instead of 19. ------------------------------------------------------------ revno: 3457.1.29 [merge] committer: Alexey Kopytov branch nick: mysql-5.1-bugteam timestamp: Thu 2010-07-15 17:01:44 +0400 message: Manual merge. ------------------------------------------------------------ revno: 1810.3995.2 committer: Alexey Kopytov branch nick: mysql-5.0-bugteam timestamp: Thu 2010-07-15 10:10:16 +0400 message: Backport of the fix for bug#25421 to 5.0. Calculating the estimated number of records for a range scan may take a significant time, and it was impossible for a user to interrupt that process by killing the connection or the query. Fixed by checking the thread's 'killed' status in check_quick_keys() and interrupting the calculation process if it is set to a non-zero value. ------------------------------------------------------------ revno: 3457.1.28 [merge] committer: Alexey Kopytov branch nick: mysql-5.1-bugteam timestamp: Thu 2010-07-15 16:39:48 +0400 message: Null merge. ------------------------------------------------------------ revno: 1810.3995.1 committer: Vasil Dimov branch nick: mysql-5.0-bugteam timestamp: Wed 2010-07-07 20:13:53 +0300 message: Merge the fix for Bug#49238 from SVN (without the unrelated whitespace changes): ------------------------------------------------------------------------ r7009 | jyang | 2010-04-29 20:44:56 +0300 (Thu, 29 Apr 2010) | 6 lines branches/5.0: Port fix for bug #49238 (Creating/Dropping a temporary table while at 1023 transactions will cause assert) from 5.1 to branches/5.1. Separate action for return value DB_TOO_MANY_CONCURRENT_TRXS from that of DB_MUST_GET_MORE_FILE_SPACE in row_drop_table_for_mysql(). ------------------------------------------------------------------------ ------------------------------------------------------------ revno: 3457.1.27 committer: Davi Arnaut branch nick: mysql-5.1-bugteam timestamp: Wed 2010-07-14 16:39:40 -0300 message: Bug#42733: Type-punning warnings when compiling MySQL -- strict aliasing violations. Post-merge fix: include my_compiler.h before my_attribute.h as the latter will undef __attribute__ if the compiler is not GCC. Based on the compiler version, in my_compiler.h we know for sure whether the aligned attribute is supported. Furthermore, undefining attribute might cause bugs if some system header uses it. ------------------------------------------------------------ revno: 3457.1.26 committer: Davi Arnaut branch nick: 42733-5.1 timestamp: Wed 2010-07-14 09:27:13 -0300 message: Bug#42733: Type-punning warnings when compiling MySQL -- strict aliasing violations. Another rather noisy violation of strict aliasing rules is the spatial code which makes use of stack-based memory (of type Geometry_buffer) to provide placement for Geometry objects. Although a placement new is allowed to dynamically change the type of a object, the object returned by the new placement was being ignored and the original stack-based object was being casted to the new type, thus violating strict aliasing rules. The solution is to reorganize the code so that the object returned by the new placement is used instead of casting the original object. Also, to ensure that the stack-based object is properly aligned with respect to the objects it provides placement for, a set of compiler-dependent macros and types are introduced so that the alignment of objects can be inquired and specified. ------------------------------------------------------------ revno: 3457.1.25 committer: Davi Arnaut branch nick: 48327-5.1 timestamp: Wed 2010-07-14 10:10:12 -0300 message: Bug#48327: Some crashes specific to FreeBSD ("embedded") Backport fixes from ndb: Rework the constructors of some static object's to not call dbug functions since the constructors will be called before main, and consequently, before the dbug library is initialized. ------------------------------------------------------------ revno: 3457.1.24 committer: Georgi Kodinov branch nick: B51876-5.1-bugteam timestamp: Wed 2010-07-14 14:54:51 +0300 message: Bug #51876: crash/memory underrun when loading data with ucs2 and reverse() function 3 problems fixed : 1. The reported problem : caused by incorrect parsing of the file as ucs data resulting in wrong length of the parsed string. Fixed by truncating the invalid trailing bytes (non-complete multibyte characters) when reading from the file 2. LOAD DATA when reading from a proper UCS2 file wasn't recognizing the new line characters. Fixed by first looking if a byte is a new line (or any other special) character before reading it as a part of a multibyte character. 3. When using user variables to hold the column data in LOAD DATA the character set of the user variable was set incorrectly to the database charset. Fixed by setting it to the charset specified by LOAD DATA (if any). ------------------------------------------------------------ revno: 3457.1.23 committer: Georgi Kodinov branch nick: B53493-5.1-bugteam timestamp: Wed 2010-07-14 11:50:17 +0300 message: Bug #53493 : add_to_status does not handle the longlong fields in STATUS_VAR bytes_received/bytes_sent are ulonglong so they cannot be handled by the ulong handling code in add_to_status/add_diff_to_status(). Fixed by adding code to handle these two variables in add_to_status()/add_diff_to_status() and making sure they are not a subject to the ulong handling code. ------------------------------------------------------------ revno: 3457.1.22 committer: Georgi Kodinov branch nick: B54004-5.1-bugteam timestamp: Wed 2010-07-14 13:53:49 +0300 message: Bug #54004 : mysql_secure_installation identifies "local host" incorrectly The removal of non-local root users is overzealous in mysql_secure_installation. (Bug #54004) ------------------------------------------------------------ revno: 3457.1.21 committer: Georgi Kodinov branch nick: B52274-5.1-bugteam timestamp: Fri 2010-07-09 14:11:12 +0300 message: Bug #52274 : Missing path to mysql in mysql_secure_installation Added some code to try to find the mysql command line in the most common places and stop if it's not there. ------------------------------------------------------------ revno: 3457.1.20 committer: Davi Arnaut branch nick: mysql-5.1-bugteam timestamp: Fri 2010-07-09 16:37:52 -0300 message: Use UNINIT_VAR workaround instead of LINT_INIT. ------------------------------------------------------------ revno: 3457.1.19 [merge] committer: Mattias Jonsson branch nick: topush-51-bugteam timestamp: Fri 2010-07-09 15:00:33 +0200 message: merge ------------------------------------------------------------ revno: 3392.5.1 committer: Mattias Jonsson branch nick: b52517-51-bugteam timestamp: Fri 2010-07-09 13:15:26 +0200 message: Bug#52517: Regression in ROW level replication performance with partitions In bug-28430 HA_PRIMARY_KEY_REQUIRED_FOR_POSITION was disabled in the partitioning engine in the first patch, That bug was later fixed a second time, but that flag was not removed. No need to disable this flag, as it leads to bad choise in row replication. ------------------------------------------------------------ revno: 3457.1.18 [merge] committer: Mattias Jonsson branch nick: topush-51-bugteam timestamp: Fri 2010-07-09 14:59:40 +0200 message: merge ------------------------------------------------------------ revno: 3457.2.1 committer: Mattias Jonsson branch nick: b52455-51-bt timestamp: Fri 2010-07-09 01:09:31 +0200 message: Bug#52455: Subpar INSERT ON DUPLICATE KEY UPDATE performance with many partitions The handler function for reading one row from a specific index was not optimized in the partitioning handler since it used the default implementation. No test case since it is performance only, verified by hand. ------------------------------------------------------------ revno: 3457.1.17 committer: Davi Arnaut branch nick: mysql-5.1-bugteam timestamp: Fri 2010-07-09 09:51:21 -0300 message: Remove AC_LANG_WERROR, it causes trouble earlier versions of autoconf and is not strictly needed for now. ------------------------------------------------------------ revno: 3457.1.16 committer: Georgi Kodinov branch nick: fix-5.1-bugteam timestamp: Fri 2010-07-09 15:17:47 +0300 message: Addendum #2 to bug #53095 : fixed a bad testcase result. ------------------------------------------------------------ revno: 3457.1.15 committer: Davi Arnaut branch nick: 53445-5.1 timestamp: Fri 2010-07-09 09:00:17 -0300 message: Bug#45288: pb2 returns a lot of compilation warnings on linux Although the C standard mandates that sprintf return the number of bytes written, some very ancient systems (i.e. SunOS 4) returned a pointer to the buffer instead. Since these systems are not supported anymore and are hopefully long dead by now, simply remove the portability wrapper that dealt with this discrepancy. The autoconf check was causing trouble with GCC. ------------------------------------------------------------ revno: 3457.1.14 committer: Davi Arnaut branch nick: 53445-5.1 timestamp: Fri 2010-07-09 08:37:51 -0300 message: Bug#53445: Build with -Wall and fix warnings that it generates Introduce a MySQL maintainer/developer mode that enables a set of warning options for the C/C++ compiler. This mode is intended to help improve the overall quality of the code. The warning options are: C_WARNINGS="-Wall -Wextra -Wunused -Wwrite-strings -Werror" CXX_WARNINGS="$C_WARNINGS -Wno-unused-parameter" Since -Wall is essentially a moving target, autoconf checks are not run with warning options enabled, in particualr -Werror. This decision might be revisited in the future. The patch also fixes a mistake in the makefiles, where automake CXXFLAGS would be set to CFLAGS. ------------------------------------------------------------ revno: 3457.1.13 committer: Sergey Glukhov branch nick: mysql-5.1-bugteam timestamp: Fri 2010-07-09 14:39:47 +0400 message: Bug#54416 MAX from JOIN with HAVING returning NULL with 5.1 and Empty set The problem there is that HAVING condition evaluates const parts of condition despite the condition has references on aggregate functions. Table t1 became const tables after make_join_statistics and table1.pk = 1, HAVING is transformed into MAX(1) < 7 and taken away from HAVING. The fix is to skip evaluation of HAVING conts parts if HAVING condition has references on aggregate functions. ------------------------------------------------------------ revno: 3457.1.12 committer: branch nick: mysql-5.1-bugteam timestamp: Thu 2010-07-08 10:44:26 +0800 message: Postfix bug#48321 Fix the memory leak ------------------------------------------------------------ revno: 3457.1.11 committer: Georgi Kodinov branch nick: fix-5.1-bugteam timestamp: Wed 2010-07-07 12:15:58 +0300 message: Addendum to the fix for bug #53095 (failing information_schema.test on windows) Since the original fix for this bug lowercases the search pattern it's not a good idea to copy the search pattern to the output instead of the real table name found (since, depending on the case mode these two names may differ in case). Fixed the infrmation_schema.test failure by making sure the actual table name of an inoformation schema table is passed instead of the lookup pattern even when the pattern doesn't contain wildcards. ------------------------------------------------------------ revno: 3457.1.10 committer: Davi Arnaut branch nick: mysql-5.1-bugteam timestamp: Tue 2010-07-06 19:31:54 -0300 message: Fix what is probably the result of a bad merge. No functional change. ------------------------------------------------------------ revno: 3457.1.9 committer: Davi Arnaut branch nick: 52514-5.1 timestamp: Tue 2010-07-06 15:36:31 -0300 message: Bug#52514: mysql 5.1 do_abi_check does not compile w/ gcc4.5 due to GCC preprocessor change Temporary workaround: disable abi_check if GCC >= 4.5 ------------------------------------------------------------ revno: 3457.1.8 committer: Davi Arnaut branch nick: 22320-5.1 timestamp: Mon 2010-07-05 09:00:39 -0300 message: Bug#22320: my_atomic-t unit test fails The atomic operations implementation on 5.1 has a few problems, which might cause tests to abort randomly. Since no code in 5.1 uses atomic operations, simply remove the code. ------------------------------------------------------------ revno: 3457.1.7 committer: Georgi Kodinov branch nick: B53613-5.1-bugteam timestamp: Thu 2010-07-01 12:05:09 +0300 message: Bug #53613: mysql_upgrade incorrectly revokes TRIGGER privilege on given table Fixed an incomplete historical ALTER TABLE MODIFY trimming the trigger privilege bit from mysql.tables_priv.Table_priv column. Removed the duplicate ALTER TABLE MODIFY. Test suite added. ------------------------------------------------------------ revno: 3457.1.6 committer: Georgi Kodinov branch nick: B53095-5.1-bugteam timestamp: Fri 2010-06-25 15:59:44 +0300 message: Bug #53095: SELECT column_name FROM INFORMATION_SCHEMA.STATISTICS returns nothing When looking for table or database names inside INFORMATION_SCHEMA we must convert the table and database names to lowercase (just as it's done in the rest of the server) when lowercase_table_names is non-zero. This will allow us to find the same tables that we would find if there is no condition. Fixed by converting to lower case when extracting the database and table name conditions. Test case added. ------------------------------------------------------------ revno: 3457.1.5 committer: branch nick: mysql-5.1-bugteam timestamp: Sun 2010-07-04 16:17:53 +0800 message: Postfix for bug#48321 Some test cases set ANSI_QUOTES in sql_mode. So we have to use single quotes to quote literal strings. ------------------------------------------------------------ revno: 3457.1.4 committer: branch nick: mysql-5.1-bugteam timestamp: Sun 2010-07-04 12:02:49 +0800 message: The following statements support the CURRENT_USER() where a user is needed. DROP USER RENAME USER CURRENT_USER() ... GRANT ... TO CURRENT_USER() REVOKE ... FROM CURRENT_USER() ALTER DEFINER = CURRENT_USER() EVENTbut, When these statements are binlogged, CURRENT_USER() just is binlogged as 'CURRENT_USER()', it is not expanded to the real user name. When slave executes the log event, 'CURRENT_USER()' is expand to the user of slave SQL thread, but SQL thread's user name always NULL. This breaks the replication. After this patch, session's user will be written into query log events if these statements call CURREN_USER() or 'ALTER EVENT' does not assign a definer. ------------------------------------------------------------ revno: 3457.1.3 committer: Davi Arnaut branch nick: mysql-5.1-bugteam timestamp: Sat 2010-07-03 10:20:05 -0300 message: Fix somewhat bogus GCC warning. Although needless as the base class is mostly empty, initialize the base class explicitly in the copy constructor. ------------------------------------------------------------ revno: 3457.1.2 committer: Davi Arnaut branch nick: mysql-5.1-bugteam timestamp: Fri 2010-07-02 18:42:32 -0300 message: Bug#53445: Build with -Wall and fix warnings that it generates If bzero is not available, resort to memset. Also, remove dead bzero.c ------------------------------------------------------------ revno: 3457.1.1 committer: Davi Arnaut branch nick: 53445-5.1 timestamp: Fri 2010-07-02 15:30:47 -0300 message: Bug#53445: Build with -Wall and fix warnings that it generates Apart strict-aliasing warnings, fix the remaining warnings generated by GCC 4.4.4 -Wall and -Wextra flags. One major source of warnings was the in-house function my_bcmp which (unconventionally) took pointers to unsigned characters as the byte sequences to be compared. Since my_bcmp and bcmp are deprecated functions whose only difference with memcmp is the return value, every use of the function is replaced with memcmp as the special return value wasn't actually being used by any caller. There were also various other warnings, mostly due to type mismatches, missing return values, missing prototypes, dead code (unreachable) and ignored return values. ------------------------------------------------------------ revno: 3465 [merge] committer: Georgi Kodinov branch nick: merge-5.1-security timestamp: Wed 2010-07-21 18:51:36 +0300 message: merge ------------------------------------------------------------ revno: 3461.1.5 [merge] committer: Joerg Bruehe branch nick: mysql-5.1 timestamp: Wed 2010-07-21 12:09:50 +0200 message: Merge the version number increase (5.1.49 -> 5.1.50) into the main tree. ------------------------------------------------------------ revno: 3461.1.4 committer: Georgi Kodinov branch nick: mysql-5.1 timestamp: Mon 2010-07-19 17:47:17 +0300 message: fix tree names ------------------------------------------------------------ revno: 3461.1.3 [merge] committer: MySQL Build Team branch nick: mysql-5.1.49-release timestamp: Mon 2010-07-19 16:30:34 +0200 message: 5.1.49 push to mysql-5.1 ------------------------------------------------------------ revno: 3408.1.3 [merge] author: karen.langford@sun.com committer: sunanda branch nick: mysql-5.1 timestamp: Thu 2010-07-08 20:46:26 +0200 message: Null-merge from mysql-5.1.46sp1-release ------------------------------------------------------------ revno: 3351.58.14 tags: mysql-5.1.46sp1 committer: sunanda branch nick: mysql-5.1.46sp1-release timestamp: Wed 2010-06-23 12:22:05 +0200 message: Backport into build-201006221614-5.1.46sp1 > ------------------------------------------------------------ > revno: 3392.1.1 > revision-id: gshchepa@mysql.com-20100521184732-0jvpzinv0uwyvr2d > parent: sven.sandberg@sun.com-20100520153801-yyhujm1qqa4eyfn0 > committer: Gleb Shchepa > branch nick: 53804-5.1 > timestamp: Fri 2010-05-21 22:47:32 +0400 > message: > Bug #53804: serious flaws in the alter database .. upgrade > data directory name command > > The check_db_name function has been modified to validate tails of > #mysql50#-prefixed database names for compliance with MySQL 5.0 > database name encoding rules (the check_table_name function call > has been reused). ------------------------------------------------------------ revno: 3351.58.13 committer: sunanda branch nick: mysql-5.1.46sp1-release timestamp: Wed 2010-06-23 12:14:23 +0200 message: Backport into build-201006221614-5.1.46sp1 > ------------------------------------------------------------ > revno: 3386 > revision-id: sergey.glukhov@sun.com-20100518082821-yajhvbv1ghmlpu1n > parent: aelkin@mysql.com-20100516170332-x8priwrdjwolc065 > committer: Sergey Glukhov > branch nick: mysql-5.1-bugteam > timestamp: Tue 2010-05-18 13:28:21 +0500 > message: > Bug#48729 SELECT ... FROM INFORMATION_SCHEMA.ROUTINES causes memory to grow > Analysis showed that in case of accessing I_S table > ROUTINES we perform unnecessary allocations > with get_field() function for every processed row that > in their turn causes significant memory growth. > the fix is to avoid use of get_field(). ------------------------------------------------------------ revno: 3351.58.12 committer: sunanda branch nick: mysql-5.1.46sp1-release timestamp: Wed 2010-06-23 12:03:22 +0200 message: Backport into build-201006221614-5.1.46sp1 > ------------------------------------------------------------ > revno: 3367 [merge] > revision-id: joro@sun.com-20100504140328-srxf3c088j2twnq6 > parent: kristofer.pettersson@sun.com-20100503172109-f9hracq5pqsaomb1 > parent: joro@sun.com-20100503151651-nakknn8amrapmdp7 > committer: Georgi Kodinov > branch nick: B53371-5.1-bugteam > timestamp: Tue 2010-05-04 17:03:28 +0300 > message: > Bug #53371: COM_FIELD_LIST can be abused to bypass table level grants. > > This is the 5.1 merge and extension of the fix. > The server was happily accepting paths in table name in all places a table > name is accepted (e.g. a SELECT). This allowed all users that have some > privilege over some database to read all tables in all databases in all > mysql server instances that the server file system has access to. > Fixed by : > 1. making sure no path elements are allowed in quoted table name when > constructing the path (note that the path symbols are still valid in table names > when they're properly escaped by the server). > 2. checking the #mysql50# prefixed names the same way they're checked for > path elements in mysql-5.0. > ------------------------------------------------------------ > Use --include-merges or -n0 to see merged revisions. ------------------------------------------------------------ revno: 3351.58.11 committer: MySQL Build Team branch nick: mysql-5.1.46sp1-release timestamp: Tue 2010-06-22 22:53:01 +0200 message: Backport into build-201006221614-5.1.46sp1 > ------------------------------------------------------------ > revno: 3351.41.1 > revision-id: alexey.kopytov@sun.com-20100430111048-jdls6ofn4kkmpt09 > parent: sergey.glukhov@sun.com-20100329134249-03wyhzp5k92dzhcb > committer: Alexey Kopytov > branch nick: my51-bug48419 > timestamp: Fri 2010-04-30 15:10:48 +0400 > message: > Bug #48419: another explain crash.. > > WHERE predicates containing references to empty tables in a > subquery were handled incorrectly by the optimizer when > executing EXPLAIN. As a result, the optimizer could try to > evaluate such predicates rather than just stop with > "Impossible WHERE noticed after reading const tables" as > it would do in a non-subquery case. This led to valgrind > errors and crashes. > > Fixed the code checking the above condition so that subqueries > are not excluded and hence are handled in the same way as top > level SELECTs. ------------------------------------------------------------ revno: 3351.58.10 committer: MySQL Build Team branch nick: mysql-5.1.46sp1-release timestamp: Tue 2010-06-22 22:51:35 +0200 message: Backport into build-201006221614-5.1.46sp1 > ------------------------------------------------------------ > revno: 1810.3987.14 > revision-id: davi.arnaut@sun.com-20100429132816-ictyul6d75itek22 > parent: ramil@mysql.com-20100429044232-f0pkyx8fnpszf142 > committer: Davi Arnaut > branch nick: 50974-5.0 > timestamp: Thu 2010-04-29 10:28:16 -0300 > message: > Bug#50974: Server keeps receiving big (> max_allowed_packet) packets indefinitely. > > The server could be tricked to read packets indefinitely if it > received a packet larger than the maximum size of one packet. > This problem is aggravated by the fact that it can be triggered > before authentication. > > The solution is to no skip big packets for non-authenticated > sessions. If a big packet is sent before a session is authen- > ticated, a error is returned and the connection is closed. > ------------------------------------------------------------ > revno: 3363 [merge] > revision-id: davi.arnaut@sun.com-20100429231819-i3anwzrdasjmezvt > parent: davi.arnaut@sun.com-20100401131522-895y8uzvv8ag44gs > parent: davi.arnaut@sun.com-20100429132816-ictyul6d75itek22 > committer: Davi Arnaut > branch nick: mysql-5.1-bugteam > timestamp: Thu 2010-04-29 20:18:19 -0300 > message: > Manual merge. > ------------------------------------------------------------ > Use --include-merges or -n0 to see merged revisions. ------------------------------------------------------------ revno: 3351.58.9 committer: MySQL Build Team branch nick: mysql-5.1.46sp1-release timestamp: Tue 2010-06-22 22:34:48 +0200 message: Backport into build-201006221614-5.1.46sp1 > ------------------------------------------------------------ > revno: 1810.3987.13 > revision-id: ramil@mysql.com-20100429044232-f0pkyx8fnpszf142 > parent: alexey.kopytov@sun.com-20100426200600-op06qy98llzpzgl1 > committer: Ramil Kalimullin > branch nick: b53237-5.0-bugteam > timestamp: Thu 2010-04-29 08:42:32 +0400 > message: > Fix for bug #53237: mysql_list_fields/COM_FIELD_LIST stack smashing > > Problem: "COM_FIELD_LIST is an old command of the MySQL server, before there was real move to only > SQL. Seems that the data sent to COM_FIELD_LIST( mysql_list_fields() function) is not > checked for sanity. By sending long data for the table a buffer is overflown, which can > be used deliberately to include code that harms". > > Fix: check incoming data length. The patch did not apply cleanly: - Line numbers are completely off, roughly it is 2030 -> 1313 - What is called "pend" in the patch, is "arg_end" in the source. ------------------------------------------------------------ revno: 3351.58.8 committer: MySQL Build Team branch nick: mysql-5.1.46sp1-release timestamp: Tue 2010-06-22 22:09:31 +0200 message: Backport into 5.1.46sp1: > revno: 3351.14.56 > committer: Marko Mdkeld > branch nick: 5.1-innodb > timestamp: Mon 2010-04-26 14:08:56 +0300 > message: > Add a test case for Bug #52745. ------------------------------------------------------------ revno: 3351.58.7 committer: MySQL Build Team branch nick: mysql-5.1.46sp1-release timestamp: Tue 2010-06-22 21:59:35 +0200 message: Backport into build-201006221614-5.1.46sp1 > ------------------------------------------------------------ > revno: 3351.14.47 > revision-id: marko.makela@oracle.com-20100421095033-0acvzxb8um8cms0a > parent: marko.makela@oracle.com-20100421094032-ir4glqk46qvg2ywn > committer: Marko Mäkelä > branch nick: 5.1-innodb > timestamp: Wed 2010-04-21 12:50:33 +0300 > message: > dtuple_convert_big_rec(): Store locally any fields whose maximum length > is less than 256 bytes. (Bug #52745) > Add related comments and debug assertions to the "offsets" > functions in rem0rec.c. > Approved by Sunny Bains ------------------------------------------------------------ revno: 3351.58.6 committer: MySQL Build Team branch nick: mysql-5.1.46sp1-release timestamp: Tue 2010-06-22 21:56:18 +0200 message: Backport into build-201006221614-5.1.46sp1 > ------------------------------------------------------------ > revno: 3351.47.2 > revision-id: marko.makela@oracle.com-20100511104910-nim8kgguawpis7zo > parent: marko.makela@oracle.com-20100511104500-c6kzd0bg5s42p8e9 > committer: Marko Mäkelä > branch nick: mysql-5.1-innodb2 > timestamp: Tue 2010-05-11 13:49:10 +0300 > message: > btr_page_split_and_insert(): Add an assertion > suggested by Sunny Bains when reviewing Bug #52964. ------------------------------------------------------------ revno: 3351.58.5 committer: MySQL Build Team branch nick: mysql-5.1.46sp1-release timestamp: Tue 2010-06-22 21:54:41 +0200 message: Backport into build-201006221614-5.1.46sp1 > ------------------------------------------------------------ > revno: 3351.47.1 > revision-id: marko.makela@oracle.com-20100511104500-c6kzd0bg5s42p8e9 > parent: vasil.dimov@oracle.com-20100510132852-cz457uqvj8iiy9mm > committer: Marko Mäkelä > branch nick: mysql-5.1-innodb2 > timestamp: Tue 2010-05-11 13:45:00 +0300 > message: > Remove a stray expression. Spotted by Sunny Bains. ------------------------------------------------------------ revno: 3351.58.4 committer: MySQL Build Team branch nick: mysql-5.1.46sp1-release timestamp: Tue 2010-06-22 21:52:43 +0200 message: Backport into build-201006221614-5.1.46sp1 > ------------------------------------------------------------ > revno: 3351.14.74 > revision-id: marko.makela@oracle.com-20100504093128-44v6glupe1dsh0ug > parent: marko.makela@oracle.com-20100503122859-k73bl51re93o0mt4 > committer: Marko Mäkelä > branch nick: 5.1-innodb > timestamp: Tue 2010-05-04 12:31:28 +0300 > message: > btr_page_split_and_insert(): Correct the fix of Bug #52964. > When split_rec==NULL, choose the correct node pointer key (first_rec). ------------------------------------------------------------ revno: 3351.58.3 committer: MySQL Build Team branch nick: mysql-5.1.46sp1-release timestamp: Tue 2010-06-22 21:50:47 +0200 message: Backport into build-201006221614-5.1.46sp1 > ------------------------------------------------------------ > revno: 3351.14.50 > revision-id: marko.makela@oracle.com-20100421185359-8qaxoa2yyrpzwdd7 > parent: marko.makela@oracle.com-20100421102723-0i80uezbyu0ekj5d > committer: Marko Mäkelä > branch nick: 5.1-innodb > timestamp: Wed 2010-04-21 21:53:59 +0300 > message: > btr_page_split_and_insert(): Avoid an infinite loop. (Bug #52964) > > btr_page_tuple_smaller(): New function, refactored from > btr_page_split_and_insert(). > > btr_page_get_split_rec(): Renamed from btr_page_get_sure_split_rec(). > Note that a NULL return may mean that the tuple is to be inserted into > either the lower or upper page, to be determined by btr_page_tuple_smaller(). > > btr_page_split_and_insert(): When btr_page_get_split_rec() returns NULL, > invoke btr_page_tuple_smaller() to determine which half-page the tuple > belongs to. > > Reviewed by Sunny Bains ------------------------------------------------------------ revno: 3351.58.2 committer: MySQL Build Team branch nick: mysql-5.1.46sp1-release timestamp: Tue 2010-06-22 21:42:14 +0200 message: Backport into build-201006221614-5.1.46sp1 > ------------------------------------------------------------ > revno: 3362 > revision-id: davi.arnaut@sun.com-20100401131522-895y8uzvv8ag44gs > parent: ramil@mysql.com-20100429045409-r7r5lcyiruis15v7 > committer: Davi Arnaut > branch nick: 50755-5.1 > timestamp: Thu 2010-04-01 10:15:22 -0300 > message: > Bug#50755: Crash if stored routine def contains version comments > > The problem was that a syntactically invalid trigger could cause > the server to crash when trying to list triggers. The crash would > happen due to a mishap in the backup/restore procedure that should > protect parser items which are not associated with the trigger. The > backup/restore is used to isolate the parse tree (and context) of > a statement from the load (and parsing) of a trigger. In this case, > a error during the parsing of a trigger could cause the improper > backup/restore sequence. > > The solution is to properly restore the original statement context > before the parser is exited due to syntax errors in the trigger body. ------------------------------------------------------------ revno: 3351.58.1 author: karen.langford@oracle.com committer: MySQL Build Team branch nick: mysql-5.1.46sp1-release timestamp: Tue 2010-06-22 19:21:25 +0200 message: Set version number for mysql-5.1.46sp1 release ------------------------------------------------------------ revno: 3461.1.2 tags: mysql-5.1.49 author: karen.langford@oracle.com committer: Karen Langford branch nick: mysql-5.1.49-release timestamp: Fri 2010-07-09 14:23:48 +0200 message: Fix bug #55039 Failing assertion: space_id > 0 in fil0fil.c.