From 0dd12b4f2a72245a0fb491685c172a7b0e48cbc5 Mon Sep 17 00:00:00 2001 From: Igor Babaev Date: Thu, 14 Mar 2019 17:41:35 -0700 Subject: [PATCH 01/10] MDEV-18896 Crash in convert_join_subqueries_to_semijoins If an IN-subquery is used in a table-less select the current code should never consider it as candidate for semi-join optimizations. Yet the function check_and_do_in_subquery_rewrites() improperly checked the property "to be a table-less select". As a result such select in IN subquery was used in INSERT .. SELECT then the IN subquery by mistake was registered as a semi-join subquery and convert_subq_to_sj() was called for it. However the code of this function does not assume that the parent select of the subquery could be a table-less select. --- mysql-test/r/subselect_sj.result | 7 +++++++ mysql-test/r/subselect_sj_jcl6.result | 7 +++++++ mysql-test/t/subselect_sj.test | 10 ++++++++++ sql/opt_subselect.cc | 2 +- 4 files changed, 25 insertions(+), 1 deletion(-) diff --git a/mysql-test/r/subselect_sj.result b/mysql-test/r/subselect_sj.result index 519d53eb98f..73c620b2973 100644 --- a/mysql-test/r/subselect_sj.result +++ b/mysql-test/r/subselect_sj.result @@ -3178,5 +3178,12 @@ EXECUTE stmt; a drop view v3; drop table t1,t2,t3; +# +# MDEV-18896: IN subquery in WHERE of a table-less query used for INSERT +# +create table t1 (a1 varchar(25)); +create table t2 (a2 varchar(25)) ; +insert into t1 select 'xxx' from dual where 'xxx' in (select a2 from t2); +drop table t1,t2; # End of 5.5 test set optimizer_switch=@subselect_sj_tmp; diff --git a/mysql-test/r/subselect_sj_jcl6.result b/mysql-test/r/subselect_sj_jcl6.result index 32704060208..03cf368f32c 100644 --- a/mysql-test/r/subselect_sj_jcl6.result +++ b/mysql-test/r/subselect_sj_jcl6.result @@ -3192,6 +3192,13 @@ EXECUTE stmt; a drop view v3; drop table t1,t2,t3; +# +# MDEV-18896: IN subquery in WHERE of a table-less query used for INSERT +# +create table t1 (a1 varchar(25)); +create table t2 (a2 varchar(25)) ; +insert into t1 select 'xxx' from dual where 'xxx' in (select a2 from t2); +drop table t1,t2; # End of 5.5 test set optimizer_switch=@subselect_sj_tmp; # diff --git a/mysql-test/t/subselect_sj.test b/mysql-test/t/subselect_sj.test index 0a35a61ecd3..aabb21b4245 100644 --- a/mysql-test/t/subselect_sj.test +++ b/mysql-test/t/subselect_sj.test @@ -2869,6 +2869,16 @@ EXECUTE stmt; drop view v3; drop table t1,t2,t3; +--echo # +--echo # MDEV-18896: IN subquery in WHERE of a table-less query used for INSERT +--echo # + +create table t1 (a1 varchar(25)); +create table t2 (a2 varchar(25)) ; +insert into t1 select 'xxx' from dual where 'xxx' in (select a2 from t2); + +drop table t1,t2; + --echo # End of 5.5 test # The following command must be the last one the file diff --git a/sql/opt_subselect.cc b/sql/opt_subselect.cc index f472cf16710..f82d55f8309 100644 --- a/sql/opt_subselect.cc +++ b/sql/opt_subselect.cc @@ -675,7 +675,7 @@ int check_and_do_in_subquery_rewrites(JOIN *join) select_lex->outer_select()->join && // 6 parent_unit->first_select()->leaf_tables.elements && // 7 !in_subs->has_strategy() && // 8 - select_lex->outer_select()->leaf_tables.elements && // 9 + select_lex->outer_select()->table_list.first && // 9 !((join->select_options | // 10 select_lex->outer_select()->join->select_options) // 10 & SELECT_STRAIGHT_JOIN)) // 10 From b6dc47a0f72fb56b4e7e916dbf8df861949253e0 Mon Sep 17 00:00:00 2001 From: Alexander Barkov Date: Fri, 15 Mar 2019 14:11:30 +0400 Subject: [PATCH 02/10] MDEV-17643 Assertion `nr >= 0.0' failed in Item_sum_std::val_real() --- mysql-test/r/func_math.result | 43 +++++++++++++++++++++++++++++++++++ mysql-test/t/func_math.test | 33 +++++++++++++++++++++++++++ sql/item_sum.cc | 12 ++++++++++ 3 files changed, 88 insertions(+) diff --git a/mysql-test/r/func_math.result b/mysql-test/r/func_math.result index f694d25cb04..4215a82e3f0 100644 --- a/mysql-test/r/func_math.result +++ b/mysql-test/r/func_math.result @@ -807,3 +807,46 @@ STDDEV_POP(ROUND(0,@A:=2009)) # # End of 10.0 tests # +# +# Start of 10.1 tests +# +# +# MDEV-17643 Assertion `nr >= 0.0' failed in Item_sum_std::val_real() +# +CREATE TABLE t1 ( pk int NOT NULL, i1 int NOT NULL, d1 date NOT NULL, t1 time); +INSERT INTO t1 VALUES (7,9,'2007-08-15','03:55:02'),(8,7,'1993-06-05','04:17:51'),(9,7,'2034-07-01','17:31:12'),(10,0,'1998-08-24','08:09:27'); +SELECT DISTINCT STDDEV_SAMP(EXPORT_SET(t1, -1379790335835635712, (i1 + 'o'), (MD5(d1)))) FROM t1; +STDDEV_SAMP(EXPORT_SET(t1, -1379790335835635712, (i1 + 'o'), (MD5(d1)))) +NULL +Warnings: +Warning 1292 Truncated incorrect DOUBLE value: 'o' +Warning 1292 Truncated incorrect DOUBLE value: '98e466c7ff40fe6b95cde24200f376303-13797903358356357128e466c7ff40fe6b95cde24200f376303-13797903358356357128e466c7ff40fe6b95cde242' +Warning 1292 Truncated incorrect DOUBLE value: 'o' +Warning 1292 Truncated incorrect DOUBLE value: '-1379790335835635712e315457d879863c6ccf2ddee5562fc24-1379790335835635712e315457d879863c6ccf2ddee5562fc24-1379790335835635712e315' +Warning 1292 Truncated incorrect DOUBLE value: 'o' +Warning 1292 Truncated incorrect DOUBLE value: '7b4dd517b633f1f6304b773523b5279747b4dd517b633f1f6304b773523b5279747b4dd517b633f1f6304b773523b527974-1379790335835635712b4dd517b6' +Warning 1292 Truncated incorrect DOUBLE value: 'o' +Warning 1292 Truncated incorrect DOUBLE value: '-1379790335835635712b0e107767ea830fd3318893e40412a43-1379790335835635712b0e107767ea830fd3318893e40412a43-1379790335835635712b0e1' +DROP TABLE t1; +CREATE TABLE t1 (a VARCHAR(128)); +INSERT INTO t1 VALUES ('1e310'); +INSERT INTO t1 VALUES ('-1e310'); +INSERT INTO t1 VALUES ('0'); +SELECT STDDEV_SAMP(a) FROM t1; +STDDEV_SAMP(a) +NULL +Warnings: +Warning 1292 Truncated incorrect DOUBLE value: '1e310' +Warning 1292 Truncated incorrect DOUBLE value: '-1e310' +DROP TABLE t1; +CREATE OR REPLACE TABLE t1 (a DOUBLE); +INSERT INTO t1 VALUES (1.7e+308); +INSERT INTO t1 VALUES (-1.7e+308); +INSERT INTO t1 VALUES (0); +SELECT STDDEV_SAMP(a) FROM t1; +STDDEV_SAMP(a) +NULL +DROP TABLE t1; +# +# End of 10.1 tests +# diff --git a/mysql-test/t/func_math.test b/mysql-test/t/func_math.test index 8cacb4c575a..4c2d7921593 100644 --- a/mysql-test/t/func_math.test +++ b/mysql-test/t/func_math.test @@ -599,3 +599,36 @@ SELECT STDDEV_POP(ROUND(0,@A:=2009)) FROM (SELECT 1 UNION SELECT 2) fake_table; --echo # --echo # End of 10.0 tests --echo # + + +--echo # +--echo # Start of 10.1 tests +--echo # + +--echo # +--echo # MDEV-17643 Assertion `nr >= 0.0' failed in Item_sum_std::val_real() +--echo # + +CREATE TABLE t1 ( pk int NOT NULL, i1 int NOT NULL, d1 date NOT NULL, t1 time); +INSERT INTO t1 VALUES (7,9,'2007-08-15','03:55:02'),(8,7,'1993-06-05','04:17:51'),(9,7,'2034-07-01','17:31:12'),(10,0,'1998-08-24','08:09:27'); +SELECT DISTINCT STDDEV_SAMP(EXPORT_SET(t1, -1379790335835635712, (i1 + 'o'), (MD5(d1)))) FROM t1; +DROP TABLE t1; + +CREATE TABLE t1 (a VARCHAR(128)); +INSERT INTO t1 VALUES ('1e310'); +INSERT INTO t1 VALUES ('-1e310'); +INSERT INTO t1 VALUES ('0'); +SELECT STDDEV_SAMP(a) FROM t1; +DROP TABLE t1; + +CREATE OR REPLACE TABLE t1 (a DOUBLE); +INSERT INTO t1 VALUES (1.7e+308); +INSERT INTO t1 VALUES (-1.7e+308); +INSERT INTO t1 VALUES (0); +SELECT STDDEV_SAMP(a) FROM t1; +DROP TABLE t1; + + +--echo # +--echo # End of 10.1 tests +--echo # diff --git a/sql/item_sum.cc b/sql/item_sum.cc index b4e31ba012f..5e7ce270dc3 100644 --- a/sql/item_sum.cc +++ b/sql/item_sum.cc @@ -1765,6 +1765,18 @@ double Item_sum_std::val_real() { DBUG_ASSERT(fixed == 1); double nr= Item_sum_variance::val_real(); + if (isnan(nr)) + { + /* + variance_fp_recurrence_next() can overflow in some cases and return "nan": + + CREATE OR REPLACE TABLE t1 (a DOUBLE); + INSERT INTO t1 VALUES (1.7e+308), (-1.7e+308), (0); + SELECT STDDEV_SAMP(a) FROM t1; + */ + null_value= true; // Convert "nan" to NULL + return 0; + } if (my_isinf(nr)) return DBL_MAX; DBUG_ASSERT(nr >= 0.0); From cd805a5f1c2aabede411e6732d7047088f61233e Mon Sep 17 00:00:00 2001 From: Vladislav Vaintroub Date: Fri, 15 Mar 2019 11:39:52 +0100 Subject: [PATCH 03/10] Cleanup - remove unused variables and functions after MDEV-18917 --- extra/mariabackup/backup_mysql.cc | 1 - extra/mariabackup/xtrabackup.cc | 30 ------------------------------ 2 files changed, 31 deletions(-) diff --git a/extra/mariabackup/backup_mysql.cc b/extra/mariabackup/backup_mysql.cc index b0c0987d4fe..ac46a854fb7 100644 --- a/extra/mariabackup/backup_mysql.cc +++ b/extra/mariabackup/backup_mysql.cc @@ -333,7 +333,6 @@ get_mysql_vars(MYSQL *connection) char *version_comment_var = NULL; char *innodb_version_var = NULL; char *have_backup_locks_var = NULL; - char *have_backup_safe_binlog_info_var = NULL; char *log_bin_var = NULL; char *lock_wait_timeout_var= NULL; char *wsrep_on_var = NULL; diff --git a/extra/mariabackup/xtrabackup.cc b/extra/mariabackup/xtrabackup.cc index d54f7ab5309..af3fddbc264 100644 --- a/extra/mariabackup/xtrabackup.cc +++ b/extra/mariabackup/xtrabackup.cc @@ -1861,7 +1861,6 @@ xtrabackup_read_metadata(char *filename) { FILE *fp; my_bool r = TRUE; - int t; fp = fopen(filename,"r"); if(!fp) { @@ -5792,35 +5791,6 @@ innodb_free_param() free_tmpdir(&mysql_tmpdir_list); } - -/************************************************************************** -Store the current binary log coordinates in a specified file. -@return 'false' on error. */ -static bool -store_binlog_info( -/*==============*/ - const char *filename) /*!< in: output file name */ -{ - FILE *fp; - - if (trx_sys_mysql_bin_log_name[0] == '\0') { - return(true); - } - - fp = fopen(filename, "w"); - - if (!fp) { - msg("mariabackup: failed to open '%s'\n", filename); - return(false); - } - - fprintf(fp, "%s\t" UINT64PF "\n", - trx_sys_mysql_bin_log_name, trx_sys_mysql_bin_log_pos); - fclose(fp); - - return(true); -} - static void xtrabackup_prepare_func(int argc, char ** argv) { From 6c08174e365c1a2db76e51dedd2a8292464472d6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20Lindstr=C3=B6m?= Date: Wed, 13 Mar 2019 15:33:21 +0200 Subject: [PATCH 04/10] MDEV-18908: Remove galera and wsrep suites from default run suites in mtr Idea is that many users do not install galera library and do not want to unnecessary run galera and wsrep suites. Furthermore, failures on these suites disturb development as buildbot shows red failing column and causes unnecessary work for those who do not care galera tests. There will be other way to run these suites on buildbot. --- mysql-test/mysql-test-run.pl | 2 -- 1 file changed, 2 deletions(-) diff --git a/mysql-test/mysql-test-run.pl b/mysql-test/mysql-test-run.pl index 5fe616c67ae..f768bf05c66 100755 --- a/mysql-test/mysql-test-run.pl +++ b/mysql-test/mysql-test-run.pl @@ -195,8 +195,6 @@ my @DEFAULT_SUITES= qw( sys_vars- unit- vcol- - wsrep- - galera- ); my $opt_suites; From 3b98c65c4e8b50b3000cbca643a5d3048cf1f7f7 Mon Sep 17 00:00:00 2001 From: Alexander Barkov Date: Mon, 18 Mar 2019 15:33:59 +0400 Subject: [PATCH 05/10] MDEV-18881 Assertion `0' failed in make_sortkey upon SELECT with GROUP BY after LOAD DATA --- mysql-test/r/func_str.result | 43 ++++++++++++++++++++++++++++++++++++ mysql-test/t/func_str.test | 30 +++++++++++++++++++++++++ sql/item_strfunc.cc | 36 ++++++------------------------ sql/item_strfunc.h | 23 ++++++++++++------- 4 files changed, 95 insertions(+), 37 deletions(-) diff --git a/mysql-test/r/func_str.result b/mysql-test/r/func_str.result index 3d9c9bc15d9..06cfa233f73 100644 --- a/mysql-test/r/func_str.result +++ b/mysql-test/r/func_str.result @@ -2980,6 +2980,49 @@ select md5(_filename "a"), sha(_filename "a"); md5(_filename "a") sha(_filename "a") 0cc175b9c0f1b6a831c399e269772661 86f7e437faa5a7fce15d1ddcb9eaeaea377667b8 # +# MDEV-18881 Assertion `0' failed in make_sortkey upon SELECT with GROUP BY after LOAD DATA +# +CREATE TABLE t1 (a BIT(22), b CHAR(8) NOT NULL, c CHAR(8)); +INSERT INTO t1 VALUES (0xA4B,'foo','qux'); +INSERT INTO t1 VALUES (0x8F5,'bar','foobar'); +INSERT INTO t1 VALUES (0x0, '', NULL); +INSERT INTO t1 VALUES (0x4B, 'foo','qux'); +INSERT INTO t1 VALUES (0x8F5, 'bar', 'foobar'); +SET SESSION SQL_MODE= ''; +SELECT GROUP_CONCAT(c) AS f FROM t1 GROUP BY LPAD('foo', 20, b); +f +NULL +foobar,foobar +qux,qux +DROP TABLE t1; +SET SESSION SQL_MODE=DEFAULT; +CREATE TABLE t1 AS SELECT +LPAD('a',10,' '), +RPAD('a',10,' '), +LPAD('a',10,' '), +RPAD('a',10,' '), +LPAD('a',10,NULL), +RPAD('a',10,NULL), +LPAD('a',10,''), +RPAD('a',10,''), +LPAD('a',10,RAND()), +RPAD('a',10,RAND()); +SHOW CREATE TABLE t1; +Table Create Table +t1 CREATE TABLE `t1` ( + `LPAD('a',10,' ')` varchar(10) NOT NULL, + `RPAD('a',10,' ')` varchar(10) NOT NULL, + `LPAD('a',10,' ')` varchar(10) NOT NULL, + `RPAD('a',10,' ')` varchar(10) NOT NULL, + `LPAD('a',10,NULL)` varchar(10) DEFAULT NULL, + `RPAD('a',10,NULL)` varchar(10) DEFAULT NULL, + `LPAD('a',10,'')` varchar(10) DEFAULT NULL, + `RPAD('a',10,'')` varchar(10) DEFAULT NULL, + `LPAD('a',10,RAND())` varchar(10) DEFAULT NULL, + `RPAD('a',10,RAND())` varchar(10) DEFAULT NULL +) ENGINE=MyISAM DEFAULT CHARSET=latin1 +DROP TABLE t1; +# # End of 5.5 tests # # diff --git a/mysql-test/t/func_str.test b/mysql-test/t/func_str.test index 46b4dc2e3f0..de954d2f60b 100644 --- a/mysql-test/t/func_str.test +++ b/mysql-test/t/func_str.test @@ -1610,6 +1610,36 @@ drop table t1,t2; # select md5(_filename "a"), sha(_filename "a"); +--echo # +--echo # MDEV-18881 Assertion `0' failed in make_sortkey upon SELECT with GROUP BY after LOAD DATA +--echo # + +CREATE TABLE t1 (a BIT(22), b CHAR(8) NOT NULL, c CHAR(8)); +INSERT INTO t1 VALUES (0xA4B,'foo','qux'); +INSERT INTO t1 VALUES (0x8F5,'bar','foobar'); +INSERT INTO t1 VALUES (0x0, '', NULL); +INSERT INTO t1 VALUES (0x4B, 'foo','qux'); +INSERT INTO t1 VALUES (0x8F5, 'bar', 'foobar'); +SET SESSION SQL_MODE= ''; +SELECT GROUP_CONCAT(c) AS f FROM t1 GROUP BY LPAD('foo', 20, b); +DROP TABLE t1; +SET SESSION SQL_MODE=DEFAULT; + +CREATE TABLE t1 AS SELECT + LPAD('a',10,' '), + RPAD('a',10,' '), + LPAD('a',10,' '), + RPAD('a',10,' '), + LPAD('a',10,NULL), + RPAD('a',10,NULL), + LPAD('a',10,''), + RPAD('a',10,''), + LPAD('a',10,RAND()), + RPAD('a',10,RAND()); +SHOW CREATE TABLE t1; +DROP TABLE t1; + + --echo # --echo # End of 5.5 tests --echo # diff --git a/sql/item_strfunc.cc b/sql/item_strfunc.cc index 73080d9f7fe..de13999bab8 100644 --- a/sql/item_strfunc.cc +++ b/sql/item_strfunc.cc @@ -3066,8 +3066,12 @@ err: } -void Item_func_rpad::fix_length_and_dec() +void Item_func_pad::fix_length_and_dec() { + String *str; + if (!args[2]->basic_const_item() || !(str= args[2]->val_str(&pad_str)) || !str->length()) + maybe_null= true; + // Handle character set for args[0] and args[2]. if (agg_arg_charsets_for_string_result(collation, &args[0], 2, 2)) return; @@ -3101,7 +3105,7 @@ String *Item_func_rpad::val_str(String *str) longlong count= args[1]->val_int(); longlong byte_count; String *res= args[0]->val_str(str); - String *rpad= args[2]->val_str(&rpad_str); + String *rpad= args[2]->val_str(&pad_str); if (!res || args[1]->null_value || !rpad || ((count < 0) && !args[1]->unsigned_flag)) @@ -3174,32 +3178,6 @@ String *Item_func_rpad::val_str(String *str) } -void Item_func_lpad::fix_length_and_dec() -{ - // Handle character set for args[0] and args[2]. - if (agg_arg_charsets_for_string_result(collation, &args[0], 2, 2)) - return; - - if (args[1]->const_item()) - { - ulonglong char_length= (ulonglong) args[1]->val_int(); - DBUG_ASSERT(collation.collation->mbmaxlen > 0); - /* Assumes that the maximum length of a String is < INT_MAX32. */ - /* Set here so that rest of code sees out-of-bound value as such. */ - if (args[1]->null_value) - char_length= 0; - else if (char_length > INT_MAX32) - char_length= INT_MAX32; - fix_char_length_ulonglong(char_length); - } - else - { - max_length= MAX_BLOB_WIDTH; - maybe_null= 1; - } -} - - String *Item_func_lpad::val_str(String *str) { DBUG_ASSERT(fixed == 1); @@ -3208,7 +3186,7 @@ String *Item_func_lpad::val_str(String *str) longlong count= args[1]->val_int(); longlong byte_count; String *res= args[0]->val_str(&tmp_value); - String *pad= args[2]->val_str(&lpad_str); + String *pad= args[2]->val_str(&pad_str); if (!res || args[1]->null_value || !pad || ((count < 0) && !args[1]->unsigned_flag)) diff --git a/sql/item_strfunc.h b/sql/item_strfunc.h index 49faed2fec1..ace246bc271 100644 --- a/sql/item_strfunc.h +++ b/sql/item_strfunc.h @@ -823,26 +823,33 @@ public: }; -class Item_func_rpad :public Item_str_func +class Item_func_pad: public Item_str_func +{ +protected: + String tmp_value, pad_str; +public: + Item_func_pad(THD *thd, Item *arg1, Item *arg2, Item *arg3): + Item_str_func(thd, arg1, arg2, arg3) {} + void fix_length_and_dec(); +}; + + +class Item_func_rpad :public Item_func_pad { - String tmp_value, rpad_str; public: Item_func_rpad(THD *thd, Item *arg1, Item *arg2, Item *arg3): - Item_str_func(thd, arg1, arg2, arg3) {} + Item_func_pad(thd, arg1, arg2, arg3) {} String *val_str(String *); - void fix_length_and_dec(); const char *func_name() const { return "rpad"; } }; -class Item_func_lpad :public Item_str_func +class Item_func_lpad :public Item_func_pad { - String tmp_value, lpad_str; public: Item_func_lpad(THD *thd, Item *arg1, Item *arg2, Item *arg3): - Item_str_func(thd, arg1, arg2, arg3) {} + Item_func_pad(thd, arg1, arg2, arg3) {} String *val_str(String *); - void fix_length_and_dec(); const char *func_name() const { return "lpad"; } }; From ef81d2ea64cc800565e18fb4436d0af1134b3315 Mon Sep 17 00:00:00 2001 From: Alexander Barkov Date: Tue, 19 Mar 2019 22:14:37 +0400 Subject: [PATCH 06/10] Fixing "mtr func_math" failure in the test for MDEV-17643 Adding an intermediate volatile variable to avoid using co-processor registers on some platforms (e.g. 32-bit x86). This change makes test results stable accross all platforms. --- sql/item_sum.cc | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/sql/item_sum.cc b/sql/item_sum.cc index 5e7ce270dc3..8ba5579646d 100644 --- a/sql/item_sum.cc +++ b/sql/item_sum.cc @@ -1824,8 +1824,9 @@ static void variance_fp_recurrence_next(double *m, double *s, ulonglong *count, else { double m_kminusone= *m; - *m= m_kminusone + (nr - m_kminusone) / (double) *count; - *s= *s + (nr - m_kminusone) * (nr - *m); + volatile double diff= nr - m_kminusone; + *m= m_kminusone + diff / (double) *count; + *s= *s + diff * (nr - *m); } } From e9c494c8438c7fcfe8edd197c9a6919be4a02ab0 Mon Sep 17 00:00:00 2001 From: Alexander Barkov Date: Thu, 21 Mar 2019 08:48:44 +0400 Subject: [PATCH 07/10] Fixing a failure in tests for "MDEV-18892 Regression in slow log and admin statements" Tests for MDEV-18892 failed, because of extra 'Prepare' and 'Close stmt' entries in the output. Filtering out PS related entries (where it is necessary). --- mysql-test/r/log_slow_debug.result | 13 +++++++++++-- mysql-test/t/log_slow_debug.test | 13 +++++++++++-- 2 files changed, 22 insertions(+), 4 deletions(-) diff --git a/mysql-test/r/log_slow_debug.result b/mysql-test/r/log_slow_debug.result index a823f4c2b98..bf803ad0530 100644 --- a/mysql-test/r/log_slow_debug.result +++ b/mysql-test/r/log_slow_debug.result @@ -14,6 +14,14 @@ FROM mysql.slow_log WHERE sql_text NOT LIKE '%debug_dbug%'; END $$ +CREATE PROCEDURE show_slow_log_exclude_ps() +BEGIN +SELECT CONCAT('[slow] ', sql_text) AS sql_text +FROM mysql.slow_log +WHERE sql_text NOT LIKE '%debug_dbug%' + AND sql_text NOT IN ('Prepare','Close stmt'); +END +$$ # # Expect all admin statements in the slow log (ON,DEFAULT) # @@ -33,7 +41,7 @@ PREPARE stmt FROM 'ALTER TABLE t4 MODIFY a INT DEFAULT 1'; EXECUTE stmt; DEALLOCATE PREPARE stmt; DROP TABLE t4; -CALL show_slow_log(); +CALL show_slow_log_exclude_ps(); sql_text [slow] TRUNCATE TABLE mysql.slow_log [slow] CREATE TABLE t1 (a INT) @@ -115,7 +123,7 @@ PREPARE stmt FROM 'ALTER TABLE t4 MODIFY a INT DEFAULT 1'; EXECUTE stmt; DEALLOCATE PREPARE stmt; DROP TABLE t4; -CALL show_slow_log(); +CALL show_slow_log_exclude_ps(); sql_text [slow] TRUNCATE TABLE mysql.slow_log [slow] CREATE TABLE t1 (a INT) @@ -135,3 +143,4 @@ SET @@global.slow_query_log= @org_slow_query_log; SET @@global.log_output= @org_log_output; SET @@global.log_slow_admin_statements= @org_log_slow_admin_statements; DROP PROCEDURE show_slow_log; +DROP PROCEDURE show_slow_log_exclude_ps; diff --git a/mysql-test/t/log_slow_debug.test b/mysql-test/t/log_slow_debug.test index 35b5b93423d..7945328fee3 100644 --- a/mysql-test/t/log_slow_debug.test +++ b/mysql-test/t/log_slow_debug.test @@ -19,6 +19,14 @@ BEGIN WHERE sql_text NOT LIKE '%debug_dbug%'; END $$ +CREATE PROCEDURE show_slow_log_exclude_ps() +BEGIN + SELECT CONCAT('[slow] ', sql_text) AS sql_text + FROM mysql.slow_log + WHERE sql_text NOT LIKE '%debug_dbug%' + AND sql_text NOT IN ('Prepare','Close stmt'); +END +$$ DELIMITER ;$$ @@ -42,7 +50,7 @@ PREPARE stmt FROM 'ALTER TABLE t4 MODIFY a INT DEFAULT 1'; EXECUTE stmt; DEALLOCATE PREPARE stmt; DROP TABLE t4; -CALL show_slow_log(); +CALL show_slow_log_exclude_ps(); --echo # @@ -111,7 +119,7 @@ PREPARE stmt FROM 'ALTER TABLE t4 MODIFY a INT DEFAULT 1'; EXECUTE stmt; DEALLOCATE PREPARE stmt; DROP TABLE t4; -CALL show_slow_log(); +CALL show_slow_log_exclude_ps(); --echo # @@ -124,3 +132,4 @@ SET @@global.slow_query_log= @org_slow_query_log; SET @@global.log_output= @org_log_output; SET @@global.log_slow_admin_statements= @org_log_slow_admin_statements; DROP PROCEDURE show_slow_log; +DROP PROCEDURE show_slow_log_exclude_ps; From 5d454181a897b58b2ae47a11a2db83379d7c97a5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marko=20M=C3=A4kel=C3=A4?= Date: Thu, 21 Mar 2019 10:29:59 +0200 Subject: [PATCH 08/10] MDEV-6262 follow-up: Ensure NUL termination on strncpy() --- plugin/auth_pam/auth_pam.c | 4 ++-- plugin/server_audit/server_audit.c | 13 +++++++------ storage/innobase/dict/dict0mem.cc | 5 +++-- storage/xtradb/dict/dict0mem.cc | 5 +++-- 4 files changed, 15 insertions(+), 12 deletions(-) diff --git a/plugin/auth_pam/auth_pam.c b/plugin/auth_pam/auth_pam.c index a4d1deb8ada..b37460bb385 100644 --- a/plugin/auth_pam/auth_pam.c +++ b/plugin/auth_pam/auth_pam.c @@ -1,5 +1,5 @@ /* - Copyright (c) 2011, 2012, Monty Program Ab + Copyright (c) 2011, 2019, MariaDB Corporation. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -140,7 +140,7 @@ static int pam_auth(MYSQL_PLUGIN_VIO *vio, MYSQL_SERVER_AUTH_INFO *info) if (new_username && strcmp(new_username, info->user_name)) strncpy(info->authenticated_as, new_username, - sizeof(info->authenticated_as)); + sizeof(info->authenticated_as)-1); info->authenticated_as[sizeof(info->authenticated_as)-1]= 0; end: diff --git a/plugin/server_audit/server_audit.c b/plugin/server_audit/server_audit.c index 17d3154089f..95f99f61d8f 100644 --- a/plugin/server_audit/server_audit.c +++ b/plugin/server_audit/server_audit.c @@ -1056,7 +1056,7 @@ static int start_logging() } error_header(); fprintf(stderr, "logging started to the file %s.\n", alt_fname); - strncpy(current_log_buf, alt_fname, sizeof(current_log_buf)); + strncpy(current_log_buf, alt_fname, sizeof(current_log_buf)-1); current_log_buf[sizeof(current_log_buf)-1]= 0; } else if (output_type == OUTPUT_SYSLOG) @@ -1064,7 +1064,8 @@ static int start_logging() openlog(syslog_ident, LOG_NOWAIT, syslog_facility_codes[syslog_facility]); error_header(); fprintf(stderr, "logging started to the syslog.\n"); - strncpy(current_log_buf, "[SYSLOG]", sizeof(current_log_buf)); + strncpy(current_log_buf, "[SYSLOG]", sizeof(current_log_buf)-1); + compile_time_assert(sizeof current_log_buf > sizeof "[SYSLOG]"); } is_active= 1; return 0; @@ -2600,7 +2601,7 @@ static void update_file_path(MYSQL_THD thd, internal_stop_logging= 0; } - strncpy(path_buffer, new_name, sizeof(path_buffer)); + strncpy(path_buffer, new_name, sizeof(path_buffer)-1); path_buffer[sizeof(path_buffer)-1]= 0; file_path= path_buffer; exit_func: @@ -2653,7 +2654,7 @@ static void update_incl_users(MYSQL_THD thd, if (!maria_55_started || !debug_server_started) flogger_mutex_lock(&lock_operations); mark_always_logged(thd); - strncpy(incl_user_buffer, new_users, sizeof(incl_user_buffer)); + strncpy(incl_user_buffer, new_users, sizeof(incl_user_buffer)-1); incl_user_buffer[sizeof(incl_user_buffer)-1]= 0; incl_users= incl_user_buffer; user_coll_fill(&incl_user_coll, incl_users, &excl_user_coll, 1); @@ -2672,7 +2673,7 @@ static void update_excl_users(MYSQL_THD thd __attribute__((unused)), if (!maria_55_started || !debug_server_started) flogger_mutex_lock(&lock_operations); mark_always_logged(thd); - strncpy(excl_user_buffer, new_users, sizeof(excl_user_buffer)); + strncpy(excl_user_buffer, new_users, sizeof(excl_user_buffer)-1); excl_user_buffer[sizeof(excl_user_buffer)-1]= 0; excl_users= excl_user_buffer; user_coll_fill(&excl_user_coll, excl_users, &incl_user_coll, 0); @@ -2804,7 +2805,7 @@ static void update_syslog_ident(MYSQL_THD thd __attribute__((unused)), void *var_ptr __attribute__((unused)), const void *save) { char *new_ident= (*(char **) save) ? *(char **) save : empty_str; - strncpy(syslog_ident_buffer, new_ident, sizeof(syslog_ident_buffer)); + strncpy(syslog_ident_buffer, new_ident, sizeof(syslog_ident_buffer)-1); syslog_ident_buffer[sizeof(syslog_ident_buffer)-1]= 0; syslog_ident= syslog_ident_buffer; error_header(); diff --git a/storage/innobase/dict/dict0mem.cc b/storage/innobase/dict/dict0mem.cc index c182aaba676..9d3fea03662 100644 --- a/storage/innobase/dict/dict0mem.cc +++ b/storage/innobase/dict/dict0mem.cc @@ -2,7 +2,7 @@ Copyright (c) 1996, 2016, Oracle and/or its affiliates. All Rights Reserved. Copyright (c) 2012, Facebook Inc. -Copyright (c) 2018, MariaDB Corporation. +Copyright (c) 2018, 2019, MariaDB Corporation. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software @@ -320,7 +320,8 @@ dict_mem_table_col_rename_low( ut_ad(to_len <= NAME_LEN); char from[NAME_LEN + 1]; - strncpy(from, s, NAME_LEN + 1); + strncpy(from, s, sizeof from - 1); + from[sizeof from - 1] = '\0'; if (from_len == to_len) { /* The easy case: simply replace the column name in diff --git a/storage/xtradb/dict/dict0mem.cc b/storage/xtradb/dict/dict0mem.cc index fb6895867fe..1b744a5dfe7 100644 --- a/storage/xtradb/dict/dict0mem.cc +++ b/storage/xtradb/dict/dict0mem.cc @@ -2,7 +2,7 @@ Copyright (c) 1996, 2017, Oracle and/or its affiliates. All Rights Reserved. Copyright (c) 2012, Facebook Inc. -Copyright (c) 2018, MariaDB Corporation. +Copyright (c) 2018, 2019, MariaDB Corporation. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software @@ -321,7 +321,8 @@ dict_mem_table_col_rename_low( ut_ad(to_len <= NAME_LEN); char from[NAME_LEN + 1]; - strncpy(from, s, NAME_LEN + 1); + strncpy(from, s, sizeof from - 1); + from[sizeof from - 1] = '\0'; if (from_len == to_len) { /* The easy case: simply replace the column name in From 8be02be08bf6a7227e2ab6a5443b63f3a155e2a9 Mon Sep 17 00:00:00 2001 From: FaramosCZ Date: Wed, 28 Nov 2018 14:16:52 +0100 Subject: [PATCH 09/10] Fix USE_AFTER_FREE (CWE-672) The file will be closed on line 540 --- sql/wsrep_binlog.cc | 1 - 1 file changed, 1 deletion(-) diff --git a/sql/wsrep_binlog.cc b/sql/wsrep_binlog.cc index c7674cd0169..39c77133f02 100644 --- a/sql/wsrep_binlog.cc +++ b/sql/wsrep_binlog.cc @@ -506,7 +506,6 @@ void wsrep_dump_rbr_buf_with_header(THD *thd, const void *rbr_buf, if (init_io_cache(&cache, file, 0, WRITE_CACHE, 0, 0, MYF(MY_WME | MY_NABP))) { - mysql_file_close(file, MYF(MY_WME)); goto cleanup2; } From 50a8fc52988d13a5164a1a542b9d7a85e3ecc1c1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marko=20M=C3=A4kel=C3=A4?= Date: Mon, 14 Jan 2019 09:24:39 +0200 Subject: [PATCH 10/10] MDEV-18224 MTR's internal check of the test case 'innodb.recovery_shutdown' failed due to extra #sql-ib*.ibd files The test innodb.recovery_shutdown would occasionally fail, because recovered incomplete transactions would be conflicting with DROP TABLE, causing the background drop table queue to be invoked. Add a slow shutdown before dropping the tables, so that the recovered transactions will be rolled back. Starting with MDEV-14705, normal shutdown would abort the rollback of recovered transactions. --- mysql-test/suite/innodb/t/recovery_shutdown.test | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/mysql-test/suite/innodb/t/recovery_shutdown.test b/mysql-test/suite/innodb/t/recovery_shutdown.test index 42d98ca34c7..50fe4e87c9d 100644 --- a/mysql-test/suite/innodb/t/recovery_shutdown.test +++ b/mysql-test/suite/innodb/t/recovery_shutdown.test @@ -48,6 +48,12 @@ FLUSH TABLES; --let $shutdown_timeout=60 --source include/restart_mysqld.inc +# Perform a slow shutdown in order to roll back all recovered transactions +# and to avoid locking conflicts with the DROP TABLE below. +--disable_query_log +SET GLOBAL innodb_fast_shutdown=0; +--source include/restart_mysqld.inc + --disable_query_log let $c = $trx; while ($c)