From 2224e030a9cedab39222abe50c50c9851dc74816 Mon Sep 17 00:00:00 2001 From: "bar@mysql.com/bar.myoffice.izhnet.ru" <> Date: Mon, 8 Oct 2007 12:46:38 +0500 Subject: Bug#27580 SPACE() function collation bug? Problem: when character_set_connection=utf8, mixing SPACE() with a non-Unicode column (e.g. for concat) produced "illegal mix of collations" error. Fix: Item_string() corresponding to space character is now created using "ASCII" repertoire. Previously it was incorrectly created using "UNICODE" repertoure, which didn't allow to convert results of SPACE() to a non-Unicode character set. --- sql/item_create.cc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'sql') diff --git a/sql/item_create.cc b/sql/item_create.cc index 561613032bc..60a17c21521 100644 --- a/sql/item_create.cc +++ b/sql/item_create.cc @@ -361,13 +361,13 @@ Item *create_func_space(Item *a) if (cs->mbminlen > 1) { uint dummy_errors; - sp= new Item_string("",0,cs); + sp= new Item_string("", 0, cs, DERIVATION_COERCIBLE, MY_REPERTOIRE_ASCII); if (sp) sp->str_value.copy(" ", 1, &my_charset_latin1, cs, &dummy_errors); } else { - sp= new Item_string(" ",1,cs); + sp= new Item_string(" ", 1, cs, DERIVATION_COERCIBLE, MY_REPERTOIRE_ASCII); } return sp ? new Item_func_repeat(sp, a) : 0; } -- cgit v1.2.1 From 5e14047e233e62bca79511e3d69ece6ccaa946a3 Mon Sep 17 00:00:00 2001 From: "igor@olga.mysql.com" <> Date: Sat, 26 Jan 2008 21:45:35 -0800 Subject: Fixed bug #33833. Two disjuncts containing equalities of the form key=const1 and key=const2 can be merged into one if const1 is equal to const2. To check it the common collation of the constants were used rather than the collation of the field key. For example when the default collation of the constants was cases insensitive while the collation of the field was case sensitive, then two or-ed equality predicates key='b' and key='B' incorrectly were merged into one f='b'. As a result ref access was used instead of range access and wrong result sets were returned in many cases. Fixed the problem by comparing constant in the or-ed predicate with collation of the key field. --- sql/item.cc | 43 +++++++++++++++++++++++++++++++++++++++++++ sql/item.h | 1 + sql/sql_select.cc | 4 +++- 3 files changed, 47 insertions(+), 1 deletion(-) (limited to 'sql') diff --git a/sql/item.cc b/sql/item.cc index 713e7709bcb..182632bb40f 100644 --- a/sql/item.cc +++ b/sql/item.cc @@ -4302,6 +4302,49 @@ String *Item::check_well_formed_result(String *str, bool send_error) return str; } +/* + Compare two items using a given collation + + SYNOPSIS + eq_by_collation() + item item to compare with + binary_cmp TRUE <-> compare as binaries + cs collation to use when comparing strings + + DESCRIPTION + This method works exactly as Item::eq if the collation cs coincides with + the collation of the compared objects. Otherwise, first the collations that + differ from cs are replaced for cs and then the items are compared by + Item::eq. After the comparison the original collations of items are + restored. + + RETURN + 1 compared items has been detected as equal + 0 otherwise +*/ + +bool Item::eq_by_collation(Item *item, bool binary_cmp, CHARSET_INFO *cs) +{ + CHARSET_INFO *save_cs= 0; + CHARSET_INFO *save_item_cs= 0; + if (collation.collation != cs) + { + save_cs= collation.collation; + collation.collation= cs; + } + if (item->collation.collation != cs) + { + save_item_cs= item->collation.collation; + item->collation.collation= cs; + } + bool res= eq(item, binary_cmp); + if (save_cs) + collation.collation= save_cs; + if (save_item_cs) + item->collation.collation= save_item_cs; + return res; +} + /* Create a field to hold a string value from an item diff --git a/sql/item.h b/sql/item.h index 5f511557f47..f87499f23e3 100644 --- a/sql/item.h +++ b/sql/item.h @@ -873,6 +873,7 @@ public: virtual Field::geometry_type get_geometry_type() const { return Field::GEOM_GEOMETRY; }; String *check_well_formed_result(String *str, bool send_error= 0); + bool eq_by_collation(Item *item, bool binary_cmp, CHARSET_INFO *cs); }; diff --git a/sql/sql_select.cc b/sql/sql_select.cc index 87935b5548f..bdea25ab99d 100644 --- a/sql/sql_select.cc +++ b/sql/sql_select.cc @@ -2887,7 +2887,9 @@ merge_key_fields(KEY_FIELD *start,KEY_FIELD *new_fields,KEY_FIELD *end, } } else if (old->eq_func && new_fields->eq_func && - old->val->eq(new_fields->val, old->field->binary())) + old->val->eq_by_collation(new_fields->val, + old->field->binary(), + old->field->charset())) { old->level= and_level; -- cgit v1.2.1 From 3b5c25ba656187eac5c20625cdc3a93e22f2eb93 Mon Sep 17 00:00:00 2001 From: "svoj@mysql.com/april.(none)" <> Date: Thu, 31 Jan 2008 18:51:20 +0400 Subject: BUG#22989 - START SLAVE causes Error on COM_REGISTER_SLAVE: 1105 'Wrong parameters to functi START SLAVE reports vague error when it fails to register on master: "Wrong parameters to function register_slave". If master failed to register slave because of too long 'report-host'/'report-user'/'report-password', return better error messages: "Failed to register slave: too long 'report-host'" "Failed to register slave: too long 'report-user'" "Failed to register slave; too long 'report-password'" No test case for this fix. --- sql/repl_failsafe.cc | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) (limited to 'sql') diff --git a/sql/repl_failsafe.cc b/sql/repl_failsafe.cc index 896315ec82f..f1826678c9f 100644 --- a/sql/repl_failsafe.cc +++ b/sql/repl_failsafe.cc @@ -109,11 +109,14 @@ void change_rpl_status(RPL_STATUS from_status, RPL_STATUS to_status) } -#define get_object(p, obj) \ +#define get_object(p, obj, msg) \ {\ uint len = (uint)*p++; \ if (p + len > p_end || len >= sizeof(obj)) \ + {\ + errmsg= msg;\ goto err; \ + }\ strmake(obj,(char*) p,len); \ p+= len; \ }\ @@ -158,6 +161,7 @@ int register_slave(THD* thd, uchar* packet, uint packet_length) int res; SLAVE_INFO *si; uchar *p= packet, *p_end= packet + packet_length; + const char *errmsg= "Wrong parameters to function register_slave"; if (check_access(thd, REPL_SLAVE_ACL, any_db,0,0,0,0)) return 1; @@ -166,9 +170,9 @@ int register_slave(THD* thd, uchar* packet, uint packet_length) thd->server_id= si->server_id= uint4korr(p); p+= 4; - get_object(p,si->host); - get_object(p,si->user); - get_object(p,si->password); + get_object(p,si->host, "Failed to register slave: too long 'report-host'"); + get_object(p,si->user, "Failed to register slave: too long 'report-user'"); + get_object(p,si->password, "Failed to register slave; too long 'report-password'"); if (p+10 > p_end) goto err; si->port= uint2korr(p); @@ -187,8 +191,7 @@ int register_slave(THD* thd, uchar* packet, uint packet_length) err: my_free((gptr) si, MYF(MY_WME)); - my_message(ER_UNKNOWN_ERROR, "Wrong parameters to function register_slave", - MYF(0)); + my_message(ER_UNKNOWN_ERROR, errmsg, MYF(0)); err2: return 1; } -- cgit v1.2.1 From f967e24718e72b13d5e3c4ae11c80d5012432c4f Mon Sep 17 00:00:00 2001 From: "evgen@moonbone.local" <> Date: Thu, 31 Jan 2008 23:46:26 +0300 Subject: Bug#30787: Stored function ignores user defined alias. Simple subselects are pulled into upper selects. This operation substitutes the pulled subselect for the first item from the select list of the subselect. If an alias is defined for a subselect it is inherited by the replacement item. As this is done after fix_fields phase this alias isn't showed if the replacement item is a stored function. This happens because the Item_func_sp::make_field function makes send field from its result_field and ignores the defined alias. Now when an alias is defined the Item_func_sp::make_field function sets it for the returned field. --- sql/item_func.cc | 2 ++ 1 file changed, 2 insertions(+) (limited to 'sql') diff --git a/sql/item_func.cc b/sql/item_func.cc index 639e069d24e..dbde4237511 100644 --- a/sql/item_func.cc +++ b/sql/item_func.cc @@ -5515,6 +5515,8 @@ Item_func_sp::make_field(Send_field *tmp_field) DBUG_ENTER("Item_func_sp::make_field"); DBUG_ASSERT(sp_result_field); sp_result_field->make_field(tmp_field); + if (name) + tmp_field->col_name= name; DBUG_VOID_RETURN; } -- cgit v1.2.1 From 663453d572cdce425787885cf25b6a547b6f2bb1 Mon Sep 17 00:00:00 2001 From: "kaa@mbp.local" <> Date: Fri, 1 Feb 2008 13:00:40 +0500 Subject: Fix for bug #25162: Backing up DB from 5.1 adds 'USING BTREE' to KEYs on table creates The problem was in incompatible syntax for key definition in CREATE TABLE. 5.0 supports only the following syntax for key definition (see "CREATE TABLE syntax" in the manual): {INDEX|KEY} [index_name] [index_type] (index_col_name,...) While 5.1 parser supports the above syntax, the "preferred" syntax was changed to: {INDEX|KEY} [index_name] (index_col_name,...) [index_type] The above syntax is used in 5.1 for the SHOW CREATE TABLE output, which led to dumps generated by 5.1 being incompatible with 5.0. Fixed by changing the parser in 5.0 to support both 5.0 and 5.1 syntax for key definition. --- sql/sql_yacc.yy | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'sql') diff --git a/sql/sql_yacc.yy b/sql/sql_yacc.yy index c4aca1df7ec..af57fbdb108 100644 --- a/sql/sql_yacc.yy +++ b/sql/sql_yacc.yy @@ -2982,15 +2982,15 @@ column_def: ; key_def: - key_type opt_ident key_alg '(' key_list ')' + key_type opt_ident key_alg '(' key_list ')' key_alg { LEX *lex=Lex; - Key *key= new Key($1, $2, $3, 0, lex->col_list); + Key *key= new Key($1, $2, $7 ? $7 : $3, 0, lex->col_list); lex->alter_info.key_list.push_back(key); lex->col_list.empty(); /* Alloced by sql_alloc */ } - | opt_constraint constraint_key_type opt_ident key_alg '(' key_list ')' + | opt_constraint constraint_key_type opt_ident key_alg '(' key_list ')' key_alg { LEX *lex=Lex; const char *key_name= $3 ? $3:$1; -- cgit v1.2.1 From 991b48200e18d81bbaaefa48f94692e01a848027 Mon Sep 17 00:00:00 2001 From: "aelkin/elkin@koti.dsl.inet.fi" <> Date: Mon, 4 Feb 2008 16:35:41 +0200 Subject: Bug #32790 crash in trigger.test with InnoDB for a table the reason for the failure were incorrect asserts. Removing asserts altogether as there is no the implication does not hold (as explained in the comments for the file). --- sql/sql_delete.cc | 4 ---- 1 file changed, 4 deletions(-) (limited to 'sql') diff --git a/sql/sql_delete.cc b/sql/sql_delete.cc index a28a39a769d..52e3ab73de0 100644 --- a/sql/sql_delete.cc +++ b/sql/sql_delete.cc @@ -730,8 +730,6 @@ void multi_delete::send_error(uint errcode,const char *err) } thd->transaction.all.modified_non_trans_table= true; } - DBUG_ASSERT(!normal_tables || !deleted || - thd->transaction.stmt.modified_non_trans_table); DBUG_VOID_RETURN; } @@ -839,8 +837,6 @@ bool multi_delete::send_eof() { query_cache_invalidate3(thd, delete_tables, 1); } - DBUG_ASSERT(!normal_tables || !deleted || - thd->transaction.stmt.modified_non_trans_table); if ((local_error == 0) || thd->transaction.stmt.modified_non_trans_table) { if (mysql_bin_log.is_open()) -- cgit v1.2.1 From 7880fade24dec704a5df54d0278f4aae905fc7a5 Mon Sep 17 00:00:00 2001 From: "aelkin/elkin@koti.dsl.inet.fi" <> Date: Mon, 4 Feb 2008 16:37:41 +0200 Subject: Bug#33329 extraneous ROLLBACK in binlog on connection does not use trans tables There had been two issues. Rollback statement was recorded in binlog even though a multi-update had not modified any non-transactional table. The reason for this artifact was a false initial value of multi_update::transactional_tables. Yet another artifact that explained on the bug page is that `ha_autocommit_or_rollback' works differently depending on whether a transaction engine has been compiled in. Fixed: with setting multi_update::transactional_tables to zero at initialization time. Multi-update on non-trans table won't cause ROLLBACK in binlog with either compilation option. The 2nd mentioned artifact comprises a self-standing issue (to be reported separately). --- sql/sql_update.cc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'sql') diff --git a/sql/sql_update.cc b/sql/sql_update.cc index 84349a40977..e5017058659 100644 --- a/sql/sql_update.cc +++ b/sql/sql_update.cc @@ -979,7 +979,7 @@ multi_update::multi_update(TABLE_LIST *table_list, tmp_tables(0), updated(0), found(0), fields(field_list), values(value_list), table_count(0), copy_field(0), handle_duplicates(handle_duplicates_arg), do_update(1), trans_safe(1), - transactional_tables(1), ignore(ignore_arg), error_handled(0) + transactional_tables(0), ignore(ignore_arg), error_handled(0) {} -- cgit v1.2.1 From 9928dac5f359444d195591741da495cf769b272c Mon Sep 17 00:00:00 2001 From: "tnurnberg@blasphemy.intern.azundris.com" <> Date: Tue, 5 Feb 2008 12:56:49 +0100 Subject: Bug#21567: mysqld doesn't react to Ctrl-C when run under GDB even with the --gdb option Don't block SIGINT (Control-C) when --gdb is passed to mysqld. Was broken at least on OS X. (kudos to Mattias Jonsson) --- sql/mysqld.cc | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) (limited to 'sql') diff --git a/sql/mysqld.cc b/sql/mysqld.cc index 08c2b60fa79..2f65597e2b7 100644 --- a/sql/mysqld.cc +++ b/sql/mysqld.cc @@ -2211,10 +2211,6 @@ static void init_signals(void) struct sigaction sa; DBUG_ENTER("init_signals"); - if (test_flags & TEST_SIGINT) - { - my_sigset(thr_kill_signal, end_thread_signal); - } my_sigset(THR_SERVER_ALARM,print_signal_warning); // Should never be called! if (!(test_flags & TEST_NO_STACKTRACE) || (test_flags & TEST_CORE_ON_SIGNAL)) @@ -2251,7 +2247,6 @@ static void init_signals(void) (void) sigemptyset(&set); my_sigset(SIGPIPE,SIG_IGN); sigaddset(&set,SIGPIPE); - sigaddset(&set,SIGINT); #ifndef IGNORE_SIGHUP_SIGQUIT sigaddset(&set,SIGQUIT); sigaddset(&set,SIGHUP); @@ -2273,9 +2268,12 @@ static void init_signals(void) sigaddset(&set,THR_SERVER_ALARM); if (test_flags & TEST_SIGINT) { + my_sigset(thr_kill_signal, end_thread_signal); // May be SIGINT sigdelset(&set, thr_kill_signal); } + else + sigaddset(&set,SIGINT); sigprocmask(SIG_SETMASK,&set,NULL); pthread_sigmask(SIG_SETMASK,&set,NULL); DBUG_VOID_RETURN; -- cgit v1.2.1 From 8715855aa056013f418fd9c055e6f0d8badf58a3 Mon Sep 17 00:00:00 2001 From: "gshchepa/uchum@host.loc" <> Date: Thu, 7 Feb 2008 02:33:21 +0400 Subject: Fixed bug#30059. Server handles truncation for assignment of too-long values into CHAR/VARCHAR/TEXT columns in a different ways when the truncated characters are spaces: 1. CHAR(N) columns silently ignore end-space truncation; 2. TEXT columns post a truncation warning/error in the non-strict/strict mode. 3. VARCHAR columns always post a truncation note in any mode. Space truncation processing has been synchronised over CHAR/VARCHAR/TEXT columns: current behavior of VARCHAR columns has been propagated as standard. Binary-encoded string/BLOB columns are not affected. --- sql/field.cc | 74 +++++++++++++++++++++++++----------------------------------- sql/field.h | 2 ++ 2 files changed, 33 insertions(+), 43 deletions(-) (limited to 'sql') diff --git a/sql/field.cc b/sql/field.cc index f1e2b6a4f27..3753318b8fa 100644 --- a/sql/field.cc +++ b/sql/field.cc @@ -5861,26 +5861,41 @@ check_string_copy_error(Field_str *field, } - /* - Send a truncation warning or a truncation error - after storing a too long character string info a field. + Check if we lost any important data and send a truncation error/warning SYNOPSIS - report_data_too_long() - field - Field + Field_longstr::report_if_important_data() + ptr - Truncated rest of string + end - End of truncated string - RETURN - N/A + RETURN VALUES + 0 - None was truncated (or we don't count cut fields) + 2 - Some bytes was truncated + + NOTE + Check if we lost any important data (anything in a binary string, + or any non-space in others). If only trailing spaces was lost, + send a truncation note, otherwise send a truncation error. */ -inline void -report_data_too_long(Field_str *field) +int +Field_longstr::report_if_important_data(const char *ptr, const char *end) { - if (field->table->in_use->abort_on_warning) - field->set_warning(MYSQL_ERROR::WARN_LEVEL_ERROR, ER_DATA_TOO_LONG, 1); - else - field->set_warning(MYSQL_ERROR::WARN_LEVEL_WARN, WARN_DATA_TRUNCATED, 1); + if ((ptr < end) && table->in_use->count_cuted_fields) + { + if (test_if_important_data(field_charset, ptr, end)) + { + if (table->in_use->abort_on_warning) + set_warning(MYSQL_ERROR::WARN_LEVEL_ERROR, ER_DATA_TOO_LONG, 1); + else + set_warning(MYSQL_ERROR::WARN_LEVEL_WARN, WARN_DATA_TRUNCATED, 1); + } + else /* If we lost only spaces then produce a NOTE, not a WARNING */ + set_warning(MYSQL_ERROR::WARN_LEVEL_NOTE, WARN_DATA_TRUNCATED, 1); + return 2; + } + return 0; } @@ -5914,19 +5929,7 @@ int Field_string::store(const char *from,uint length,CHARSET_INFO *cs) cannot_convert_error_pos, from + length)) return 2; - /* - Check if we lost any important data (anything in a binary string, - or any non-space in others). - */ - if ((from_end_pos < from + length) && table->in_use->count_cuted_fields) - { - if (test_if_important_data(field_charset, from_end_pos, from + length)) - { - report_data_too_long(this); - return 2; - } - } - return 0; + return report_if_important_data(from_end_pos, from + length); } @@ -6385,16 +6388,7 @@ int Field_varstring::store(const char *from,uint length,CHARSET_INFO *cs) cannot_convert_error_pos, from + length)) return 2; - // Check if we lost something other than just trailing spaces - if ((from_end_pos < from + length) && table->in_use->count_cuted_fields) - { - if (test_if_important_data(field_charset, from_end_pos, from + length)) - report_data_too_long(this); - else /* If we lost only spaces then produce a NOTE, not a WARNING */ - set_warning(MYSQL_ERROR::WARN_LEVEL_NOTE, WARN_DATA_TRUNCATED, 1); - return 2; - } - return 0; + return report_if_important_data(from_end_pos, from + length); } @@ -7030,13 +7024,7 @@ int Field_blob::store(const char *from,uint length,CHARSET_INFO *cs) cannot_convert_error_pos, from + length)) return 2; - if (from_end_pos < from + length) - { - report_data_too_long(this); - return 2; - } - - return 0; + return report_if_important_data(from_end_pos, from + length); oom_error: /* Fatal OOM error */ diff --git a/sql/field.h b/sql/field.h index d681229a9fd..c82d65147ac 100644 --- a/sql/field.h +++ b/sql/field.h @@ -454,6 +454,8 @@ public: class Field_longstr :public Field_str { +protected: + int report_if_important_data(const char *ptr, const char *end); public: Field_longstr(char *ptr_arg, uint32 len_arg, uchar *null_ptr_arg, uchar null_bit_arg, utype unireg_check_arg, -- cgit v1.2.1 From 8adc63ad36b6294aba50a43065996525cc73ee2b Mon Sep 17 00:00:00 2001 From: "gshchepa/uchum@host.loc" <> Date: Thu, 7 Feb 2008 04:14:50 +0400 Subject: Fixed bug#34223: Failure on assignment to my_innodb_autoextend_increment and my_innodb_commit_concurrency global variables. Type of the my_innodb_autoextend_increment and the my_innodb_commit_concurrency variables has been changed to GET_ULONG. --- sql/mysqld.cc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'sql') diff --git a/sql/mysqld.cc b/sql/mysqld.cc index 693b72f5c98..f98b09f4ef6 100644 --- a/sql/mysqld.cc +++ b/sql/mysqld.cc @@ -5798,7 +5798,7 @@ log and this option does nothing anymore.", "Data file autoextend increment in megabytes", (gptr*) &srv_auto_extend_increment, (gptr*) &srv_auto_extend_increment, - 0, GET_LONG, REQUIRED_ARG, 8L, 1L, 1000L, 0, 1L, 0}, + 0, GET_ULONG, REQUIRED_ARG, 8L, 1L, 1000L, 0, 1L, 0}, {"innodb_buffer_pool_awe_mem_mb", OPT_INNODB_BUFFER_POOL_AWE_MEM_MB, "If Windows AWE is used, the size of InnoDB buffer pool allocated from the AWE memory.", (gptr*) &innobase_buffer_pool_awe_mem_mb, (gptr*) &innobase_buffer_pool_awe_mem_mb, 0, @@ -5811,7 +5811,7 @@ log and this option does nothing anymore.", {"innodb_commit_concurrency", OPT_INNODB_COMMIT_CONCURRENCY, "Helps in performance tuning in heavily concurrent environments.", (gptr*) &srv_commit_concurrency, (gptr*) &srv_commit_concurrency, - 0, GET_LONG, REQUIRED_ARG, 0, 0, 1000, 0, 1, 0}, + 0, GET_ULONG, REQUIRED_ARG, 0, 0, 1000, 0, 1, 0}, {"innodb_concurrency_tickets", OPT_INNODB_CONCURRENCY_TICKETS, "Number of times a thread is allowed to enter InnoDB within the same \ SQL query after it has once got the ticket", -- cgit v1.2.1 From 954a16c6d3f7bfd4f5be5d8fa4e933526293bf34 Mon Sep 17 00:00:00 2001 From: "sergefp@mysql.com" <> Date: Thu, 7 Feb 2008 05:10:04 +0300 Subject: BUG#27732 "Possible memory leak with index_merge" The bug was that handler::clone/handler::ha_open() call caused allocation of cloned_copy->ref on the handler->table->mem_root. The allocated memory could not be reclaimed until the table is flushed, so it was possible to exhaust memory by repeatedly running index_merge queries without doing table flushes. The fix: - make handler::clone() allocate new_handler->ref on the passed mem_root - make handler::ha_open() not allocate this->ref if it has already been allocated There is no testcase as it is not possible to check small leaks from testsuite. --- sql/handler.cc | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) (limited to 'sql') diff --git a/sql/handler.cc b/sql/handler.cc index 27204ae725b..bfad10f986f 100644 --- a/sql/handler.cc +++ b/sql/handler.cc @@ -1381,6 +1381,13 @@ int ha_delete_table(THD *thd, enum db_type table_type, const char *path, handler *handler::clone(MEM_ROOT *mem_root) { handler *new_handler= get_new_handler(table, mem_root, table->s->db_type); + /* + Allocate handler->ref here because otherwise ha_open will allocate it + on this->table->mem_root and we will not be able to reclaim that memory + when the clone handler object is destroyed. + */ + if (!(new_handler->ref= (byte*) alloc_root(mem_root, ALIGN_SIZE(ref_length)*2))) + return NULL; if (new_handler && !new_handler->ha_open(table->s->path, table->db_stat, HA_OPEN_IGNORE_IF_LOCKED)) return new_handler; @@ -1420,8 +1427,9 @@ int handler::ha_open(const char *name, int mode, int test_if_locked) (void) extra(HA_EXTRA_NO_READCHECK); // Not needed in SQL DBUG_ASSERT(alloc_root_inited(&table->mem_root)); - - if (!(ref= (byte*) alloc_root(&table->mem_root, ALIGN_SIZE(ref_length)*2))) + /* ref is already allocated for us if we're called from handler::clone() */ + if (!ref && !(ref= (byte*) alloc_root(&table->mem_root, + ALIGN_SIZE(ref_length)*2))) { close(); error=HA_ERR_OUT_OF_MEM; -- cgit v1.2.1 From a927bdbe3e07a6b3e6f7fb57d3741f764a3561af Mon Sep 17 00:00:00 2001 From: "evgen@sunlight.local" <> Date: Fri, 8 Feb 2008 13:35:00 +0300 Subject: Bug#31590: Wrong error message on sort buffer being too small. The out of memory error was thrown when the sort buffer size were too small. This led to a user confusion. Now filesort throws the error message about sort buffer being too small. --- sql/filesort.cc | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'sql') diff --git a/sql/filesort.cc b/sql/filesort.cc index 43b079e83d5..a85f9caefbe 100644 --- a/sql/filesort.cc +++ b/sql/filesort.cc @@ -215,8 +215,7 @@ ha_rows filesort(THD *thd, TABLE *table, SORT_FIELD *sortorder, uint s_length, sort_keys= table_sort.sort_keys; if (memavl < min_sort_memory) { - my_error(ER_OUTOFMEMORY,MYF(ME_ERROR+ME_WAITTANG), - thd->variables.sortbuff_size); + my_error(ER_OUT_OF_SORTMEMORY,MYF(ME_ERROR+ME_WAITTANG)); goto err; } if (open_cached_file(&buffpek_pointers,mysql_tmpdir,TEMP_PREFIX, -- cgit v1.2.1 From 2e9f2b678c278b38c0c21334d4410a4959020f2c Mon Sep 17 00:00:00 2001 From: "gshchepa/uchum@host.loc" <> Date: Fri, 8 Feb 2008 16:04:01 +0400 Subject: Fixed bug#15409: Columns with 64-element SET may not be updated with integers. SET column storing procedure has been modified to be 64bit-clean. --- sql/field.cc | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'sql') diff --git a/sql/field.cc b/sql/field.cc index 3753318b8fa..53eafcaf2cc 100644 --- a/sql/field.cc +++ b/sql/field.cc @@ -7871,10 +7871,10 @@ int Field_set::store(const char *from,uint length,CHARSET_INFO *cs) int Field_set::store(longlong nr, bool unsigned_val) { int error= 0; - if ((ulonglong) nr > (ulonglong) (((longlong) 1 << typelib->count) - - (longlong) 1)) + ulonglong max_nr= set_bits(ulonglong, typelib->count); + if ((ulonglong) nr > max_nr) { - nr&= (longlong) (((longlong) 1 << typelib->count) - (longlong) 1); + nr&= max_nr; set_warning(MYSQL_ERROR::WARN_LEVEL_WARN, WARN_DATA_TRUNCATED, 1); error=1; } -- cgit v1.2.1 From 97c105cc17b79ff8c2a55e0619a7c737e789f071 Mon Sep 17 00:00:00 2001 From: "kaa@mbp." <> Date: Tue, 12 Feb 2008 12:43:55 +0300 Subject: Fix for bug #33389: Selecting from a view into a table from within SP or trigger crashes server Under some circumstances a combination of VIEWs, subselects with outer references and PS/SP/triggers could lead to use of uninitialized memory and server crash as a result. Fixed by changing the code in Item_field::fix_fields() so that in cases when the field is a VIEW reference, we first check whether the field is also an outer reference, and mark it appropriately before returning. --- sql/item.cc | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) (limited to 'sql') diff --git a/sql/item.cc b/sql/item.cc index 713e7709bcb..8283e1a13d3 100644 --- a/sql/item.cc +++ b/sql/item.cc @@ -3903,6 +3903,18 @@ bool Item_field::fix_fields(THD *thd, Item **reference) else if (!from_field) goto error; + if (!outer_fixed && cached_table && cached_table->select_lex && + context->select_lex && + cached_table->select_lex != context->select_lex) + { + int ret; + if ((ret= fix_outer_field(thd, &from_field, reference)) < 0) + goto error; + else if (!ret) + return FALSE; + outer_fixed= 1; + } + /* if it is not expression from merged VIEW we will set this field. @@ -3918,18 +3930,6 @@ bool Item_field::fix_fields(THD *thd, Item **reference) if (from_field == view_ref_found) return FALSE; - if (!outer_fixed && cached_table && cached_table->select_lex && - context->select_lex && - cached_table->select_lex != context->select_lex) - { - int ret; - if ((ret= fix_outer_field(thd, &from_field, reference)) < 0) - goto error; - else if (!ret) - return FALSE; - outer_fixed= 1; - } - set_field(from_field); if (thd->lex->in_sum_func && thd->lex->in_sum_func->nest_level == -- cgit v1.2.1 From 22072c5c5777c94adc8c7fb694d4679837883dfd Mon Sep 17 00:00:00 2001 From: "aelkin/andrei@mysql1000.dsl.inet.fi" <> Date: Wed, 13 Feb 2008 14:09:41 +0200 Subject: Bug #33931 assertion at write_ignored_events_info_to_relay_log if init_slave_thread() fails and bug#33932 assertion at handle_slave_sql if init_slave_thread() fails the asserts were caused by bug33931: having thd deleted at time of executing err: code plus a missed initialization; bug33932: initialization of slave_is_running member was missed; fixed with relocating mi members initialization and removing delete thd It is safe to do as deletion happens later explicitly in the caller of init_slave_thread(). Todo: at merging the test is better to be moved into suite/bugs for 5.x (when x>0). --- sql/slave.cc | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) (limited to 'sql') diff --git a/sql/slave.cc b/sql/slave.cc index 4a65e9aaa85..272d6f117e9 100644 --- a/sql/slave.cc +++ b/sql/slave.cc @@ -2895,6 +2895,9 @@ void set_slave_thread_default_charset(THD* thd, RELAY_LOG_INFO *rli) static int init_slave_thread(THD* thd, SLAVE_THD_TYPE thd_type) { DBUG_ENTER("init_slave_thread"); +#if !defined(DBUG_OFF) + int simulate_error= 0; +#endif thd->system_thread = (thd_type == SLAVE_THD_SQL) ? SYSTEM_THREAD_SLAVE_SQL : SYSTEM_THREAD_SLAVE_IO; thd->security_ctx->skip_grants(); @@ -2914,10 +2917,17 @@ static int init_slave_thread(THD* thd, SLAVE_THD_TYPE thd_type) thd->thread_id = thread_id++; pthread_mutex_unlock(&LOCK_thread_count); + DBUG_EXECUTE_IF("simulate_io_slave_error_on_init", + simulate_error|= (1 << SLAVE_THD_IO);); + DBUG_EXECUTE_IF("simulate_sql_slave_error_on_init", + simulate_error|= (1 << SLAVE_THD_SQL);); +#if !defined(DBUG_OFF) + if (init_thr_lock() || thd->store_globals() || simulate_error & (1<< thd_type)) +#else if (init_thr_lock() || thd->store_globals()) +#endif { thd->cleanup(); - delete thd; DBUG_RETURN(-1); } @@ -3515,6 +3525,7 @@ slave_begin: thd= new THD; // note that contructor of THD uses DBUG_ ! THD_CHECK_SENTRY(thd); + mi->io_thd = thd; pthread_detach_this_thread(); thd->thread_stack= (char*) &thd; // remember where our stack is @@ -3525,7 +3536,6 @@ slave_begin: sql_print_error("Failed during slave I/O thread initialization"); goto err; } - mi->io_thd = thd; pthread_mutex_lock(&LOCK_thread_count); threads.append(thd); pthread_mutex_unlock(&LOCK_thread_count); @@ -3865,9 +3875,11 @@ slave_begin: thd = new THD; // note that contructor of THD uses DBUG_ ! thd->thread_stack = (char*)&thd; // remember where our stack is + rli->sql_thd= thd; /* Inform waiting threads that slave has started */ rli->slave_run_id++; + rli->slave_running = 1; pthread_detach_this_thread(); if (init_slave_thread(thd, SLAVE_THD_SQL)) @@ -3882,7 +3894,6 @@ slave_begin: goto err; } thd->init_for_queries(); - rli->sql_thd= thd; thd->temporary_tables = rli->save_temporary_tables; // restore temp tables pthread_mutex_lock(&LOCK_thread_count); threads.append(thd); @@ -3895,7 +3906,6 @@ slave_begin: start receiving data so we realize we are not caught up and Seconds_Behind_Master grows. No big deal. */ - rli->slave_running = 1; rli->abort_slave = 0; pthread_mutex_unlock(&rli->run_lock); pthread_cond_broadcast(&rli->start_cond); -- cgit v1.2.1 From 8f6ecbca829b558f3a977a4d4104610535999eba Mon Sep 17 00:00:00 2001 From: "gshchepa/uchum@host.loc" <> Date: Wed, 13 Feb 2008 19:32:19 +0400 Subject: Fixed bug#33764: Wrong result with IN(), CONCAT() and implicit type conversion. Instead of copying of whole character string from a temporary buffer, the server copied a short-living pointer to that string into a long-living structure. That has been fixed. --- sql/item_cmpfunc.cc | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'sql') diff --git a/sql/item_cmpfunc.cc b/sql/item_cmpfunc.cc index 98bcb256138..17345e76bba 100644 --- a/sql/item_cmpfunc.cc +++ b/sql/item_cmpfunc.cc @@ -2995,7 +2995,10 @@ void in_string::set(uint pos,Item *item) { if (res->uses_buffer_owned_by(str)) res->copy(); - *str= *res; + if (item->type() == Item::FUNC_ITEM) + str->copy(*res); + else + *str= *res; } if (!str->charset()) { -- cgit v1.2.1 From 18770a0de850da1ced460ac117e253c6b6cd0c5d Mon Sep 17 00:00:00 2001 From: "gshchepa/uchum@host.loc" <> Date: Wed, 13 Feb 2008 19:34:12 +0400 Subject: Fixed bug#31194: Privilege ordering does not order properly for wildcard values. The server ignored escape character before wildcards during the calculation of priority values for sorting of a privilege list. (Actually the server counted an escape character as an ordinary wildcard like % or _). I.e. the table name template with a wildcard character like 'tbl_1' had higher priority in a privilege list than concrete table name without wildcards like 'tbl\_1', and some privileges of 'tbl\_1' was hidden by privileges for 'tbl_1'. The get_sort function has been modified to ignore escaped wildcards as usual. --- sql/sql_acl.cc | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'sql') diff --git a/sql/sql_acl.cc b/sql/sql_acl.cc index 134541368e9..851af35da32 100644 --- a/sql/sql_acl.cc +++ b/sql/sql_acl.cc @@ -668,7 +668,9 @@ static ulong get_sort(uint count,...) { for (; *str ; str++) { - if (*str == wild_many || *str == wild_one || *str == wild_prefix) + if (*str == wild_prefix && str[1]) + str++; + else if (*str == wild_many || *str == wild_one) { wild_pos= (uint) (str - start) + 1; break; -- cgit v1.2.1 From 7fa875e42bdcfb48e176c883c071cc5644d0c0ec Mon Sep 17 00:00:00 2001 From: "svoj@mysql.com/april.(none)" <> Date: Thu, 14 Feb 2008 16:27:01 +0400 Subject: BUG#33946 - Join on Federated tables with Unique index gives error 1430 from storage engine Federated may crash a server, return wrong result set, return "ERROR 1030 (HY000): Got error 1430 from storage engine" message when local (engine=federated) table has a key against nullable column. The problem was wrong implementation of function that creates WHERE clause for remote query from key. --- sql/ha_federated.cc | 22 +++++++++++++++++++--- 1 file changed, 19 insertions(+), 3 deletions(-) (limited to 'sql') diff --git a/sql/ha_federated.cc b/sql/ha_federated.cc index ac1e0962ffb..c0743bd6c9a 100644 --- a/sql/ha_federated.cc +++ b/sql/ha_federated.cc @@ -1094,10 +1094,20 @@ bool ha_federated::create_where_from_key(String *to, { if (*ptr++) { + /* + We got "IS [NOT] NULL" condition against nullable column. We + distinguish between "IS NOT NULL" and "IS NULL" by flag. For + "IS NULL", flag is set to HA_READ_KEY_EXACT. + */ if (emit_key_part_name(&tmp, key_part) || - tmp.append(FEDERATED_ISNULL)) + tmp.append(ranges[i]->flag == HA_READ_KEY_EXACT ? + FEDERATED_ISNULL : " IS NOT NULL ")) DBUG_RETURN(1); - continue; + /* + We need to adjust pointer and length to be prepared for next + key part. As well as check if this was last key part. + */ + goto prepare_for_next_key_part; } } @@ -1199,12 +1209,18 @@ bool ha_federated::create_where_from_key(String *to, if (tmp.append(FEDERATED_CLOSEPAREN)) DBUG_RETURN(1); +prepare_for_next_key_part: if (store_length >= length) break; DBUG_PRINT("info", ("remainder %d", remainder)); DBUG_ASSERT(remainder > 1); length-= store_length; - ptr+= store_length; + /* + For nullable columns, null-byte is already skipped before, that is + ptr was incremented by 1. Since store_length still counts null-byte, + we need to subtract 1 from store_length. + */ + ptr+= store_length - test(key_part->null_bit); if (tmp.append(FEDERATED_AND)) DBUG_RETURN(1); -- cgit v1.2.1 From 871eb3e5adc5f61918d74c307e145d9bf1ee3791 Mon Sep 17 00:00:00 2001 From: "aelkin/andrei@mysql1000.dsl.inet.fi" <> Date: Thu, 14 Feb 2008 16:28:32 +0200 Subject: bug#33329 extraneous ROLLBACK in binlog on connection does not use trans tables changes for an assert and an updated results file. --- sql/sql_update.cc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'sql') diff --git a/sql/sql_update.cc b/sql/sql_update.cc index e5017058659..9c82bde9497 100644 --- a/sql/sql_update.cc +++ b/sql/sql_update.cc @@ -1482,7 +1482,7 @@ void multi_update::send_error(uint errcode,const char *err) if (trans_safe) { - DBUG_ASSERT(transactional_tables); + DBUG_ASSERT(!updated || transactional_tables); (void) ha_autocommit_or_rollback(thd, 1); } else -- cgit v1.2.1 From fe6d4aef3a692847cc908f6970f8c7c778484ff0 Mon Sep 17 00:00:00 2001 From: "ramil/ram@mysql.com/ramil.myoffice.izhnet.ru" <> Date: Fri, 15 Feb 2008 16:03:54 +0400 Subject: Fix for bug #33304: Test 'func_group' hangs on Mac OS X 10.4 PowerPC 64-bit Problem: SLEEP(0) never returns on 64-bit Mac OS X due to a bug in pthread_cond_timedwait(). Fix: when given a very short timeout just return immediately. --- sql/item_func.cc | 12 ++++++++++++ 1 file changed, 12 insertions(+) (limited to 'sql') diff --git a/sql/item_func.cc b/sql/item_func.cc index 639e069d24e..e20b0762ea2 100644 --- a/sql/item_func.cc +++ b/sql/item_func.cc @@ -3729,6 +3729,18 @@ longlong Item_func_sleep::val_int() DBUG_ASSERT(fixed == 1); double time= args[0]->val_real(); + /* + On 64-bit OSX pthread_cond_timedwait() waits forever + if passed abstime time has already been exceeded by + the system time. + When given a very short timeout (< 10 mcs) just return + immediately. + We assume that the lines between this test and the call + to pthread_cond_timedwait() will be executed in less than 0.00001 sec. + */ + if (time < 0.00001) + return 0; + set_timespec_nsec(abstime, (ulonglong)(time * ULL(1000000000))); pthread_cond_init(&cond, NULL); -- cgit v1.2.1 From 490ec62be470508b007b0edfd3d35421bb359a4e Mon Sep 17 00:00:00 2001 From: "gkodinov/kgeorge@magare.gmz" <> Date: Fri, 15 Feb 2008 15:47:32 +0200 Subject: Bug #31887: DML Select statement not returning same results when executed in version 5 Zero fill is a field attribute only. So we can't always propagate constants for zerofill fields : the values and expression results don't have that flag. Fixed by converting the const value to a string and using that in const propagation when the context allows it. Disable const propagation for fields with ZEROFILL flag in all the other cases. --- sql/item.cc | 31 +++++++++++++++++++++++++++++++ sql/mysql_priv.h | 1 + 2 files changed, 32 insertions(+) (limited to 'sql') diff --git a/sql/item.cc b/sql/item.cc index 3555df40060..e3e17a3ceea 100644 --- a/sql/item.cc +++ b/sql/item.cc @@ -4072,6 +4072,30 @@ bool Item_field::subst_argument_checker(byte **arg) } +/** + Convert a numeric value to a zero-filled string + + @param[in,out] item the item to operate on + @param field The field that this value is equated to + + This function converts a numeric value to a string. In this conversion + the zero-fill flag of the field is taken into account. + This is required so the resulting string value can be used instead of + the field reference when propagating equalities. +*/ + +static void convert_zerofill_number_to_string(Item **item, Field_num *field) +{ + char buff[MAX_FIELD_WIDTH],*pos; + String tmp(buff,sizeof(buff), field->charset()), *res; + + res= (*item)->val_str(&tmp); + field->prepend_zeros(res); + pos= (char *) sql_strmake (res->ptr(), res->length()); + *item= new Item_string(pos, res->length(), field->charset()); +} + + /* Set a pointer to the multiple equality the field reference belongs to (if any) @@ -4120,6 +4144,13 @@ Item *Item_field::equal_fields_propagator(byte *arg) if (!item || (cmp_context != (Item_result)-1 && item->cmp_context != cmp_context)) item= this; + else if (field && (field->flags & ZEROFILL_FLAG) && IS_NUM(field->type())) + { + if (item && cmp_context != INT_RESULT) + convert_zerofill_number_to_string(&item, (Field_num *)field); + else + item= this; + } return item; } diff --git a/sql/mysql_priv.h b/sql/mysql_priv.h index 47396748da6..821495ddecb 100644 --- a/sql/mysql_priv.h +++ b/sql/mysql_priv.h @@ -73,6 +73,7 @@ extern const char *primary_key_name; #include "mysql_com.h" #include #include "unireg.h" +#define IS_NUM(t) ((t) <= FIELD_TYPE_INT24 || (t) == FIELD_TYPE_YEAR || (t) == FIELD_TYPE_NEWDECIMAL) void init_sql_alloc(MEM_ROOT *root, uint block_size, uint pre_alloc_size); gptr sql_alloc(unsigned size); -- cgit v1.2.1 From 7abba3b0212461a4a0b5b83e5a8b2dfb9efe2658 Mon Sep 17 00:00:00 2001 From: "holyfoot/hf@mysql.com/hfmain.(none)" <> Date: Sun, 17 Feb 2008 15:48:17 +0400 Subject: Bug #32942 now() - interval '7200' second NOT pre-calculated, causing "full table scan" Problem is not about intervals and doesn't actually cause 'full table scan'. We have an optimization for DISTINCT when we have 'DISTINCT field_from_first_join_table' we don't need to read all the rows from the JOIN-ed table if we found one conforming row. It stopped working in 5.0 as we return NESTED_LOOP_OK if we came upon that case in the evaluate_join_record() and that doesn't break the recordreading loop in sub_select(). Fixed by returning NESTED_LOOP_NO_MORE_ROWS in this case. --- sql/sql_select.cc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'sql') diff --git a/sql/sql_select.cc b/sql/sql_select.cc index d6cb072ce9b..60ce01c9d89 100644 --- a/sql/sql_select.cc +++ b/sql/sql_select.cc @@ -10791,7 +10791,7 @@ evaluate_join_record(JOIN *join, JOIN_TAB *join_tab, we found a row, as no new rows can be added to the result. */ if (not_used_in_distinct && found_records != join->found_records) - return NESTED_LOOP_OK; + return NESTED_LOOP_NO_MORE_ROWS; } else join_tab->read_record.file->unlock_row(); -- cgit v1.2.1 From 921e1cc4bb217b74f29e3e0b28df253df34c8d83 Mon Sep 17 00:00:00 2001 From: "svoj@mysql.com/june.mysql.com" <> Date: Tue, 19 Feb 2008 18:16:17 +0400 Subject: BUG#34289 - Incorrect NAME_CONST substitution in stored procedures breaks replication NAME_CONST() didn't replicate constant character set and collation correctly. With this fix NAME_CONST() inherits collation from the value argument. --- sql/item.cc | 1 + 1 file changed, 1 insertion(+) (limited to 'sql') diff --git a/sql/item.cc b/sql/item.cc index ffb18054750..d0dc8201577 100644 --- a/sql/item.cc +++ b/sql/item.cc @@ -1240,6 +1240,7 @@ bool Item_name_const::fix_fields(THD *thd, Item **ref) return TRUE; } set_name(item_name->ptr(), (uint) item_name->length(), system_charset_info); + collation.set(value_item->collation.collation, DERIVATION_IMPLICIT); max_length= value_item->max_length; decimals= value_item->decimals; fixed= 1; -- cgit v1.2.1 From 5b508f2d16078eed2e439442557580810ac95fcb Mon Sep 17 00:00:00 2001 From: "gkodinov/kgeorge@magare.gmz" <> Date: Tue, 19 Feb 2008 17:27:18 +0200 Subject: Bug #30604: different flagging of time_zone_used in normal and ps-protocol Finding a routine should be a transparent operation as far as the binary log is concerned. But it was influencing the binary log because of the TIMESTAMP column in the proc table. Fixed by preserving and restoring the time_zone usage flag when searching for a stored routine in the proc table. --- sql/sp.cc | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'sql') diff --git a/sql/sp.cc b/sql/sp.cc index f8b039626f9..7224d3c4f0e 100644 --- a/sql/sp.cc +++ b/sql/sp.cc @@ -261,6 +261,7 @@ db_find_routine(THD *thd, int type, sp_name *name, sp_head **sphp) char buff[65]; String str(buff, sizeof(buff), &my_charset_bin); ulong sql_mode; + bool saved_time_zone_used= thd->time_zone_used; Open_tables_state open_tables_state_backup; DBUG_ENTER("db_find_routine"); DBUG_PRINT("enter", ("type: %d name: %.*s", @@ -370,6 +371,11 @@ db_find_routine(THD *thd, int type, sp_name *name, sp_head **sphp) definer, created, modified); done: + /* + Restore the time zone flag as the timezone usage in proc table + does not affect replication. + */ + thd->time_zone_used= saved_time_zone_used; if (table) close_proc_table(thd, &open_tables_state_backup); DBUG_RETURN(ret); -- cgit v1.2.1 From 0473205592a3cae199d67bff312dc5d0d02a68d6 Mon Sep 17 00:00:00 2001 From: "davi@mysql.com/endora.local" <> Date: Wed, 20 Feb 2008 16:45:24 -0300 Subject: Bug#32265 Server returns different metadata if prepared statement is used Executing a prepared statement associated with a materialized cursor yields to the client a metadata packet with wrong table and database names. The problem was occurring because the server was sending the the name of the temporary table used by the cursor instead of the table name of the original table. The same problem occurs when selecting from views, in which case the table name was being sent and not the name of the view. The solution is to fill the list item from the temporary table but preserving the table and database names of the original fields. This is achieved by tweaking the Select_materialize to accept a pointer to the Materialized_cursor class which contains the item list to be filled. --- sql/sql_cursor.cc | 98 ++++++++++++++++++++++++++++++++++++++++++------------- 1 file changed, 76 insertions(+), 22 deletions(-) (limited to 'sql') diff --git a/sql/sql_cursor.cc b/sql/sql_cursor.cc index 2e98da42be1..c2345f1f2cd 100644 --- a/sql/sql_cursor.cc +++ b/sql/sql_cursor.cc @@ -88,6 +88,7 @@ class Materialized_cursor: public Server_side_cursor public: Materialized_cursor(select_result *result, TABLE *table); + int fill_item_list(THD *thd, List &send_fields); virtual bool is_open() const { return table != 0; } virtual int open(JOIN *join __attribute__((unused))); virtual void fetch(ulong num_rows); @@ -109,6 +110,7 @@ class Select_materialize: public select_union { select_result *result; /* the result object of the caller (PS or SP) */ public: + Materialized_cursor *materialized_cursor; Select_materialize(select_result *result_arg) :result(result_arg) {} virtual bool send_fields(List &list, uint flags); }; @@ -152,7 +154,7 @@ int mysql_open_cursor(THD *thd, uint flags, select_result *result, if (! (sensitive_cursor= new (thd->mem_root) Sensitive_cursor(thd, result))) { - delete result; + delete result_materialize; return 1; } @@ -174,13 +176,13 @@ int mysql_open_cursor(THD *thd, uint flags, select_result *result, /* Possible options here: - a sensitive cursor is open. In this case rc is 0 and - result_materialize->table is NULL, or + result_materialize->materialized_cursor is NULL, or - a materialized cursor is open. In this case rc is 0 and - result_materialize->table is not NULL - - an error occured during materializaton. - result_materialize->table is not NULL, but rc != 0 + result_materialize->materialized is not NULL + - an error occurred during materialization. + result_materialize->materialized_cursor is not NULL, but rc != 0 - successful completion of mysql_execute_command without - a cursor: rc is 0, result_materialize->table is NULL, + a cursor: rc is 0, result_materialize->materialized_cursor is NULL, sensitive_cursor is not open. This is possible if some command writes directly to the network, bypassing select_result mechanism. An example of @@ -191,7 +193,7 @@ int mysql_open_cursor(THD *thd, uint flags, select_result *result, if (sensitive_cursor->is_open()) { - DBUG_ASSERT(!result_materialize->table); + DBUG_ASSERT(!result_materialize->materialized_cursor); /* It's safer if we grab THD state after mysql_execute_command is finished and not in Sensitive_cursor::open(), because @@ -202,18 +204,10 @@ int mysql_open_cursor(THD *thd, uint flags, select_result *result, *pcursor= sensitive_cursor; goto end; } - else if (result_materialize->table) + else if (result_materialize->materialized_cursor) { - Materialized_cursor *materialized_cursor; - TABLE *table= result_materialize->table; - MEM_ROOT *mem_root= &table->mem_root; - - if (!(materialized_cursor= new (mem_root) - Materialized_cursor(result, table))) - { - rc= 1; - goto err_open; - } + Materialized_cursor *materialized_cursor= + result_materialize->materialized_cursor; if ((rc= materialized_cursor->open(0))) { @@ -229,8 +223,6 @@ int mysql_open_cursor(THD *thd, uint flags, select_result *result, err_open: DBUG_ASSERT(! (sensitive_cursor && sensitive_cursor->is_open())); delete sensitive_cursor; - if (result_materialize->table) - free_tmp_table(thd, result_materialize->table); end: delete result_materialize; return rc; @@ -544,6 +536,51 @@ Materialized_cursor::Materialized_cursor(select_result *result_arg, } +/** + Preserve the original metadata that would be sent to the client. + + @param thd Thread identifier. + @param send_fields List of fields that would be sent. +*/ + +int Materialized_cursor::fill_item_list(THD *thd, List &send_fields) +{ + Query_arena backup_arena; + int rc; + List_iterator_fast it_org(send_fields); + List_iterator_fast it_dst(item_list); + Item *item_org; + Item *item_dst; + + thd->set_n_backup_active_arena(this, &backup_arena); + + if ((rc= table->fill_item_list(&item_list))) + goto end; + + DBUG_ASSERT(send_fields.elements == item_list.elements); + + /* + Unless we preserve the original metadata, it will be lost, + since new fields describe columns of the temporary table. + Allocate a copy of the name for safety only. Currently + items with original names are always kept in memory, + but in case this changes a memory leak may be hard to notice. + */ + while ((item_dst= it_dst++, item_org= it_org++)) + { + Send_field send_field; + Item_ident *ident= static_cast(item_dst); + item_org->make_field(&send_field); + + ident->db_name= thd->strdup(send_field.db_name); + ident->table_name= thd->strdup(send_field.table_name); + } +end: + thd->restore_active_arena(this, &backup_arena); + /* Check for thd->is_error() in case of OOM */ + return rc || thd->net.report_error; +} + int Materialized_cursor::open(JOIN *join __attribute__((unused))) { THD *thd= fake_unit.thd; @@ -552,8 +589,7 @@ int Materialized_cursor::open(JOIN *join __attribute__((unused))) thd->set_n_backup_active_arena(this, &backup_arena); /* Create a list of fields and start sequential scan */ - rc= (table->fill_item_list(&item_list) || - result->prepare(item_list, &fake_unit) || + rc= (result->prepare(item_list, &fake_unit) || table->file->ha_rnd_init(TRUE)); thd->restore_active_arena(this, &backup_arena); if (rc == 0) @@ -664,6 +700,24 @@ bool Select_materialize::send_fields(List &list, uint flags) if (create_result_table(unit->thd, unit->get_unit_column_types(), FALSE, thd->options | TMP_TABLE_ALL_COLUMNS, "")) return TRUE; + + materialized_cursor= new (&table->mem_root) + Materialized_cursor(result, table); + + if (! materialized_cursor) + { + free_tmp_table(table->in_use, table); + table= 0; + return TRUE; + } + if (materialized_cursor->fill_item_list(unit->thd, list)) + { + delete materialized_cursor; + table= 0; + materialized_cursor= 0; + return TRUE; + } + return FALSE; } -- cgit v1.2.1 From f5cb5fdc4fce3b6469655ee2ecc828606d41f7c2 Mon Sep 17 00:00:00 2001 From: "anozdrin/alik@quad." <> Date: Thu, 21 Feb 2008 12:17:32 +0300 Subject: Fix for Bug#34337: Server crash when Altering a view using a table name. The problem was that fill_defined_view_parts() did not return an error if a table is going to be altered. That happened if the table was already in the table cache. In that case, open_table() returned non-NULL value (valid TABLE-instance from the cache). The fix is to ensure that an error is thrown even if the table is in the cache. (This is a backport of the original patch for 5.1) --- sql/sql_view.cc | 29 ++++++++++++++++++++++++++--- 1 file changed, 26 insertions(+), 3 deletions(-) (limited to 'sql') diff --git a/sql/sql_view.cc b/sql/sql_view.cc index dd0b92a06f8..48ab5b3af9e 100644 --- a/sql/sql_view.cc +++ b/sql/sql_view.cc @@ -182,10 +182,33 @@ fill_defined_view_parts (THD *thd, TABLE_LIST *view) TABLE_LIST decoy; memcpy (&decoy, view, sizeof (TABLE_LIST)); - if (!open_table(thd, &decoy, thd->mem_root, ¬_used, OPEN_VIEW_NO_PARSE) && - !decoy.view) + + /* + Let's reset decoy.view before calling open_table(): when we start + supporting ALTER VIEW in PS/SP that may save us from a crash. + */ + + decoy.view= NULL; + + /* + open_table() will return NULL if 'decoy' is idenitifying a view *and* + there is no TABLE object for that view in the table cache. However, + decoy.view will be set to 1. + + If there is a TABLE-instance for the oject identified by 'decoy', + open_table() will return that instance no matter if it is a table or + a view. + + Thus, there is no need to check for the return value of open_table(), + since the return value itself does not mean anything. + */ + + open_table(thd, &decoy, thd->mem_root, ¬_used, OPEN_VIEW_NO_PARSE); + + if (!decoy.view) { - /* It's a table */ + /* It's a table. */ + my_error(ER_WRONG_OBJECT, MYF(0), view->db, view->table_name, "VIEW"); return TRUE; } -- cgit v1.2.1 From 0e91461842b7b59e156019776ef6da451594a08a Mon Sep 17 00:00:00 2001 From: "davi@mysql.com/endora.local" <> Date: Thu, 21 Feb 2008 14:58:29 -0300 Subject: Bug#32890 Crash after repeated create and drop of tables and views The problem is that CREATE VIEW statements inside prepared statements weren't being expanded during the prepare phase, which leads to objects not being allocated in the appropriate memory arenas. The solution is to perform the validation of CREATE VIEW statements during the prepare phase of a prepared statement. The validation during the prepare phase assures that transformations of the parsed tree will use the permanent arena of the prepared statement. --- sql/item.h | 43 ++++++----- sql/sql_prepare.cc | 40 ++++++++++ sql/sql_view.cc | 213 +++++++++++++++++++++++++++++++---------------------- sql/sql_view.h | 3 + 4 files changed, 192 insertions(+), 107 deletions(-) (limited to 'sql') diff --git a/sql/item.h b/sql/item.h index 5f511557f47..ae3e240778a 100644 --- a/sql/item.h +++ b/sql/item.h @@ -879,6 +879,23 @@ public: class sp_head; +class Item_basic_constant :public Item +{ +public: + /* to prevent drop fixed flag (no need parent cleanup call) */ + void cleanup() + { + /* + Restore the original field name as it might not have been allocated + in the statement memory. If the name is auto generated, it must be + done again between subsequent executions of a prepared statement. + */ + if (orig_name) + name= orig_name; + } +}; + + /***************************************************************************** The class is a base class for representation of stored routine variables in the Item-hierarchy. There are the following kinds of SP-vars: @@ -1161,7 +1178,7 @@ bool agg_item_charsets(DTCollation &c, const char *name, Item **items, uint nitems, uint flags, int item_sep); -class Item_num: public Item +class Item_num: public Item_basic_constant { public: Item_num() {} /* Remove gcc warning */ @@ -1352,7 +1369,7 @@ public: friend class st_select_lex_unit; }; -class Item_null :public Item +class Item_null :public Item_basic_constant { public: Item_null(char *name_par=0) @@ -1374,8 +1391,6 @@ public: bool send(Protocol *protocol, String *str); enum Item_result result_type () const { return STRING_RESULT; } enum_field_types field_type() const { return MYSQL_TYPE_NULL; } - /* to prevent drop fixed flag (no need parent cleanup call) */ - void cleanup() {} bool basic_const_item() const { return 1; } Item *clone_item() { return new Item_null(name); } bool is_null() { return 1; } @@ -1567,8 +1582,6 @@ public: int save_in_field(Field *field, bool no_conversions); bool basic_const_item() const { return 1; } Item *clone_item() { return new Item_int(name,value,max_length); } - // to prevent drop fixed flag (no need parent cleanup call) - void cleanup() {} void print(String *str); Item_num *neg() { value= -value; return this; } uint decimal_precision() const @@ -1621,8 +1634,6 @@ public: { return new Item_decimal(name, &decimal_value, decimals, max_length); } - // to prevent drop fixed flag (no need parent cleanup call) - void cleanup() {} void print(String *str); Item_num *neg() { @@ -1673,8 +1684,6 @@ public: String *val_str(String*); my_decimal *val_decimal(my_decimal *); bool basic_const_item() const { return 1; } - // to prevent drop fixed flag (no need parent cleanup call) - void cleanup() {} Item *clone_item() { return new Item_float(name, value, decimals, max_length); } Item_num *neg() { value= -value; return this; } @@ -1696,7 +1705,7 @@ public: }; -class Item_string :public Item +class Item_string :public Item_basic_constant { public: Item_string(const char *str,uint length, @@ -1780,8 +1789,6 @@ public: max_length= str_value.numchars() * collation.collation->mbmaxlen; } void print(String *str); - // to prevent drop fixed flag (no need parent cleanup call) - void cleanup() {} }; @@ -1839,10 +1846,10 @@ public: }; -class Item_hex_string: public Item +class Item_hex_string: public Item_basic_constant { public: - Item_hex_string(): Item() {} + Item_hex_string() {} Item_hex_string(const char *str,uint str_length); enum Type type() const { return VARBIN_ITEM; } double val_real() @@ -1858,8 +1865,6 @@ public: enum Item_result result_type () const { return STRING_RESULT; } enum Item_result cast_to_int_type() const { return INT_RESULT; } enum_field_types field_type() const { return MYSQL_TYPE_VARCHAR; } - // to prevent drop fixed flag (no need parent cleanup call) - void cleanup() {} void print(String *str); bool eq(const Item *item, bool binary_cmp) const; virtual Item *safe_charset_converter(CHARSET_INFO *tocs); @@ -2449,7 +2454,7 @@ private: }; -class Item_cache: public Item +class Item_cache: public Item_basic_constant { protected: Item *example; @@ -2486,8 +2491,6 @@ public: static Item_cache* get_cache(const Item *item); table_map used_tables() const { return used_table_map; } virtual void keep_array() {} - // to prevent drop fixed flag (no need parent cleanup call) - void cleanup() {} void print(String *str); bool eq_def(Field *field) { diff --git a/sql/sql_prepare.cc b/sql/sql_prepare.cc index 74cbd2c5505..4972b259693 100644 --- a/sql/sql_prepare.cc +++ b/sql/sql_prepare.cc @@ -1512,6 +1512,45 @@ static bool mysql_test_create_table(Prepared_statement *stmt) } +/** + @brief Validate and prepare for execution CREATE VIEW statement + + @param stmt prepared statement + + @note This function handles create view commands. + + @retval FALSE Operation was a success. + @retval TRUE An error occured. +*/ + +static bool mysql_test_create_view(Prepared_statement *stmt) +{ + DBUG_ENTER("mysql_test_create_view"); + THD *thd= stmt->thd; + LEX *lex= stmt->lex; + SELECT_LEX *select_lex= &lex->select_lex; + bool res= TRUE; + /* Skip first table, which is the view we are creating */ + bool link_to_local; + TABLE_LIST *view= lex->unlink_first_table(&link_to_local); + TABLE_LIST *tables= lex->query_tables; + + if (create_view_precheck(thd, tables, view, lex->create_view_mode)) + goto err; + + if (open_normal_and_derived_tables(thd, tables, 0)) + goto err; + + lex->view_prepare_mode= 1; + res= select_like_stmt_test(stmt, 0, 0); + +err: + /* put view back for PS rexecuting */ + lex->link_first_table_back(view, link_to_local); + DBUG_RETURN(res); +} + + /* Validate and prepare for execution a multi update statement. @@ -1730,6 +1769,7 @@ static bool check_prepared_statement(Prepared_statement *stmt, my_message(ER_UNSUPPORTED_PS, ER(ER_UNSUPPORTED_PS), MYF(0)); goto error; } + res= mysql_test_create_view(stmt); break; case SQLCOM_DO: res= mysql_test_do_fields(stmt, tables, lex->insert_list); diff --git a/sql/sql_view.cc b/sql/sql_view.cc index 48ab5b3af9e..4c8e6e80c41 100644 --- a/sql/sql_view.cc +++ b/sql/sql_view.cc @@ -227,104 +227,31 @@ fill_defined_view_parts (THD *thd, TABLE_LIST *view) return FALSE; } +#ifndef NO_EMBEDDED_ACCESS_CHECKS /** - @brief Creating/altering VIEW procedure + @brief CREATE VIEW privileges pre-check. @param thd thread handler + @param tables tables used in the view @param views views to create @param mode VIEW_CREATE_NEW, VIEW_ALTER, VIEW_CREATE_OR_REPLACE - @note This function handles both create and alter view commands. - @retval FALSE Operation was a success. @retval TRUE An error occured. */ -bool mysql_create_view(THD *thd, TABLE_LIST *views, - enum_view_create_mode mode) +bool create_view_precheck(THD *thd, TABLE_LIST *tables, TABLE_LIST *view, + enum_view_create_mode mode) { LEX *lex= thd->lex; - bool link_to_local; /* first table in list is target VIEW name => cut off it */ - TABLE_LIST *view= lex->unlink_first_table(&link_to_local); - TABLE_LIST *tables= lex->query_tables; TABLE_LIST *tbl; SELECT_LEX *select_lex= &lex->select_lex; -#ifndef NO_EMBEDDED_ACCESS_CHECKS SELECT_LEX *sl; -#endif - SELECT_LEX_UNIT *unit= &lex->unit; - bool res= FALSE; - DBUG_ENTER("mysql_create_view"); - - /* This is ensured in the parser. */ - DBUG_ASSERT(!lex->proc_list.first && !lex->result && - !lex->param_list.elements && !lex->derived_tables); - - if (mode != VIEW_CREATE_NEW) - { - if (mode == VIEW_ALTER && - fill_defined_view_parts(thd, view)) - { - res= TRUE; - goto err; - } - sp_cache_invalidate(); - } + bool res= TRUE; + DBUG_ENTER("create_view_precheck"); - if (!lex->definer) - { - /* - DEFINER-clause is missing; we have to create default definer in - persistent arena to be PS/SP friendly. - If this is an ALTER VIEW then the current user should be set as - the definer. - */ - Query_arena original_arena; - Query_arena *ps_arena = thd->activate_stmt_arena_if_needed(&original_arena); - - if (!(lex->definer= create_default_definer(thd))) - res= TRUE; - - if (ps_arena) - thd->restore_active_arena(ps_arena, &original_arena); - - if (res) - goto err; - } - -#ifndef NO_EMBEDDED_ACCESS_CHECKS - /* - check definer of view: - - same as current user - - current user has SUPER_ACL - */ - if (lex->definer && - (strcmp(lex->definer->user.str, thd->security_ctx->priv_user) != 0 || - my_strcasecmp(system_charset_info, - lex->definer->host.str, - thd->security_ctx->priv_host) != 0)) - { - if (!(thd->security_ctx->master_access & SUPER_ACL)) - { - my_error(ER_SPECIFIC_ACCESS_DENIED_ERROR, MYF(0), "SUPER"); - res= TRUE; - goto err; - } - else - { - if (!is_acl_user(lex->definer->host.str, - lex->definer->user.str)) - { - push_warning_printf(thd, MYSQL_ERROR::WARN_LEVEL_NOTE, - ER_NO_SUCH_USER, - ER(ER_NO_SUCH_USER), - lex->definer->user.str, - lex->definer->host.str); - } - } - } /* Privilege check for view creation: - user has CREATE VIEW privilege on view table @@ -346,10 +273,8 @@ bool mysql_create_view(THD *thd, TABLE_LIST *views, (check_access(thd, DROP_ACL, view->db, &view->grant.privilege, 0, 0, is_schema_db(view->db)) || grant_option && check_grant(thd, DROP_ACL, view, 0, 1, 0)))) - { - res= TRUE; goto err; - } + for (sl= select_lex; sl; sl= sl->next_select()) { for (tbl= sl->get_table_list(); tbl; tbl= tbl->next_local) @@ -363,7 +288,6 @@ bool mysql_create_view(THD *thd, TABLE_LIST *views, my_error(ER_TABLEACCESS_DENIED_ERROR, MYF(0), "ANY", thd->security_ctx->priv_user, thd->security_ctx->priv_host, tbl->table_name); - res= TRUE; goto err; } /* @@ -399,10 +323,7 @@ bool mysql_create_view(THD *thd, TABLE_LIST *views, if (check_access(thd, SELECT_ACL, tbl->db, &tbl->grant.privilege, 0, 0, test(tbl->schema_table)) || grant_option && check_grant(thd, SELECT_ACL, tbl, 0, 1, 0)) - { - res= TRUE; goto err; - } } } } @@ -426,8 +347,126 @@ bool mysql_create_view(THD *thd, TABLE_LIST *views, } } } + + res= FALSE; + +err: + DBUG_RETURN(res || thd->net.report_error); +} + +#else + +bool create_view_precheck(THD *thd, TABLE_LIST *tables, TABLE_LIST *view, + enum_view_create_mode mode) +{ + return FALSE; +} + +#endif + + +/** + @brief Creating/altering VIEW procedure + + @param thd thread handler + @param views views to create + @param mode VIEW_CREATE_NEW, VIEW_ALTER, VIEW_CREATE_OR_REPLACE + + @note This function handles both create and alter view commands. + + @retval FALSE Operation was a success. + @retval TRUE An error occured. +*/ + +bool mysql_create_view(THD *thd, TABLE_LIST *views, + enum_view_create_mode mode) +{ + LEX *lex= thd->lex; + bool link_to_local; + /* first table in list is target VIEW name => cut off it */ + TABLE_LIST *view= lex->unlink_first_table(&link_to_local); + TABLE_LIST *tables= lex->query_tables; + TABLE_LIST *tbl; + SELECT_LEX *select_lex= &lex->select_lex; +#ifndef NO_EMBEDDED_ACCESS_CHECKS + SELECT_LEX *sl; +#endif + SELECT_LEX_UNIT *unit= &lex->unit; + bool res= FALSE; + DBUG_ENTER("mysql_create_view"); + + /* This is ensured in the parser. */ + DBUG_ASSERT(!lex->proc_list.first && !lex->result && + !lex->param_list.elements && !lex->derived_tables); + + if (mode != VIEW_CREATE_NEW) + { + if (mode == VIEW_ALTER && + fill_defined_view_parts(thd, view)) + { + res= TRUE; + goto err; + } + sp_cache_invalidate(); + } + + if (!lex->definer) + { + /* + DEFINER-clause is missing; we have to create default definer in + persistent arena to be PS/SP friendly. + If this is an ALTER VIEW then the current user should be set as + the definer. + */ + Query_arena original_arena; + Query_arena *ps_arena = thd->activate_stmt_arena_if_needed(&original_arena); + + if (!(lex->definer= create_default_definer(thd))) + res= TRUE; + + if (ps_arena) + thd->restore_active_arena(ps_arena, &original_arena); + + if (res) + goto err; + } + +#ifndef NO_EMBEDDED_ACCESS_CHECKS + /* + check definer of view: + - same as current user + - current user has SUPER_ACL + */ + if (lex->definer && + (strcmp(lex->definer->user.str, thd->security_ctx->priv_user) != 0 || + my_strcasecmp(system_charset_info, + lex->definer->host.str, + thd->security_ctx->priv_host) != 0)) + { + if (!(thd->security_ctx->master_access & SUPER_ACL)) + { + my_error(ER_SPECIFIC_ACCESS_DENIED_ERROR, MYF(0), "SUPER"); + res= TRUE; + goto err; + } + else + { + if (!is_acl_user(lex->definer->host.str, + lex->definer->user.str)) + { + push_warning_printf(thd, MYSQL_ERROR::WARN_LEVEL_NOTE, + ER_NO_SUCH_USER, + ER(ER_NO_SUCH_USER), + lex->definer->user.str, + lex->definer->host.str); + } + } + } #endif + if ((res= create_view_precheck(thd, tables, view, mode))) + goto err; + if (open_and_lock_tables(thd, tables)) { res= TRUE; diff --git a/sql/sql_view.h b/sql/sql_view.h index ab0920e0bf2..1d45283352b 100644 --- a/sql/sql_view.h +++ b/sql/sql_view.h @@ -15,6 +15,9 @@ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ +bool create_view_precheck(THD *thd, TABLE_LIST *tables, TABLE_LIST *view, + enum_view_create_mode mode); + bool mysql_create_view(THD *thd, TABLE_LIST *view, enum_view_create_mode mode); -- cgit v1.2.1 From 28cfe06a1e17d54aac8a57a1cf8938e9dd78038f Mon Sep 17 00:00:00 2001 From: "davi@buzz.(none)" <> Date: Thu, 21 Feb 2008 19:28:25 -0200 Subject: Post-merge fix to silence compiler warning. --- sql/sql_prepare.cc | 1 - 1 file changed, 1 deletion(-) (limited to 'sql') diff --git a/sql/sql_prepare.cc b/sql/sql_prepare.cc index 4972b259693..18cfd8d7dfc 100644 --- a/sql/sql_prepare.cc +++ b/sql/sql_prepare.cc @@ -1528,7 +1528,6 @@ static bool mysql_test_create_view(Prepared_statement *stmt) DBUG_ENTER("mysql_test_create_view"); THD *thd= stmt->thd; LEX *lex= stmt->lex; - SELECT_LEX *select_lex= &lex->select_lex; bool res= TRUE; /* Skip first table, which is the view we are creating */ bool link_to_local; -- cgit v1.2.1 From 4f0873c04b6236039a7326c782b0a10f6dda7fd3 Mon Sep 17 00:00:00 2001 From: "gluh@mysql.com/mgluh.(none)" <> Date: Fri, 22 Feb 2008 12:30:17 +0400 Subject: Bug#23588 SHOW COLUMNS on a temporary table causes locking issues skip lock_type update for temporary tables --- sql/sql_base.cc | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) (limited to 'sql') diff --git a/sql/sql_base.cc b/sql/sql_base.cc index 8190b3eeacd..c9f20b3d71b 100644 --- a/sql/sql_base.cc +++ b/sql/sql_base.cc @@ -2852,8 +2852,12 @@ int open_tables(THD *thd, TABLE_LIST **start, uint *counter, uint flags) } if (tables->lock_type != TL_UNLOCK && ! thd->locked_tables) - tables->table->reginfo.lock_type= tables->lock_type == TL_WRITE_DEFAULT ? - thd->update_lock_default : tables->lock_type; + { + if (tables->lock_type == TL_WRITE_DEFAULT) + tables->table->reginfo.lock_type= thd->update_lock_default; + else if (tables->table->s->tmp_table == NO_TMP_TABLE) + tables->table->reginfo.lock_type= tables->lock_type; + } tables->table->grant= tables->grant; process_view_routines: -- cgit v1.2.1 From 0a29b8b08520070950186ae64ff058b3fba3c1cb Mon Sep 17 00:00:00 2001 From: "kaa@kaamos.(none)" <> Date: Fri, 22 Feb 2008 11:34:18 +0300 Subject: Fix for bug #33049: Assert while running test-as3ap test(mysql-bench suite) Under some circumstances a combination of aggregate functions and GROUP BY in a SELECT query over a VIEW could lead to incorrect calculation of the result type of the aggregate function. This in turn could result in incorrect results, or assertion failures on debug builds. Fixed by changing the logic in Item_sum_hybrid::fix_fields() so that the argument's item is dereferenced before calling its type() method. --- sql/item_sum.cc | 1 + 1 file changed, 1 insertion(+) (limited to 'sql') diff --git a/sql/item_sum.cc b/sql/item_sum.cc index 3d261dc2c36..47a7073c2e7 100644 --- a/sql/item_sum.cc +++ b/sql/item_sum.cc @@ -597,6 +597,7 @@ Item_sum_hybrid::fix_fields(THD *thd, Item **ref) result_field=0; null_value=1; fix_length_and_dec(); + item= item->real_item(); if (item->type() == Item::FIELD_ITEM) hybrid_field_type= ((Item_field*) item)->field->type(); else -- cgit v1.2.1 From fe3b1c8e25669f250159142a507841f6402a38d9 Mon Sep 17 00:00:00 2001 From: "svoj@mysql.com/june.mysql.com" <> Date: Fri, 22 Feb 2008 19:07:07 +0400 Subject: BUG#13861 - START SLAVE UNTIL may stop 1 evnt too late if log-slave-updates and circul repl Slave SQL thread may execute one extra event when there are events skipped by slave I/O thread (e.g. originated by the same server). Whereas it was requested not to do so by the UNTIL condition. This happens because we compare with the end position of previously executed event. This is fine when there are no skipped by slave I/O thread events, as end position of previous event equals to start position of to be executed event. Otherwise this position equals to start position of skipped event. This is fixed by: - reading the event to be executed before checking if the until condition is satisfied. - comparing the start position of the event to be executed. Since we do not have the start position available, we compute it by subtracting event length from end position (which is available). - if there are no events on the event queue at the slave sql starting time, that meet until condition, we stop immediately, as in this case we do not want to wait for next event. --- sql/log_event.cc | 3 ++- sql/slave.cc | 68 ++++++++++++++++++++++++++++++++++++-------------------- sql/slave.h | 2 +- 3 files changed, 47 insertions(+), 26 deletions(-) (limited to 'sql') diff --git a/sql/log_event.cc b/sql/log_event.cc index a950094a018..8e14a873fc6 100644 --- a/sql/log_event.cc +++ b/sql/log_event.cc @@ -373,6 +373,7 @@ Log_event::Log_event(const char* buf, #endif when = uint4korr(buf); server_id = uint4korr(buf + SERVER_ID_OFFSET); + data_written= uint4korr(buf + EVENT_LEN_OFFSET); if (description_event->binlog_version==1) { log_pos= 0; @@ -405,7 +406,7 @@ Log_event::Log_event(const char* buf, binlog, so which will cause problems if the user uses this value in CHANGE MASTER). */ - log_pos+= uint4korr(buf + EVENT_LEN_OFFSET); + log_pos+= data_written; } DBUG_PRINT("info", ("log_pos: %lu", (ulong) log_pos)); diff --git a/sql/slave.cc b/sql/slave.cc index 8a3620080f2..500683e080d 100644 --- a/sql/slave.cc +++ b/sql/slave.cc @@ -3115,6 +3115,11 @@ int check_expected_error(THD* thd, RELAY_LOG_INFO* rli, int expected_error) Check if condition stated in UNTIL clause of START SLAVE is reached. SYNOPSYS st_relay_log_info::is_until_satisfied() + master_beg_pos position of the beginning of to be executed event + (not log_pos member of the event that points to the + beginning of the following event) + + DESCRIPTION Checks if UNTIL condition is reached. Uses caching result of last comparison of current log file name and target log file name. So cached @@ -3139,7 +3144,7 @@ int check_expected_error(THD* thd, RELAY_LOG_INFO* rli, int expected_error) false - condition not met */ -bool st_relay_log_info::is_until_satisfied() +bool st_relay_log_info::is_until_satisfied(my_off_t master_beg_pos) { const char *log_name; ulonglong log_pos; @@ -3149,7 +3154,7 @@ bool st_relay_log_info::is_until_satisfied() if (until_condition == UNTIL_MASTER_POS) { log_name= group_master_log_name; - log_pos= group_master_log_pos; + log_pos= master_beg_pos; } else { /* until_condition == UNTIL_RELAY_POS */ @@ -3228,28 +3233,6 @@ static int exec_relay_log_event(THD* thd, RELAY_LOG_INFO* rli) wait for something for example inside of next_event(). */ pthread_mutex_lock(&rli->data_lock); - /* - This tests if the position of the end of the last previous executed event - hits the UNTIL barrier. - We would prefer to test if the position of the start (or possibly) end of - the to-be-read event hits the UNTIL barrier, this is different if there - was an event ignored by the I/O thread just before (BUG#13861 to be - fixed). - */ - if (rli->until_condition!=RELAY_LOG_INFO::UNTIL_NONE && - rli->is_until_satisfied()) - { - char buf[22]; - sql_print_information("Slave SQL thread stopped because it reached its" - " UNTIL position %s", llstr(rli->until_pos(), buf)); - /* - Setting abort_slave flag because we do not want additional message about - error in query execution to be printed. - */ - rli->abort_slave= 1; - pthread_mutex_unlock(&rli->data_lock); - return 1; - } Log_event * ev = next_event(rli); @@ -3266,6 +3249,27 @@ static int exec_relay_log_event(THD* thd, RELAY_LOG_INFO* rli) int type_code = ev->get_type_code(); int exec_res; + /* + This tests if the position of the beginning of the current event + hits the UNTIL barrier. + */ + if (rli->until_condition != RELAY_LOG_INFO::UNTIL_NONE && + rli->is_until_satisfied((thd->options & OPTION_BEGIN || !ev->log_pos) ? + rli->group_master_log_pos : + ev->log_pos - ev->data_written)) + { + char buf[22]; + sql_print_information("Slave SQL thread stopped because it reached its" + " UNTIL position %s", llstr(rli->until_pos(), buf)); + /* + Setting abort_slave flag because we do not want additional message about + error in query execution to be printed. + */ + rli->abort_slave= 1; + pthread_mutex_unlock(&rli->data_lock); + delete ev; + return 1; + } /* Queries originating from this server must be skipped. Low-level events (Format_desc, Rotate, Stop) from this server @@ -3977,6 +3981,22 @@ Slave SQL thread aborted. Can't execute init_slave query"); } } + /* + First check until condition - probably there is nothing to execute. We + do not want to wait for next event in this case. + */ + pthread_mutex_lock(&rli->data_lock); + if (rli->until_condition != RELAY_LOG_INFO::UNTIL_NONE && + rli->is_until_satisfied(rli->group_master_log_pos)) + { + char buf[22]; + sql_print_information("Slave SQL thread stopped because it reached its" + " UNTIL position %s", llstr(rli->until_pos(), buf)); + pthread_mutex_unlock(&rli->data_lock); + goto err; + } + pthread_mutex_unlock(&rli->data_lock); + /* Read queries from the IO/THREAD until this thread is killed */ while (!sql_slave_killed(thd,rli)) diff --git a/sql/slave.h b/sql/slave.h index c61787cdf3b..da548e145d3 100644 --- a/sql/slave.h +++ b/sql/slave.h @@ -348,7 +348,7 @@ typedef struct st_relay_log_info void close_temporary_tables(); /* Check if UNTIL condition is satisfied. See slave.cc for more. */ - bool is_until_satisfied(); + bool is_until_satisfied(my_off_t master_beg_pos); inline ulonglong until_pos() { return ((until_condition == UNTIL_MASTER_POS) ? group_master_log_pos : -- cgit v1.2.1 From 5a4e12cb56b367b72cf6f07d2925cdd9eea9160c Mon Sep 17 00:00:00 2001 From: "kaa@kaamos.(none)" <> Date: Mon, 25 Feb 2008 13:25:57 +0300 Subject: Fix for bug #33834: FRAC_SECOND: Applicability not clear in documentation While the manual mentions FRAC_SECOND only for the TIMESTAMPADD() function, it was also possible to use FRAC_SECOND with DATE_ADD(), DATE_SUB() and +/- INTERVAL. Fixed the parser to match the manual, i.e. using FRAC_SECOND for anything other than TIMESTAMPADD()/TIMESTAMPDIFF() now produces a syntax error. Additionally, the patch allows MICROSECOND to be used in TIMESTAMPADD/ TIMESTAMPDIFF and marks FRAC_SECOND as deprecated. --- sql/sql_yacc.yy | 33 +++++++++++++++++++++++++++------ 1 file changed, 27 insertions(+), 6 deletions(-) (limited to 'sql') diff --git a/sql/sql_yacc.yy b/sql/sql_yacc.yy index af57fbdb108..cb447c1187a 100644 --- a/sql/sql_yacc.yy +++ b/sql/sql_yacc.yy @@ -458,10 +458,10 @@ bool my_yyoverflow(short **a, YYSTYPE **b, ulong *yystacksize); %pure_parser /* We have threads */ /* - Currently there are 245 shift/reduce conflicts. + Currently there are 240 shift/reduce conflicts. We should not introduce new conflicts any more. */ -%expect 245 +%expect 240 %token END_OF_INPUT @@ -1111,6 +1111,8 @@ bool my_yyoverflow(short **a, YYSTYPE **b, ulong *yystacksize); %type interval_time_st +%type interval_time_stamp + %type storage_engines %type row_types @@ -5027,9 +5029,9 @@ simple_expr: { $$= new Item_datetime_typecast($3); } | TIMESTAMP '(' expr ',' expr ')' { $$= new Item_func_add_time($3, $5, 1, 0); } - | TIMESTAMP_ADD '(' interval_time_st ',' expr ',' expr ')' + | TIMESTAMP_ADD '(' interval_time_stamp ',' expr ',' expr ')' { $$= new Item_date_add_interval($7,$5,$3,0); } - | TIMESTAMP_DIFF '(' interval_time_st ',' expr ',' expr ')' + | TIMESTAMP_DIFF '(' interval_time_stamp ',' expr ',' expr ')' { $$= new Item_func_timestamp_diff($5,$7,$3); } | TRIM '(' expr ')' { $$= new Item_func_trim($3); } @@ -6005,21 +6007,40 @@ interval: | HOUR_MICROSECOND_SYM { $$=INTERVAL_HOUR_MICROSECOND; } | HOUR_MINUTE_SYM { $$=INTERVAL_HOUR_MINUTE; } | HOUR_SECOND_SYM { $$=INTERVAL_HOUR_SECOND; } - | MICROSECOND_SYM { $$=INTERVAL_MICROSECOND; } | MINUTE_MICROSECOND_SYM { $$=INTERVAL_MINUTE_MICROSECOND; } | MINUTE_SECOND_SYM { $$=INTERVAL_MINUTE_SECOND; } | SECOND_MICROSECOND_SYM { $$=INTERVAL_SECOND_MICROSECOND; } | YEAR_MONTH_SYM { $$=INTERVAL_YEAR_MONTH; }; +interval_time_stamp: + interval_time_st {} + | FRAC_SECOND_SYM { + $$=INTERVAL_MICROSECOND; + /* + FRAC_SECOND was mistakenly implemented with + a wrong resolution. According to the ODBC + standard it should be nanoseconds, not + microseconds. Changing it to nanoseconds + in MySQL would mean making TIMESTAMPDIFF + and TIMESTAMPADD to return DECIMAL, since + the return value would be too big for BIGINT + Hence we just deprecate the incorrect + implementation without changing its + resolution. + */ + WARN_DEPRECATED("FRAC_SECOND", "MICROSECOND"); // Will be removed in 6.2 + } + ; + interval_time_st: DAY_SYM { $$=INTERVAL_DAY; } | WEEK_SYM { $$=INTERVAL_WEEK; } | HOUR_SYM { $$=INTERVAL_HOUR; } - | FRAC_SECOND_SYM { $$=INTERVAL_MICROSECOND; } | MINUTE_SYM { $$=INTERVAL_MINUTE; } | MONTH_SYM { $$=INTERVAL_MONTH; } | QUARTER_SYM { $$=INTERVAL_QUARTER; } | SECOND_SYM { $$=INTERVAL_SECOND; } + | MICROSECOND_SYM { $$=INTERVAL_MICROSECOND; } | YEAR_SYM { $$=INTERVAL_YEAR; } ; -- cgit v1.2.1 From 140ca5953815ac1f773ae518cb021783e3334e20 Mon Sep 17 00:00:00 2001 From: "holyfoot/hf@mysql.com/hfmain.(none)" <> Date: Wed, 27 Feb 2008 12:42:43 +0400 Subject: Bug #25097 mysql_server_init fails silently if no errmsg.sys is present. There was no way to return an error from the client library if no MYSQL connections was established. So here i added variables to store that king of errors and made functions like mysql_error(NULL) to return these. --- sql/log.cc | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) (limited to 'sql') diff --git a/sql/log.cc b/sql/log.cc index e66d965c613..d1da900e1b5 100644 --- a/sql/log.cc +++ b/sql/log.cc @@ -2454,12 +2454,7 @@ static void print_buffer_to_nt_eventlog(enum loglevel level, char *buff, void */ -#ifdef EMBEDDED_LIBRARY -void vprint_msg_to_log(enum loglevel level __attribute__((unused)), - const char *format __attribute__((unused)), - va_list argsi __attribute__((unused))) -{} -#else /*!EMBEDDED_LIBRARY*/ +#ifndef EMBEDDED_LIBRARY static void print_buffer_to_file(enum loglevel level, const char *buffer) { time_t skr; -- cgit v1.2.1 From 0443189d898a7de7a71b3399765dbf25db2ae4cf Mon Sep 17 00:00:00 2001 From: "gkodinov/kgeorge@magare.gmz" <> Date: Thu, 28 Feb 2008 13:31:19 +0200 Subject: Bug #34747: crash in debug assertion check after derived table Was a double-free of the Unique member of Item_func_group_concat. This was not causing a crash because the Unique is a descendent of Sql_alloc. Fixed to free the Unique only if it was allocated for the instance of Item_func_group_concat it was referenced from --- sql/item_sum.cc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'sql') diff --git a/sql/item_sum.cc b/sql/item_sum.cc index 47a7073c2e7..3d6d46ab3f4 100644 --- a/sql/item_sum.cc +++ b/sql/item_sum.cc @@ -3460,6 +3460,6 @@ void Item_func_group_concat::print(String *str) Item_func_group_concat::~Item_func_group_concat() { - if (unique_filter) + if (!original && unique_filter) delete unique_filter; } -- cgit v1.2.1 From c6b4d7a7c41a2469a69e0d2a8a883c83cbff3ea9 Mon Sep 17 00:00:00 2001 From: "tnurnberg@mysql.com/white.intern.koehntopp.de" <> Date: Thu, 28 Feb 2008 14:23:22 +0100 Subject: Bug#34749: Server crash when using NAME_CONST() with an aggregate function NAME_CONST('whatever', -1) * MAX(whatever) bombed since -1 was not seen as constant, but as FUNCTION_UNARY_MINUS(constant) while we are at the same time pretending it was a basic const item. This confused the aggregate handlers in exciting ways. We now make NAME_CONST() behave more consistently. --- sql/ha_ndbcluster_cond.cc | 9 ++++++--- sql/ha_ndbcluster_cond.h | 1 + sql/item.cc | 27 ++++++++++++++++++++++++++- sql/item.h | 9 +-------- sql/item_func.h | 5 +++-- 5 files changed, 37 insertions(+), 14 deletions(-) (limited to 'sql') diff --git a/sql/ha_ndbcluster_cond.cc b/sql/ha_ndbcluster_cond.cc index c7b185a92f0..f5b41959b40 100644 --- a/sql/ha_ndbcluster_cond.cc +++ b/sql/ha_ndbcluster_cond.cc @@ -117,7 +117,8 @@ void ndb_serialize_cond(const Item *item, void *arg) if (item->type() == Item::FUNC_ITEM) { Item_func *func_item= (Item_func *) item; - if (func_item->functype() == Item_func::UNKNOWN_FUNC && + if ((func_item->functype() == Item_func::UNKNOWN_FUNC || + func_item->functype() == Item_func::NEG_FUNC) && func_item->const_item()) { // Skip any arguments since we will evaluate function instead @@ -369,8 +370,9 @@ void ndb_serialize_cond(const Item *item, void *arg) { Item_func *func_item= (Item_func *) item; // Check that we expect a function or functional expression here - if (context->expecting(Item::FUNC_ITEM) || - func_item->functype() == Item_func::UNKNOWN_FUNC) + if (context->expecting(Item::FUNC_ITEM) || + func_item->functype() == Item_func::UNKNOWN_FUNC || + func_item->functype() == Item_func::NEG_FUNC) context->expect_nothing(); else { @@ -584,6 +586,7 @@ void ndb_serialize_cond(const Item *item, void *arg) context->expect(Item::FUNC_ITEM); break; } + case Item_func::NEG_FUNC: case Item_func::UNKNOWN_FUNC: { DBUG_PRINT("info", ("UNKNOWN_FUNC %s", diff --git a/sql/ha_ndbcluster_cond.h b/sql/ha_ndbcluster_cond.h index 6baf6945b58..6504df8d9d4 100644 --- a/sql/ha_ndbcluster_cond.h +++ b/sql/ha_ndbcluster_cond.h @@ -228,6 +228,7 @@ public: case (Item_func::ISNOTNULL_FUNC): { return NDB_ISNOTNULL_FUNC; } case (Item_func::LIKE_FUNC): { return NDB_LIKE_FUNC; } case (Item_func::NOT_FUNC): { return NDB_NOT_FUNC; } + case (Item_func::NEG_FUNC): { return NDB_UNKNOWN_FUNC; } case (Item_func::UNKNOWN_FUNC): { return NDB_UNKNOWN_FUNC; } case (Item_func::COND_AND_FUNC): { return NDB_COND_AND_FUNC; } case (Item_func::COND_OR_FUNC): { return NDB_COND_OR_FUNC; } diff --git a/sql/item.cc b/sql/item.cc index 713e7709bcb..acd8053cbdf 100644 --- a/sql/item.cc +++ b/sql/item.cc @@ -1207,6 +1207,22 @@ bool Item_name_const::is_null() return value_item->is_null(); } + +Item_name_const::Item_name_const(Item *name_arg, Item *val): + value_item(val), name_item(name_arg) +{ + if (!(valid_args= name_item->basic_const_item() && + (value_item->basic_const_item() || + ((value_item->type() == FUNC_ITEM) && + (((Item_func *) value_item)->functype() == + Item_func::NEG_FUNC) && + (((Item_func *) value_item)->key_item()->type() != + FUNC_ITEM))))) + my_error(ER_WRONG_ARGUMENTS, MYF(0), "NAME_CONST"); + Item::maybe_null= TRUE; +} + + Item::Type Item_name_const::type() const { /* @@ -1218,8 +1234,17 @@ Item::Type Item_name_const::type() const if (item->type() == FIELD_ITEM) ((Item_field *) item)->... we return NULL_ITEM in the case to avoid wrong casting. + + valid_args guarantees value_item->basic_const_item(); if type is + FUNC_ITEM, then we have a fudged item_func_neg() on our hands + and return the underlying type. */ - return valid_args ? value_item->type() : NULL_ITEM; + return valid_args ? + (((value_item->type() == FUNC_ITEM) && + (((Item_func *) value_item)->functype() == Item_func::NEG_FUNC)) ? + ((Item_func *) value_item)->key_item()->type() : + value_item->type()) : + NULL_ITEM; } diff --git a/sql/item.h b/sql/item.h index 5f511557f47..9af98e0efdb 100644 --- a/sql/item.h +++ b/sql/item.h @@ -1113,14 +1113,7 @@ class Item_name_const : public Item Item *name_item; bool valid_args; public: - Item_name_const(Item *name_arg, Item *val): - value_item(val), name_item(name_arg) - { - if (!(valid_args= name_item->basic_const_item() & - value_item->basic_const_item())) - my_error(ER_WRONG_ARGUMENTS, MYF(0), "NAME_CONST"); - Item::maybe_null= TRUE; - } + Item_name_const(Item *name_arg, Item *val); bool fix_fields(THD *, Item **); diff --git a/sql/item_func.h b/sql/item_func.h index 940586fce01..6dcf32cba07 100644 --- a/sql/item_func.h +++ b/sql/item_func.h @@ -54,7 +54,8 @@ public: NOT_FUNC, NOT_ALL_FUNC, NOW_FUNC, TRIG_COND_FUNC, SUSERVAR_FUNC, GUSERVAR_FUNC, COLLATE_FUNC, - EXTRACT_FUNC, CHAR_TYPECAST_FUNC, FUNC_SP, UDF_FUNC }; + EXTRACT_FUNC, CHAR_TYPECAST_FUNC, FUNC_SP, UDF_FUNC, + NEG_FUNC }; enum optimize_type { OPTIMIZE_NONE,OPTIMIZE_KEY,OPTIMIZE_OP, OPTIMIZE_NULL, OPTIMIZE_EQUAL }; enum Type type() const { return FUNC_ITEM; } @@ -466,7 +467,7 @@ public: longlong int_op(); my_decimal *decimal_op(my_decimal *); const char *func_name() const { return "-"; } - virtual bool basic_const_item() const { return args[0]->basic_const_item(); } + enum Functype functype() const { return NEG_FUNC; } void fix_length_and_dec(); void fix_num_length_and_dec(); uint decimal_precision() const { return args[0]->decimal_precision(); } -- cgit v1.2.1 From 361262c7c0fa9b755a625852be384de4444dc099 Mon Sep 17 00:00:00 2001 From: "davi@mysql.com/endora.local" <> Date: Thu, 28 Feb 2008 11:34:08 -0300 Subject: Bug#33851 Passing UNSIGNED param to EXECUTE returns ERROR 1210 The problem is that passing anything other than a integer to a limit clause in a prepared statement would fail. This limitation was introduced to avoid replication problems (e.g: replicating the statement with a string argument would cause a parse failure in the slave). The solution is to convert arguments to the limit clause to a integer value and use this converted value when persisting the query to the log. --- sql/item.cc | 11 ++++++++--- sql/item.h | 9 ++------- sql/item_func.cc | 2 +- sql/sql_class.h | 2 +- sql/sql_yacc.yy | 2 +- 5 files changed, 13 insertions(+), 13 deletions(-) (limited to 'sql') diff --git a/sql/item.cc b/sql/item.cc index ffb18054750..a6a18e27b09 100644 --- a/sql/item.cc +++ b/sql/item.cc @@ -2385,7 +2385,7 @@ default_set_param_func(Item_param *param, Item_param::Item_param(unsigned pos_in_query_arg) : - strict_type(FALSE), + limit_clause_param(FALSE), state(NO_VALUE), item_result_type(STRING_RESULT), /* Don't pretend to be a literal unless value for this item is set. */ @@ -2581,8 +2581,13 @@ bool Item_param::set_from_user_var(THD *thd, const user_var_entry *entry) { item_result_type= entry->type; unsigned_flag= entry->unsigned_flag; - if (strict_type && required_result_type != item_result_type) - DBUG_RETURN(1); + if (limit_clause_param) + { + my_bool unused; + set_int(entry->val_int(&unused), MY_INT64_NUM_DECIMAL_DIGITS); + item_type= Item::INT_ITEM; + DBUG_RETURN(!unsigned_flag && value.integer < 0 ? 1 : 0); + } switch (item_result_type) { case REAL_RESULT: set_double(*(double*)entry->value); diff --git a/sql/item.h b/sql/item.h index ae3e240778a..7dc9ed4ec10 100644 --- a/sql/item.h +++ b/sql/item.h @@ -1417,8 +1417,6 @@ class Item_param :public Item char cnvbuf[MAX_FIELD_WIDTH]; String cnvstr; Item *cnvitem; - bool strict_type; - enum Item_result required_result_type; public: enum enum_item_param_state @@ -1548,11 +1546,8 @@ public: Otherwise return FALSE. */ bool eq(const Item *item, bool binary_cmp) const; - void set_strict_type(enum Item_result result_type_arg) - { - strict_type= TRUE; - required_result_type= result_type_arg; - } + /** Item is a argument to a limit clause. */ + bool limit_clause_param; }; diff --git a/sql/item_func.cc b/sql/item_func.cc index 639e069d24e..84dd3e3ebc6 100644 --- a/sql/item_func.cc +++ b/sql/item_func.cc @@ -3985,7 +3985,7 @@ double user_var_entry::val_real(my_bool *null_value) /* Get the value of a variable as an integer */ -longlong user_var_entry::val_int(my_bool *null_value) +longlong user_var_entry::val_int(my_bool *null_value) const { if ((*null_value= (value == 0))) return LL(0); diff --git a/sql/sql_class.h b/sql/sql_class.h index 97f2d07b1d3..4ca8947de30 100644 --- a/sql/sql_class.h +++ b/sql/sql_class.h @@ -2329,7 +2329,7 @@ class user_var_entry bool unsigned_flag; double val_real(my_bool *null_value); - longlong val_int(my_bool *null_value); + longlong val_int(my_bool *null_value) const; String *val_str(my_bool *null_value, String *str, uint decimals); my_decimal *val_decimal(my_bool *null_value, my_decimal *result); DTCollation collation; diff --git a/sql/sql_yacc.yy b/sql/sql_yacc.yy index a7c1060025d..04285fea227 100644 --- a/sql/sql_yacc.yy +++ b/sql/sql_yacc.yy @@ -6320,7 +6320,7 @@ limit_options: limit_option: param_marker { - ((Item_param *) $1)->set_strict_type(INT_RESULT); + ((Item_param *) $1)->limit_clause_param= TRUE; } | ULONGLONG_NUM { $$= new Item_uint($1.str, $1.length); } | LONG_NUM { $$= new Item_uint($1.str, $1.length); } -- cgit v1.2.1 From c51106740da269915185112414e1dfecfe41b427 Mon Sep 17 00:00:00 2001 From: "gshchepa/uchum@host.loc" <> Date: Thu, 28 Feb 2008 22:53:31 +0400 Subject: Fixed bug #34620: item_row.cc:50: Item_row::illegal_method_call(const char*): Assertion `0' failed If ROW item is a part of an expression that also has aggregate function calls (COUNT/SUM/AVG...), a "splitting" with an Item::split_sum_func2 function is applied to that ROW item. Current implementation of Item::split_sum_func2 replaces this Item_row with a newly created Item_aggregate_ref reference to it. Then the row cache tries to work with the Item_aggregate_ref object as with the Item_row object: row cache calls row-emulation methods such as cols and element_index. Item_aggregate_ref (like it's parent Item_ref) inherits dummy implementations of those methods from the hierarchy root Item, and call to them leads to failed assertions and wrong data output. Row-emulation virtual functions (cols, element_index, addr, check_cols, null_inside and bring_value) of Item_ref have been overloaded to forward calls to an underlying item reference. --- sql/item.h | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) (limited to 'sql') diff --git a/sql/item.h b/sql/item.h index f87499f23e3..c8b8e48b0ed 100644 --- a/sql/item.h +++ b/sql/item.h @@ -1990,6 +1990,35 @@ public: Item_field *filed_for_view_update() { return (*ref)->filed_for_view_update(); } virtual Ref_Type ref_type() { return REF; } + + // Row emulation: forwarding of ROW-related calls to ref + uint cols() + { + return ref && result_type() == ROW_RESULT ? (*ref)->cols() : 1; + } + Item* element_index(uint i) + { + return ref && result_type() == ROW_RESULT ? (*ref)->element_index(i) : this; + } + Item** addr(uint i) + { + return ref && result_type() == ROW_RESULT ? (*ref)->addr(i) : 0; + } + bool check_cols(uint c) + { + return ref && result_type() == ROW_RESULT ? (*ref)->check_cols(c) + : Item::check_cols(c); + } + bool null_inside() + { + return ref && result_type() == ROW_RESULT ? (*ref)->null_inside() : 0; + } + void bring_value() + { + if (ref && result_type() == ROW_RESULT) + (*ref)->bring_value(); + } + }; -- cgit v1.2.1 From 369c24937036a7850e61f7a77d5f9e169be3f724 Mon Sep 17 00:00:00 2001 From: "davi@mysql.com/endora.local" <> Date: Thu, 28 Feb 2008 20:22:11 -0300 Subject: Post-merge fix for Bug 33851. The initialization order of members must match the order which they were declared in the class definition. --- sql/item.cc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'sql') diff --git a/sql/item.cc b/sql/item.cc index a6a18e27b09..a9e99c65580 100644 --- a/sql/item.cc +++ b/sql/item.cc @@ -2385,14 +2385,14 @@ default_set_param_func(Item_param *param, Item_param::Item_param(unsigned pos_in_query_arg) : - limit_clause_param(FALSE), state(NO_VALUE), item_result_type(STRING_RESULT), /* Don't pretend to be a literal unless value for this item is set. */ item_type(PARAM_ITEM), param_type(MYSQL_TYPE_VARCHAR), pos_in_query(pos_in_query_arg), - set_param_func(default_set_param_func) + set_param_func(default_set_param_func), + limit_clause_param(FALSE) { name= (char*) "?"; /* -- cgit v1.2.1 From 13bb7e0a226b8a8cf4053793dc8405d1b4f93d04 Mon Sep 17 00:00:00 2001 From: "gluh@mysql.com/eagle.(none)" <> Date: Fri, 29 Feb 2008 13:55:00 +0400 Subject: Bug#32167 another privilege bypass with DATA/INDEX DIRECORY(ver 4.1,5.0) added new function test_if_data_home_dir() which checks that path does not contain mysql data home directory. Using of mysql data home directory in DATA DIRECTORY & INDEX DIRECTORY is disallowed. --- sql/mysql_priv.h | 1 + sql/mysqld.cc | 4 ++++ sql/sql_parse.cc | 61 +++++++++++++++++++++++++++++++++++++++++++++++++++++++- 3 files changed, 65 insertions(+), 1 deletion(-) (limited to 'sql') diff --git a/sql/mysql_priv.h b/sql/mysql_priv.h index b6170ba35f9..4b0031d1f2a 100644 --- a/sql/mysql_priv.h +++ b/sql/mysql_priv.h @@ -890,6 +890,7 @@ void my_dbopt_free(void); extern time_t start_time; extern char *mysql_data_home,server_version[SERVER_VERSION_LENGTH], mysql_real_data_home[], *opt_mysql_tmpdir, mysql_charsets_dir[], + mysql_unpacked_real_data_home[], def_ft_boolean_syntax[sizeof(ft_boolean_syntax)]; #define mysql_tmpdir (my_tmpdir(&mysql_tmpdir_list)) extern MY_TMPDIR mysql_tmpdir_list; diff --git a/sql/mysqld.cc b/sql/mysqld.cc index 62105e0093a..8111df7ad4d 100644 --- a/sql/mysqld.cc +++ b/sql/mysqld.cc @@ -390,6 +390,7 @@ const char *opt_date_time_formats[3]; char compiled_default_collation_name[]= MYSQL_DEFAULT_COLLATION_NAME; char *language_ptr, *default_collation_name, *default_character_set_name; char mysql_data_home_buff[2], *mysql_data_home=mysql_real_data_home; +char mysql_unpacked_real_data_home[FN_REFLEN]; struct passwd *user_info; char server_version[SERVER_VERSION_LENGTH]; char *mysqld_unix_port, *opt_mysql_tmpdir; @@ -6896,6 +6897,9 @@ static void fix_paths(void) pos[1]= 0; } convert_dirname(mysql_real_data_home,mysql_real_data_home,NullS); + (void) fn_format(buff, mysql_real_data_home, "", "", + (MY_RETURN_REAL_PATH|MY_RESOLVE_SYMLINKS)); + (void) unpack_dirname(mysql_unpacked_real_data_home, buff); convert_dirname(language,language,NullS); (void) my_load_path(mysql_home,mysql_home,""); // Resolve current dir (void) my_load_path(mysql_real_data_home,mysql_real_data_home,mysql_home); diff --git a/sql/sql_parse.cc b/sql/sql_parse.cc index 24f9ef30569..4bbd425d80b 100644 --- a/sql/sql_parse.cc +++ b/sql/sql_parse.cc @@ -65,7 +65,8 @@ static bool append_file_to_dir(THD *thd, const char **filename_ptr, const char *table_name); static TABLE_LIST* get_table_by_alias(TABLE_LIST* tl, const char* db, - const char* alias); + const char* alias); +static bool test_if_data_home_dir(const char *dir); const char *any_db="*any*"; // Special symbol for check_access @@ -2531,6 +2532,20 @@ mysql_execute_command(THD *thd) "INDEX DIRECTORY option ignored"); create_info.data_file_name= create_info.index_file_name= NULL; #else + + if (test_if_data_home_dir(lex->create_info.data_file_name)) + { + my_error(ER_WRONG_ARGUMENTS,MYF(0),"DATA DIRECORY"); + res= -1; + break; + } + if (test_if_data_home_dir(lex->create_info.index_file_name)) + { + my_error(ER_WRONG_ARGUMENTS,MYF(0),"INDEX DIRECORY"); + res= -1; + break; + } + /* Fix names if symlinked tables */ if (append_file_to_dir(thd, &create_info.data_file_name, create_table->real_name) || @@ -5920,3 +5935,47 @@ Item *negate_expression(THD *thd, Item *expr) return negated; return new Item_func_not(expr); } + + +/* + Check if path does not contain mysql data home directory + + SYNOPSIS + test_if_data_home_dir() + dir directory + conv_home_dir converted data home directory + home_dir_len converted data home directory length + + RETURN VALUES + 0 ok + 1 error +*/ + +static bool test_if_data_home_dir(const char *dir) +{ + char path[FN_REFLEN], conv_path[FN_REFLEN]; + uint dir_len, home_dir_len= strlen(mysql_unpacked_real_data_home); + DBUG_ENTER("test_if_data_home_dir"); + + if (!dir) + DBUG_RETURN(0); + + (void) fn_format(path, dir, "", "", + (MY_RETURN_REAL_PATH|MY_RESOLVE_SYMLINKS)); + dir_len= unpack_dirname(conv_path, dir); + + if (home_dir_len <= dir_len) + { + if (lower_case_file_system) + { + if (!my_strnncoll(default_charset_info, (const uchar*) conv_path, + home_dir_len, + (const uchar*) mysql_unpacked_real_data_home, + home_dir_len)) + DBUG_RETURN(1); + } + else if (!memcmp(conv_path, mysql_unpacked_real_data_home, home_dir_len)) + DBUG_RETURN(1); + } + DBUG_RETURN(0); +} -- cgit v1.2.1 From 931bdedbc23283c4ced9623d433df459e4635fa6 Mon Sep 17 00:00:00 2001 From: "gluh@mysql.com/eagle.(none)" <> Date: Fri, 29 Feb 2008 15:04:00 +0400 Subject: after merge fix --- sql/mysqld.cc | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) (limited to 'sql') diff --git a/sql/mysqld.cc b/sql/mysqld.cc index c03c9c34571..4d688d795f7 100644 --- a/sql/mysqld.cc +++ b/sql/mysqld.cc @@ -467,19 +467,13 @@ char log_error_file[FN_REFLEN], glob_hostname[FN_REFLEN]; char mysql_real_data_home[FN_REFLEN], language[FN_REFLEN], reg_ext[FN_EXTLEN], mysql_charsets_dir[FN_REFLEN], *opt_init_file, *opt_tc_log_file, + mysql_unpacked_real_data_home[FN_REFLEN], def_ft_boolean_syntax[sizeof(ft_boolean_syntax)]; - +char *mysql_data_home= mysql_real_data_home; const key_map key_map_empty(0); key_map key_map_full(0); // Will be initialized later const char *opt_date_time_formats[3]; - - -char compiled_default_collation_name[]= MYSQL_DEFAULT_COLLATION_NAME; -char *language_ptr, *default_collation_name, *default_character_set_name; -char mysql_data_home_buff[2], *mysql_data_home=mysql_real_data_home; -char mysql_unpacked_real_data_home[FN_REFLEN]; -struct passwd *user_info; char server_version[SERVER_VERSION_LENGTH]; char *mysqld_unix_port, *opt_mysql_tmpdir; const char **errmesg; /* Error messages */ -- cgit v1.2.1 From 3bf9c7edf1514d5f361b7025afb40e75801dd651 Mon Sep 17 00:00:00 2001 From: "gshchepa/uchum@host.loc" <> Date: Fri, 29 Feb 2008 15:11:11 +0400 Subject: Fixed bug #34830: mixed table and field names in Item_ref and Item_direct_ref constructor calls. Order of ref->field_name and ref->table_name arguments is of Item_ref and Item_direct_ref in the fix_inner_refs function is inverted. --- sql/sql_select.cc | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'sql') diff --git a/sql/sql_select.cc b/sql/sql_select.cc index 38da4e26f5a..926b389f59f 100644 --- a/sql/sql_select.cc +++ b/sql/sql_select.cc @@ -360,10 +360,10 @@ fix_inner_refs(THD *thd, List &all_fields, SELECT_LEX *select, } } new_ref= direct_ref ? - new Item_direct_ref(ref->context, item_ref, ref->field_name, - ref->table_name, ref->alias_name_used) : - new Item_ref(ref->context, item_ref, ref->field_name, - ref->table_name, ref->alias_name_used); + new Item_direct_ref(ref->context, item_ref, ref->table_name, + ref->field_name, ref->alias_name_used) : + new Item_ref(ref->context, item_ref, ref->table_name, + ref->field_name, ref->alias_name_used); if (!new_ref) return TRUE; ref->outer_ref= new_ref; -- cgit v1.2.1 From 0596b1c6cdd54510dbcd0f4ba30bd828d96c4d2b Mon Sep 17 00:00:00 2001 From: "gluh@mysql.com/eagle.(none)" <> Date: Fri, 29 Feb 2008 17:50:01 +0400 Subject: wrong merge fix --- sql/sql_parse.cc | 2 -- 1 file changed, 2 deletions(-) (limited to 'sql') diff --git a/sql/sql_parse.cc b/sql/sql_parse.cc index 9e2a4bb77ac..fd16435ff9c 100644 --- a/sql/sql_parse.cc +++ b/sql/sql_parse.cc @@ -76,8 +76,6 @@ static void remove_escape(char *name); static bool append_file_to_dir(THD *thd, const char **filename_ptr, const char *table_name); static bool check_show_create_table_access(THD *thd, TABLE_LIST *table); -static TABLE_LIST* get_table_by_alias(TABLE_LIST* tl, const char* db, - const char* alias); static bool test_if_data_home_dir(const char *dir); const char *any_db="*any*"; // Special symbol for check_access -- cgit v1.2.1 From b779af5503de5760904c793c731a8e26481f8cb3 Mon Sep 17 00:00:00 2001 From: "sergefp@mysql.com" <> Date: Mon, 3 Mar 2008 20:35:44 +0300 Subject: BUG#34945: "ref_or_null queries that are null_rejecting and have a null value crash mysql" - Apply Eric Bergen's patch: in join_read_always_key(), move ha_index_init() call to before the late NULLs filtering code. - Backport function comments from 6.0. --- sql/sql_select.cc | 29 ++++++++++++++++++++++++++--- 1 file changed, 26 insertions(+), 3 deletions(-) (limited to 'sql') diff --git a/sql/sql_select.cc b/sql/sql_select.cc index 926b389f59f..6392f7c4299 100644 --- a/sql/sql_select.cc +++ b/sql/sql_select.cc @@ -11173,19 +11173,42 @@ join_read_key(JOIN_TAB *tab) } +/* + ref access method implementation: "read_first" function + + SYNOPSIS + join_read_always_key() + tab JOIN_TAB of the accessed table + + DESCRIPTION + This is "read_fist" function for the "ref" access method. + + The functon must leave the index initialized when it returns. + ref_or_null access implementation depends on that. + + RETURN + 0 - Ok + -1 - Row not found + 1 - Error +*/ + static int join_read_always_key(JOIN_TAB *tab) { int error; TABLE *table= tab->table; + /* Initialize the index first */ + if (!table->file->inited) + table->file->ha_index_init(tab->ref.key); + + /* Perform "Late NULLs Filtering" (see internals manual for explanations) */ for (uint i= 0 ; i < tab->ref.key_parts ; i++) { if ((tab->ref.null_rejecting & 1 << i) && tab->ref.items[i]->is_null()) return -1; - } - if (!table->file->inited) - table->file->ha_index_init(tab->ref.key); + } + if (cp_buffer_from_ref(tab->join->thd, &tab->ref)) return -1; if ((error=table->file->index_read(table->record[0], -- cgit v1.2.1 From 80d89023eadf93ac66dac865d82f3ef3bbb40e66 Mon Sep 17 00:00:00 2001 From: "kaa@kaamos.(none)" <> Date: Wed, 5 Mar 2008 16:02:33 +0300 Subject: Fix for bug #34889: mysql_client_test::test_mysql_insert_id test fails sporadically Under some circumstances, the mysql_insert_id() value after SELECT ... INSERT could return a wrong value. This could happen when the last SELECT ... INSERT did not involve an AUTO_INCREMENT column, but the value of mysql_insert_id() was changed by some previous statements. Fixed by checking the value of thd->insert_id_used in select_insert::send_eof() and returning 0 for mysql_insert_id() if it is not set. --- sql/sql_insert.cc | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'sql') diff --git a/sql/sql_insert.cc b/sql/sql_insert.cc index 14292f1cd9d..1d324872409 100644 --- a/sql/sql_insert.cc +++ b/sql/sql_insert.cc @@ -3006,7 +3006,8 @@ bool select_insert::send_eof() ((thd->client_capabilities & CLIENT_FOUND_ROWS) ? info.touched : info.updated); id= autoinc_value_of_first_inserted_row > 0 ? - autoinc_value_of_first_inserted_row : thd->last_insert_id; + autoinc_value_of_first_inserted_row : thd->insert_id_used ? + thd->last_insert_id : 0; ::send_ok(thd, (ulong) thd->row_count_func, id, buff); DBUG_RETURN(0); } -- cgit v1.2.1 From 122fefc593ae374702f90a7220f676bfddae7391 Mon Sep 17 00:00:00 2001 From: "aelkin/andrei@mysql1000.(none)" <> Date: Thu, 6 Mar 2008 14:49:21 +0200 Subject: Bug#26622 MASTER_POS_WAIT does not work as documented MASTER_POS_WAIT return values are different than expected when the server is not a slave. It returns -1 instead of NULL. Fixed with correcting st_relay_log_info::wait_for_pos() to return the proper value in the case of rli info is not inited. --- sql/slave.cc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'sql') diff --git a/sql/slave.cc b/sql/slave.cc index 181ad4ed8cb..d4d0655f366 100644 --- a/sql/slave.cc +++ b/sql/slave.cc @@ -2685,7 +2685,7 @@ int st_relay_log_info::wait_for_pos(THD* thd, String* log_name, longlong timeout) { if (!inited) - return -1; + return -2; int event_count = 0; ulong init_abort_pos_wait; int error=0; -- cgit v1.2.1 From 1322371fb21d6efb85181e2518d1a6cf198bd95d Mon Sep 17 00:00:00 2001 From: "sven@riska.(none)" <> Date: Tue, 11 Mar 2008 14:42:54 +0100 Subject: BUG#31024: STOP SLAVE does not stop attempted connect()s Problem: if the IO slave thread is attempting to connect, STOP SLAVE waits for the attempt to finish. It may take a long time. Fix: don't wait, stop the slave immediately. --- sql/slave.cc | 15 ++++++++++++++- sql/sql_repl.h | 6 ------ 2 files changed, 14 insertions(+), 7 deletions(-) (limited to 'sql') diff --git a/sql/slave.cc b/sql/slave.cc index d4d0655f366..5488b3c312a 100644 --- a/sql/slave.cc +++ b/sql/slave.cc @@ -699,7 +699,20 @@ int terminate_slave_thread(THD* thd, pthread_mutex_t* term_lock, while (*slave_running) // Should always be true { DBUG_PRINT("loop", ("killing slave thread")); - KICK_SLAVE(thd); + + pthread_mutex_lock(&thd->LOCK_delete); +#ifndef DONT_USE_THR_ALARM + /* + Error codes from pthread_kill are: + EINVAL: invalid signal number (can't happen) + ESRCH: thread already killed (can happen, should be ignored) + */ + IF_DBUG(int err= ) pthread_kill(thd->real_id, thr_client_alarm); + DBUG_ASSERT(err != EINVAL); +#endif + thd->awake(THD::NOT_KILLED); + pthread_mutex_unlock(&thd->LOCK_delete); + /* There is a small chance that slave thread might miss the first alarm. To protect againts it, resend the signal until it reacts diff --git a/sql/sql_repl.h b/sql/sql_repl.h index 1fbc6eb30cf..cf400218cc2 100644 --- a/sql/sql_repl.h +++ b/sql/sql_repl.h @@ -35,12 +35,6 @@ extern I_List binlog_do_db, binlog_ignore_db; extern int max_binlog_dump_events; extern my_bool opt_sporadic_binlog_dump_fail; -#define KICK_SLAVE(thd) do { \ - pthread_mutex_lock(&(thd)->LOCK_delete); \ - (thd)->awake(THD::NOT_KILLED); \ - pthread_mutex_unlock(&(thd)->LOCK_delete); \ - } while(0) - int start_slave(THD* thd, MASTER_INFO* mi, bool net_report); int stop_slave(THD* thd, MASTER_INFO* mi, bool net_report); bool change_master(THD* thd, MASTER_INFO* mi); -- cgit v1.2.1 From 2b09a99340a066f1710045df42da1f43ff1d711b Mon Sep 17 00:00:00 2001 From: "anozdrin/alik@quad." <> Date: Wed, 12 Mar 2008 16:13:33 +0300 Subject: A fix for Bug#34643: TRUNCATE crash if trigger and foreign key. In cases when TRUNCATE was executed by invoking mysql_delete() rather than by table recreation (for example, when TRUNCATE was issued on InnoDB table with is referenced by foreign key) triggers were invoked. In debug builds this also led to crash because of an assertion, which assumes that some preliminary actions take place before trigger invocation, which doesn't happen in case of TRUNCATE. The fix is not to execute triggers in mysql_delete() when this function is used by TRUNCATE. --- sql/sql_delete.cc | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) (limited to 'sql') diff --git a/sql/sql_delete.cc b/sql/sql_delete.cc index a28a39a769d..3019b68d6f1 100644 --- a/sql/sql_delete.cc +++ b/sql/sql_delete.cc @@ -35,6 +35,7 @@ bool mysql_delete(THD *thd, TABLE_LIST *table_list, COND *conds, READ_RECORD info; bool using_limit=limit != HA_POS_ERROR; bool transactional_table, safe_update, const_cond; + bool triggers_applicable; ha_rows deleted; uint usable_index= MAX_KEY; SELECT_LEX *select_lex= &thd->lex->select_lex; @@ -93,6 +94,11 @@ bool mysql_delete(THD *thd, TABLE_LIST *table_list, COND *conds, select_lex->no_error= thd->lex->ignore; + /* NOTE: TRUNCATE must not invoke triggers. */ + + triggers_applicable= table->triggers && + thd->lex->sql_command != SQLCOM_TRUNCATE; + /* Test if the user wants to delete all rows and deletion doesn't have any side-effects (because of triggers), so we can use optimized @@ -102,8 +108,7 @@ bool mysql_delete(THD *thd, TABLE_LIST *table_list, COND *conds, */ if (!using_limit && const_cond && (!conds || conds->val_int()) && !(specialflag & (SPECIAL_NO_NEW_FUNC | SPECIAL_SAFE_MODE)) && - (thd->lex->sql_command == SQLCOM_TRUNCATE || - !(table->triggers && table->triggers->has_delete_triggers())) + !(triggers_applicable && table->triggers->has_delete_triggers()) ) { deleted= table->file->records; @@ -217,7 +222,7 @@ bool mysql_delete(THD *thd, TABLE_LIST *table_list, COND *conds, init_ftfuncs(thd, select_lex, 1); thd->proc_info="updating"; - if (table->triggers) + if (triggers_applicable) { table->triggers->mark_fields_used(thd, TRG_EVENT_DELETE); if (table->triggers->has_triggers(TRG_EVENT_DELETE, @@ -239,7 +244,7 @@ bool mysql_delete(THD *thd, TABLE_LIST *table_list, COND *conds, if (!(select && select->skip_record())&& !thd->net.report_error ) { - if (table->triggers && + if (triggers_applicable && table->triggers->process_triggers(thd, TRG_EVENT_DELETE, TRG_ACTION_BEFORE, FALSE)) { @@ -250,7 +255,7 @@ bool mysql_delete(THD *thd, TABLE_LIST *table_list, COND *conds, if (!(error=table->file->delete_row(table->record[0]))) { deleted++; - if (table->triggers && + if (triggers_applicable && table->triggers->process_triggers(thd, TRG_EVENT_DELETE, TRG_ACTION_AFTER, FALSE)) { -- cgit v1.2.1 From d5390b2d56a6a4bf39c56858d54701ce55586e36 Mon Sep 17 00:00:00 2001 From: "istruewing@stella.local" <> Date: Thu, 13 Mar 2008 16:39:27 +0100 Subject: Bug#33756 - query cache with concurrent_insert=0 appears broken When concurrent inserts were disabled, statements after an INSERT were not put into the query cache. This happened because we do not save the current data file length at statement start when concurrent inserts are disabled. But we checked the always zero local length against the real file length anyway. Fixed by doing the check only if concurrent inserts are not diabled. --- sql/ha_myisam.cc | 64 ++++++++++++++++++++++++++++++++------------------------ 1 file changed, 37 insertions(+), 27 deletions(-) (limited to 'sql') diff --git a/sql/ha_myisam.cc b/sql/ha_myisam.cc index 46afa7a8f45..8c8f027bb6b 100644 --- a/sql/ha_myisam.cc +++ b/sql/ha_myisam.cc @@ -1954,6 +1954,7 @@ my_bool ha_myisam::register_query_cache_table(THD *thd, char *table_name, *engine_callback, ulonglong *engine_data) { + DBUG_ENTER("ha_myisam::register_query_cache_table"); /* No call back function is needed to determine if a cached statement is valid or not. @@ -1965,39 +1966,48 @@ my_bool ha_myisam::register_query_cache_table(THD *thd, char *table_name, */ *engine_data= 0; - /* - If a concurrent INSERT has happened just before the currently processed - SELECT statement, the total size of the table is unknown. + if (file->s->concurrent_insert) + { + /* + If a concurrent INSERT has happened just before the currently + processed SELECT statement, the total size of the table is + unknown. - To determine if the table size is known, the current thread's snap shot of - the table size with the actual table size are compared. + To determine if the table size is known, the current thread's snap + shot of the table size with the actual table size are compared. - If the table size is unknown the SELECT statement can't be cached. - */ - ulonglong actual_data_file_length; - ulonglong current_data_file_length; + If the table size is unknown the SELECT statement can't be cached. - /* - POSIX visibility rules specify that "2. Whatever memory values a - thread can see when it unlocks a mutex <...> can also be seen by any - thread that later locks the same mutex". In this particular case, - concurrent insert thread had modified the data_file_length in - MYISAM_SHARE before it has unlocked (or even locked) - structure_guard_mutex. So, here we're guaranteed to see at least that - value after we've locked the same mutex. We can see a later value - (modified by some other thread) though, but it's ok, as we only want - to know if the variable was changed, the actual new value doesn't matter - */ - actual_data_file_length= file->s->state.state.data_file_length; - current_data_file_length= file->save_state.data_file_length; + When concurrent inserts are disabled at table open, mi_open() + does not assign a get_status() function. In this case the local + ("current") status is never updated. We would wrongly think that + we cannot cache the statement. + */ + ulonglong actual_data_file_length; + ulonglong current_data_file_length; - if (current_data_file_length != actual_data_file_length) - { - /* Don't cache current statement. */ - return FALSE; + /* + POSIX visibility rules specify that "2. Whatever memory values a + thread can see when it unlocks a mutex <...> can also be seen by any + thread that later locks the same mutex". In this particular case, + concurrent insert thread had modified the data_file_length in + MYISAM_SHARE before it has unlocked (or even locked) + structure_guard_mutex. So, here we're guaranteed to see at least that + value after we've locked the same mutex. We can see a later value + (modified by some other thread) though, but it's ok, as we only want + to know if the variable was changed, the actual new value doesn't matter + */ + actual_data_file_length= file->s->state.state.data_file_length; + current_data_file_length= file->save_state.data_file_length; + + if (current_data_file_length != actual_data_file_length) + { + /* Don't cache current statement. */ + DBUG_RETURN(FALSE); + } } /* It is ok to try to cache current statement. */ - return TRUE; + DBUG_RETURN(TRUE); } #endif -- cgit v1.2.1 From 1f0e9f5a5ded1cfb7640b5d6d7f697a56e8cb5b5 Mon Sep 17 00:00:00 2001 From: "svoj@mysql.com/june.mysql.com" <> Date: Fri, 14 Mar 2008 19:38:22 +0400 Subject: BUG#28248 - mysqldump results with MERGE ... UNION=() cannot be executed When there are no underlying tables specified for a merge table, SHOW CREATE TABLE outputs a statement that cannot be executed. The same is true for mysqldump (it generates dumps that cannot be executed). This happens because SQL parser does not accept empty UNION() clause. This patch changes the following: - it is now possible to execute CREATE/ALTER statement with empty UNION() clause. - the same as above, but still worth noting: it is now possible to remove underlying tables mapping using ALTER TABLE ... UNION=(). - SHOW CREATE TABLE does not output UNION() clause if there are no underlying tables specified for a merge table. This makes mysqldump slightly smaller. --- sql/ha_myisammrg.cc | 6 ++++++ sql/sql_yacc.yy | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) (limited to 'sql') diff --git a/sql/ha_myisammrg.cc b/sql/ha_myisammrg.cc index 78492d2843d..b796978f352 100644 --- a/sql/ha_myisammrg.cc +++ b/sql/ha_myisammrg.cc @@ -602,6 +602,12 @@ void ha_myisammrg::append_create_info(String *packet) packet->append(STRING_WITH_LEN(" INSERT_METHOD=")); packet->append(get_type(&merge_insert_method,file->merge_insert_method-1)); } + /* + There is no sence adding UNION clause in case there is no underlying + tables specified. + */ + if (file->open_tables == file->end_table) + return; packet->append(STRING_WITH_LEN(" UNION=(")); MYRG_TABLE *open_table,*first; diff --git a/sql/sql_yacc.yy b/sql/sql_yacc.yy index 04285fea227..b877a789732 100644 --- a/sql/sql_yacc.yy +++ b/sql/sql_yacc.yy @@ -2932,7 +2932,7 @@ create_table_option: my_error(ER_WARN_DEPRECATED_SYNTAX, MYF(0), "RAID_CHUNKSIZE", "PARTITION"); MYSQL_YYABORT; } - | UNION_SYM opt_equal '(' table_list ')' + | UNION_SYM opt_equal '(' opt_table_list ')' { /* Move the union list to the merge_list */ LEX *lex=Lex; -- cgit v1.2.1 From f23e3fd04c98c4df25e39e946193651e1f1c0f11 Mon Sep 17 00:00:00 2001 From: "davi@mysql.com/endora.local" <> Date: Fri, 14 Mar 2008 17:40:12 -0300 Subject: Bug#35103 mysql_client_test::test_bug29948 causes sporadic failures The problem was that the COM_STMT_SEND_LONG_DATA was sending a response packet if the prepared statement wasn't found in the server (due to reconnection). The commands COM_STMT_SEND_LONG_DATA and COM_STMT_CLOSE should not send any packets, even error packets should not be sent since they are not expected by the client API. The solution is to clear generated during the execution of the aforementioned commands and to skip resend of prepared statement commands. Another fix is that if the connection breaks during the send of prepared statement command, the command is not sent again since the prepared statement is no longer in the server. --- sql/sql_prepare.cc | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) (limited to 'sql') diff --git a/sql/sql_prepare.cc b/sql/sql_prepare.cc index 18cfd8d7dfc..207183f567c 100644 --- a/sql/sql_prepare.cc +++ b/sql/sql_prepare.cc @@ -2516,7 +2516,7 @@ void mysql_stmt_close(THD *thd, char *packet) DBUG_ENTER("mysql_stmt_close"); if (!(stmt= find_prepared_statement(thd, stmt_id, "mysql_stmt_close"))) - DBUG_VOID_RETURN; + goto out; /* The only way currently a statement can be deallocated when it's @@ -2525,6 +2525,9 @@ void mysql_stmt_close(THD *thd, char *packet) DBUG_ASSERT(! (stmt->flags & (uint) Prepared_statement::IS_IN_USE)); (void) stmt->deallocate(); +out: + /* clear errors, response packet is not expected */ + thd->clear_error(); DBUG_VOID_RETURN; } @@ -2591,10 +2594,7 @@ void mysql_stmt_get_longdata(THD *thd, char *packet, ulong packet_length) #ifndef EMBEDDED_LIBRARY /* Minimal size of long data packet is 6 bytes */ if (packet_length <= MYSQL_LONG_DATA_HEADER) - { - my_error(ER_WRONG_ARGUMENTS, MYF(0), "mysql_stmt_send_long_data"); - DBUG_VOID_RETURN; - } + goto out; #endif stmt_id= uint4korr(packet); @@ -2614,7 +2614,7 @@ void mysql_stmt_get_longdata(THD *thd, char *packet, ulong packet_length) stmt->last_errno= ER_WRONG_ARGUMENTS; sprintf(stmt->last_error, ER(ER_WRONG_ARGUMENTS), "mysql_stmt_send_long_data"); - DBUG_VOID_RETURN; + goto out; } #endif @@ -2630,6 +2630,10 @@ void mysql_stmt_get_longdata(THD *thd, char *packet, ulong packet_length) stmt->last_errno= ER_OUTOFMEMORY; sprintf(stmt->last_error, ER(ER_OUTOFMEMORY), 0); } + +out: + /* clear errors, response packet is not expected */ + thd->clear_error(); DBUG_VOID_RETURN; } -- cgit v1.2.1 From 44fe22e727c41759474a8724129e1d80e9bbd3bb Mon Sep 17 00:00:00 2001 From: "davi@mysql.com/endora.local" <> Date: Mon, 17 Mar 2008 11:16:37 -0300 Subject: Post-merge fix for Bug 35103. --- sql/sql_prepare.cc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'sql') diff --git a/sql/sql_prepare.cc b/sql/sql_prepare.cc index 207183f567c..b00606aba4a 100644 --- a/sql/sql_prepare.cc +++ b/sql/sql_prepare.cc @@ -2602,7 +2602,7 @@ void mysql_stmt_get_longdata(THD *thd, char *packet, ulong packet_length) if (!(stmt=find_prepared_statement(thd, stmt_id, "mysql_stmt_send_long_data"))) - DBUG_VOID_RETURN; + goto out; param_number= uint2korr(packet); packet+= 2; -- cgit v1.2.1 From 70ca2ae2873ce1df767561a8817aada68c85c5f4 Mon Sep 17 00:00:00 2001 From: "svoj@mysql.com/april.(none)" <> Date: Tue, 18 Mar 2008 16:38:12 +0400 Subject: Make gcov happy. --- sql/log_event.cc | 2 +- sql/repl_failsafe.cc | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'sql') diff --git a/sql/log_event.cc b/sql/log_event.cc index 8e14a873fc6..05dccd782ad 100644 --- a/sql/log_event.cc +++ b/sql/log_event.cc @@ -406,7 +406,7 @@ Log_event::Log_event(const char* buf, binlog, so which will cause problems if the user uses this value in CHANGE MASTER). */ - log_pos+= data_written; + log_pos+= data_written; /* purecov: inspected */ } DBUG_PRINT("info", ("log_pos: %lu", (ulong) log_pos)); diff --git a/sql/repl_failsafe.cc b/sql/repl_failsafe.cc index f1826678c9f..7f98dd2d64a 100644 --- a/sql/repl_failsafe.cc +++ b/sql/repl_failsafe.cc @@ -191,7 +191,7 @@ int register_slave(THD* thd, uchar* packet, uint packet_length) err: my_free((gptr) si, MYF(MY_WME)); - my_message(ER_UNKNOWN_ERROR, errmsg, MYF(0)); + my_message(ER_UNKNOWN_ERROR, errmsg, MYF(0)); /* purecov: inspected */ err2: return 1; } -- cgit v1.2.1 From 2b552aae5024d4ac97b9bee50b4625edc5943897 Mon Sep 17 00:00:00 2001 From: "svoj@mysql.com/june.mysql.com" <> Date: Thu, 20 Mar 2008 19:07:17 +0400 Subject: BUG#34788 - malformed federated connection url is not handled correctly - crashes server ! Creating federated table with connect string containing empty (zero-length) host name and port is evaluated as 0 (port is incorrect, omitted or 0) crashes server. This happens because federated calls strcmp() with NULL pointer. Fixed by avoiding strcmp() call if hostname is set to NULL. --- sql/ha_federated.cc | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) (limited to 'sql') diff --git a/sql/ha_federated.cc b/sql/ha_federated.cc index c0743bd6c9a..a5e4714c53a 100644 --- a/sql/ha_federated.cc +++ b/sql/ha_federated.cc @@ -643,12 +643,19 @@ static int parse_url(FEDERATED_SHARE *share, TABLE *table, if ((strchr(share->table_name, '/'))) goto error; + /* + If hostname is omitted, we set it to NULL. According to + mysql_real_connect() manual: + The value of host may be either a hostname or an IP address. + If host is NULL or the string "localhost", a connection to the + local host is assumed. + */ if (share->hostname[0] == '\0') share->hostname= NULL; if (!share->port) { - if (strcmp(share->hostname, my_localhost) == 0) + if (!share->hostname || strcmp(share->hostname, my_localhost) == 0) share->socket= my_strdup(MYSQL_UNIX_ADDR, MYF(0)); else share->port= MYSQL_PORT; -- cgit v1.2.1 From f064cd84d59c0f9de3dc8842c28227c6a4d75a00 Mon Sep 17 00:00:00 2001 From: "svoj@mysql.com/june.mysql.com" <> Date: Tue, 25 Mar 2008 12:47:57 +0400 Subject: BUG#35509 - Federated leaks memory when connecting to localhost/default port When creating federated table that points to unspecified host or localhost on unspecified port or port is 0, small memory leak occurs. This happens because we make a copy of unix socket path, which is never freed. With this fix we do not make a copy of unix socket path, instead share->socket points to MYSQL_UNIX_ADDR constant directly. This fix is covered by a test case for BUG34788. Affects 5.0 only. --- sql/ha_federated.cc | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'sql') diff --git a/sql/ha_federated.cc b/sql/ha_federated.cc index a5e4714c53a..d414dc34f02 100644 --- a/sql/ha_federated.cc +++ b/sql/ha_federated.cc @@ -656,7 +656,7 @@ static int parse_url(FEDERATED_SHARE *share, TABLE *table, if (!share->port) { if (!share->hostname || strcmp(share->hostname, my_localhost) == 0) - share->socket= my_strdup(MYSQL_UNIX_ADDR, MYF(0)); + share->socket= (char*) MYSQL_UNIX_ADDR; else share->port= MYSQL_PORT; } @@ -1342,7 +1342,6 @@ static int free_share(FEDERATED_SHARE *share) { hash_delete(&federated_open_tables, (byte*) share); my_free((gptr) share->scheme, MYF(MY_ALLOW_ZERO_PTR)); - my_free((gptr) share->socket, MYF(MY_ALLOW_ZERO_PTR)); thr_lock_delete(&share->lock); VOID(pthread_mutex_destroy(&share->mutex)); my_free((gptr) share, MYF(0)); -- cgit v1.2.1