summaryrefslogtreecommitdiff
path: root/sql
Commit message (Collapse)AuthorAgeFilesLines
* MDEV-30112 ASAN errors in Item_ident::print / generate_partition_syntaxbb-10.3-midenokAleksey Midenkov2022-12-011-0/+2
| | | | | | | | Like in MDEV-16110 we must release items allocated on thd->mem_root by reopening the table. MDEV-16290 relocated MDEV-16110 fix in 10.5 so it works for MDEV-28576 as well. 10.3 without MDEV-16290 now duplicates this fix.
* MDEV-30023 Revoking Privilege on the Column Yields the Errorbb-10.3-vicentiuVicențiu Ciorbaru2022-11-301-2/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The change from MDEV-29465 exposed a flaw in replace_column_table where again we were not properly updating the column-level bits. replace_table_table was changed in MDEV-29465 to properly update grant_table->init_cols, however replace_column_table still only modified grant_column->rights when the GRANT_COLUMN already existed. This lead to a missmatch between GRANT_COLUMN::init_rights and GRANT_COLUMN::rights, *if* the GRANT_COLUMN already existed. As an example: GRANT SELECT (col1) ... Here: For col1 GRANT_COLUMN::init_rights and GRANT_COLUMN::rights are set to 1 (SELECT) in replace_column_table. GRANT INSERT (col1) ... Here, without this patch GRANT_COLUMN::init_rights is still 1 and GRANT_COLUMN::rights is 3 (SELECT_PRIV | INSERT_PRIV) Finally, if before this patch, one does: REVOKE SELECT (col1) ... replace_table_table will see that init_rights loses bit 1 thus it considers there are no more rights granted on that particular table. This prompts the whole GRANT_TABLE to be removed via the first revoke, when the GRANT_COLUMN corresponding to it should still have init_rights == 2. By also updating replace_column_table to keep init_rights in sync properly, the issue is resolved. Reviewed by <serg@mariadb.com>
* Safety fixMonty2022-11-291-3/+4
| | | | | Ensure that all memory allocated by TABLE_LIST::change_refs_to_fields() is in the same memory root!
* MDEV-29169 Using MATCH returns NULL for Virtual ColumnNikita Malyavin2022-11-231-0/+5
| | | | | | | Virtual column values are updated in handler in reading commands, like ha_index_next, etc. This was missing for ha_ft_read. handler::ha_ft_read: add table->update_virtual_fields() call
* MDEV-29817: Issues with handling options for SSL CRLs (and some others)Julius Goryavsky2022-11-221-3/+3
| | | | | | | | | | This patch adds the correct setting of the "--ssl-verify-server-cert" option in the client-side utilities such as mysqlcheck and mysqlslap, as well as the correct setting of the "--ssl-crl" option when executing queries on the slave side, and also add the correct option codes in the "sslopts-logopts.h" file (in the latter case, incorrect values are not a problem right now, but may cause subtle test failures in the future, if the option handling code changes).
* MDEV-12274: Too many connections warning in error log (#2213)Daniel Black2022-11-181-1/+2
| | | | | | | | | | | | Because of the default warning level, aborted unauthenticated connections are in the error log. These errors frequently occur in production environments because cancelled connectiosn occur all the time when web pages are shutdown. Rather than flood our user's errors log with these ordinary messages, lets push them down to the warning level at log-warnings=4 level. Concept approved by Monty.
* MDEV-29473 UBSAN: Signed integer overflow: X * Y cannot be represented in ↵Alexander Barkov2022-11-173-14/+18
| | | | | | | | | | | | | | | | | | | | | | type 'int' in strings/dtoa.c Fixing a few problems relealed by UBSAN in type_float.test - multiplication overflow in dtoa.c - uninitialized Field::geom_type (and Field::srid as well) - Wrong call-back function types used in combination with SHOW_FUNC. Changes in the mysql_show_var_func data type definition were not properly addressed all around the code by the following commits: b4ff64568c88ab3ce559e7bd39853d9cbf86704a 18feb62feeb833494d003615861b9c78ec008a90 0ee879ff8ac1b80cd9a963015344f5698a81f309 Adding a helper SHOW_FUNC_ENTRY() function and replacing all mysql_show_var_func declarations using SHOW_FUNC to SHOW_FUNC_ENTRY, to catch mysql_show_var_func in the future at compilation time.
* MDEV-10087 mysqld_update()/mysql_delete() continues execution even after ↵Vlad Lesin2022-11-091-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | subquery with JOIN gets error from storage engine The issue is that record_should_be_deleted() returns true in mysql_delete() even if sub-select with join gets error from storage engine when DELETE FROM ... WHERE ... IN (SELECT ...) statement is executed. The same is true for mysql_update() where select->skip_record() returns true even if sub-select with join gets error from storage engine. In the test case if sub-select is chosen as deadlock victim the whole transaction is rolled back during sub-select execution, but mysql_delete()/mysql_update() continues transaction execution and invokes table->delete_row() as record_should_be_deleted() wrongly returns true in mysql_delete() and table->update_row() as select->skip_record(thd) wrongly returns 1 for mysql_update(). record_should_be_deleted() wrogly returns true because thd->is_error() returns false SQL_SELECT::skip_record() invoked from record_should_be_deleted(). It's supposed that THD error should be set in rr_handle_error() called from rr_sequential() during sub-select JOIN::exec_inner() execution. But rr_handle_error() does not set THD error because READ_RECORD::print_error is not set in JOIN_TAB::read_record. READ_RECORD::print_error should be initialized in init_read_record()/init_read_record_idx(). But make_join_readinfo() does not invoke init_read_record()/init_read_record_idx() for JOIN_TAB::read_record. The fix is to set JOIN_TAB::read_record.print_error in make_join_readinfo(), i.e. in the same place where JOIN_TAB::read_record.table is set. Reviewed by Sergey Petrunya.
* Merge branch '10.3' into bb-10.3-releaseOleksandr Byelkin2022-11-071-2/+2
|\
| * MDEV-29847: Wrong warning on rlimit capping of max_open_files (#2315)Daniel Black2022-10-281-2/+2
| | | | | | | | | | | | | | Per the code my_set_max_open_files 3 lines earlier, we attempt to set the nofile (number of open files), rlimit to max_open_files. We should use this in the warning because wanted_files may not be the number.
* | MDEV-29926: ASAN heap-use-after-free in Explain_query::~Explain_querymariadb-10.3.37Oleksandr Byelkin2022-11-021-1/+9
|/ | | | Make sure that EXPLAIN object allocated on runtime arena.
* Add skipped changes to oracle mode parser.Oleksandr Byelkin2022-10-261-3/+9
|
* MDEV-26161 crash in Gis_point::calculate_haversineAlexey Botchkov2022-10-263-13/+25
| | | | More checks for bad geometry data added.
* MDEV-26161 crash in Gis_point::calculate_haversineSergei Golubchik2022-10-252-12/+17
| | | | return an error on invalid gis data
* cleanup: put casts in a separate statementSergei Golubchik2022-10-251-20/+18
| | | | remove useless if()
* MDEV-29811 server advertises ssl even if it's unusable.Vladislav Vaintroub2022-10-251-4/+3
| | | | | | Abort startup, if SSL setup fails. Also, for the server always check that certificate matches private key (even if ssl_cert is not set, OpenSSL will try to use default one)
* MDEV-29748 ASAN errors or server crash in File_parser::parse upon concurrent ↵Oleksandr Byelkin2022-10-243-14/+16
| | | | | | | | view operations Read the version of the view share when we read definition to prevent simultaniouse access to a view table SHARE (and so its MEM_ROOT) from different threads.
* MDEV-16549 Server crashes in Item_field::fix_fields on query with view and ↵Oleksandr Byelkin2022-10-243-2/+20
| | | | | | | subquery, Assertion `context' failed, Assertion `field' failed Add one-table-resolve context for items created with an aim of switching to temporary table because then it can be cloned in push-down-condition.
* MDEV-29851 Cached role privileges are not invalidated when neededSergei Golubchik2022-10-221-0/+3
| | | | GRANT ROLE can update db-level privileges -> must invalidate acl_cache
* remove two acl_cache->clear()Sergei Golubchik2022-10-221-2/+1
| | | | | * to "clear hostname cache" one needs to use hostname_cache->clear() * no need to clear acl_cache for SET DEFAULT ROLE
* fix for x86 and other 32-bit little engian archSergei Golubchik2022-10-221-18/+18
| | | | (and for 64-bit big endian)
* Use OPENSSL_free instead of free to avoid instance crashHaidong Ji2022-10-221-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | OpenSSL handles memory management using **OPENSSL_xxx** API[^1]. For allocation, there is `OPENSSL_malloc`. To free it, `OPENSSL_free` should be called. We've been lucky that OPENSSL (and wolfSSL)'s implementation allowed the usage of `free` for memory cleanup. However, other OpenSSL forks, such as AWS-LC[^2], is not this forgiving. It will cause a server crash. Test case `openssl_1` provides good coverage for this issue. If a user is created using: `grant select on test.* to user1@localhost require SUBJECT "...";` user1 will crash the instance during connection under AWS-LC. There have been numerous OpenSSL forks[^3]. Due to FIPS[^4] and other related regulatory requirements, MariaDB will be built using them. This fix will increase MariaDB's adaptability by using more compliant and generally accepted API. All new code of the whole pull request, including one or several files that are either new files or modified ones, are contributed under the BSD-new license. I am contributing on behalf of my employer Amazon Web Services, Inc. [^1]: https://www.openssl.org/docs/man1.1.1/man3/OPENSSL_malloc.html [^2]: https://github.com/awslabs/aws-lc [^3]: https://en.wikipedia.org/wiki/OpenSSL#Forks [^4]: https://en.wikipedia.org/wiki/FIPS_140-2
* MDEV-29678 Valgrind/MSAN uninitialised value errors upon PS with ALTER under ↵Daniel Black2022-10-221-0/+1
| | | | | | | | ONLY_FULL_GROUP_BY st_select_lex::init_query is called in the exectuion of EXECUTE IMMEDIATE 'alter table ...'. so reset the initialization at the same point we set join= 0.
* MDEV-23160: SIGSEGV in Explain_node::print_explain_for_children on UNION SELECTSergei Petrunia2022-10-211-2/+13
| | | | | | | | | | | | | | | | | | | | | | | | and also MDEV-25564, MDEV-18157. Attempt to produce EXPLAIN output caused a crash in Explain_node::print_explain_for_children. The cause of this was that an Explain_node (actually a derived) had a link to child select#N, but there was no query plan present for select#N. The query plan wasn't present because the subquery was eliminated. - Either it was a degenerate subquery like "(SELECT 1)" in MDEV-25564. - Or it was a subquery in a UNION subquery's ORDER BY clause: col IN (SELECT ... UNION SELECT ... ORDER BY (SELECT FROM t1)) In such cases, legacy code structure in subquery/union processing code(*) makes it hard to detect that the subquery was eliminated, so we end up with EXPLAIN data structures (Explain_node::children) having dangling links to child subqueries. Do make the checks and don't follow the dangling links. (In ideal world, we should not have these dangling links. But fixing the code (*) would have high risk for the stable versions).
* MDEV-19569 Assertion `table_list->table' failed in find_field_in_table_ref.Alexey Botchkov2022-10-192-12/+22
| | | | | | Disallow subqueries in The PARTITIN BY INTERVAL syntax. Fix various interval types that now fail as they break syntax in the par file.
* MDEV-29540 Incorrect sequence values in INSERT SELECTDaniel Black2022-10-192-14/+13
| | | | | | | | | | | | | | The population of default values in INSERT SELECT was being performed twice. With sequences, this resulted in every second sequence value being used. With SELECT INSERT we remove the second invokation of table->update_default_fields(). This was already performed in store_values() invoking fill_record_n_invoke_before_triggers() which invoked update_default_fields() previously. We do need to return an error on duplicate values, so the ::store_values is extended to take the ignore option.
* MDEV-29753 fixup: Silence bogus GCC -Og -Wmaybe-uninitializedMarko Mäkelä2022-10-181-1/+1
|
* MDEV-28455: CREATE TEMPORARY TABLES privilege is insufficient for SHOW COLUMNSAnel Husakovic2022-10-183-6/+15
| | | | | | | | | | | | | | | =========== Problem ============= - `show columns` is not working for temporary tables, even though there is enough privilege `create temporary tables`. =========== Solution ============= - Append `TMP_TABLE_ACLS` privilege when running `show columns` for temp tables. - Additionally `check_access()` for database only once, not for each field =========== Additionally ============= - Update comments for function `check_table_access` arguments Reviewed by: <vicentiu@mariadb.org>
* MDEV-16128: Server crash in Item_func::print_op on 2nd execution of PSDmitry Shulga2022-10-171-2/+11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | For some queries that involve tables with different but convertible character sets for columns taking part in the query, repeatable execution of such queries in PS mode or as part of a stored routine would result in server abnormal termination. For example, CREATE TABLE t1 (a2 varchar(10)); CREATE TABLE t2 (u1 varchar(10) CHARACTER SET utf8); CREATE TABLE t3 (u2 varchar(10) CHARACTER SET utf8); PREPARE stmt FROM "SELECT t1.* FROM (t1 JOIN t2 ON (t2.u1 = t1.a2)) WHERE (EXISTS (SELECT 1 FROM t3 WHERE t3.u2 = t1.a2))"; EXECUTE stmt; EXECUTE stmt; <== Running this prepared statement the second time results in server crash. The reason of server crash is that an instance of the class Item_func_conv_charset, that created for conversion of a column from one character set to another, is allocated on execution memory root but pointer to this instance is stored in an item placed on prepared statement memory root. Below is calls trace to the place where an instance of the class Item_func_conv_charset is created. setup_conds Item_func::fix_fields Item_bool_rowready_func2::fix_length_and_dec Item_func::setup_args_and_comparator Item_func_or_sum::agg_arg_charsets_for_comparison Item_func_or_sum::agg_arg_charsets Item_func_or_sum::agg_item_set_converter Item::safe_charset_converter And the following trace shows the place where a pointer to the instance of the class Item_func_conv_charset is passed to the class Item_func_eq, that is created on a memory root of the prepared statement. Prepared_statement::execute mysql_execute_command execute_sqlcom_select handle_select mysql_select JOIN::optimize JOIN::optimize_inner convert_join_subqueries_to_semijoins convert_subq_to_sj To fix the issue, switch to the Prepared Statement memory root before calling the method Item_func::setup_args_and_comparator in order to place any created Items on permanent memory root. It may seem that such approach would result in a memory leakage in case the parameter marker '?' is used in the query as in the following example PREPARE stmt FROM "SELECT t1.* FROM (t1 JOIN t2 ON (t2.u1 = t1.a2)) WHERE (EXISTS (SELECT 1 FROM t3 WHERE t3.u2 = ?))"; EXECUTE stmt USING convert('A' using latin1); but it wouldn't since for such case any of the parameter markers is treated as a constant and no subquery to semijoin optimization is performed.
* MDEV-29750 triggers can modify historySergei Golubchik2022-10-161-0/+2
| | | | | | should be the same behavior as for virtual columns: * a warning on every inserted row * silently ignored in a trigger
* MDEV-29753 An error is wrongly reported during INSERT with vcol indexNikita Malyavin2022-10-121-3/+14
| | | | | | | | | | | | See also commits aa8a31da and 64678c for a Bug #22990029 fix. In this scenario INSERT chose to check if delete unmarking is available for a just deleted record. To build an update vector, it needed to calculate the vcols as well. Since this INSERT was not IGNORE-flagged, recalculation failed. Solutiuon: temporarily set abort_on_warning=true, while calculating the column for delete-unmarked insert.
* MDEV-29299 SELECT from table with vcol index reports warningNikita Malyavin2022-10-123-2/+29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | As of now innodb does not store trx_id for each record in secondary index. The idea behind is following: let us store only per-page max_trx_id, and delete-mark the records when they are deleted/updated. If the read starts, it rememders the lowest id of currently active transaction. Innodb refers to it as trx->read_view->m_up_limit_id. See also ReadView::open. When the page is fetched, its max_trx_id is compared to m_up_limit_id. If the value is lower, and the secondary index record is not delete-marked, then this page is just safe to read as is. Else, a clustered index could be needed ato access. See page_get_max_trx_id call in row_search_mvcc, and the corresponding switch (row_search_idx_cond_check(...)) below. Virtual columns are required to be updated in case if the record was delete-marked. The motivation behind it is documented in Row_sel_get_clust_rec_for_mysql::operator() near row_sel_sec_rec_is_for_clust_rec call. This was basically a description why virtual column computation can normally happen during SELECT, and, generally, a vcol index access. Sometimes stats tables are updated by innodb. This starts a new transaction, and it can happen that it didn't finish to the moment of SELECT execution, forcing virtual columns recomputation. If the result was a something that normally outputs a warning, like division by zero, then it could be outputted in a racy manner. The solution is to suppress the warnings when a column is computed for the described purpose. ignore_wrnings argument is added innobase_get_computed_value. Currently, it is only true for a call from row_sel_sec_rec_is_for_clust_rec.
* MDEV-29102 system_time_zone is incorrect on Windows when TZ is setVladislav Vaintroub2022-10-111-7/+17
| | | | | | | | | | | | MDEV-19243 introduced a regression on Windows. In (supposedly rare) case, where environment variable TZ was set, @@system_time_zone no longer derives from TZ. Instead, it incorrecty refers to system default time zone, eventhough UTC time conversion takes TZ into account. The fix is to restore TZ-aware handling (timezone name derives from tzname), if TZ is set.
* Silence clang 13 -Wunused-but-set-variable for BisonMarko Mäkelä2022-10-101-2/+9
|
* MDEV-29706 : SIGSEGV in wsrep_TOI_begin on non-Galera buildsJan Lindström2022-10-061-0/+6
| | | | Do not allow setting wsrep_on=ON if no provider is set.
* MDEV-29697 Assertion failure in Diagnostics_area::set_ok_statusAleksey Midenkov2022-10-051-0/+1
| | | | | | upon CREATE OR REPLACE causing ER_UPDATE_TABLE_USED Missed set return status to 1.
* MDEV-28576 RENAME COLUMN with NOCOPY algorithm leads to corrupt partitioned ↵Aleksey Midenkov2022-10-051-0/+47
| | | | | | | | | | | | table When f.ex. table is partitioned by HASH(a) and we rename column `a' to `b' partitioning filter stays unchanged: HASH(a). That's the wrong behavior. The patch updates partitioning filter in accordance to the new columns names. That includes partition/subpartition expression and partition/subpartition field list.
* MDEV-28576 Ability to manipulate List<const char *>Aleksey Midenkov2022-10-051-6/+6
| | | | | | | For "const char *" replace() and after() accepted const as "T *" and passed forward "void *". This cannot be cast implicitly, so we better use "const void *" instead of "void *" in the input interface. This way we avoid problems with using List for any const type.
* cleanup: suppress rocksdb compilation warning, fix a commentSergei Golubchik2022-10-011-2/+2
|
* compilation errorSergei Golubchik2022-10-012-3/+2
| | | | extended initializers are only allowed since c++11
* MDEV-17124: mariadb 10.1.34, views and prepared statements: ERROR 1615 ↵Oleksandr Byelkin2022-09-3011-63/+235
| | | | | | | | | | | | | | | | | | (HY000): Prepared statement needs to be re-prepared The problem is that if table definition cache (TDC) is full of real tables which are in tables cache, view definition can not stay there so will be removed by its own underlying tables. In situation above old mechanism of detection matching definition in PS and current version always require reprepare and so prevent executing the PS. One work around is to increase TDC, other - improve version check for views/triggers (which is done here). Now in suspicious cases we check: - timestamp (microseconds) of the view to be sure that version really have changed; - time (microseconds) of creation of a trigger related to time (microseconds) of statement preparation.
* Better declaration of the buffer sizeOleksandr Byelkin2022-09-302-8/+13
|
* MDEV-28548: ER_TABLEACCESS_DENIED_ERROR is missing information about DBAnel Husakovic2022-09-307-52/+42
| | | | | | | - Added missing information about database of corresponding table for various types of commands - Update some typos - Reviewed by: <vicentiu@mariadb.org>
* MDEV-29361 Infinite recursive calls when detecting CTE dependenciesIgor Babaev2022-09-284-35/+91
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch resolves the problem of improper name resolution of table references to embedded CTEs for some queries. This improper binding could lead to - infinite sequence of calls of recursive functions - crashes due to resolution of null pointers - wrong result sets returned by queries - bogus error messages If the definition of a CTE contains with clauses then such CTE is called embedding CTE while CTEs from the with clauses are called embedded CTEs. If a table reference used in the definition of an embedded CTE cannot be resolved within the unit that contains this reference it still may be resolved against a CTE definition from the with clause with one of the embedding CTEs. A table reference can be resolved against a CTE definition if it used in the the scope of this definition and it refers to the name of the CTE. Table reference t is in the scope of the CTE definition of CTE cte if - the definition of cte is an element of a with clause declared as RECURSIVE and the reference t belongs either to the unit to which this with clause is attached or to one of the elements of this clause - the definition of cte is an element of a with clause without RECURSIVE specifier and the reference t belongs either to the unit to which this with clause is attached or to one of the elements from this clause that are placed before the definition of cte. If a table reference can be resolved against several CTE definitions then it is bound to the most embedded. The code before this patch not always resolved table references used in embedded CTE according to the above rules. Approved by Oleksandr Byelkin <sanja@mariadb.com>
* Use memory safe snprintf() in Connect Engine and elsewhere (#2210)Mikhail Chalov2022-09-282-31/+31
| | | | | | | | | Continue with similar changes as done in 19af1890 to replace sprintf(buf, ...) with snprintf(buf, sizeof(buf), ...), specifically in the "easy" cases where buf is allocated with a size known at compile time. All new code of the whole pull request, including one or several files that are either new files or modified ones, are contributed under the BSD-new license. I am contributing on behalf of my employer Amazon Web Services, Inc.
* MDEV-21134 Crash with partitioned table, PARTITION syntax, and index_merge.Alexey Botchkov2022-09-271-0/+15
| | | | | When the partition table is cloned, the handlers for the partitions that were not opened should anyway be created (but not opened).
* MDEV-29022 add_slave destroy child list and has dead codeOleksandr Byelkin2022-09-278-74/+10
| | | | | | | Nowdays subquery in a UNION's ORDER BY placed correctly in fake select, the only problem was incorrect Name_resolution_contect is fixed by this patch in parsing, so we do not need scanning/reseting of ORDER BY of a union.
* Backport fix for MDEV-29352 to 10.3-10.5Alexey Botchkov2022-09-211-2/+3
| | | | | | | | | | | | | | | | | The fix for MDEV-29352 was pushed to 10.6+ but the code causing the bug is old and the bug is unlikely to be a recent regression in 10.6. So, we apply the fix also to older versions, 10.3-10.5. The original commit message: MDEV-29352 SIGSEGV's in strlen and unknown location on optimized builds at SHUTDOWN When the UDF creation frails to write the newly created UDF into the related system table, the UDF is still created in memory. However, as it is now, the related DLL is unloaded in this case right in the mysql_create_function. And failure happens when the UDF handle is freed and tries to unload the respective DLL which is still unloaded.
* MDEV-29561 SHOW CREATE TABLE produces syntactically incorrect structureAlexander Barkov2022-09-203-10/+26
|
* MDEV-22647 Assertion `!check_audit_mask(mysql_global_audit_mask, ↵Sergei Golubchik2022-09-141-2/+0
| | | | | | | | | | | | | | | | | event_class_mask)' check_audit_mask(mysql_global_audit_mask, event_class_mask) is tested in mysql_audit_general_log() and then assert in mysql_audit_acquire_plugins() verifies that the condition still holds. But this code path is not protected by LOCK_audit_mask, so mysql_global_audit_mask can change its value between the if() and the assert. That is, the assert is invalid and will fire if the audit plugin is unloaded concurrently with mysql_audit_general_log(). Nothing bad will happen in this case though, we'll just do a useless loop over all remaining installed audit plugins. That is, the fix is simply to remove the assert.
View Lorry Controller Status