From 6d14cae604d064ec5cd8141bfd05408cc41bf134 Mon Sep 17 00:00:00 2001 From: Alexey Botchkov Date: Thu, 12 Aug 2010 15:59:02 +0500 Subject: Bug#55146 Assertion `m_part_spec.start_part == m_part_spec.end_part' in index_read_idx_map As we check for the impossible partitions earlier, it's possible that we don't find any suitable partitions at all. So this assertion just has to be corrected for this case. per-file comments: mysql-test/r/partition_innodb.result Bug#55146 Assertion `m_part_spec.start_part == m_part_spec.end_part' in index_read_idx_map test result updated. mysql-test/t/partition_innodb.test Bug#55146 Assertion `m_part_spec.start_part == m_part_spec.end_part' in index_read_idx_map test case added. sql/ha_partition.cc Bug#55146 Assertion `m_part_spec.start_part == m_part_spec.end_part' in index_read_idx_map Assertion changed to '>=' as the prune_partition_set() in the get_partition_set() can do start_part= end_part+1 if no possible partitions were found. --- sql/ha_partition.cc | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) (limited to 'sql') diff --git a/sql/ha_partition.cc b/sql/ha_partition.cc index a87c7fbf7b8..dea889663d1 100644 --- a/sql/ha_partition.cc +++ b/sql/ha_partition.cc @@ -4242,8 +4242,12 @@ int ha_partition::index_read_idx_map(uchar *buf, uint index, get_partition_set(table, buf, index, &m_start_key, &m_part_spec); - /* How can it be more than one partition with the current use? */ - DBUG_ASSERT(m_part_spec.start_part == m_part_spec.end_part); + /* + We have either found exactly 1 partition + (in which case start_part == end_part) + or no matching partitions (start_part > end_part) + */ + DBUG_ASSERT(m_part_spec.start_part >= m_part_spec.end_part); for (part= m_part_spec.start_part; part <= m_part_spec.end_part; part++) { -- cgit v1.2.1 From 428f0bdefbf866f0a9939e4153393b1e4b8a1a82 Mon Sep 17 00:00:00 2001 From: Mattias Jonsson Date: Thu, 16 Sep 2010 11:01:06 +0200 Subject: Bug#56287: mysql5.1.50 crash when using Partition datetime in sub in query When having a sub query in partitioned innodb one could make the partitioning engine to search for a 'index_next_same' on a partition that had not been initialized. Problem was that the subselect function looks at table->status which was not set in the partitioning handler when it skipped scanning due to no matching partitions found. Fixed by setting table->status = STATUS_NOT_FOUND when there was no partitions to scan. (If there are partitions to scan, it will be set in the partitions handler.) mysql-test/r/partition_innodb.result: added result mysql-test/t/partition_innodb.test: added test sql/ha_partition.cc: set table status to not found, if there ar no partitions to scan. --- sql/ha_partition.cc | 2 ++ 1 file changed, 2 insertions(+) (limited to 'sql') diff --git a/sql/ha_partition.cc b/sql/ha_partition.cc index 624ef1aff5b..d3846db42c2 100644 --- a/sql/ha_partition.cc +++ b/sql/ha_partition.cc @@ -4483,6 +4483,7 @@ int ha_partition::partition_scan_set_up(uchar * buf, bool idx_read_flag) key not found. */ DBUG_PRINT("info", ("scan with no partition to scan")); + table->status= STATUS_NOT_FOUND; DBUG_RETURN(HA_ERR_END_OF_FILE); } if (m_part_spec.start_part == m_part_spec.end_part) @@ -4507,6 +4508,7 @@ int ha_partition::partition_scan_set_up(uchar * buf, bool idx_read_flag) if (start_part == MY_BIT_NONE) { DBUG_PRINT("info", ("scan with no partition to scan")); + table->status= STATUS_NOT_FOUND; DBUG_RETURN(HA_ERR_END_OF_FILE); } if (start_part > m_part_spec.start_part) -- cgit v1.2.1 From 66a40d0b8ac73ece279d8a91e3da2aaa9f65ef09 Mon Sep 17 00:00:00 2001 From: Luis Soares Date: Fri, 24 Sep 2010 10:44:53 +0100 Subject: BUG#55263: assert in check_binlog_magic The procedure for setting up a fake binary log, by changing the relay log files manually, is run twice when we issue mtr with --repeat=2. However, when setting it up for the second time, neither the sql thread is reset nor the server is restarted. This means that previous stale relay log IO_CACHE metadata - from first run - is left around. As a consequence, when the test is run for the second time, the IO_CACHE for the relay log has position in file different than zero, triggering the assertion. We fix this by deploying a call to my_b_seek before calling check_binlog_magic in next_event. This prevents the server from asserting, in the cases that the SQL thread was reads from a hot log (relay.NNNNN), then is stopped, then is restarted from a previous cold log (relay.MMMMM), and then it reaches the hot log relay.NNNNN again, in which case, the read coordinates are not set to zero, but to the old values. Additionally, some comments to the source code were added. --- sql/rpl_rli.h | 10 ++++++++++ sql/slave.cc | 64 ++++++++++++++++++++++++++++++++++++++++++++++++++++++----- 2 files changed, 69 insertions(+), 5 deletions(-) (limited to 'sql') diff --git a/sql/rpl_rli.h b/sql/rpl_rli.h index 87516c366fb..69988fe5995 100644 --- a/sql/rpl_rli.h +++ b/sql/rpl_rli.h @@ -94,6 +94,16 @@ public: */ MYSQL_BIN_LOG relay_log; LOG_INFO linfo; + + /* + cur_log + Pointer that either points at relay_log.get_log_file() or + &rli->cache_buf, depending on whether the log is hot or there was + the need to open a cold relay_log. + + cache_buf + IO_CACHE used when opening cold relay logs. + */ IO_CACHE cache_buf,*cur_log; /* The following variables are safe to read any time */ diff --git a/sql/slave.cc b/sql/slave.cc index f1e0962e7e8..bd9017e6318 100644 --- a/sql/slave.cc +++ b/sql/slave.cc @@ -4349,12 +4349,66 @@ static Log_event* next_event(Relay_log_info* rli) DBUG_ASSERT(rli->cur_log_fd == -1); /* - Read pointer has to be at the start since we are the only - reader. - We must keep the LOCK_log to read the 4 first bytes, as this is a hot - log (same as when we call read_log_event() above: for a hot log we - take the mutex). + When the SQL thread is [stopped and] (re)started the + following may happen: + + 1. Log was hot at stop time and remains hot at restart + + SQL thread reads again from hot_log (SQL thread was + reading from the active log when it was stopped and the + very same log is still active on SQL thread restart). + + In this case, my_b_seek is performed on cur_log, while + cur_log points to relay_log.get_log_file(); + + 2. Log was hot at stop time but got cold before restart + + The log was hot when SQL thread stopped, but it is not + anymore when the SQL thread restarts. + + In this case, the SQL thread reopens the log, using + cache_buf, ie, cur_log points to &cache_buf, and thence + its coordinates are reset. + + 3. Log was already cold at stop time + + The log was not hot when the SQL thread stopped, and, of + course, it will not be hot when it restarts. + + In this case, the SQL thread opens the cold log again, + using cache_buf, ie, cur_log points to &cache_buf, and + thence its coordinates are reset. + + 4. Log was hot at stop time, DBA changes to previous cold + log and restarts SQL thread + + The log was hot when the SQL thread was stopped, but the + user changed the coordinates of the SQL thread to + restart from a previous cold log. + + In this case, at start time, cur_log points to a cold + log, opened using &cache_buf as cache, and coordinates + are reset. However, as it moves on to the next logs, it + will eventually reach the hot log. If the hot log is the + same at the time the SQL thread was stopped, then + coordinates were not reset - the cur_log will point to + relay_log.get_log_file(), and not a freshly opened + IO_CACHE through cache_buf. For this reason we need to + deploy a my_b_seek before calling check_binlog_magic at + this point of the code (see: BUG#55263 for more + details). + + NOTES: + - We must keep the LOCK_log to read the 4 first bytes, as + this is a hot log (same as when we call read_log_event() + above: for a hot log we take the mutex). + + - Because of scenario #4 above, we need to have a + my_b_seek here. Otherwise, we might hit the assertion + inside check_binlog_magic. */ + + my_b_seek(cur_log, (my_off_t) 0); if (check_binlog_magic(cur_log,&errmsg)) { if (!hot_log) pthread_mutex_unlock(log_lock); -- cgit v1.2.1 From 9665bee50c08b0c63cafc010a0209f098eb77220 Mon Sep 17 00:00:00 2001 From: Alfranio Correia Date: Wed, 6 Oct 2010 11:19:51 +0100 Subject: BUG#57098 RBR breaks on changing user password on 5.1 master -> 5.5 slave Backported the patch for BUG#55452. --- sql/sql_acl.cc | 15 +++++++++++++++ 1 file changed, 15 insertions(+) (limited to 'sql') diff --git a/sql/sql_acl.cc b/sql/sql_acl.cc index b507b70d1fb..ea002f59fe3 100644 --- a/sql/sql_acl.cc +++ b/sql/sql_acl.cc @@ -1593,6 +1593,7 @@ bool change_password(THD *thd, const char *host, const char *user, /* Buffer should be extended when password length is extended. */ char buff[512]; ulong query_length; + bool save_binlog_row_based; uint new_password_len= (uint) strlen(new_password); bool result= 1; DBUG_ENTER("change_password"); @@ -1628,6 +1629,14 @@ bool change_password(THD *thd, const char *host, const char *user, if (!(table= open_ltable(thd, &tables, TL_WRITE, 0))) DBUG_RETURN(1); + /* + This statement will be replicated as a statement, even when using + row-based replication. The flag will be reset at the end of the + statement. + */ + if ((save_binlog_row_based= thd->current_stmt_binlog_row_based)) + thd->clear_current_stmt_binlog_row_based(); + VOID(pthread_mutex_lock(&acl_cache->lock)); ACL_USER *acl_user; if (!(acl_user= find_acl_user(host, user, TRUE))) @@ -1663,6 +1672,12 @@ bool change_password(THD *thd, const char *host, const char *user, } end: close_thread_tables(thd); + + /* Restore the state of binlog format */ + DBUG_ASSERT(!thd->current_stmt_binlog_row_based); + if (save_binlog_row_based) + thd->set_current_stmt_binlog_row_based(); + DBUG_RETURN(result); } -- cgit v1.2.1 From c93eecdf0ad4d0c8fdee057ddb9eca258a29bd88 Mon Sep 17 00:00:00 2001 From: Luis Soares Date: Wed, 6 Oct 2010 12:23:46 +0100 Subject: BUG#38718: slave sql thread crashes when reading relay log Suprisingly, a Slave_log_event would show up in the binary log. This event is never used and should not appear in the logs. As such, when the slave (or the mysqlbinlog tool) reads the event, it will hit an invalid pointer (reference to the descriptor event when deserializing the Slave_log_event was purposodely set to NULL). The presence of the Slave_log_event denotes a corrupted log, but we cannot tell how the log got corrupted in the first place. However, we can make the server cope with such events when it reads them - in case of log corruption - and fail gracefully. This patch makes the server/mysqlbinlog to report that it has found an invalid log event when Slave_log_event is read. --- sql/log_event.cc | 14 ++++++++++---- sql/log_event.h | 4 +++- 2 files changed, 13 insertions(+), 5 deletions(-) (limited to 'sql') diff --git a/sql/log_event.cc b/sql/log_event.cc index 7becdf51747..98ce3fbade8 100644 --- a/sql/log_event.cc +++ b/sql/log_event.cc @@ -1225,7 +1225,7 @@ Log_event* Log_event::read_log_event(const char* buf, uint event_len, break; #ifdef HAVE_REPLICATION case SLAVE_EVENT: /* can never happen (unused event) */ - ev = new Slave_log_event(buf, event_len); + ev = new Slave_log_event(buf, event_len, description_event); break; #endif /* HAVE_REPLICATION */ case CREATE_FILE_EVENT: @@ -1313,8 +1313,10 @@ Log_event* Log_event::read_log_event(const char* buf, uint event_len, (because constructor is "void") ; so instead we leave the pointer we wanted to allocate (e.g. 'query') to 0 and we test it in is_valid(). Same for Format_description_log_event, member 'post_header_len'. + + SLAVE_EVENT is never used, so it should not be read ever. */ - if (!ev || !ev->is_valid()) + if (!ev || !ev->is_valid() || (event_type == SLAVE_EVENT)) { DBUG_PRINT("error",("Found invalid event in binary log")); @@ -5978,8 +5980,12 @@ void Slave_log_event::init_from_mem_pool(int data_size) /** This code is not used, so has not been updated to be format-tolerant. */ -Slave_log_event::Slave_log_event(const char* buf, uint event_len) - :Log_event(buf,0) /*unused event*/ ,mem_pool(0),master_host(0) +/* We are using description_event so that slave does not crash on Log_event + constructor */ +Slave_log_event::Slave_log_event(const char* buf, + uint event_len, + const Format_description_log_event* description_event) + :Log_event(buf,description_event),mem_pool(0),master_host(0) { if (event_len < LOG_EVENT_HEADER_LEN) return; diff --git a/sql/log_event.h b/sql/log_event.h index 816a241e55d..662fec23639 100644 --- a/sql/log_event.h +++ b/sql/log_event.h @@ -1782,7 +1782,9 @@ public: void print(FILE* file, PRINT_EVENT_INFO* print_event_info); #endif - Slave_log_event(const char* buf, uint event_len); + Slave_log_event(const char* buf, + uint event_len, + const Format_description_log_event *description_event); ~Slave_log_event(); int get_data_size(); bool is_valid() const { return master_host != 0; } -- cgit v1.2.1 From 30f57b33233baf08741aa91f9c0209b1e77689f9 Mon Sep 17 00:00:00 2001 From: Martin Hansson Date: Thu, 7 Oct 2010 10:13:11 +0200 Subject: Bug#56423: Different count with SELECT and CREATE SELECT queries This is a regression from the fix for bug no 38999. A storage engine capable of reading only a subset of a table's columns updates corresponding bits in the read buffer to signal that it has read NULL values for the corresponding columns. It cannot, and should not, update any other bits. Bug no 38999 occurred because the implementation of UPDATE statements compare the NULL bits using memcmp, inadvertently comparing bits that were never requested from the storage engine. The regression was caused by the storage engine trying to alleviate the situation by writing to all NULL bits, even those that it had no knowledge of. This has devastating effects for the index merge algorithm, which relies on all NULL bits, except those explicitly requested, being left unchanged. The fix reverts the fix for bug no 38999 in both InnoDB and InnoDB plugin and changes the server's method of comparing records. For engines that always read entire rows, we proceed as usual. For engines capable of reading only select columns, the record buffers are now compared on a column by column basis. An assertion was also added so that non comparable buffers are never read. Some relevant copy-pasted code was also consolidated in a new function. --- sql/mysql_priv.h | 3 +- sql/sql_insert.cc | 4 +-- sql/sql_update.cc | 93 ++++++++++++++++++++++++++++++++++++------------------- 3 files changed, 65 insertions(+), 35 deletions(-) (limited to 'sql') diff --git a/sql/mysql_priv.h b/sql/mysql_priv.h index 9f2c0b04f2c..709a49b2036 100644 --- a/sql/mysql_priv.h +++ b/sql/mysql_priv.h @@ -1047,7 +1047,8 @@ bool dispatch_command(enum enum_server_command command, THD *thd, char* packet, uint packet_length); void log_slow_statement(THD *thd); bool check_dup(const char *db, const char *name, TABLE_LIST *tables); -bool compare_record(TABLE *table); +bool records_are_comparable(const TABLE *table); +bool compare_records(const TABLE *table); bool append_file_to_dir(THD *thd, const char **filename_ptr, const char *table_name); void wait_while_table_is_used(THD *thd, TABLE *table, diff --git a/sql/sql_insert.cc b/sql/sql_insert.cc index 567c7ff2b30..f0735a9e093 100644 --- a/sql/sql_insert.cc +++ b/sql/sql_insert.cc @@ -1483,9 +1483,7 @@ int write_record(THD *thd, TABLE *table,COPY_INFO *info) table->file->adjust_next_insert_id_after_explicit_value( table->next_number_field->val_int()); info->touched++; - if ((table->file->ha_table_flags() & HA_PARTIAL_COLUMN_READ && - !bitmap_is_subset(table->write_set, table->read_set)) || - compare_record(table)) + if (!records_are_comparable(table) || compare_records(table)) { if ((error=table->file->ha_update_row(table->record[1], table->record[0])) && diff --git a/sql/sql_update.cc b/sql/sql_update.cc index 7da8a68546f..01c70a7a268 100644 --- a/sql/sql_update.cc +++ b/sql/sql_update.cc @@ -25,11 +25,68 @@ #include "sql_trigger.h" #include "debug_sync.h" -/* Return 0 if row hasn't changed */ -bool compare_record(TABLE *table) +/** + True if the table's input and output record buffers are comparable using + compare_records(TABLE*). + */ +bool records_are_comparable(const TABLE *table) { + return ((table->file->ha_table_flags() & HA_PARTIAL_COLUMN_READ) == 0) || + bitmap_is_subset(table->write_set, table->read_set); +} + + +/** + Compares the input and outbut record buffers of the table to see if a row + has changed. The algorithm iterates over updated columns and if they are + nullable compares NULL bits in the buffer before comparing actual + data. Special care must be taken to compare only the relevant NULL bits and + mask out all others as they may be undefined. The storage engine will not + and should not touch them. + + @param table The table to evaluate. + + @return true if row has changed. + @return false otherwise. +*/ +bool compare_records(const TABLE *table) { + DBUG_ASSERT(records_are_comparable(table)); + + if ((table->file->ha_table_flags() & HA_PARTIAL_COLUMN_READ) != 0) + { + /* + Storage engine may not have read all columns of the record. Fields + (including NULL bits) not in the write_set may not have been read and + can therefore not be compared. + */ + for (Field **ptr= table->field ; *ptr != NULL; ptr++) + { + Field *field= *ptr; + if (bitmap_is_set(table->write_set, field->field_index)) + { + if (field->real_maybe_null()) + { + uchar null_byte_index= field->null_ptr - table->record[0]; + + if (((table->record[0][null_byte_index]) & field->null_bit) != + ((table->record[1][null_byte_index]) & field->null_bit)) + return TRUE; + } + if (field->cmp_binary_offset(table->s->rec_buff_length)) + return TRUE; + } + } + return FALSE; + } + + /* + The storage engine has read all columns, so it's safe to compare all bits + including those not in the write_set. This is cheaper than the field-by-field + comparison done above. + */ if (table->s->blob_fields + table->s->varchar_fields == 0) + // Fixed-size record: do bitwise comparison of the records return cmp_record(table,record[1]); /* Compare null bits */ if (memcmp(table->null_flags, @@ -186,7 +243,6 @@ int mysql_update(THD *thd, bool using_limit= limit != HA_POS_ERROR; bool safe_update= test(thd->options & OPTION_SAFE_UPDATES); bool used_key_is_modified, transactional_table, will_batch; - bool can_compare_record; int res; int error, loc_error; uint used_index= MAX_KEY, dup_key_found; @@ -575,15 +631,6 @@ int mysql_update(THD *thd, if (table->file->ha_table_flags() & HA_PARTIAL_COLUMN_READ) table->prepare_for_position(); - /* - We can use compare_record() to optimize away updates if - the table handler is returning all columns OR if - if all updated columns are read - */ - can_compare_record= (!(table->file->ha_table_flags() & - HA_PARTIAL_COLUMN_READ) || - bitmap_is_subset(table->write_set, table->read_set)); - while (!(error=info.read_record(&info)) && !thd->killed) { thd->examined_row_count++; @@ -601,7 +648,7 @@ int mysql_update(THD *thd, found++; - if (!can_compare_record || compare_record(table)) + if (!records_are_comparable(table) || compare_records(table)) { if ((res= table_list->view_check_option(thd, ignore)) != VIEW_CHECK_OK) @@ -1695,18 +1742,8 @@ bool multi_update::send_data(List ¬_used_values) if (table->status & (STATUS_NULL_ROW | STATUS_UPDATED)) continue; - /* - We can use compare_record() to optimize away updates if - the table handler is returning all columns OR if - if all updated columns are read - */ if (table == table_to_update) { - bool can_compare_record; - can_compare_record= (!(table->file->ha_table_flags() & - HA_PARTIAL_COLUMN_READ) || - bitmap_is_subset(table->write_set, - table->read_set)); table->status|= STATUS_UPDATED; store_record(table,record[1]); if (fill_record_n_invoke_before_triggers(thd, *fields_for_table[offset], @@ -1721,7 +1758,7 @@ bool multi_update::send_data(List ¬_used_values) */ table->auto_increment_field_not_null= FALSE; found++; - if (!can_compare_record || compare_record(table)) + if (!records_are_comparable(table) || compare_records(table)) { int error; if ((error= cur_table->view_check_option(thd, ignore)) != @@ -1908,7 +1945,6 @@ int multi_update::do_updates() DBUG_RETURN(0); for (cur_table= update_tables; cur_table; cur_table= cur_table->next_local) { - bool can_compare_record; uint offset= cur_table->shared; table = cur_table->table; @@ -1945,11 +1981,6 @@ int multi_update::do_updates() if ((local_error = tmp_table->file->ha_rnd_init(1))) goto err; - can_compare_record= (!(table->file->ha_table_flags() & - HA_PARTIAL_COLUMN_READ) || - bitmap_is_subset(table->write_set, - table->read_set)); - for (;;) { if (thd->killed && trans_safe) @@ -1990,7 +2021,7 @@ int multi_update::do_updates() TRG_ACTION_BEFORE, TRUE)) goto err2; - if (!can_compare_record || compare_record(table)) + if (!records_are_comparable(table) || compare_records(table)) { int error; if ((error= cur_table->view_check_option(thd, ignore)) != -- cgit v1.2.1 From 10812c0782da89df87843ea37f7ef3cef193e725 Mon Sep 17 00:00:00 2001 From: unknown Date: Sat, 9 Oct 2010 15:05:43 +0800 Subject: Bug#55375 Transaction bigger than max_binlog_cache_size crashes slave When slave executes a transaction bigger than slave's max_binlog_cache_size, slave will crash. It is caused by the assert that server should only roll back the statement but not the whole transaction if the error ER_TRANS_CACHE_FULL happens. But slave sql thread always rollbacks the whole transaction when an error happens. Ather this patch, we always clear any error set in sql thread(it is different from the error in 'SHOW SLAVE STATUS') and it is cleared before rolling back the transaction. mysql-test/suite/rpl/r/rpl_binlog_max_cache_size.result: SET binlog_cache_size and max_binlog_cache_size for all test cases. Add test case for bug#55375. mysql-test/suite/rpl/t/rpl_binlog_max_cache_size-master.opt: binlog_cache_size and max_binlog_cache_size can be set in the client connection. so remove this option file. mysql-test/suite/rpl/t/rpl_binlog_max_cache_size.test: SET binlog_cache_size and max_binlog_cache_size for all test cases. Add test case for bug#55375. sql/log_event.cc: Some functions don't return the error code, so it is a wrong error code. The error should always be set into thd->main_da. So we use slave_rows_error_report to report the right error. sql/slave.cc: exec_relay_log_event() need call cleanup_context() to clear context. clearup_context() will call end_trans(). Clear thd's error before cleanup_context. It avoid to trigger the assert which cause this bug. --- sql/log_event.cc | 40 +++++++++++++++++++++------------------- sql/slave.cc | 3 ++- 2 files changed, 23 insertions(+), 20 deletions(-) (limited to 'sql') diff --git a/sql/log_event.cc b/sql/log_event.cc index 7becdf51747..e3ce216ab70 100644 --- a/sql/log_event.cc +++ b/sql/log_event.cc @@ -144,16 +144,21 @@ static void inline slave_rows_error_report(enum loglevel level, int ha_error, len= my_snprintf(slider, buff_end - slider, " %s, Error_code: %d;", err->msg, err->code); } - - rli->report(level, thd->is_error()? thd->main_da.sql_errno() : 0, - "Could not execute %s event on table %s.%s;" - "%s handler error %s; " - "the event's master log %s, end_log_pos %lu", - type, table->s->db.str, - table->s->table_name.str, - buff, - handler_error == NULL? "" : handler_error, - log_name, pos); + + if (ha_error != 0) + rli->report(level, thd->is_error() ? thd->main_da.sql_errno() : 0, + "Could not execute %s event on table %s.%s;" + "%s handler error %s; " + "the event's master log %s, end_log_pos %lu", + type, table->s->db.str, table->s->table_name.str, + buff, handler_error == NULL ? "" : handler_error, + log_name, pos); + else + rli->report(level, thd->is_error() ? thd->main_da.sql_errno() : 0, + "Could not execute %s event on table %s.%s;" + "%s the event's master log %s, end_log_pos %lu", + type, table->s->db.str, table->s->table_name.str, + buff, log_name, pos); } #endif @@ -7649,7 +7654,6 @@ int Rows_log_event::do_apply_event(Relay_log_info const *rli) get_type_str(), RPL_LOG_NAME, (ulong) log_pos); thd->reset_current_stmt_binlog_row_based(); - const_cast(rli)->cleanup_context(thd, error); thd->is_slave_error= 1; DBUG_RETURN(error); } @@ -7680,14 +7684,12 @@ int Rows_log_event::do_apply_event(Relay_log_info const *rli) const_cast(rli)->last_event_start_time= my_time(0); } - if (get_flags(STMT_END_F)) - if ((error= rows_event_stmt_cleanup(rli, thd))) - rli->report(ERROR_LEVEL, error, - "Error in %s event: commit of row events failed, " - "table `%s`.`%s`", - get_type_str(), m_table->s->db.str, - m_table->s->table_name.str); - + if (get_flags(STMT_END_F) && (error= rows_event_stmt_cleanup(rli, thd))) + slave_rows_error_report(ERROR_LEVEL, + thd->is_error() ? 0 : error, + rli, thd, table, + get_type_str(), + RPL_LOG_NAME, (ulong) log_pos); DBUG_RETURN(error); } diff --git a/sql/slave.cc b/sql/slave.cc index f1e0962e7e8..353d4913208 100644 --- a/sql/slave.cc +++ b/sql/slave.cc @@ -2343,7 +2343,7 @@ static int exec_relay_log_event(THD* thd, Relay_log_info* rli) else { exec_res= 0; - end_trans(thd, ROLLBACK); + rli->cleanup_context(thd, 1); /* chance for concurrent connection to get more locks */ safe_sleep(thd, min(rli->trans_retries, MAX_SLAVE_RETRY_PAUSE), (CHECK_KILLED_FUNC)sql_slave_killed, (void*)rli); @@ -3158,6 +3158,7 @@ the slave SQL thread with \"SLAVE START\". We stopped at log \ request is detected only by the present function, not by events), so we must "proactively" clear playgrounds: */ + thd->clear_error(); rli->cleanup_context(thd, 1); /* Some extra safety, which should not been needed (normally, event deletion -- cgit v1.2.1 From 42f8d2f249ea4d0acc2fdd7c03b3ea9d44f92027 Mon Sep 17 00:00:00 2001 From: unknown Date: Mon, 11 Oct 2010 11:08:49 +0800 Subject: Bug#56226 Table map set to 0 after altering MyISAM table After ALTER TABLE which changed only table's metadata, row-based binlog sometimes got corrupted since the tablemap was unexpectedly set to 0 for subsequent updates to the same table. ALTER TABLE which changed only table's metadata always reset table_map_id for the table share to 0. Despite the fact that 0 is a valid value for table_map_id, this step caused problems as it could have created situation in which we had more than one table share with table_map_id equal 0. If more than one table with table_map_id are 0 were updated in the same statement, updates to these different tables were written into the same rows event. This caused slave server to crash. This bug happens only on 5.1. It doesn't affect 5.5+. This patch solves this problem by ensuring that ALTER TABLE statements which change metadata only never reset table_map_id to 0. To do this it changes reopen_table() to correctly use refreshed table_map_id value instead of using the old one/ resetting it. mysql-test/suite/rpl/r/rpl_alter.result: Add test for BUG#56226 mysql-test/suite/rpl/t/rpl_alter.test: Add test for BUG#56226 --- sql/sql_base.cc | 2 -- 1 file changed, 2 deletions(-) (limited to 'sql') diff --git a/sql/sql_base.cc b/sql/sql_base.cc index c38526a6d0b..3766ff18293 100644 --- a/sql/sql_base.cc +++ b/sql/sql_base.cc @@ -3082,8 +3082,6 @@ bool reopen_table(TABLE *table) tmp.maybe_null= table->maybe_null; tmp.status= table->status; - tmp.s->table_map_id= table->s->table_map_id; - /* Get state */ tmp.in_use= thd; tmp.reginfo.lock_type=table->reginfo.lock_type; -- cgit v1.2.1 From 42550e21e85904877714a3215a220e471597c3e2 Mon Sep 17 00:00:00 2001 From: Ramil Kalimullin Date: Tue, 12 Oct 2010 23:25:40 +0400 Subject: Fix for bug#57272: crash in rpad() when using utf8 Problem: if multibyte and binary string arguments passed to RPAD(), LPAD() or INSERT() functions, they might return wrong results or even lead to a server crash due to missed character set convertion. Fix: perform the convertion if necessary. mysql-test/r/ctype_utf8.result: Fix for bug#57272: crash in rpad() when using utf8 - test result. mysql-test/t/ctype_utf8.test: Fix for bug#57272: crash in rpad() when using utf8 - test case. sql/item_strfunc.cc: Fix for bug#57272: crash in rpad() when using utf8 - convert multibyte argument's character set to binary in case of FUNCTION(MULTIBYTE_ARG, .., BINARY_ARG,..) for RPAD(), LPAD() and INSERT() functions. --- sql/item_strfunc.cc | 42 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 42 insertions(+) (limited to 'sql') diff --git a/sql/item_strfunc.cc b/sql/item_strfunc.cc index 5d56b0a621a..9f06a4b5c9f 100644 --- a/sql/item_strfunc.cc +++ b/sql/item_strfunc.cc @@ -1013,6 +1013,20 @@ String *Item_func_insert::val_str(String *str) if ((length < 0) || (length > res->length())) length= res->length(); + /* + There is one exception not handled (intentionaly) by the character set + aggregation code. If one string is strong side and is binary, and + another one is weak side and is a multi-byte character string, + then we need to operate on the second string in terms on bytes when + calling ::numchars() and ::charpos(), rather than in terms of characters. + Lets substitute its character set to binary. + */ + if (collation.collation == &my_charset_bin) + { + res->set_charset(&my_charset_bin); + res2->set_charset(&my_charset_bin); + } + /* start and length are now sufficiently valid to pass to charpos function */ start= res->charpos((int) start); length= res->charpos((int) length, (uint32) start); @@ -2514,6 +2528,20 @@ String *Item_func_rpad::val_str(String *str) /* Set here so that rest of code sees out-of-bound value as such. */ if ((ulonglong) count > INT_MAX32) count= INT_MAX32; + /* + There is one exception not handled (intentionaly) by the character set + aggregation code. If one string is strong side and is binary, and + another one is weak side and is a multi-byte character string, + then we need to operate on the second string in terms on bytes when + calling ::numchars() and ::charpos(), rather than in terms of characters. + Lets substitute its character set to binary. + */ + if (collation.collation == &my_charset_bin) + { + res->set_charset(&my_charset_bin); + rpad->set_charset(&my_charset_bin); + } + if (count <= (res_char_length= res->numchars())) { // String to pad is big enough res->length(res->charpos((int) count)); // Shorten result if longer @@ -2616,6 +2644,20 @@ String *Item_func_lpad::val_str(String *str) if ((ulonglong) count > INT_MAX32) count= INT_MAX32; + /* + There is one exception not handled (intentionaly) by the character set + aggregation code. If one string is strong side and is binary, and + another one is weak side and is a multi-byte character string, + then we need to operate on the second string in terms on bytes when + calling ::numchars() and ::charpos(), rather than in terms of characters. + Lets substitute its character set to binary. + */ + if (collation.collation == &my_charset_bin) + { + res->set_charset(&my_charset_bin); + pad->set_charset(&my_charset_bin); + } + res_char_length= res->numchars(); if (count <= res_char_length) -- cgit v1.2.1 From b001a5224d8b26e9706a386ca2c26320d152ee1c Mon Sep 17 00:00:00 2001 From: Ramil Kalimullin Date: Tue, 12 Oct 2010 23:28:03 +0400 Subject: Fix for bug#57283: inet_ntoa() crashes Problem: some call of INET_NTOA() function may lead to a crash due to missing its character set initialization. Fix: explicitly set the character set. mysql-test/r/func_misc.result: Fix for bug#57283: inet_ntoa() crashes - test result. mysql-test/t/func_misc.test: Fix for bug#57283: inet_ntoa() crashes - test case. sql/item_strfunc.cc: Fix for bug#57283: inet_ntoa() crashes - explicitly set buffer's character set. --- sql/item_strfunc.cc | 1 + 1 file changed, 1 insertion(+) (limited to 'sql') diff --git a/sql/item_strfunc.cc b/sql/item_strfunc.cc index 9f06a4b5c9f..8fda281bd9e 100644 --- a/sql/item_strfunc.cc +++ b/sql/item_strfunc.cc @@ -3135,6 +3135,7 @@ String* Item_func_inet_ntoa::val_str(String* str) if ((null_value= (args[0]->null_value || n > (ulonglong) LL(4294967295)))) return 0; // Null value + str->set_charset(collation.collation); str->length(0); int4store(buf,n); -- cgit v1.2.1 From 8169faec2797511e649bd98329c69a6cb0c9a857 Mon Sep 17 00:00:00 2001 From: Dmitry Shulga Date: Wed, 13 Oct 2010 12:28:58 +0700 Subject: Fixed bug#36742 - GRANT hostname case handling inconsistent. mysql-test/r/grant.result: It was added result for test case for bug#36742. mysql-test/t/grant.test: It was added test case for bug#36742. sql/sql_yacc.yy: It was added convertation of host name part of user name to lowercase. --- sql/sql_yacc.yy | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'sql') diff --git a/sql/sql_yacc.yy b/sql/sql_yacc.yy index aa41a408e5b..4e24e69af42 100644 --- a/sql/sql_yacc.yy +++ b/sql/sql_yacc.yy @@ -11567,6 +11567,12 @@ user: system_charset_info, 0) || check_host_name(&$$->host)) MYSQL_YYABORT; + /* + Convert hostname part of username to lowercase. + It's OK to use in-place lowercase as long as + the character set is utf8. + */ + my_casedn_str(system_charset_info, $$->host.str); } | CURRENT_USER optional_braces { -- cgit v1.2.1 From 211552ccee98e381a14dfaae754528d9f6ed0494 Mon Sep 17 00:00:00 2001 From: unknown Date: Sat, 16 Oct 2010 20:03:44 +0800 Subject: Bug#56118 STOP SLAVE does not wait till trx with CREATE TMP TABLE ends, replication aborts When recieving a 'SLAVE STOP' command, slave SQL thread will roll back the transaction and stop immidiately if there is only transactional table updated, even through 'CREATE|DROP TEMPOARY TABLE' statement are in it. But These statements can never be rolled back. Because the temporary tables to the user session mapping remain until 'RESET SLAVE', Therefore it will abort SQL thread with an error that the table already exists or doesn't exist, when it restarts and executes the whole transaction again. After this patch, SQL thread always waits till the transaction ends and then stops, if 'CREATE|DROP TEMPOARY TABLE' statement are in it. mysql-test/extra/rpl_tests/rpl_stop_slave.test: Auxiliary file which is used to test this bug. mysql-test/suite/rpl/t/rpl_stop_slave.test: Test case for this bug. sql/slave.cc: Checking if OPTION_KEEP_LOG is set. If it is set, SQL thread should wait until the transaction ends. sql/sql_parse.cc: Add a debug point for testing this bug. --- sql/slave.cc | 11 ++++++++++- sql/sql_parse.cc | 10 ++++++++++ 2 files changed, 20 insertions(+), 1 deletion(-) (limited to 'sql') diff --git a/sql/slave.cc b/sql/slave.cc index 964adfdbf53..57d673ea1f4 100644 --- a/sql/slave.cc +++ b/sql/slave.cc @@ -740,8 +740,17 @@ static bool sql_slave_killed(THD* thd, Relay_log_info* rli) DBUG_ASSERT(rli->slave_running == 1);// tracking buffer overrun if (abort_loop || thd->killed || rli->abort_slave) { + /* + The transaction should always be binlogged if OPTION_KEEP_LOG is set + (it implies that something can not be rolled back). And such case + should be regarded similarly as modifing a non-transactional table + because retrying of the transaction will lead to an error or inconsistency + as well. + Example: OPTION_KEEP_LOG is set if a temporary table is created or dropped. + */ if (rli->abort_slave && rli->is_in_group() && - thd->transaction.all.modified_non_trans_table) + (thd->transaction.all.modified_non_trans_table || + (thd->options & OPTION_KEEP_LOG))) DBUG_RETURN(0); /* If we are in an unsafe situation (stopping could corrupt replication), diff --git a/sql/sql_parse.cc b/sql/sql_parse.cc index fbe9c9753d9..b38cdf4a983 100644 --- a/sql/sql_parse.cc +++ b/sql/sql_parse.cc @@ -27,6 +27,7 @@ #include "sp_cache.h" #include "events.h" #include "sql_trigger.h" +#include "debug_sync.h" /** @defgroup Runtime_Environment Runtime Environment @@ -3258,6 +3259,15 @@ end_with_restore_list: thd->first_successful_insert_id_in_cur_stmt= thd->first_successful_insert_id_in_prev_stmt; + DBUG_EXECUTE_IF("after_mysql_insert", + { + const char act[]= + "now " + "wait_for signal.continue"; + DBUG_ASSERT(opt_debug_sync_timeout > 0); + DBUG_ASSERT(!debug_sync_set_action(current_thd, + STRING_WITH_LEN(act))); + };); break; } case SQLCOM_REPLACE_SELECT: -- cgit v1.2.1 From 127c721cef2c1b248af79a386c174a5e7addd556 Mon Sep 17 00:00:00 2001 From: Sergey Glukhov Date: Mon, 18 Oct 2010 14:47:26 +0400 Subject: Bug#54484 explain + prepared statement: crash and Got error -1 from storage engine Subquery executes twice, at top level JOIN::optimize and ::execute stages. At first execution create_sort_index() function is called and FT_SELECT object is created and destroyed. HANDLER::ft_handler is cleaned up in the object destructor and at second execution FT_SELECT::get_next() method returns error. The fix is to reinit HANDLER::ft_handler field before re-execution of subquery. mysql-test/r/fulltext.result: test case mysql-test/t/fulltext.test: test case sql/item_func.cc: reinit ft_handler before re-execution of subquery sql/item_func.h: Fixed method name sql/sql_select.cc: reinit ft_handler before re-execution of subquery --- sql/item_func.cc | 10 ++++++++++ sql/item_func.h | 2 +- sql/sql_select.cc | 3 +++ 3 files changed, 14 insertions(+), 1 deletion(-) (limited to 'sql') diff --git a/sql/item_func.cc b/sql/item_func.cc index eaf6a1b6d14..30d5d844f7c 100644 --- a/sql/item_func.cc +++ b/sql/item_func.cc @@ -5297,7 +5297,17 @@ void Item_func_match::init_search(bool no_order) /* Check if init_search() has been called before */ if (ft_handler) + { + /* + We should reset ft_handler as it is cleaned up + on destruction of FT_SELECT object + (necessary in case of re-execution of subquery). + TODO: FT_SELECT should not clean up ft_handler. + */ + if (join_key) + table->file->ft_handler= ft_handler; DBUG_VOID_RETURN; + } if (key == NO_SUCH_KEY) { diff --git a/sql/item_func.h b/sql/item_func.h index 256348eee08..26a7e033692 100644 --- a/sql/item_func.h +++ b/sql/item_func.h @@ -1531,7 +1531,7 @@ public: join_key(0), ft_handler(0), table(0), master(0), concat_ws(0) { } void cleanup() { - DBUG_ENTER("Item_func_match"); + DBUG_ENTER("Item_func_match::cleanup"); Item_real_func::cleanup(); if (!master && ft_handler) ft_handler->please->close_search(ft_handler); diff --git a/sql/sql_select.cc b/sql/sql_select.cc index 08bd0c28738..a260b78f131 100644 --- a/sql/sql_select.cc +++ b/sql/sql_select.cc @@ -1713,6 +1713,9 @@ JOIN::reinit() func->clear(); } + if (!(select_options & SELECT_DESCRIBE)) + init_ftfuncs(thd, select_lex, test(order)); + DBUG_RETURN(0); } -- cgit v1.2.1 From 9074307102644d43b934ce52cc0661890098698b Mon Sep 17 00:00:00 2001 From: Tor Didriksen Date: Mon, 18 Oct 2010 13:24:34 +0200 Subject: Bug#52172 test binlog.binlog_index needs --skip-core-file to avoid leaving core files For crash testing: kill the server without generating core file. include/my_dbug.h Use kill(getpid(), SIGKILL) which cannot be caught by signal handlers. All DBUG_XXX macros should be no-ops in optimized mode, do that for DBUG_ABORT as well. sql/handler.cc Kill server without generating core. sql/log.cc Kill server without generating core. --- sql/handler.cc | 10 +++++----- sql/log.cc | 18 +++++++++--------- 2 files changed, 14 insertions(+), 14 deletions(-) (limited to 'sql') diff --git a/sql/handler.cc b/sql/handler.cc index 19f397ef09f..a47a5fd8a3c 100644 --- a/sql/handler.cc +++ b/sql/handler.cc @@ -1127,7 +1127,7 @@ int ha_commit_trans(THD *thd, bool all) uint rw_ha_count; bool rw_trans; - DBUG_EXECUTE_IF("crash_commit_before", abort();); + DBUG_EXECUTE_IF("crash_commit_before", DBUG_SUICIDE();); /* Close all cursors that can not survive COMMIT */ if (is_real_trans) /* not a statement commit */ @@ -1179,7 +1179,7 @@ int ha_commit_trans(THD *thd, bool all) } status_var_increment(thd->status_var.ha_prepare_count); } - DBUG_EXECUTE_IF("crash_commit_after_prepare", abort();); + DBUG_EXECUTE_IF("crash_commit_after_prepare", DBUG_SUICIDE();); if (error || (is_real_trans && xid && (error= !(cookie= tc_log->log_xid(thd, xid))))) { @@ -1187,13 +1187,13 @@ int ha_commit_trans(THD *thd, bool all) error= 1; goto end; } - DBUG_EXECUTE_IF("crash_commit_after_log", abort();); + DBUG_EXECUTE_IF("crash_commit_after_log", DBUG_SUICIDE();); } error=ha_commit_one_phase(thd, all) ? (cookie ? 2 : 1) : 0; - DBUG_EXECUTE_IF("crash_commit_before_unlog", abort();); + DBUG_EXECUTE_IF("crash_commit_before_unlog", DBUG_SUICIDE();); if (cookie) tc_log->unlog(cookie, xid); - DBUG_EXECUTE_IF("crash_commit_after", abort();); + DBUG_EXECUTE_IF("crash_commit_after", DBUG_SUICIDE();); end: if (rw_trans) start_waiting_global_read_lock(thd); diff --git a/sql/log.cc b/sql/log.cc index 56f151fe2ab..2d5b62a5b2b 100644 --- a/sql/log.cc +++ b/sql/log.cc @@ -2600,7 +2600,7 @@ bool MYSQL_BIN_LOG::open(const char *log_name, sql_print_error("MSYQL_BIN_LOG::open failed to sync the index file."); DBUG_RETURN(1); } - DBUG_EXECUTE_IF("crash_create_non_critical_before_update_index", abort();); + DBUG_EXECUTE_IF("crash_create_non_critical_before_update_index", DBUG_SUICIDE();); #endif write_error= 0; @@ -2697,7 +2697,7 @@ bool MYSQL_BIN_LOG::open(const char *log_name, if (write_file_name_to_index_file) { #ifdef HAVE_REPLICATION - DBUG_EXECUTE_IF("crash_create_critical_before_update_index", abort();); + DBUG_EXECUTE_IF("crash_create_critical_before_update_index", DBUG_SUICIDE();); #endif DBUG_ASSERT(my_b_inited(&index_file) != 0); @@ -2716,7 +2716,7 @@ bool MYSQL_BIN_LOG::open(const char *log_name, goto err; #ifdef HAVE_REPLICATION - DBUG_EXECUTE_IF("crash_create_after_update_index", abort();); + DBUG_EXECUTE_IF("crash_create_after_update_index", DBUG_SUICIDE();); #endif } } @@ -3168,7 +3168,7 @@ int MYSQL_BIN_LOG::purge_first_log(Relay_log_info* rli, bool included) /* Store where we are in the new file for the execution thread */ flush_relay_log_info(rli); - DBUG_EXECUTE_IF("crash_before_purge_logs", abort();); + DBUG_EXECUTE_IF("crash_before_purge_logs", DBUG_SUICIDE();); pthread_mutex_lock(&rli->log_space_lock); rli->relay_log.purge_logs(to_purge_if_included, included, @@ -3296,7 +3296,7 @@ int MYSQL_BIN_LOG::purge_logs(const char *to_log, break; } - DBUG_EXECUTE_IF("crash_purge_before_update_index", abort();); + DBUG_EXECUTE_IF("crash_purge_before_update_index", DBUG_SUICIDE();); if ((error= sync_purge_index_file())) { @@ -3311,7 +3311,7 @@ int MYSQL_BIN_LOG::purge_logs(const char *to_log, goto err; } - DBUG_EXECUTE_IF("crash_purge_critical_after_update_index", abort();); + DBUG_EXECUTE_IF("crash_purge_critical_after_update_index", DBUG_SUICIDE();); err: /* Read each entry from purge_index_file and delete the file. */ @@ -3321,7 +3321,7 @@ err: " that would be purged."); close_purge_index_file(); - DBUG_EXECUTE_IF("crash_purge_non_critical_after_update_index", abort();); + DBUG_EXECUTE_IF("crash_purge_non_critical_after_update_index", DBUG_SUICIDE();); if (need_mutex) pthread_mutex_unlock(&LOCK_index); @@ -4832,7 +4832,7 @@ bool MYSQL_BIN_LOG::write(THD *thd, IO_CACHE *cache, Log_event *commit_event, DBUG_PRINT("info", ("error writing binlog cache: %d", write_error)); DBUG_PRINT("info", ("crashing before writing xid")); - abort(); + DBUG_SUICIDE(); }); if ((write_error= write_cache(cache, false, false))) @@ -4846,7 +4846,7 @@ bool MYSQL_BIN_LOG::write(THD *thd, IO_CACHE *cache, Log_event *commit_event, if (flush_and_sync()) goto err; - DBUG_EXECUTE_IF("half_binlogged_transaction", abort();); + DBUG_EXECUTE_IF("half_binlogged_transaction", DBUG_SUICIDE();); if (cache->error) // Error on read { sql_print_error(ER(ER_ERROR_ON_READ), cache->file_name, errno); -- cgit v1.2.1 From d0ac4e2c5ade16d6d0833137aa67071b34e66964 Mon Sep 17 00:00:00 2001 From: Sergey Glukhov Date: Mon, 18 Oct 2010 16:12:27 +0400 Subject: Bug#56814 Explain + subselect + fulltext crashes server create_sort_index() function overwrites original JOIN_TAB::type field. At re-execution of subquery overwritten JOIN_TAB::type(JT_ALL) is used instead of JT_FT. It misleads test_if_skip_sort_order() and the function tries to find suitable key for the order that should not be allowed for FULLTEXT(JT_FT) table. The fix is to restore JOIN_TAB strucures for subselect on re-execution for EXPLAIN. Additional fix: Update TABLE::maybe_null field which affects list_contains_unique_index() behaviour as it could have the value(maybe_null==TRUE) based on the assumption that this join is outer (see setup_table_map() func). mysql-test/r/explain.result: test case mysql-test/t/explain.test: test case sql/item_subselect.cc: Make subquery uncacheable in case of EXPLAIN. It allows to keep original JOIN_TAB::type(see JOIN::save_join_tab) and restore it on re-execution. sql/sql_select.cc: -restore JOIN_TAB strucures for subselect on re-execution for EXPLAIN -Update TABLE::maybe_null field as it could have the value(maybe_null==TRUE) based on the assumption that this join is outer(see setup_table_map() func). This change is not related to the crash problem but affects EXPLAIN results in the test case. --- sql/item_subselect.cc | 15 ++++++++++----- sql/sql_select.cc | 14 ++++++++++++++ 2 files changed, 24 insertions(+), 5 deletions(-) (limited to 'sql') diff --git a/sql/item_subselect.cc b/sql/item_subselect.cc index 1ed36ce7656..d521ad0b4e8 100644 --- a/sql/item_subselect.cc +++ b/sql/item_subselect.cc @@ -1906,21 +1906,26 @@ int subselect_single_select_engine::exec() DBUG_RETURN(join->error ? join->error : 1); } if (!select_lex->uncacheable && thd->lex->describe && - !(join->select_options & SELECT_DESCRIBE) && - join->need_tmp) + !(join->select_options & SELECT_DESCRIBE)) { item->update_used_tables(); if (item->const_item()) { + /* + It's necessary to keep original JOIN table because + create_sort_index() function may overwrite original + JOIN_TAB::type and wrong optimization method can be + selected on re-execution. + */ + select_lex->uncacheable|= UNCACHEABLE_EXPLAIN; + select_lex->master_unit()->uncacheable|= UNCACHEABLE_EXPLAIN; /* Force join->join_tmp creation, because this subquery will be replaced by a simple select from the materialization temp table by optimize() called by EXPLAIN and we need to preserve the initial query structure so we can display it. */ - select_lex->uncacheable|= UNCACHEABLE_EXPLAIN; - select_lex->master_unit()->uncacheable|= UNCACHEABLE_EXPLAIN; - if (join->init_save_join_tab()) + if (join->need_tmp && join->init_save_join_tab()) DBUG_RETURN(1); /* purecov: inspected */ } } diff --git a/sql/sql_select.cc b/sql/sql_select.cc index a260b78f131..11acd0685a8 100644 --- a/sql/sql_select.cc +++ b/sql/sql_select.cc @@ -2490,6 +2490,13 @@ mysql_select(THD *thd, Item ***rref_pointer_array, { DBUG_RETURN(TRUE); } + /* + Original join tabs might be overwritten at first + subselect execution. So we need to restore them. + */ + Item_subselect *subselect= select_lex->master_unit()->item; + if (subselect && subselect->is_uncacheable() && join->reinit()) + DBUG_RETURN(TRUE); } else { @@ -8825,6 +8832,13 @@ simplify_joins(JOIN *join, List *join_list, COND *conds, bool top) that reject nulls => the outer join can be replaced by an inner join. */ table->outer_join= 0; + /* + Update TABLE::maybe_null field as it could have + the value(maybe_null==TRUE) based on the assumption + that this join is outer(see setup_table_map() func). + */ + if (table->table) + table->table->maybe_null= FALSE; if (table->on_expr) { /* Add on expression to the where condition. */ -- cgit v1.2.1 From 95d91c0f575fc490ac9e3d36a7d65980d9347489 Mon Sep 17 00:00:00 2001 From: Magne Mahre Date: Tue, 19 Oct 2010 12:27:09 +0200 Subject: Bug #46941 crash with lower_case_table_names=2 and foreign key data dictionary confusion On file systems with case insensitive file names, and lower_case_table_names set to '2', the server could crash due to a table definition cache inconsistency. This is the default setting on MacOSX, but may also be set and used on MS Windows. The bug is caused by using two different strategies for creating the hash key for the table definition cache, resulting in failure to look up an entry which is present in the cache, or failure to delete an existing entry. One strategy was to use the real table name (with case preserved), and the other to use a normalized table name (i.e a lower case version). This is manifested in two cases. One is during 'DROP DATABASE', where all known files are removed. The removal from the table definition cache is done via a generated list of TABLE_LIST with keys (wrongly) created using the case preserved name. The other is during CREATE TABLE, where the cache lookup is also (wrongly) based on the case preserved name. The fix was to use only the normalized table name when creating hash keys. sql/sql_db.cc: Normalize table name (i.e lower case it) sql/sql_table.cc: table_name contains the normalized name alias contains the real table name --- sql/sql_db.cc | 6 ++++++ sql/sql_table.cc | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) (limited to 'sql') diff --git a/sql/sql_db.cc b/sql/sql_db.cc index d3435b891b1..2c44c1a8449 100644 --- a/sql/sql_db.cc +++ b/sql/sql_db.cc @@ -1197,6 +1197,12 @@ static long mysql_rm_known_files(THD *thd, MY_DIR *dirp, const char *db, VOID(filename_to_tablename(file->name, table_list->table_name, MYSQL50_TABLE_NAME_PREFIX_LENGTH + strlen(file->name) + 1)); + + /* To be able to correctly look up the table in the table cache. */ + if (lower_case_table_names) + table_list->table_name_length= my_casedn_str(files_charset_info, + table_list->table_name); + table_list->alias= table_list->table_name; // If lower_case_table_names=2 table_list->internal_tmp_table= is_prefix(file->name, tmp_file_prefix); /* Link into list */ diff --git a/sql/sql_table.cc b/sql/sql_table.cc index 04cc9e42413..971e1022d63 100644 --- a/sql/sql_table.cc +++ b/sql/sql_table.cc @@ -3896,7 +3896,7 @@ bool mysql_create_table_no_lock(THD *thd, Then she could create the table. This case is pretty obscure and therefore we don't introduce a new error message only for it. */ - if (get_cached_table_share(db, alias)) + if (get_cached_table_share(db, table_name)) { my_error(ER_TABLE_EXISTS_ERROR, MYF(0), table_name); goto unlock_and_end; -- cgit v1.2.1 From 1040f98ccffccbed8d1e95fe8252e402b8ee4e3f Mon Sep 17 00:00:00 2001 From: Davi Arnaut Date: Tue, 19 Oct 2010 20:36:59 -0200 Subject: Bug#45288: pb2 returns a lot of compilation warnings Tag or remove unused arguments and variables. regex/main.c: Use the real prototype. sql/ha_ndbcluster.cc: Make conditions less ambiguous. --- sql/ha_ndbcluster.cc | 10 ++++++---- sql/log_event.cc | 2 +- sql/log_event.h | 4 ++-- sql/my_decimal.h | 2 +- sql/sql_string.h | 10 +++++++--- 5 files changed, 17 insertions(+), 11 deletions(-) (limited to 'sql') diff --git a/sql/ha_ndbcluster.cc b/sql/ha_ndbcluster.cc index 9c26105546d..4f99d354754 100644 --- a/sql/ha_ndbcluster.cc +++ b/sql/ha_ndbcluster.cc @@ -1293,10 +1293,12 @@ int ha_ndbcluster::open_indexes(Ndb *ndb, TABLE *tab, bool ignore_error) for (i= 0; i < tab->s->keys; i++, key_info++, key_name++) { if ((error= add_index_handle(thd, dict, key_info, *key_name, i))) + { if (ignore_error) m_index[i].index= m_index[i].unique_index= NULL; else break; + } m_index[i].null_in_unique_index= FALSE; if (check_index_fields_not_null(key_info)) m_index[i].null_in_unique_index= TRUE; @@ -6265,8 +6267,8 @@ void ha_ndbcluster::get_auto_increment(ulonglong offset, ulonglong increment, for (;;) { Ndb_tuple_id_range_guard g(m_share); - if (m_skip_auto_increment && - ndb->readAutoIncrementValue(m_table, g.range, auto_value) || + if ((m_skip_auto_increment && + ndb->readAutoIncrementValue(m_table, g.range, auto_value)) || ndb->getAutoIncrementValue(m_table, g.range, auto_value, cache_size, increment, offset)) { if (--retries && @@ -9916,8 +9918,8 @@ bool ha_ndbcluster::check_if_incompatible_data(HA_CREATE_INFO *create_info, { Field *field= table->field[i]; const NDBCOL *col= tab->getColumn(i); - if (col->getStorageType() == NDB_STORAGETYPE_MEMORY && create_info->storage_media != HA_SM_MEMORY || - col->getStorageType() == NDB_STORAGETYPE_DISK && create_info->storage_media != HA_SM_DISK) + if ((col->getStorageType() == NDB_STORAGETYPE_MEMORY && create_info->storage_media != HA_SM_MEMORY) || + (col->getStorageType() == NDB_STORAGETYPE_DISK && create_info->storage_media != HA_SM_DISK)) { DBUG_PRINT("info", ("Column storage media is changed")); DBUG_RETURN(COMPATIBLE_DATA_NO); diff --git a/sql/log_event.cc b/sql/log_event.cc index 91b2746ce8f..49f47edad72 100644 --- a/sql/log_event.cc +++ b/sql/log_event.cc @@ -8362,7 +8362,7 @@ void Table_map_log_event::pack_info(Protocol *protocol) #ifdef MYSQL_CLIENT -void Table_map_log_event::print(FILE *file, PRINT_EVENT_INFO *print_event_info) +void Table_map_log_event::print(FILE *, PRINT_EVENT_INFO *print_event_info) { if (!print_event_info->short_form) { diff --git a/sql/log_event.h b/sql/log_event.h index 662fec23639..75f2015a684 100644 --- a/sql/log_event.h +++ b/sql/log_event.h @@ -979,9 +979,9 @@ public: return (void*) my_malloc((uint)size, MYF(MY_WME|MY_FAE)); } - static void operator delete(void *ptr, size_t size) + static void operator delete(void *ptr, size_t) { - my_free((uchar*) ptr, MYF(MY_WME|MY_ALLOW_ZERO_PTR)); + my_free(ptr, MYF(MY_WME|MY_ALLOW_ZERO_PTR)); } /* Placement version of the above operators */ diff --git a/sql/my_decimal.h b/sql/my_decimal.h index 21669e82c44..a5077f397e3 100644 --- a/sql/my_decimal.h +++ b/sql/my_decimal.h @@ -308,7 +308,7 @@ int my_decimal2int(uint mask, const my_decimal *d, my_bool unsigned_flag, inline -int my_decimal2double(uint mask, const my_decimal *d, double *result) +int my_decimal2double(uint, const my_decimal *d, double *result) { /* No need to call check_result as this will always succeed */ return decimal2double((decimal_t*) d, result); diff --git a/sql/sql_string.h b/sql/sql_string.h index bb7d69aeccc..b15179bcbe5 100644 --- a/sql/sql_string.h +++ b/sql/sql_string.h @@ -84,9 +84,13 @@ public: } static void *operator new(size_t size, MEM_ROOT *mem_root) throw () { return (void*) alloc_root(mem_root, (uint) size); } - static void operator delete(void *ptr_arg,size_t size) - { TRASH(ptr_arg, size); } - static void operator delete(void *ptr_arg, MEM_ROOT *mem_root) + static void operator delete(void *ptr_arg, size_t size) + { + (void) ptr_arg; + (void) size; + TRASH(ptr_arg, size); + } + static void operator delete(void *, MEM_ROOT *) { /* never called */ } ~String() { free(); } -- cgit v1.2.1 From 3e9c52250a3ab6664c53ea6b3923acfbe8e09e4e Mon Sep 17 00:00:00 2001 From: Davi Arnaut Date: Wed, 20 Oct 2010 16:21:40 -0200 Subject: Bug#45288: pb2 returns a lot of compilation warnings Fix assorted warnings that are generated in optimized builds. Most of it is silencing variables that are set but unused. This patch also introduces the MY_ASSERT_UNREACHABLE macro which helps the compiler to deduce that a certain piece of code is unreachable. include/my_compiler.h: Use GCC's __builtin_unreachable if available. It allows GCC to deduce the unreachability of certain code paths, thus avoiding warnings that, for example, accused that a variable could be used without being initialized (due to unreachable code paths). --- sql/lock.cc | 8 +++----- sql/log.cc | 2 +- sql/set_var.cc | 2 +- sql/sql_acl.cc | 2 +- sql/sql_help.cc | 2 +- sql/sql_partition.cc | 4 ++-- sql/sql_union.cc | 9 --------- 7 files changed, 9 insertions(+), 20 deletions(-) (limited to 'sql') diff --git a/sql/lock.cc b/sql/lock.cc index 93d8b868688..e2216876635 100644 --- a/sql/lock.cc +++ b/sql/lock.cc @@ -693,7 +693,6 @@ TABLE_LIST *mysql_lock_have_duplicate(THD *thd, TABLE_LIST *needle, TABLE_LIST *haystack) { MYSQL_LOCK *mylock; - TABLE **lock_tables; TABLE *table; TABLE *table2; THR_LOCK_DATA **lock_locks; @@ -722,12 +721,11 @@ TABLE_LIST *mysql_lock_have_duplicate(THD *thd, TABLE_LIST *needle, if (mylock->table_count < 2) goto end; - lock_locks= mylock->locks; - lock_tables= mylock->table; + lock_locks= mylock->locks; /* Prepare table related variables that don't change in loop. */ DBUG_ASSERT((table->lock_position < mylock->table_count) && - (table == lock_tables[table->lock_position])); + (table == mylock->table[table->lock_position])); table_lock_data= lock_locks + table->lock_data_start; end_data= table_lock_data + table->lock_count; @@ -741,7 +739,7 @@ TABLE_LIST *mysql_lock_have_duplicate(THD *thd, TABLE_LIST *needle, /* All tables in list must be in lock. */ DBUG_ASSERT((table2->lock_position < mylock->table_count) && - (table2 == lock_tables[table2->lock_position])); + (table2 == mylock->table[table2->lock_position])); for (lock_data2= lock_locks + table2->lock_data_start, end_data2= lock_data2 + table2->lock_count; diff --git a/sql/log.cc b/sql/log.cc index 2d5b62a5b2b..38f4677f06f 100644 --- a/sql/log.cc +++ b/sql/log.cc @@ -1217,7 +1217,7 @@ void LOGGER::deactivate_log_handler(THD *thd, uint log_type) file_log= file_log_handler->get_mysql_log(); break; default: - assert(0); // Impossible + MY_ASSERT_UNREACHABLE(); } if (!(*tmp_opt)) diff --git a/sql/set_var.cc b/sql/set_var.cc index c5517da92f8..9fbce870dc4 100644 --- a/sql/set_var.cc +++ b/sql/set_var.cc @@ -2559,7 +2559,7 @@ bool update_sys_var_str_path(THD *thd, sys_var_str *var_str, file_log= logger.get_log_file_handler(); break; default: - assert(0); // Impossible + MY_ASSERT_UNREACHABLE(); } if (!old_value) diff --git a/sql/sql_acl.cc b/sql/sql_acl.cc index ea002f59fe3..1733a0f74b4 100644 --- a/sql/sql_acl.cc +++ b/sql/sql_acl.cc @@ -5479,7 +5479,7 @@ static int handle_grant_struct(uint struct_no, bool drop, host= grant_name->host.hostname; break; default: - assert(0); + MY_ASSERT_UNREACHABLE(); } if (! user) user= ""; diff --git a/sql/sql_help.cc b/sql/sql_help.cc index 2818aa5082c..c21968cb86e 100644 --- a/sql/sql_help.cc +++ b/sql/sql_help.cc @@ -686,7 +686,7 @@ bool mysqld_help(THD *thd, const char *mask) if (count_topics == 0) { - int key_id; + int UNINIT_VAR(key_id); if (!(select= prepare_select_for_name(thd,mask,mlen,tables,tables[3].table, used_fields[help_keyword_name].field, diff --git a/sql/sql_partition.cc b/sql/sql_partition.cc index 76caa2b0c8d..702c3d99fda 100644 --- a/sql/sql_partition.cc +++ b/sql/sql_partition.cc @@ -6786,8 +6786,8 @@ int get_part_iter_for_interval_via_mapping(partition_info *part_info, } } else - assert(0); - + MY_ASSERT_UNREACHABLE(); + can_match_multiple_values= (flags || !min_value || !max_value || memcmp(min_value, max_value, field_len)); if (can_match_multiple_values && diff --git a/sql/sql_union.cc b/sql/sql_union.cc index 948ba1d9d9c..70598fbfcd4 100644 --- a/sql/sql_union.cc +++ b/sql/sql_union.cc @@ -173,7 +173,6 @@ bool st_select_lex_unit::prepare(THD *thd_arg, select_result *sel_result, SELECT_LEX *sl, *first_sl= first_select(); select_result *tmp_result; bool is_union_select; - TABLE *empty_table= 0; DBUG_ENTER("st_select_lex_unit::prepare"); describe= test(additional_options & SELECT_DESCRIBE); @@ -275,14 +274,6 @@ bool st_select_lex_unit::prepare(THD *thd_arg, select_result *sel_result, types= first_sl->item_list; else if (sl == first_sl) { - /* - We need to create an empty table object. It is used - to create tmp_table fields in Item_type_holder. - The main reason of this is that we can't create - field object without table. - */ - DBUG_ASSERT(!empty_table); - empty_table= (TABLE*) thd->calloc(sizeof(TABLE)); types.empty(); List_iterator_fast it(sl->item_list); Item *item_tmp; -- cgit v1.2.1 From 6646fecc1420fce3b2d2425aa07170370a7671bf Mon Sep 17 00:00:00 2001 From: unknown Date: Thu, 21 Oct 2010 13:43:19 +0800 Subject: Bug#55478 Row events wrongly apply on the temporary table of the same name Rows events were applied wrongly on the temporary table with the same name. But rows events are generated only for base tables. As temporary table's data never be binlogged on row mode. Normally, base table of the same name cannot be updated if a temporary table has the same name. But there are two cases which can generate rows events on the base table of same name. Case1: 'CREATE TABLE ... SELECT' statement. In mixed format, it will generate rows events if it is unsafe. Case2: Drop a transactional temporary table in a transaction (happens only on 5.5+). BEGIN; DROP TEMPORARY TABLE t1; # t1 is a InnoDB table INSERT INTO t1 VALUES(rand()); # t1 is a MyISAM table COMMIT; 'DROP TEMPORARY TABLE' will be put in the transaction cache and binlogged after the rows events generated by the 'INSERT' statement. After this patch, slave opens only base table when applying a rows event. --- sql/log_event.cc | 1 + 1 file changed, 1 insertion(+) (limited to 'sql') diff --git a/sql/log_event.cc b/sql/log_event.cc index 49f47edad72..041f90a057f 100644 --- a/sql/log_event.cc +++ b/sql/log_event.cc @@ -8258,6 +8258,7 @@ int Table_map_log_event::do_apply_event(Relay_log_info const *rli) m_field_metadata, m_field_metadata_size, m_null_bits, m_flags); table_list->m_tabledef_valid= TRUE; + table_list->skip_temporary= 1; /* We record in the slave's information that the table should be -- cgit v1.2.1 From 06c49d571be82ca927b9c37d96ab8353bd87359d Mon Sep 17 00:00:00 2001 From: unknown Date: Sat, 23 Oct 2010 20:55:44 +0800 Subject: Bug#27606 GRANT statement should be replicated with DEFINER information "Grantor" columns' data is lost when replicating mysql.tables_priv. Slave SQL thread used its default user ''@'' as the grantor of GRANT|REVOKE statements executing on it. In this patch, current user is put in query log event for all GRANT and REVOKE statement, SQL thread uses the user in query log event as grantor. mysql-test/suite/rpl/r/rpl_do_grant.result: Add test for this bug. mysql-test/suite/rpl/t/rpl_do_grant.test: Add test for this bug. sql/log_event.cc: Refactoring THD::current_user_used and related functions. current_user_used is used to judge if current user should be binlogged in query log event. So it is better to call it m_binlog_invoker. The related functions are renamed too. sql/sql_class.cc: Refactoring THD::current_user_used and related functions. current_user_used is used to judge if current user should be binlogged in query log event. So it is better to call it m_binlog_invoker. The related functions are renamed too. sql/sql_class.h: Refactoring THD::current_user_used and related functions. current_user_used is used to judge if current user should be binlogged in query log event. So it is better to call it m_binlog_invoker. The related functions are renamed too. sql/sql_parse.cc: Call binlog_invoker() for GRANT and REVOKE statements. --- sql/log_event.cc | 2 +- sql/sql_class.cc | 6 +++--- sql/sql_class.h | 7 +++---- sql/sql_parse.cc | 7 +++++++ 4 files changed, 14 insertions(+), 8 deletions(-) (limited to 'sql') diff --git a/sql/log_event.cc b/sql/log_event.cc index 041f90a057f..d0635ddac1a 100644 --- a/sql/log_event.cc +++ b/sql/log_event.cc @@ -2314,7 +2314,7 @@ bool Query_log_event::write(IO_CACHE* file) start+= 4; } - if (thd && thd->is_current_user_used()) + if (thd && thd->need_binlog_invoker()) { LEX_STRING user; LEX_STRING host; diff --git a/sql/sql_class.cc b/sql/sql_class.cc index 44bb6d51c6c..a61ce7bfd14 100644 --- a/sql/sql_class.cc +++ b/sql/sql_class.cc @@ -738,7 +738,7 @@ THD::THD() thr_lock_owner_init(&main_lock_id, &lock_info); m_internal_handler= NULL; - current_user_used= FALSE; + m_binlog_invoker= FALSE; memset(&invoker_user, 0, sizeof(invoker_user)); memset(&invoker_host, 0, sizeof(invoker_host)); } @@ -1247,7 +1247,7 @@ void THD::cleanup_after_query() where= THD::DEFAULT_WHERE; /* reset table map for multi-table update */ table_map_for_update= 0; - clean_current_user_used(); + m_binlog_invoker= FALSE; } @@ -3281,7 +3281,7 @@ void THD::set_query(char *query_arg, uint32 query_length_arg) void THD::get_definer(LEX_USER *definer) { - set_current_user_used(); + binlog_invoker(); #if !defined(MYSQL_CLIENT) && defined(HAVE_REPLICATION) if (slave_thread && has_invoker()) { diff --git a/sql/sql_class.h b/sql/sql_class.h index 42c873e9fc3..774ae4abac4 100644 --- a/sql/sql_class.h +++ b/sql/sql_class.h @@ -2344,9 +2344,8 @@ public: Protected with LOCK_thd_data mutex. */ void set_query(char *query_arg, uint32 query_length_arg); - void set_current_user_used() { current_user_used= TRUE; } - bool is_current_user_used() { return current_user_used; } - void clean_current_user_used() { current_user_used= FALSE; } + void binlog_invoker() { m_binlog_invoker= TRUE; } + bool need_binlog_invoker() { return m_binlog_invoker; } void get_definer(LEX_USER *definer); void set_invoker(const LEX_STRING *user, const LEX_STRING *host) { @@ -2384,7 +2383,7 @@ private: Current user will be binlogged into Query_log_event if current_user_used is TRUE; It will be stored into invoker_host and invoker_user by SQL thread. */ - bool current_user_used; + bool m_binlog_invoker; /** It points to the invoker in the Query_log_event. diff --git a/sql/sql_parse.cc b/sql/sql_parse.cc index b38cdf4a983..7cf64134d70 100644 --- a/sql/sql_parse.cc +++ b/sql/sql_parse.cc @@ -3923,6 +3923,10 @@ end_with_restore_list: if (check_access(thd, UPDATE_ACL, "mysql", 0, 1, 1, 0) && check_global_access(thd,CREATE_USER_ACL)) break; + + /* Replicate current user as grantor */ + thd->binlog_invoker(); + /* Conditionally writes to binlog */ if (!(res = mysql_revoke_all(thd, lex->users_list))) my_ok(thd); @@ -3943,6 +3947,9 @@ end_with_restore_list: is_schema_db(select_lex->db) : 0)) goto error; + /* Replicate current user as grantor */ + thd->binlog_invoker(); + if (thd->security_ctx->user) // If not replication { LEX_USER *user, *tmp_user; -- cgit v1.2.1 From c7371c9e757e72cdeef3991b28f0980030d52ca5 Mon Sep 17 00:00:00 2001 From: Sergey Glukhov Date: Wed, 27 Oct 2010 18:12:10 +0400 Subject: Bug#57477 SIGFPE when dividing a huge number a negative number The problem is dividing by const value when the result is out of supported range. The fix: -return LONGLONG_MIN if the result is out of supported range for DIV operator. -return 0 if divisor is -1 for MOD operator. mysql-test/r/func_math.result: test case mysql-test/t/func_math.test: test case sql/item_func.cc: -return LONGLONG_MIN if the result is out of supported range for DIV operator. -return 0 if divisor is -1 for MOD operator. --- sql/item_func.cc | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) (limited to 'sql') diff --git a/sql/item_func.cc b/sql/item_func.cc index 30d5d844f7c..3dbff43bb67 100644 --- a/sql/item_func.cc +++ b/sql/item_func.cc @@ -1356,9 +1356,13 @@ longlong Item_func_int_div::val_int() signal_divide_by_null(); return 0; } - return (unsigned_flag ? - (ulonglong) value / (ulonglong) val2 : - value / val2); + + if (unsigned_flag) + return ((ulonglong) value / (ulonglong) val2); + else if (value == LONGLONG_MIN && val2 == -1) + return LONGLONG_MIN; + else + return value / val2; } @@ -1392,9 +1396,9 @@ longlong Item_func_mod::int_op() if (args[0]->unsigned_flag) result= args[1]->unsigned_flag ? ((ulonglong) value) % ((ulonglong) val2) : ((ulonglong) value) % val2; - else - result= args[1]->unsigned_flag ? - value % ((ulonglong) val2) : value % val2; + else result= args[1]->unsigned_flag ? + value % ((ulonglong) val2) : + (val2 == -1) ? 0 : value % val2; return result; } -- cgit v1.2.1 From c04bf683fe2582753e8d575e508902245efdd47c Mon Sep 17 00:00:00 2001 From: Sergey Glukhov Date: Fri, 29 Oct 2010 11:44:32 +0400 Subject: Bug#57194 group_concat cause crash and/or invalid memory reads with type errors The problem is caused by bug49487 fix and became visible after after bug56679 fix. Items are cleaned up and set to unfixed state after filling derived table. So we can not rely on item::fixed state in Item_func_group_concat::print and we can not use 'args' array as items there may be cleaned up. The fix is always to use orig_args array of items as it always should contain the correct data. mysql-test/r/func_gconcat.result: test case mysql-test/t/func_gconcat.test: test case sql/item_sum.cc: The fix is always to use orig_args array of items. --- sql/item_sum.cc | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) (limited to 'sql') diff --git a/sql/item_sum.cc b/sql/item_sum.cc index ae9e46e2abf..65f8222d38b 100644 --- a/sql/item_sum.cc +++ b/sql/item_sum.cc @@ -3401,8 +3401,6 @@ String* Item_func_group_concat::val_str(String* str) void Item_func_group_concat::print(String *str, enum_query_type query_type) { - /* orig_args is not filled with valid values until fix_fields() */ - Item **pargs= fixed ? orig_args : args; str->append(STRING_WITH_LEN("group_concat(")); if (distinct) str->append(STRING_WITH_LEN("distinct ")); @@ -3410,7 +3408,7 @@ void Item_func_group_concat::print(String *str, enum_query_type query_type) { if (i) str->append(','); - pargs[i]->print(str, query_type); + orig_args[i]->print(str, query_type); } if (arg_count_order) { @@ -3419,7 +3417,7 @@ void Item_func_group_concat::print(String *str, enum_query_type query_type) { if (i) str->append(','); - pargs[i + arg_count_field]->print(str, query_type); + orig_args[i + arg_count_field]->print(str, query_type); if (order[i]->asc) str->append(STRING_WITH_LEN(" ASC")); else -- cgit v1.2.1 From 4a23ac20d99118b2127d0e6adae0d8a95655e32e Mon Sep 17 00:00:00 2001 From: Sergey Glukhov Date: Fri, 29 Oct 2010 12:23:06 +0400 Subject: Bug#57688 Assertion `!table || (!table->write_set || bitmap_is_set(table->write_set, field Lines below which were added in the patch for Bug#56814 cause this crash: + if (table->table) + table->table->maybe_null= FALSE; Consider following test case: -- CREATE TABLE t1(f1 INT NOT NULL); INSERT INTO t1 VALUES (16777214),(0); SELECT COUNT(*) FROM t1 LEFT JOIN t1 t2 ON 1 WHERE t2.f1 > 1 GROUP BY t2.f1; DROP TABLE t1; -- We set TABLE::maybe_null to FALSE for t2 table and in create_tmp_field() we create appropriate tmp table field using create_tmp_field_from_item() function instead of create_tmp_field_from_field. As a result we have LONGLONG field. As we have GROUP BY clause we calculate group buffer length, see calc_group_buffer(). Item from group list which is used for calculation refer to the field from real tables and have LONG type. So group buffer length become insufficient for storing of LONGLONG value. It leads to overwriting of wrong memory area in do_field_int() function which is called from end_update(). After some investigation I found out that create_tmp_field_from_item() is used only for OLAP grouping and can not be used for common grouping as it could be an incompatibility between tmp table fields and group buffer length. We can not remove create_tmp_field_from_item() call from create_tmp_field as OLAP needs it and we can not use this function for common grouping. So we should remove setting TABLE::maybe_null to FALSE from simplify_joins(). In this case we'll get wrong behaviour of list_contains_unique_index() back. To fix it we could use Field::real_maybe_null() check instead of Field::maybe_null() and add addition check of TABLE_LIST::outer_join. mysql-test/r/group_by.result: test case mysql-test/r/join_outer.result: test case mysql-test/t/group_by.test: test case mysql-test/t/join_outer.test: test case sql/sql_select.cc: --remove wrong code --use Field::real_maybe_null() check instead of Field::maybe_null() and add addition check of TABLE_LIST::outer_join --- sql/sql_select.cc | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-) (limited to 'sql') diff --git a/sql/sql_select.cc b/sql/sql_select.cc index 11acd0685a8..9767839b5bf 100644 --- a/sql/sql_select.cc +++ b/sql/sql_select.cc @@ -8832,13 +8832,6 @@ simplify_joins(JOIN *join, List *join_list, COND *conds, bool top) that reject nulls => the outer join can be replaced by an inner join. */ table->outer_join= 0; - /* - Update TABLE::maybe_null field as it could have - the value(maybe_null==TRUE) based on the assumption - that this join is outer(see setup_table_map() func). - */ - if (table->table) - table->table->maybe_null= FALSE; if (table->on_expr) { /* Add on expression to the where condition. */ @@ -13219,6 +13212,8 @@ static bool list_contains_unique_index(TABLE *table, bool (*find_func) (Field *, void *), void *data) { + if (table->pos_in_table_list->outer_join) + return 0; for (uint keynr= 0; keynr < table->s->keys; keynr++) { if (keynr == table->s->primary_key || @@ -13232,7 +13227,7 @@ list_contains_unique_index(TABLE *table, key_part < key_part_end; key_part++) { - if (key_part->field->maybe_null() || + if (key_part->field->real_maybe_null() || !find_func(key_part->field, data)) break; } -- cgit v1.2.1