From 36f84744031430747d27bfb2087c7ae51019a70a Mon Sep 17 00:00:00 2001 From: Sergei Golubchik Date: Fri, 10 Nov 2017 12:48:52 +0100 Subject: [PATCH 01/12] MDEV-14337 mysqld_safe may suppress error messages with --log-output=file don't close stdout/stderr, redirect them to /dev/null instead. otherwise redirections like >&2 fail with "invalid file descriptor" --- scripts/mysqld_safe.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/mysqld_safe.sh b/scripts/mysqld_safe.sh index b644184b1e1..46b37689093 100644 --- a/scripts/mysqld_safe.sh +++ b/scripts/mysqld_safe.sh @@ -868,8 +868,8 @@ if expr "${-}" : '.*x' > /dev/null then : else - exec 1>&- - exec 2>&- + exec 1>/dev/null + exec 2>/dev/null fi while true From b5cb4ae470c80e21cc340c2fa13683d7d31b3da6 Mon Sep 17 00:00:00 2001 From: Igor Babaev Date: Sat, 11 Nov 2017 11:45:59 -0800 Subject: [PATCH 02/12] Fixed bug MDEV-14368 Improper error for a grouping query that uses alias in HAVING when sql_mode = 'ONLY_FULL_GROUP_BY' This patch corrects the patch for bug#18739: non-standard HAVING extension was allowed in strict ANSI sql mode added in 2006 by commit 4b7c4cd27f68b9aac1970b9f21c50d4eee35df7d. As a result of incompleteness of the fix in the above commit if a query with GROUP BY contained an aggregate function with an alias and this alias was used in the HAVING clause of the query the server reported an error when sql_mode was set to 'ONLY_FULL_GROUP_BY'. --- mysql-test/r/having.result | 15 +++++++++++++++ mysql-test/t/having.test | 17 +++++++++++++++++ sql/item.cc | 3 ++- 3 files changed, 34 insertions(+), 1 deletion(-) diff --git a/mysql-test/r/having.result b/mysql-test/r/having.result index 514abbf5522..18915da1a09 100644 --- a/mysql-test/r/having.result +++ b/mysql-test/r/having.result @@ -697,3 +697,18 @@ id column_1 1 80a12660d24a72460e5e292fe33f870276d7f40a expected -- 1 row(s) returned not ER_BAD_FIELD_ERROR drop table t1; +# +# mdev-14368: grouping query with alias for aggregate function in HAVING +# when sql_mode = 'ONLY_FULL_GROUP_BY' +set @save_sql_mode= @@sql_mode; +set sql_mode = 'ONLY_FULL_GROUP_BY'; +create table t1(a int); +insert t1 values (4),(1),(2),(1), (3),(4); +SELECT a, COUNT(a) as ct FROM t1 GROUP BY a HAVING ct>0; +a ct +1 2 +2 1 +3 1 +4 2 +set sql_mode=@save_sql_mode; +drop table t1; diff --git a/mysql-test/t/having.test b/mysql-test/t/having.test index 505fb9ad3cf..a470f462d6a 100644 --- a/mysql-test/t/having.test +++ b/mysql-test/t/having.test @@ -727,3 +727,20 @@ HAVING UPPER(`column_1`) LIKE '8%'; --echo expected -- 1 row(s) returned not ER_BAD_FIELD_ERROR drop table t1; + +--echo # +--echo # mdev-14368: grouping query with alias for aggregate function in HAVING +--echo # when sql_mode = 'ONLY_FULL_GROUP_BY' + + +set @save_sql_mode= @@sql_mode; +set sql_mode = 'ONLY_FULL_GROUP_BY'; + +create table t1(a int); +insert t1 values (4),(1),(2),(1), (3),(4); + +SELECT a, COUNT(a) as ct FROM t1 GROUP BY a HAVING ct>0; + +set sql_mode=@save_sql_mode; + +drop table t1; diff --git a/sql/item.cc b/sql/item.cc index fa2e52bfd4a..332e027adf1 100644 --- a/sql/item.cc +++ b/sql/item.cc @@ -4771,7 +4771,8 @@ resolve_ref_in_select_and_group(THD *thd, Item_ident *ref, SELECT_LEX *select) if (thd->variables.sql_mode & MODE_ONLY_FULL_GROUP_BY && select->having_fix_field && - select_ref != not_found_item && !group_by_ref) + select_ref != not_found_item && !group_by_ref && + !ref->alias_name_used) { /* Report the error if fields was found only in the SELECT item list and From f7b110bdc1fb0eb6b383f9647caa299de9d64aba Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20Lindstr=C3=B6m?= Date: Thu, 16 Nov 2017 12:39:41 +0200 Subject: [PATCH 03/12] MDEV-9663: InnoDB assertion failure: *cursor->index->name == TEMP_INDEX_PREFIX Imported missing test case from MySQL 5.7 for commit 25781c154396dbbc21023786aa3be070057d6999 Author: Annamalai Gurusami Date: Mon Feb 24 14:00:03 2014 +0530 Bug #17604730 ASSERTION: *CURSOR->INDEX->NAME == TEMP_INDEX_PREFIX MariaDB 5.5 does not seem to be affected. --- .../suite/innodb/r/innodb-replace-debug.result | 9 +++++++++ mysql-test/suite/innodb/t/innodb-replace-debug.test | 13 +++++++++++++ 2 files changed, 22 insertions(+) create mode 100644 mysql-test/suite/innodb/r/innodb-replace-debug.result create mode 100644 mysql-test/suite/innodb/t/innodb-replace-debug.test diff --git a/mysql-test/suite/innodb/r/innodb-replace-debug.result b/mysql-test/suite/innodb/r/innodb-replace-debug.result new file mode 100644 index 00000000000..0de351efded --- /dev/null +++ b/mysql-test/suite/innodb/r/innodb-replace-debug.result @@ -0,0 +1,9 @@ +# +# Bug#17604730 ASSERTION: *CURSOR->INDEX->NAME == TEMP_INDEX_PREFIX +# +create table t1 (f1 int primary key, f2 int, f3 int, unique key k1(f2), +key k2(f3)) engine=innodb; +insert into t1 values (14, 24, 34); +set debug = '+d,row_ins_sec_index_entry_timeout'; +replace into t1 values (14, 25, 34); +drop table t1; diff --git a/mysql-test/suite/innodb/t/innodb-replace-debug.test b/mysql-test/suite/innodb/t/innodb-replace-debug.test new file mode 100644 index 00000000000..250c90ba5b1 --- /dev/null +++ b/mysql-test/suite/innodb/t/innodb-replace-debug.test @@ -0,0 +1,13 @@ +--source include/have_innodb.inc +--source include/have_debug.inc + +--echo # +--echo # Bug#17604730 ASSERTION: *CURSOR->INDEX->NAME == TEMP_INDEX_PREFIX +--echo # + +create table t1 (f1 int primary key, f2 int, f3 int, unique key k1(f2), + key k2(f3)) engine=innodb; +insert into t1 values (14, 24, 34); +set debug = '+d,row_ins_sec_index_entry_timeout'; +replace into t1 values (14, 25, 34); +drop table t1; From c44ece7342f14498630e4ab403ae125971137457 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20Lindstr=C3=B6m?= Date: Thu, 16 Nov 2017 12:56:54 +0200 Subject: [PATCH 04/12] MDEV-9663: InnoDB assertion failure: *cursor->index->name == TEMP_INDEX_PREFIX MariaDB adjustments to test case innodb-replace-debug. --- mysql-test/suite/innodb/r/innodb-replace-debug.result | 6 +++++- mysql-test/suite/innodb/t/innodb-replace-debug.test | 4 +++- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/mysql-test/suite/innodb/r/innodb-replace-debug.result b/mysql-test/suite/innodb/r/innodb-replace-debug.result index 0de351efded..84bc9dc9769 100644 --- a/mysql-test/suite/innodb/r/innodb-replace-debug.result +++ b/mysql-test/suite/innodb/r/innodb-replace-debug.result @@ -4,6 +4,10 @@ create table t1 (f1 int primary key, f2 int, f3 int, unique key k1(f2), key k2(f3)) engine=innodb; insert into t1 values (14, 24, 34); -set debug = '+d,row_ins_sec_index_entry_timeout'; +set @@debug_dbug = '+d,row_ins_sec_index_entry_timeout'; replace into t1 values (14, 25, 34); +select * from t1; +f1 f2 f3 +14 25 34 drop table t1; +set @@debug_dbug = '-d,row_ins_sec_index_entry_timeout'; diff --git a/mysql-test/suite/innodb/t/innodb-replace-debug.test b/mysql-test/suite/innodb/t/innodb-replace-debug.test index 250c90ba5b1..5cec9e1febf 100644 --- a/mysql-test/suite/innodb/t/innodb-replace-debug.test +++ b/mysql-test/suite/innodb/t/innodb-replace-debug.test @@ -8,6 +8,8 @@ create table t1 (f1 int primary key, f2 int, f3 int, unique key k1(f2), key k2(f3)) engine=innodb; insert into t1 values (14, 24, 34); -set debug = '+d,row_ins_sec_index_entry_timeout'; +set @@debug_dbug = '+d,row_ins_sec_index_entry_timeout'; replace into t1 values (14, 25, 34); +select * from t1; drop table t1; +set @@debug_dbug = '-d,row_ins_sec_index_entry_timeout'; From 9b53e541f03d74e2777e0d1e7618b6246b81c721 Mon Sep 17 00:00:00 2001 From: Alexander Barkov Date: Mon, 20 Nov 2017 09:33:19 +0400 Subject: [PATCH 05/12] MDEV-13788 Server crash when issuing bad SQL partition syntax --- .../suite/parts/inc/part_alter_values.inc | 24 +++++++++++++ .../parts/r/partition_alter_innodb.result | 35 +++++++++++++++++++ .../parts/r/partition_alter_maria.result | 35 +++++++++++++++++++ .../parts/r/partition_alter_myisam.result | 35 +++++++++++++++++++ .../suite/parts/t/partition_alter_innodb.test | 4 +++ .../suite/parts/t/partition_alter_maria.test | 3 ++ .../suite/parts/t/partition_alter_myisam.test | 3 ++ sql/partition_info.cc | 20 +++++++++++ sql/partition_info.h | 1 + sql/sql_partition.cc | 11 ++---- sql/sql_yacc.yy | 14 ++------ 11 files changed, 165 insertions(+), 20 deletions(-) create mode 100644 mysql-test/suite/parts/inc/part_alter_values.inc create mode 100644 mysql-test/suite/parts/r/partition_alter_innodb.result create mode 100644 mysql-test/suite/parts/r/partition_alter_myisam.result create mode 100644 mysql-test/suite/parts/t/partition_alter_innodb.test create mode 100644 mysql-test/suite/parts/t/partition_alter_myisam.test diff --git a/mysql-test/suite/parts/inc/part_alter_values.inc b/mysql-test/suite/parts/inc/part_alter_values.inc new file mode 100644 index 00000000000..f56d81d8930 --- /dev/null +++ b/mysql-test/suite/parts/inc/part_alter_values.inc @@ -0,0 +1,24 @@ +--echo # +--echo # MDEV-13788 Server crash when issuing bad SQL partition syntax +--echo # + +--eval CREATE TABLE t1 (id int, d date) ENGINE=$engine PARTITION BY RANGE COLUMNS(d) (PARTITION p1 VALUES LESS THAN (MAXVALUE)) +SHOW CREATE TABLE t1; +--error ER_PARTITION_REQUIRES_VALUES_ERROR +ALTER TABLE t1 REORGANIZE PARTITION p1 INTO +( + PARTITION p2, /* Notice no values */ + PARTITION p3 VALUES LESS THAN (MAXVALUE) +); +DROP TABLE t1; + + +--eval CREATE TABLE t1 (id int, d date) ENGINE=$engine PARTITION BY LIST (id) (PARTITION p1 VALUES IN (1,2,3)) +SHOW CREATE TABLE t1; +--error ER_PARTITION_REQUIRES_VALUES_ERROR +ALTER TABLE t1 REORGANIZE PARTITION p1 INTO +( + PARTITION p2, /* Notice no values */ + PARTITION p3 VALUES IN (4,5,6) +); +DROP TABLE t1; diff --git a/mysql-test/suite/parts/r/partition_alter_innodb.result b/mysql-test/suite/parts/r/partition_alter_innodb.result new file mode 100644 index 00000000000..4436ba5e737 --- /dev/null +++ b/mysql-test/suite/parts/r/partition_alter_innodb.result @@ -0,0 +1,35 @@ +# +# MDEV-13788 Server crash when issuing bad SQL partition syntax +# +CREATE TABLE t1 (id int, d date) ENGINE=InnoDB PARTITION BY RANGE COLUMNS(d) (PARTITION p1 VALUES LESS THAN (MAXVALUE)); +SHOW CREATE TABLE t1; +Table Create Table +t1 CREATE TABLE `t1` ( + `id` int(11) DEFAULT NULL, + `d` date DEFAULT NULL +) ENGINE=InnoDB DEFAULT CHARSET=latin1 +/*!50500 PARTITION BY RANGE COLUMNS(d) +(PARTITION p1 VALUES LESS THAN (MAXVALUE) ENGINE = InnoDB) */ +ALTER TABLE t1 REORGANIZE PARTITION p1 INTO +( +PARTITION p2, /* Notice no values */ +PARTITION p3 VALUES LESS THAN (MAXVALUE) +); +ERROR HY000: Syntax error: RANGE PARTITIONING requires definition of VALUES LESS THAN for each partition +DROP TABLE t1; +CREATE TABLE t1 (id int, d date) ENGINE=InnoDB PARTITION BY LIST (id) (PARTITION p1 VALUES IN (1,2,3)); +SHOW CREATE TABLE t1; +Table Create Table +t1 CREATE TABLE `t1` ( + `id` int(11) DEFAULT NULL, + `d` date DEFAULT NULL +) ENGINE=InnoDB DEFAULT CHARSET=latin1 +/*!50100 PARTITION BY LIST (id) +(PARTITION p1 VALUES IN (1,2,3) ENGINE = InnoDB) */ +ALTER TABLE t1 REORGANIZE PARTITION p1 INTO +( +PARTITION p2, /* Notice no values */ +PARTITION p3 VALUES IN (4,5,6) +); +ERROR HY000: Syntax error: LIST PARTITIONING requires definition of VALUES IN for each partition +DROP TABLE t1; diff --git a/mysql-test/suite/parts/r/partition_alter_maria.result b/mysql-test/suite/parts/r/partition_alter_maria.result index 6343566e408..460d20b9255 100644 --- a/mysql-test/suite/parts/r/partition_alter_maria.result +++ b/mysql-test/suite/parts/r/partition_alter_maria.result @@ -16,3 +16,38 @@ select * from t1; pk dt 1 2017-09-28 15:12:00 drop table t1; +# +# MDEV-13788 Server crash when issuing bad SQL partition syntax +# +CREATE TABLE t1 (id int, d date) ENGINE=Aria PARTITION BY RANGE COLUMNS(d) (PARTITION p1 VALUES LESS THAN (MAXVALUE)); +SHOW CREATE TABLE t1; +Table Create Table +t1 CREATE TABLE `t1` ( + `id` int(11) DEFAULT NULL, + `d` date DEFAULT NULL +) ENGINE=Aria DEFAULT CHARSET=latin1 +/*!50500 PARTITION BY RANGE COLUMNS(d) +(PARTITION p1 VALUES LESS THAN (MAXVALUE) ENGINE = Aria) */ +ALTER TABLE t1 REORGANIZE PARTITION p1 INTO +( +PARTITION p2, /* Notice no values */ +PARTITION p3 VALUES LESS THAN (MAXVALUE) +); +ERROR HY000: Syntax error: RANGE PARTITIONING requires definition of VALUES LESS THAN for each partition +DROP TABLE t1; +CREATE TABLE t1 (id int, d date) ENGINE=Aria PARTITION BY LIST (id) (PARTITION p1 VALUES IN (1,2,3)); +SHOW CREATE TABLE t1; +Table Create Table +t1 CREATE TABLE `t1` ( + `id` int(11) DEFAULT NULL, + `d` date DEFAULT NULL +) ENGINE=Aria DEFAULT CHARSET=latin1 +/*!50100 PARTITION BY LIST (id) +(PARTITION p1 VALUES IN (1,2,3) ENGINE = Aria) */ +ALTER TABLE t1 REORGANIZE PARTITION p1 INTO +( +PARTITION p2, /* Notice no values */ +PARTITION p3 VALUES IN (4,5,6) +); +ERROR HY000: Syntax error: LIST PARTITIONING requires definition of VALUES IN for each partition +DROP TABLE t1; diff --git a/mysql-test/suite/parts/r/partition_alter_myisam.result b/mysql-test/suite/parts/r/partition_alter_myisam.result new file mode 100644 index 00000000000..050e1d9a519 --- /dev/null +++ b/mysql-test/suite/parts/r/partition_alter_myisam.result @@ -0,0 +1,35 @@ +# +# MDEV-13788 Server crash when issuing bad SQL partition syntax +# +CREATE TABLE t1 (id int, d date) ENGINE=MyISAM PARTITION BY RANGE COLUMNS(d) (PARTITION p1 VALUES LESS THAN (MAXVALUE)); +SHOW CREATE TABLE t1; +Table Create Table +t1 CREATE TABLE `t1` ( + `id` int(11) DEFAULT NULL, + `d` date DEFAULT NULL +) ENGINE=MyISAM DEFAULT CHARSET=latin1 +/*!50500 PARTITION BY RANGE COLUMNS(d) +(PARTITION p1 VALUES LESS THAN (MAXVALUE) ENGINE = MyISAM) */ +ALTER TABLE t1 REORGANIZE PARTITION p1 INTO +( +PARTITION p2, /* Notice no values */ +PARTITION p3 VALUES LESS THAN (MAXVALUE) +); +ERROR HY000: Syntax error: RANGE PARTITIONING requires definition of VALUES LESS THAN for each partition +DROP TABLE t1; +CREATE TABLE t1 (id int, d date) ENGINE=MyISAM PARTITION BY LIST (id) (PARTITION p1 VALUES IN (1,2,3)); +SHOW CREATE TABLE t1; +Table Create Table +t1 CREATE TABLE `t1` ( + `id` int(11) DEFAULT NULL, + `d` date DEFAULT NULL +) ENGINE=MyISAM DEFAULT CHARSET=latin1 +/*!50100 PARTITION BY LIST (id) +(PARTITION p1 VALUES IN (1,2,3) ENGINE = MyISAM) */ +ALTER TABLE t1 REORGANIZE PARTITION p1 INTO +( +PARTITION p2, /* Notice no values */ +PARTITION p3 VALUES IN (4,5,6) +); +ERROR HY000: Syntax error: LIST PARTITIONING requires definition of VALUES IN for each partition +DROP TABLE t1; diff --git a/mysql-test/suite/parts/t/partition_alter_innodb.test b/mysql-test/suite/parts/t/partition_alter_innodb.test new file mode 100644 index 00000000000..451bec05adc --- /dev/null +++ b/mysql-test/suite/parts/t/partition_alter_innodb.test @@ -0,0 +1,4 @@ +--source include/have_innodb.inc +--source include/have_partition.inc +--let $engine=InnoDB +--source inc/part_alter_values.inc diff --git a/mysql-test/suite/parts/t/partition_alter_maria.test b/mysql-test/suite/parts/t/partition_alter_maria.test index db249591158..e21f0dfab82 100644 --- a/mysql-test/suite/parts/t/partition_alter_maria.test +++ b/mysql-test/suite/parts/t/partition_alter_maria.test @@ -16,3 +16,6 @@ select * from t1; alter table t1 drop partition p20181231; select * from t1; drop table t1; + +--let $engine=Aria +--source inc/part_alter_values.inc diff --git a/mysql-test/suite/parts/t/partition_alter_myisam.test b/mysql-test/suite/parts/t/partition_alter_myisam.test new file mode 100644 index 00000000000..a53fa333abd --- /dev/null +++ b/mysql-test/suite/parts/t/partition_alter_myisam.test @@ -0,0 +1,3 @@ +--source include/have_partition.inc +--let $engine=MyISAM +--source inc/part_alter_values.inc diff --git a/sql/partition_info.cc b/sql/partition_info.cc index 512bf296135..740e5087477 100644 --- a/sql/partition_info.cc +++ b/sql/partition_info.cc @@ -2132,6 +2132,24 @@ end: DBUG_RETURN(result); } + +bool partition_info::error_if_requires_values() const +{ + switch (part_type) { + case NOT_A_PARTITION: + case HASH_PARTITION: + break; + case RANGE_PARTITION: + my_error(ER_PARTITION_REQUIRES_VALUES_ERROR, MYF(0), "RANGE", "LESS THAN"); + return true; + case LIST_PARTITION: + my_error(ER_PARTITION_REQUIRES_VALUES_ERROR, MYF(0), "LIST", "IN"); + return true; + } + return false; +} + + /* The parser generates generic data structures, we need to set them up as the rest of the code expects to find them. This is in reality part @@ -2221,6 +2239,8 @@ int partition_info::fix_parser_data(THD *thd) part_elem= it++; List_iterator list_val_it(part_elem->list_val_list); num_elements= part_elem->list_val_list.elements; + if (!num_elements && error_if_requires_values()) + DBUG_RETURN(true); DBUG_ASSERT(part_type == RANGE_PARTITION ? num_elements == 1U : TRUE); for (j= 0; j < num_elements; j++) diff --git a/sql/partition_info.h b/sql/partition_info.h index cff941a858a..779948eddc9 100644 --- a/sql/partition_info.h +++ b/sql/partition_info.h @@ -313,6 +313,7 @@ public: void set_show_version_string(String *packet); void report_part_expr_error(bool use_subpart_expr); bool has_same_partitioning(partition_info *new_part_info); + bool error_if_requires_values() const; private: static int list_part_cmp(const void* a, const void* b); bool set_up_default_partitions(handler *file, HA_CREATE_INFO *info, diff --git a/sql/sql_partition.cc b/sql/sql_partition.cc index ab31a8c1791..01dcc7cc2ac 100644 --- a/sql/sql_partition.cc +++ b/sql/sql_partition.cc @@ -4770,16 +4770,11 @@ uint prep_alter_part_table(THD *thd, TABLE *table, Alter_info *alter_info, my_error(ER_PARTITION_WRONG_VALUES_ERROR, MYF(0), "LIST", "IN"); } - else if (tab_part_info->part_type == RANGE_PARTITION) - { - my_error(ER_PARTITION_REQUIRES_VALUES_ERROR, MYF(0), - "RANGE", "LESS THAN"); - } else { - DBUG_ASSERT(tab_part_info->part_type == LIST_PARTITION); - my_error(ER_PARTITION_REQUIRES_VALUES_ERROR, MYF(0), - "LIST", "IN"); + DBUG_ASSERT(tab_part_info->part_type == RANGE_PARTITION || + tab_part_info->part_type == LIST_PARTITION); + (void) tab_part_info->error_if_requires_values(); } goto err; } diff --git a/sql/sql_yacc.yy b/sql/sql_yacc.yy index 4805cd4c66a..e1c6b5b6276 100644 --- a/sql/sql_yacc.yy +++ b/sql/sql_yacc.yy @@ -4679,18 +4679,8 @@ opt_part_values: partition_info *part_info= lex->part_info; if (! lex->is_partition_management()) { - if (part_info->part_type == RANGE_PARTITION) - { - my_error(ER_PARTITION_REQUIRES_VALUES_ERROR, MYF(0), - "RANGE", "LESS THAN"); - MYSQL_YYABORT; - } - if (part_info->part_type == LIST_PARTITION) - { - my_error(ER_PARTITION_REQUIRES_VALUES_ERROR, MYF(0), - "LIST", "IN"); - MYSQL_YYABORT; - } + if (part_info->error_if_requires_values()) + MYSQL_YYABORT; } else part_info->part_type= HASH_PARTITION; From b8d1398b1d061566ada0714fb2407cdd45ff42b2 Mon Sep 17 00:00:00 2001 From: Varun Gupta Date: Thu, 30 Nov 2017 11:56:02 +0200 Subject: [PATCH 06/12] MDEV-10397: Server crashes in key_copy with join_cache_level > 2 and join on BIT fields For BIT field null_bit is not set to 0 even for a field defined as NOT NULL. So now in the function TABLE::create_key_part_by_field, if the bit field is not nullable then the null_bit is explicitly set to 0 --- mysql-test/r/join_outer.result | 13 +++++++++++++ mysql-test/r/join_outer_jcl6.result | 13 +++++++++++++ mysql-test/t/join_outer.test | 14 ++++++++++++++ sql/table.cc | 8 ++++++++ 4 files changed, 48 insertions(+) diff --git a/mysql-test/r/join_outer.result b/mysql-test/r/join_outer.result index 5611b61a7b0..74580e67499 100644 --- a/mysql-test/r/join_outer.result +++ b/mysql-test/r/join_outer.result @@ -2339,5 +2339,18 @@ Warnings: Note 1003 select `test`.`t1`.`col1` AS `col1`,`test`.`t2`.`col1` AS `col1`,`test`.`t2`.`col3` AS `col3` from `test`.`t1` left join `test`.`t2` on((`test`.`t2`.`col2` = `test`.`t1`.`col1`)) where (`f1`(`test`.`t2`.`col3`,0) = 0) DROP FUNCTION f1; DROP TABLE t1,t2; +# +# MDEV-10397: Server crashes in key_copy with join_cache_level > 2 and join on BIT fields +# +CREATE TABLE t1 (b1 BIT NOT NULL); +INSERT INTO t1 VALUES (0),(1); +CREATE TABLE t2 (b2 BIT NOT NULL); +INSERT INTO t2 VALUES (0),(1); +SET SESSION JOIN_CACHE_LEVEL = 3; +SELECT t1.b1+'0' , t2.b2 + '0' FROM t1 LEFT JOIN t2 ON b1 = b2; +t1.b1+'0' t2.b2 + '0' +0 0 +1 1 +DROP TABLE t1, t2; # end of 5.5 tests SET optimizer_switch=@save_optimizer_switch; diff --git a/mysql-test/r/join_outer_jcl6.result b/mysql-test/r/join_outer_jcl6.result index 8a1ccc7d5e5..d46a4ee6c7a 100644 --- a/mysql-test/r/join_outer_jcl6.result +++ b/mysql-test/r/join_outer_jcl6.result @@ -2350,6 +2350,19 @@ Warnings: Note 1003 select `test`.`t1`.`col1` AS `col1`,`test`.`t2`.`col1` AS `col1`,`test`.`t2`.`col3` AS `col3` from `test`.`t1` left join `test`.`t2` on((`test`.`t2`.`col2` = `test`.`t1`.`col1`)) where (`f1`(`test`.`t2`.`col3`,0) = 0) DROP FUNCTION f1; DROP TABLE t1,t2; +# +# MDEV-10397: Server crashes in key_copy with join_cache_level > 2 and join on BIT fields +# +CREATE TABLE t1 (b1 BIT NOT NULL); +INSERT INTO t1 VALUES (0),(1); +CREATE TABLE t2 (b2 BIT NOT NULL); +INSERT INTO t2 VALUES (0),(1); +SET SESSION JOIN_CACHE_LEVEL = 3; +SELECT t1.b1+'0' , t2.b2 + '0' FROM t1 LEFT JOIN t2 ON b1 = b2; +t1.b1+'0' t2.b2 + '0' +0 0 +1 1 +DROP TABLE t1, t2; # end of 5.5 tests SET optimizer_switch=@save_optimizer_switch; set join_cache_level=default; diff --git a/mysql-test/t/join_outer.test b/mysql-test/t/join_outer.test index 9645d8ad82a..896cc137e07 100644 --- a/mysql-test/t/join_outer.test +++ b/mysql-test/t/join_outer.test @@ -1881,6 +1881,20 @@ DROP FUNCTION f1; DROP TABLE t1,t2; +--echo # +--echo # MDEV-10397: Server crashes in key_copy with join_cache_level > 2 and join on BIT fields +--echo # + +CREATE TABLE t1 (b1 BIT NOT NULL); +INSERT INTO t1 VALUES (0),(1); + +CREATE TABLE t2 (b2 BIT NOT NULL); +INSERT INTO t2 VALUES (0),(1); + +SET SESSION JOIN_CACHE_LEVEL = 3; +SELECT t1.b1+'0' , t2.b2 + '0' FROM t1 LEFT JOIN t2 ON b1 = b2; +DROP TABLE t1, t2; + --echo # end of 5.5 tests SET optimizer_switch=@save_optimizer_switch; diff --git a/sql/table.cc b/sql/table.cc index 9d52d5f87a2..fbcd91f5326 100644 --- a/sql/table.cc +++ b/sql/table.cc @@ -5987,6 +5987,14 @@ void TABLE::create_key_part_by_field(KEY_PART_INFO *key_part_info, might be reused. */ key_part_info->store_length= key_part_info->length; + /* + For BIT fields null_bit is not set to 0 even if the field is defined + as NOT NULL, look at Field_bit::Field_bit + */ + if (!field->real_maybe_null()) + { + key_part_info->null_bit= 0; + } /* The total store length of the key part is the raw length of the field + From 7603463a46b288c1b5630348e36c622e4c2abb09 Mon Sep 17 00:00:00 2001 From: Daniel Black Date: Thu, 16 Nov 2017 20:32:33 +0800 Subject: [PATCH 07/12] Remove use of volatile in stored_field_cmp_to_item This was added in c79641594348 but would hurt all other compilers because of Visual Studio. Hopefully this has been fixed now. Signed-off-by: Daniel Black --- sql/item.cc | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/sql/item.cc b/sql/item.cc index 332e027adf1..574e8722c3d 100644 --- a/sql/item.cc +++ b/sql/item.cc @@ -8924,15 +8924,10 @@ int stored_field_cmp_to_item(THD *thd, Field *field, Item *item) } return my_time_compare(&field_time, &item_time); } - /* - The patch for Bug#13463415 started using this function for comparing - BIGINTs. That uncovered a bug in Visual Studio 32bit optimized mode. - Prefixing the auto variables with volatile fixes the problem.... - */ - volatile double result= item->val_real(); + double result= item->val_real(); if (item->null_value) return 0; - volatile double field_result= field->val_real(); + double field_result= field->val_real(); if (field_result < result) return -1; else if (field_result > result) From ac61a575dfff6b9510576be920a522c710732c0d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Vicen=C8=9Biu=20Ciorbaru?= Date: Wed, 6 Dec 2017 02:16:14 +0200 Subject: [PATCH 08/12] Revert "Remove use of volatile in stored_field_cmp_to_item" This reverts commit 7603463a46b288c1b5630348e36c622e4c2abb09. The commit itself is fine, however when disabling volatile, compiler optimizations mess up our double results due to precision differences. Revert the patch till a proper solution is found. --- sql/item.cc | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/sql/item.cc b/sql/item.cc index 574e8722c3d..332e027adf1 100644 --- a/sql/item.cc +++ b/sql/item.cc @@ -8924,10 +8924,15 @@ int stored_field_cmp_to_item(THD *thd, Field *field, Item *item) } return my_time_compare(&field_time, &item_time); } - double result= item->val_real(); + /* + The patch for Bug#13463415 started using this function for comparing + BIGINTs. That uncovered a bug in Visual Studio 32bit optimized mode. + Prefixing the auto variables with volatile fixes the problem.... + */ + volatile double result= item->val_real(); if (item->null_value) return 0; - double field_result= field->val_real(); + volatile double field_result= field->val_real(); if (field_result < result) return -1; else if (field_result > result) From 20089f5a39fa8f6f08113f12ed87c34e844c4fc6 Mon Sep 17 00:00:00 2001 From: Alexander Barkov Date: Fri, 8 Dec 2017 14:40:27 +0400 Subject: [PATCH 09/12] MDEV-14596 Crash in INTERVAL(ROW(..),ROW(..)) --- mysql-test/r/func_set.result | 9 +++++++++ mysql-test/t/func_set.test | 11 +++++++++++ sql/item_cmpfunc.cc | 13 +++++++++++++ sql/item_cmpfunc.h | 1 + 4 files changed, 34 insertions(+) diff --git a/mysql-test/r/func_set.result b/mysql-test/r/func_set.result index 9c4976d46db..ca1ccd71c90 100644 --- a/mysql-test/r/func_set.result +++ b/mysql-test/r/func_set.result @@ -220,3 +220,12 @@ NULL 1,2,3,4,5,6,7 DROP TABLE t1; +# +# MDEV-14596 Crash in INTERVAL(ROW(..),ROW(..)) +# +SELECT INTERVAL(ROW(1,1),ROW(1,2)); +ERROR 21000: Operand should contain 1 column(s) +SELECT INTERVAL(1,ROW(1,2)); +ERROR 21000: Operand should contain 1 column(s) +SELECT INTERVAL(ROW(1,2),1); +ERROR 21000: Operand should contain 1 column(s) diff --git a/mysql-test/t/func_set.test b/mysql-test/t/func_set.test index ba984113fd7..887b1948498 100644 --- a/mysql-test/t/func_set.test +++ b/mysql-test/t/func_set.test @@ -136,3 +136,14 @@ SELECT * FROM t1 WHERE FIND_IN_SET(NULL, NULL) IS UNKNOWN; --echo DROP TABLE t1; + +--echo # +--echo # MDEV-14596 Crash in INTERVAL(ROW(..),ROW(..)) +--echo # + +--error ER_OPERAND_COLUMNS +SELECT INTERVAL(ROW(1,1),ROW(1,2)); +--error ER_OPERAND_COLUMNS +SELECT INTERVAL(1,ROW(1,2)); +--error ER_OPERAND_COLUMNS +SELECT INTERVAL(ROW(1,2),1); diff --git a/sql/item_cmpfunc.cc b/sql/item_cmpfunc.cc index ebe088e5092..62e76922c0e 100644 --- a/sql/item_cmpfunc.cc +++ b/sql/item_cmpfunc.cc @@ -2001,6 +2001,19 @@ bool Item_func_opt_neg::eq(const Item *item, bool binary_cmp) const } +bool Item_func_interval::fix_fields(THD *thd, Item **ref) +{ + if (Item_int_func::fix_fields(thd, ref)) + return true; + for (uint i= 0 ; i < row->cols(); i++) + { + if (row->element_index(i)->check_cols(1)) + return true; + } + return false; +} + + void Item_func_interval::fix_length_and_dec() { uint rows= row->cols(); diff --git a/sql/item_cmpfunc.h b/sql/item_cmpfunc.h index a8befa47b95..7b7ca9223fd 100644 --- a/sql/item_cmpfunc.h +++ b/sql/item_cmpfunc.h @@ -728,6 +728,7 @@ public: { allowed_arg_cols= 0; // Fetch this value from first argument } + bool fix_fields(THD *, Item **); longlong val_int(); void fix_length_and_dec(); const char *func_name() const { return "interval"; } From 273591df0c9917a93bc2d695f61d9f35fa7b1f5c Mon Sep 17 00:00:00 2001 From: Oleksandr Byelkin Date: Sun, 17 Dec 2017 00:01:55 +0100 Subject: [PATCH 10/12] MDEV-14619: VIEW and GROUP_CONCAT Correctly print separator string in single quotes. --- mysql-test/r/view.result | 14 ++++++++++++++ mysql-test/t/view.test | 12 ++++++++++++ sql/item_sum.cc | 2 +- 3 files changed, 27 insertions(+), 1 deletion(-) diff --git a/mysql-test/r/view.result b/mysql-test/r/view.result index c1f76ba58a4..8bc33a8860b 100644 --- a/mysql-test/r/view.result +++ b/mysql-test/r/view.result @@ -5629,6 +5629,20 @@ PREPARE stmt FROM 'REPLACE INTO v2 SELECT a FROM t3'; ERROR HY000: Can not insert into join view 'test.v2' without fields list drop view v1,v2; drop table t3; +# +# MDEV-14619: VIEW and GROUP_CONCAT +# +CREATE TABLE t1 (str text); +INSERT INTO t1 VALUES ("My"),("SQL"); +CREATE VIEW v1 AS SELECT GROUP_CONCAT(str SEPARATOR '\\') FROM t1; +SELECT * FROM v1; +GROUP_CONCAT(str SEPARATOR '\\') +My\SQL +SHOW CREATE VIEW v1; +View Create View character_set_client collation_connection +v1 CREATE ALGORITHM=UNDEFINED DEFINER=`root`@`localhost` SQL SECURITY DEFINER VIEW `v1` AS select group_concat(`t1`.`str` separator '\\') AS `GROUP_CONCAT(str SEPARATOR '\\')` from `t1` latin1 latin1_swedish_ci +drop view v1; +drop table t1; # ----------------------------------------------------------------- # -- End of 5.5 tests. # ----------------------------------------------------------------- diff --git a/mysql-test/t/view.test b/mysql-test/t/view.test index 79991f89683..0fc7cb6adf7 100644 --- a/mysql-test/t/view.test +++ b/mysql-test/t/view.test @@ -5578,6 +5578,18 @@ PREPARE stmt FROM 'REPLACE INTO v2 SELECT a FROM t3'; drop view v1,v2; drop table t3; +--echo # +--echo # MDEV-14619: VIEW and GROUP_CONCAT +--echo # + +CREATE TABLE t1 (str text); +INSERT INTO t1 VALUES ("My"),("SQL"); +CREATE VIEW v1 AS SELECT GROUP_CONCAT(str SEPARATOR '\\') FROM t1; +SELECT * FROM v1; +SHOW CREATE VIEW v1; +drop view v1; +drop table t1; + --echo # ----------------------------------------------------------------- --echo # -- End of 5.5 tests. --echo # ----------------------------------------------------------------- diff --git a/sql/item_sum.cc b/sql/item_sum.cc index 9a2e2e6cd4c..709c2b6f7b5 100644 --- a/sql/item_sum.cc +++ b/sql/item_sum.cc @@ -3656,7 +3656,7 @@ void Item_func_group_concat::print(String *str, enum_query_type query_type) } } str->append(STRING_WITH_LEN(" separator \'")); - str->append(*separator); + str->append_for_single_quote(separator->ptr(), separator->length()); str->append(STRING_WITH_LEN("\')")); } From cfa18e4ae11e77579ee7c577356ed7b4f874c8c7 Mon Sep 17 00:00:00 2001 From: Simon J Mudd Date: Fri, 15 Dec 2017 07:42:04 +0100 Subject: [PATCH 11/12] MDEV-14639: Fix unexpected end of line at 'Normal shutdown' --- sql/share/errmsg-utf8.txt | 44 +++++++++++++++++++-------------------- 1 file changed, 22 insertions(+), 22 deletions(-) diff --git a/sql/share/errmsg-utf8.txt b/sql/share/errmsg-utf8.txt index 51a9f6e3847..57ff5902178 100644 --- a/sql/share/errmsg-utf8.txt +++ b/sql/share/errmsg-utf8.txt @@ -1825,28 +1825,28 @@ ER_WRONG_AUTO_KEY 42000 S1009 ER_UNUSED_2 eng "You should never see it" ER_NORMAL_SHUTDOWN - cze "%s: norm-Bální ukončení\n" - dan "%s: Normal nedlukning\n" - nla "%s: Normaal afgesloten \n" - eng "%s: Normal shutdown\n" - est "%s: MariaDB lõpetas\n" - fre "%s: Arrêt normal du serveur\n" - ger "%s: Normal heruntergefahren\n" - greek "%s: Φυσιολογική διαδικασία shutdown\n" - hun "%s: Normal leallitas\n" - ita "%s: Shutdown normale\n" - kor "%s: 정상적인 shutdown\n" - nor "%s: Normal avslutning\n" - norwegian-ny "%s: Normal nedkopling\n" - pol "%s: Standardowe zakończenie działania\n" - por "%s: 'Shutdown' normal\n" - rum "%s: Terminare normala\n" - rus "%s: Корректная остановка\n" - serbian "%s: Normalno gašenje\n" - slo "%s: normálne ukončenie\n" - spa "%s: Apagado normal\n" - swe "%s: Normal avslutning\n" - ukr "%s: Нормальне завершення\n" + cze "%s: norm-Bální ukončení" + dan "%s: Normal nedlukning" + nla "%s: Normaal afgesloten" + eng "%s: Normal shutdown" + est "%s: MariaDB lõpetas" + fre "%s: Arrêt normal du serveur" + ger "%s: Normal heruntergefahren" + greek "%s: Φυσιολογική διαδικασία shutdown" + hun "%s: Normal leallitas" + ita "%s: Shutdown normale" + kor "%s: 정상적인 shutdown" + nor "%s: Normal avslutning" + norwegian-ny "%s: Normal nedkopling" + pol "%s: Standardowe zakończenie działania" + por "%s: 'Shutdown' normal" + rum "%s: Terminare normala" + rus "%s: Корректная остановка" + serbian "%s: Normalno gašenje" + slo "%s: normálne ukončenie" + spa "%s: Apagado normal" + swe "%s: Normal avslutning" + ukr "%s: Нормальне завершення" ER_GOT_SIGNAL cze "%s: p-Břijat signal %d, končím\n" dan "%s: Fangede signal %d. Afslutter!!\n" From 924db8b4ed3f268cbe91a1734611f4dc2311c7be Mon Sep 17 00:00:00 2001 From: Varun Gupta Date: Wed, 20 Dec 2017 02:27:03 +0530 Subject: [PATCH 12/12] MDEV-12350: Heap corruption, overrun buffer, ASAN errors, server crash in my_fill_8bit / filesort In the function make_sortkey a tmp buffer was defined and in the absence of param->tmp_buffer, tmp buffer used the sort_keys buffer. sort_keys buffer has a length defined in sort_field->length, while param->tmp_buffer is stored in param->rec_length. Make sure to use the appropriate length based on which buffer we are using otherwise we'll overflow. Also added a type cast to size_t during the calculation of the sort keys buffer size to avoid an oveflow if the buffer size exceeds 32 bits. --- mysql-test/r/group_by.result | 25 +++++++++++++++++++++++++ mysql-test/t/group_by.test | 26 ++++++++++++++++++++++++++ sql/filesort.cc | 7 +++++-- 3 files changed, 56 insertions(+), 2 deletions(-) diff --git a/mysql-test/r/group_by.result b/mysql-test/r/group_by.result index b948c9a6f88..52ee73e6612 100644 --- a/mysql-test/r/group_by.result +++ b/mysql-test/r/group_by.result @@ -2558,3 +2558,28 @@ create table t2 (c1 int, c2 int); select t1.c1 as c1, t2.c2 as c1 from t1, t2 where t1.c1 < 20 and t2.c2 > 5 group by t1.c1, t2.c2 having t1.c1 < 3; c1 c1 drop table t1, t2; +SET @old_sort_buff_size = @@sort_buffer_size; +SET @@sort_buffer_size=256*1024; +CREATE TABLE t1 (c INT) ENGINE=MyISAM; +INSERT INTO t1 VALUES +(2011),(1977),(1982),(2027),(2023),(NULL),(NULL),(2004),(1974),(2032), +(1993),(NULL),(1995),(2034),(NULL),(2009),(1900),(NULL),(2025),(1900), +(2033),(1900),(2012),(NULL),(2009),(1992),(1974),(1974),(2012),(2028), +(2007),(2012),(1900),(1983),(1900),(2010),(1987),(1994),(1981),(2032), +(2010),(1989),(2014),(1900),(1900),(1976),(1978),(2007),(2030),(NULL), +(2002),(1997),(1900),(NULL),(2000),(2027),(1975),(2026),(1975),(2026), +(2029),(1977),(1900),(1900),(2031),(1993),(1986),(2012),(1979),(2013), +(1994),(2014),(2025),(2006),(1971),(1974),(2021),(2011),(NULL),(1991), +(2001),(1977),(2023),(2012),(1900),(1978),(1998),(NULL),(1988),(1999), +(2017),(2008),(1976),(1900),(2005),(2030),(2023),(1900),(1978),(1990), +(1978),(1987),(2030),(1900),(2034),(2006),(2015),(2001),(2019),(2024), +(2030),(1989),(1997),(2007),(2023),(1994),(1971),(2011),(2011),(2015), +(1984),(1978),(1979),(1989),(2008),(2030); +SELECT ExtractValue('','/a') AS f1, SPACE(c) AS f2 FROM t1 GROUP BY f1, f2 WITH ROLLUP; +f1 f2 + NULL + + NULL +NULL NULL +SET @@sort_buffer_size = @old_sort_buff_size; +DROP TABLE t1; diff --git a/mysql-test/t/group_by.test b/mysql-test/t/group_by.test index 80ecfea539b..43274532b3e 100644 --- a/mysql-test/t/group_by.test +++ b/mysql-test/t/group_by.test @@ -1741,6 +1741,32 @@ create table t2 (c1 int, c2 int); select t1.c1 as c1, t2.c2 as c1 from t1, t2 where t1.c1 < 20 and t2.c2 > 5 group by t1.c1, t2.c2 having t1.c1 < 3; drop table t1, t2; +# +# MDEV-12350: Heap corruption, overrun buffer, ASAN errors, server crash in my_fill_8bit / filesort +# + +SET @old_sort_buff_size = @@sort_buffer_size; +SET @@sort_buffer_size=256*1024; +CREATE TABLE t1 (c INT) ENGINE=MyISAM; +INSERT INTO t1 VALUES + (2011),(1977),(1982),(2027),(2023),(NULL),(NULL),(2004),(1974),(2032), + (1993),(NULL),(1995),(2034),(NULL),(2009),(1900),(NULL),(2025),(1900), + (2033),(1900),(2012),(NULL),(2009),(1992),(1974),(1974),(2012),(2028), + (2007),(2012),(1900),(1983),(1900),(2010),(1987),(1994),(1981),(2032), + (2010),(1989),(2014),(1900),(1900),(1976),(1978),(2007),(2030),(NULL), + (2002),(1997),(1900),(NULL),(2000),(2027),(1975),(2026),(1975),(2026), + (2029),(1977),(1900),(1900),(2031),(1993),(1986),(2012),(1979),(2013), + (1994),(2014),(2025),(2006),(1971),(1974),(2021),(2011),(NULL),(1991), + (2001),(1977),(2023),(2012),(1900),(1978),(1998),(NULL),(1988),(1999), + (2017),(2008),(1976),(1900),(2005),(2030),(2023),(1900),(1978),(1990), + (1978),(1987),(2030),(1900),(2034),(2006),(2015),(2001),(2019),(2024), + (2030),(1989),(1997),(2007),(2023),(1994),(1971),(2011),(2011),(2015), + (1984),(1978),(1979),(1989),(2008),(2030); + +SELECT ExtractValue('','/a') AS f1, SPACE(c) AS f2 FROM t1 GROUP BY f1, f2 WITH ROLLUP; +SET @@sort_buffer_size = @old_sort_buff_size; +DROP TABLE t1; + # # End of MariaDB 5.5 tests # diff --git a/sql/filesort.cc b/sql/filesort.cc index 38404b01cf7..5674786d8b2 100644 --- a/sql/filesort.cc +++ b/sql/filesort.cc @@ -210,7 +210,9 @@ ha_rows filesort(THD *thd, TABLE *table, SORT_FIELD *sortorder, uint s_length, { ulonglong keys= memory_available / (param.rec_length + sizeof(char*)); table_sort.keys= (uint) min(num_rows, keys); - sort_buff_sz= table_sort.keys*(param.rec_length+sizeof(char*)); + /* Cast to size_t to avoid overflow when result is greater than uint. */ + sort_buff_sz= ((size_t)table_sort.keys) * + (param.rec_length + sizeof(char*)); set_if_bigger(sort_buff_sz, param.rec_length * MERGEBUFF2); DBUG_EXECUTE_IF("make_sort_keys_alloc_fail", @@ -914,7 +916,8 @@ static void make_sortkey(register SORTPARAM *param, if (maybe_null) *to++=1; char *tmp_buffer= param->tmp_buffer ? param->tmp_buffer : (char*)to; - String tmp(tmp_buffer, param->sort_length, cs); + String tmp(tmp_buffer, param->tmp_buffer ? param->sort_length : + sort_field->length, cs); String *res= item->str_result(&tmp); if (!res) {