From 9d0c1ce535b57d97cb41dfca47aa33608c38b62d Mon Sep 17 00:00:00 2001
From: Sergey Vojtovich <svoj@sun.com>
Date: Fri, 12 Feb 2010 15:28:38 +0400
Subject: BUG#48438 - crash with error in unioned query against merge          
   table and view...

Invalid memory reads after a query referencing MyISAM table
multiple times with write lock. Invalid memory reads may
lead to server crash, valgrind warnings, incorrect values
in INFORMATION_SCHEMA.TABLES.{TABLE_ROWS, DATA_LENGTH,
INDEX_LENGTH, ...}.

This may happen when one of the table instances gets closed
after a query, e.g. out of slots in open tables cache. UNION,
MERGE and VIEW are irrelevant.

The problem was that MyISAM didn't restore state info
pointer to default value.

myisam/mi_locking.c:
  When a query is referencing MyISAM table multiple times
  with a write lock, all table instances share the same
  state info, pointing to MI_INFO::save_state of
  "primary" table instance.

  When lock is released, state pointer was restored only
  for the primary table instance. Secondary table instances
  are still pointing to save_state of primary table
  instance.

  Primary table instance may get closed, leaving secondary
  table instances state pointer pointing to freed memory.

  That's mostly ok, since next lock will update state info
  pointer to correct value. But there're some cases, when
  this secondary table instance state info is accessed
  without a lock, e.g. INFORMATION_SCHEMA, MERGE (in 5.1
  and up), MyISAM itself for DBUG purposes.

  Restore default value of state pointer unconditionally,
  for both primary and secondary table instances.
mysql-test/r/myisam.result:
  A test case for BUG#48438.
mysql-test/t/myisam.test:
  A test case for BUG#48438.
---
 mysql-test/t/myisam.test | 11 +++++++++++
 1 file changed, 11 insertions(+)

(limited to 'mysql-test/t/myisam.test')

diff --git a/mysql-test/t/myisam.test b/mysql-test/t/myisam.test
index d0a480348a3..936c47a6d08 100644
--- a/mysql-test/t/myisam.test
+++ b/mysql-test/t/myisam.test
@@ -1239,4 +1239,15 @@ CHECKSUM TABLE t1 EXTENDED;
 DROP TABLE t1;
 
 
+--echo #
+--echo # BUG#48438 - crash with error in unioned query against merge table and view...
+--echo #
+SET GLOBAL table_cache=3;
+CREATE TABLE t1(a INT);
+SELECT 1 FROM t1 AS a1, t1 AS a2, t1 AS a3, t1 AS a4 FOR UPDATE;
+SELECT TABLE_ROWS, DATA_LENGTH FROM INFORMATION_SCHEMA.TABLES
+  WHERE TABLE_SCHEMA='test' AND TABLE_NAME='t1';
+DROP TABLE t1;
+SET GLOBAL table_cache=DEFAULT;
+
 --echo End of 5.0 tests
-- 
cgit v1.2.1


From 62933c50df1dd97940f4b46c1376ba80e6a8368c Mon Sep 17 00:00:00 2001
From: Sergey Vojtovich <svoj@sun.com>
Date: Fri, 12 Feb 2010 16:30:04 +0400
Subject: BUG#49628 - corrupt table after legal SQL, LONGTEXT column

Bulk REPLACE or bulk INSERT ... ON DUPLICATE KEY UPDATE may
break dynamic record MyISAM table.

The problem is limited to bulk REPLACE and INSERT ... ON
DUPLICATE KEY UPDATE, because only these operations may
be done via UPDATE internally and may request write cache.

When flushing write cache, MyISAM may write remaining
cached data at wrong position. Fixed by requesting write
cache to seek to a correct position.

mysql-test/r/myisam.result:
  A test case for BUG#49628.
mysql-test/t/myisam.test:
  A test case for BUG#49628.
storage/myisam/mi_dynrec.c:
  delete_dynamic_record() may change data file position.
  IO cache must be notified as it may still have cached
  data, which has to be flushed later.
---
 mysql-test/t/myisam.test | 13 +++++++++++++
 1 file changed, 13 insertions(+)

(limited to 'mysql-test/t/myisam.test')

diff --git a/mysql-test/t/myisam.test b/mysql-test/t/myisam.test
index 351027ab246..568eadb5e39 100644
--- a/mysql-test/t/myisam.test
+++ b/mysql-test/t/myisam.test
@@ -1563,5 +1563,18 @@ SET myisam_sort_buffer_size=@@global.myisam_sort_buffer_size;
 CHECK TABLE t1;
 DROP TABLE t1;
 
+
+--echo #
+--echo # BUG#49628 - corrupt table after legal SQL, LONGTEXT column
+--echo #
+CREATE TABLE t1(a INT, b LONGTEXT, UNIQUE(a));
+REPLACE INTO t1 VALUES
+(1, REPEAT('a', 129015)),(1, NULL),
+(2, NULL),(3, NULL),(4, NULL),(5, NULL),(6, NULL),(7, NULL),
+(1, REPEAT('b', 129016)),(1, NULL),
+(1, REPEAT('c', 129015)),(1, REPEAT('d', 129015));
+CHECK TABLE t1;
+DROP TABLE t1;
+
 --echo End of 5.1 tests
 
-- 
cgit v1.2.1


From 9715539ebd9519ca66e9b803f435878a819d3f99 Mon Sep 17 00:00:00 2001
From: Ramil Kalimullin <ramil@mysql.com>
Date: Sun, 28 Feb 2010 21:29:19 +0400
Subject: Fix for bug#51304: checksum table gives different results for same
 data when using bit fields

Problem: checksum for BIT fields may be computed incorrectly
in some cases due to its storage peculiarity.

Fix: convert a BIT field to a string then calculate its checksum.


mysql-test/r/myisam.result:
  Fix for bug#51304: checksum table gives different results
  for same data when using bit fields
    - test result.
mysql-test/t/myisam.test:
  Fix for bug#51304: checksum table gives different results
  for same data when using bit fields
    - test case.
sql/sql_table.cc:
  Fix for bug#51304: checksum table gives different results
  for same data when using bit fields
    - convert BIT fields to strings calculating its checksums
  as some bits may be saved among NULL bits in the record buffer.
---
 mysql-test/t/myisam.test | 17 ++++++++++++++++-
 1 file changed, 16 insertions(+), 1 deletion(-)

(limited to 'mysql-test/t/myisam.test')

diff --git a/mysql-test/t/myisam.test b/mysql-test/t/myisam.test
index d12dbce1cc1..ea7ddc88b77 100644
--- a/mysql-test/t/myisam.test
+++ b/mysql-test/t/myisam.test
@@ -1587,5 +1587,20 @@ REPLACE INTO t1 VALUES
 CHECK TABLE t1;
 DROP TABLE t1;
 
---echo End of 5.1 tests
 
+--echo #
+--echo # Bug#51304: checksum table gives different results
+--echo # for same data when using bit fields
+--echo #
+CREATE TABLE t1(a INT, b BIT(1));
+INSERT INTO t1 VALUES(1, 0), (2, 1);
+CREATE TABLE t2 SELECT * FROM t1;
+--copy_file $MYSQLD_DATADIR/test/t1.frm $MYSQLD_DATADIR/test/t3.frm
+--copy_file $MYSQLD_DATADIR/test/t1.MYD $MYSQLD_DATADIR/test/t3.MYD
+--copy_file $MYSQLD_DATADIR/test/t1.MYI $MYSQLD_DATADIR/test/t3.MYI
+CHECKSUM TABLE t1 EXTENDED;
+CHECKSUM TABLE t2 EXTENDED;
+CHECKSUM TABLE t3 EXTENDED;
+DROP TABLE t1, t2, t3;
+
+--echo End of 5.1 tests
-- 
cgit v1.2.1


From a82cc50958887464bc87e035593bb9f9fbd14d46 Mon Sep 17 00:00:00 2001
From: Sergey Vojtovich <svoj@sun.com>
Date: Tue, 2 Mar 2010 13:45:50 +0400
Subject: BUG#51307 - widespread corruption with partitions and            
 insert...select

Queries following bulk insert into an empty MyISAM table
may break it. This was pure MyISAM problem.

When bulk insert into an empty table is complete, MyISAM
may want to enable indexes via repair by sort. If repair
by sort fails (e.g. insufficient buffer), MyISAM failover
to repair with key cache, requesting repair of data file.

Repair of data file performs data file substitution. This
means that current table instance will point to new data
file. Other cached table instances are still pointing to
an old, deleted data file.

This is fixed by not requesting repair of data file
during enable indexes.

Explicit REPAIR is not affected, since it flushes all
table instances.

mysql-test/r/myisam.result:
  A test case for BUG#51307.
mysql-test/t/myisam.test:
  A test case for BUG#51307.
storage/myisam/ha_myisam.cc:
  When enabling indexes do not attempt to repair data file.
---
 mysql-test/t/myisam.test | 28 ++++++++++++++++++++++++++++
 1 file changed, 28 insertions(+)

(limited to 'mysql-test/t/myisam.test')

diff --git a/mysql-test/t/myisam.test b/mysql-test/t/myisam.test
index d12dbce1cc1..114e0367d51 100644
--- a/mysql-test/t/myisam.test
+++ b/mysql-test/t/myisam.test
@@ -1587,5 +1587,33 @@ REPLACE INTO t1 VALUES
 CHECK TABLE t1;
 DROP TABLE t1;
 
+--echo #
+--echo # BUG#51307 - widespread corruption with partitions and insert...select
+--echo #
+CREATE TABLE t1(a CHAR(255), KEY(a));
+SELECT * FROM t1, t1 AS a1;
+SET myisam_sort_buffer_size=4;
+INSERT INTO t1 VALUES
+('0'),('0'),('0'),('0'),('0'),('0'),('0'),('0'),('0'),('0'),
+('0'),('0'),('0'),('0'),('0'),('0'),('0'),('0'),('0'),('0'),
+('0'),('0'),('0'),('0'),('0'),('0'),('0'),('0'),('0'),('0'),
+('0'),('0'),('0'),('0'),('0'),('0'),('0'),('0'),('0'),('0'),
+('0'),('0'),('0'),('0'),('0'),('0'),('0'),('0'),('0'),('0'),
+('0'),('0'),('0'),('0'),('0'),('0'),('0'),('0'),('0'),('0'),
+('0'),('0'),('0'),('0'),('0'),('0'),('0'),('0'),('0'),('0'),
+('0'),('0'),('0'),('0'),('0'),('0'),('0'),('0'),('0'),('0'),
+('0'),('0'),('0'),('0'),('0'),('0'),('0'),('0'),('0'),('0'),
+('0'),('0'),('0'),('0'),('0'),('0'),('0'),('0'),('0'),('0'),
+('0'),('0'),('0'),('0'),('0'),('0'),('0'),('0'),('0'),('0'),
+('0'),('0'),('0'),('0'),('0'),('0'),('0'),('0'),('0'),('0'),
+('0'),('0'),('0'),('0'),('0'),('0'),('0'),('0'),('0'),('0'),
+('0'),('0'),('0'),('0'),('0'),('0'),('0'),('0'),('0'),('0'),
+('0'),('0'),('0'),('0'),('0'),('0'),('0'),('0'),('0'),('0'),
+('0'),('0'),('0'),('0'),('0'),('0'),('0');
+SET myisam_sort_buffer_size=@@global.myisam_sort_buffer_size;
+INSERT INTO t1 VALUES('1');
+SELECT * FROM t1, t1 AS a1 WHERE t1.a=1 AND a1.a=1;
+DROP TABLE t1;
+
 --echo End of 5.1 tests
 
-- 
cgit v1.2.1


From e0aadfd491700fc072ffee1e1612f52fa5fc39b1 Mon Sep 17 00:00:00 2001
From: Sergey Vojtovich <svoj@sun.com>
Date: Fri, 12 Mar 2010 14:43:30 +0400
Subject: BUG#47444 - --myisam_repair_threads>1can result in all            
 index cardinalities=1

Parallel repair didn't poroperly update index cardinality
in certain cases.

When myisam_sort_buffer_size is not enough to store all
keys, index cardinality was updated before index was
actually written, when no index statistic is available.

mysql-test/r/myisam.result:
  A test case for BUG#47444.
mysql-test/t/myisam.test:
  A test case for BUG#47444.
storage/myisam/sort.c:
  update_key_parts() must be called after all index
  entries are written, when index statistic is available.
---
 mysql-test/t/myisam.test | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

(limited to 'mysql-test/t/myisam.test')

diff --git a/mysql-test/t/myisam.test b/mysql-test/t/myisam.test
index 7dcfe058039..4abd7dd2b1b 100644
--- a/mysql-test/t/myisam.test
+++ b/mysql-test/t/myisam.test
@@ -1631,4 +1631,18 @@ INSERT INTO t1 VALUES('1');
 SELECT * FROM t1, t1 AS a1 WHERE t1.a=1 AND a1.a=1;
 DROP TABLE t1;
 
+--echo #
+--echo # BUG#47444 - --myisam_repair_threads>1can result in all index
+--echo #             cardinalities=1
+--echo #
+SET myisam_repair_threads=2;
+SET myisam_sort_buffer_size=4096;
+CREATE TABLE t1(a CHAR(255), KEY(a), KEY(a), KEY(a));
+INSERT INTO t1 VALUES (0),(1),(2),(3),(4),(5),(6),(7),(8),(9),(0),(1),(2),(3);
+REPAIR TABLE t1;
+SELECT CARDINALITY FROM INFORMATION_SCHEMA.STATISTICS WHERE TABLE_SCHEMA='test' AND TABLE_NAME='t1';
+DROP TABLE t1;
+SET myisam_sort_buffer_size=@@global.myisam_sort_buffer_size;
+SET myisam_repair_threads=@@global.myisam_repair_threads;
+
 --echo End of 5.1 tests
-- 
cgit v1.2.1