From af2e74f8cbbe23552648a7acae197e5a15048706 Mon Sep 17 00:00:00 2001 From: V Narayanan Date: Tue, 18 Nov 2008 11:31:03 +0530 Subject: [PATCH 01/10] Bug#39616: Missing quotes from .CSV crashes server When a CSV file contained comma separated elements that were not enclosed in quotes, it was causing the mysql server to crash. The old algorithm that parsed the content of a row in mysql 5.0 was assuming that the values of the fields in a .CSV file will be enclosed in quotes and will be separated by commas. This was causing the old algorithm to fail when the content of the file resembled the following 3,"sans quotes" The CSV engine that is part of mysql 5.0 was expecting the above to be "3","sans quotes" The above is just one example of where the engine was failing for what would be recognized as a valid .CSV file content otherwise. The proposed fix changes the old algorithm being used to parse rows from the .CSV file to handle two separate cases 1) When the current field of the row is enclosed in quotes 2) When the current field of the row is not enclosed in quotes --- mysql-test/r/csv.result | 15 ++++++ mysql-test/t/csv.test | 43 +++++++++++++++++ sql/examples/ha_tina.cc | 103 +++++++++++++++++++++++++++++++--------- 3 files changed, 139 insertions(+), 22 deletions(-) diff --git a/mysql-test/r/csv.result b/mysql-test/r/csv.result index dca4e349c8a..ac1aee6cc9a 100644 --- a/mysql-test/r/csv.result +++ b/mysql-test/r/csv.result @@ -5071,4 +5071,19 @@ select * from t1; a foo drop table t1; +create table bug39616_1(id int NOT NULL, d varchar(50) NOT NULL) ENGINE=csv; +select * from bug39616_1; +id d +1 integer sans quotes +1 string sans quotes +1 string end quotes" +1 quotes"in between" strings +1 Integer with quote and string with no quote +1 escape sequence + " \ \a within quotes +drop table bug39616_1; +create table bug39616_1(id int NOT NULL, d varchar(50) NOT NULL) ENGINE=csv; +select * from bug39616_1; +id d +drop table bug39616_1; End of 5.0 tests diff --git a/mysql-test/t/csv.test b/mysql-test/t/csv.test index db5cb92c3e6..72d61fc7781 100644 --- a/mysql-test/t/csv.test +++ b/mysql-test/t/csv.test @@ -1460,4 +1460,47 @@ insert into t1 values(); select * from t1; drop table t1; +# +# Bug #39616 Missing quotes from .CSV crashes server +# +# Editing the .CSV file and leaving out quotes from around an integer field +# crashes the server. +# + +# +# Test for the integers and strings enclosed in quotes, not enclosed in quotes, +# \X characters. +# +create table bug39616_1(id int NOT NULL, d varchar(50) NOT NULL) ENGINE=csv; + +--remove_file $MYSQLTEST_VARDIR/master-data/test/bug39616_1.CSV +--write_file $MYSQLTEST_VARDIR/master-data/test/bug39616_1.CSV +1,"integer sans quotes" +1,string sans quotes +1,string end quotes" +1,quotes"in between" strings +"1",Integer with quote and string with no quote +1,"escape sequence \n \" \\ \r \a within quotes" +EOF + +select * from bug39616_1; + +drop table bug39616_1; + +# +# Test for he case when a field begins with a quote, but does not end in a +# quote. +# Note: This results in an empty set. +# +create table bug39616_1(id int NOT NULL, d varchar(50) NOT NULL) ENGINE=csv; + +--remove_file $MYSQLTEST_VARDIR/master-data/test/bug39616_1.CSV +--write_file $MYSQLTEST_VARDIR/master-data/test/bug39616_1.CSV +1,"string only at the beginning quotes +EOF + +select * from bug39616_1; + +drop table bug39616_1; + --echo End of 5.0 tests diff --git a/sql/examples/ha_tina.cc b/sql/examples/ha_tina.cc index 0b57fe86e62..aaaa3b8ffb4 100644 --- a/sql/examples/ha_tina.cc +++ b/sql/examples/ha_tina.cc @@ -416,37 +416,96 @@ int ha_tina::find_current_row(byte *buf) if ((end_ptr= find_eoln(share->mapped_file, current_position, share->file_stat.st_size)) == 0) DBUG_RETURN(HA_ERR_END_OF_FILE); + /* + Parse the line obtained using the following algorithm + + BEGIN + 1) Store the EOL (end of line) for the current row + 2) Until all the fields in the current query have not been + filled + 2.1) If the current character begins with a quote + 2.1.1) Until EOL has not been reached + a) If end of current field is reached, move + to next field and jump to step 2.3 + b) If current character begins with \\ handle + \\n, \\r, \\, \\" + c) else append the current character into the buffer + before checking that EOL has not been reached. + 2.2) If the current character does not begin with a quote + 2.2.1) Until EOL has not been reached + a) If the end of field has been reached move to the + next field and jump to step 2.3 + b) append the current character into the buffer + 2.3) Store the current field value and jump to 2) + TERMINATE + */ + for (Field **field=table->field ; *field ; field++) { buffer.length(0); - mapped_ptr++; // Increment past the first quote - for(;mapped_ptr != end_ptr; mapped_ptr++) + /* Handle the case where the first character begins with a quote */ + if (*mapped_ptr == '"') { - //Need to convert line feeds! - if (*mapped_ptr == '"' && - (((mapped_ptr[1] == ',') && (mapped_ptr[2] == '"')) || (mapped_ptr == end_ptr -1 ))) + /* Increment past the first quote */ + mapped_ptr++; + /* Loop through the row to extract the values for the current field */ + for(; mapped_ptr != end_ptr; mapped_ptr++) { - mapped_ptr += 2; // Move past the , and the " - break; - } - if (*mapped_ptr == '\\' && mapped_ptr != (end_ptr - 1)) - { - mapped_ptr++; - if (*mapped_ptr == 'r') - buffer.append('\r'); - else if (*mapped_ptr == 'n' ) - buffer.append('\n'); - else if ((*mapped_ptr == '\\') || (*mapped_ptr == '"')) - buffer.append(*mapped_ptr); - else /* This could only happed with an externally created file */ + /* check for end of the current field */ + if (*mapped_ptr == '"' && + (mapped_ptr[1] == ',' || mapped_ptr == end_ptr -1 )) { - buffer.append('\\'); + /* Move past the , and the " */ + mapped_ptr += 2; + break; + } + if (*mapped_ptr == '\\' && mapped_ptr != (end_ptr - 1)) + { + mapped_ptr++; + if (*mapped_ptr == 'r') + buffer.append('\r'); + else if (*mapped_ptr == 'n' ) + buffer.append('\n'); + else if ((*mapped_ptr == '\\') || (*mapped_ptr == '"')) + buffer.append(*mapped_ptr); + else /* This could only happed with an externally created file */ + { + buffer.append('\\'); + buffer.append(*mapped_ptr); + } + } + else + { + /* + If no last quote was found, but the end of row has been reached + it implies that there has been error. + */ + if (mapped_ptr == end_ptr -1) + DBUG_RETURN(HA_ERR_END_OF_FILE); + /* Store current character in the buffer for the field */ buffer.append(*mapped_ptr); } - } - else - buffer.append(*mapped_ptr); + } } + else + { + /* Handle the case where the current row does not start with quotes */ + + /* Loop through the row to extract the values for the current field */ + for (; mapped_ptr != end_ptr; mapped_ptr++) + { + /* check for end of current field */ + if (*mapped_ptr == ',') + { + /* Increment past the current comma */ + mapped_ptr++; + break; + } + /* store the current character in the buffer for the field */ + buffer.append(*mapped_ptr); + } + } + /* Store the field value from the buffer */ (*field)->store(buffer.ptr(), buffer.length(), buffer.charset()); } next_position= (end_ptr - share->mapped_file)+1; From 8f39d2584ba0ba33998461aa93a714f8cadf498d Mon Sep 17 00:00:00 2001 From: Mattias Jonsson Date: Tue, 2 Dec 2008 11:18:01 +0100 Subject: [PATCH 02/10] Bug#40389: REORGANIZE PARTITION crashes when only using one partition The non documented command 'ALTER PARTITION t REORGANIZE PARTITION' (without any partitions!) which only make sense for nativly partitioned engines, such as NDB, crashes the server if there was no change of number of partitions. The problem was wrong usage of fast_end_partition function, which led to usage of a non initialized variable. --- mysql-test/r/partition_mgm.result | 7 +++++++ mysql-test/t/partition_mgm.test | 11 +++++++++++ sql/partition_info.cc | 1 + sql/sql_partition.cc | 5 ++--- 4 files changed, 21 insertions(+), 3 deletions(-) diff --git a/mysql-test/r/partition_mgm.result b/mysql-test/r/partition_mgm.result index 9ef220028b3..eeb9be949a0 100644 --- a/mysql-test/r/partition_mgm.result +++ b/mysql-test/r/partition_mgm.result @@ -1,4 +1,11 @@ DROP TABLE IF EXISTS t1; +CREATE TABLE t1 (a INT PRIMARY KEY) +ENGINE MYISAM +PARTITION BY HASH (a) +PARTITIONS 1; +INSERT INTO t1 VALUES (1),(2),(3),(4),(5); +ALTER TABLE t1 REORGANIZE PARTITION; +DROP TABLE t1; create table t1 (a int) partition by range (a) subpartition by key (a) diff --git a/mysql-test/t/partition_mgm.test b/mysql-test/t/partition_mgm.test index 68da4a5b390..1f53989b4d4 100644 --- a/mysql-test/t/partition_mgm.test +++ b/mysql-test/t/partition_mgm.test @@ -3,6 +3,17 @@ DROP TABLE IF EXISTS t1; --enable_warnings +# +# Bug 40389: REORGANIZE PARTITION crashes when only using one partition +# +CREATE TABLE t1 (a INT PRIMARY KEY) +ENGINE MYISAM +PARTITION BY HASH (a) +PARTITIONS 1; +INSERT INTO t1 VALUES (1),(2),(3),(4),(5); +ALTER TABLE t1 REORGANIZE PARTITION; +DROP TABLE t1; + # # Bug 21143: mysqld hang when error in number of subparts in # REORGANIZE command diff --git a/sql/partition_info.cc b/sql/partition_info.cc index 02f2c9b0ab1..e2027d3571e 100644 --- a/sql/partition_info.cc +++ b/sql/partition_info.cc @@ -867,6 +867,7 @@ bool partition_info::check_partition_info(THD *thd, handlerton **eng_type, if (part_type != HASH_PARTITION || !list_of_part_fields) { + DBUG_ASSERT(part_expr); err= part_expr->walk(&Item::check_partition_func_processor, 0, NULL); if (!err && is_sub_partitioned() && !list_of_subpart_fields) diff --git a/sql/sql_partition.cc b/sql/sql_partition.cc index da80a2125e9..6fb803ce4ff 100644 --- a/sql/sql_partition.cc +++ b/sql/sql_partition.cc @@ -4228,9 +4228,8 @@ uint prep_alter_part_table(THD *thd, TABLE *table, Alter_info *alter_info, after the change as before. Thus we can reply ok immediately without any changes at all. */ - DBUG_RETURN(fast_end_partition(thd, ULL(0), ULL(0), - table, NULL, - TRUE, NULL, FALSE)); + *fast_alter_partition= TRUE; + DBUG_RETURN(FALSE); } else if (new_part_no > curr_part_no) { From 5726574b0c11b90047e326f8b36350c82485519f Mon Sep 17 00:00:00 2001 From: Luis Soares Date: Thu, 4 Dec 2008 01:01:03 +0000 Subject: [PATCH 03/10] BUG#38826 Race in MYSQL_LOG::purge_logs is impossible to debug in production BUG#39325 Server crash inside MYSQL_LOG::purge_first_log halts replicaiton The patch reverses the order of the purging and updating events for log and relay-log.info/index files respectively. This solves the problem of having holes caused by crashes happening between updating info/index files and purging logs. NOTE: This is a combined patch for BUG#38826 and BUG#39325. This patch is based on bugteam tree and takes into account reviewers suggestions. --- mysql-test/r/binlog_index.result | 1 + sql/log.cc | 212 +++++++++++++++++++------------ sql/sql_class.h | 7 + 3 files changed, 141 insertions(+), 79 deletions(-) diff --git a/mysql-test/r/binlog_index.result b/mysql-test/r/binlog_index.result index 82fc26092f4..b307b97e460 100644 --- a/mysql-test/r/binlog_index.result +++ b/mysql-test/r/binlog_index.result @@ -21,6 +21,7 @@ flush logs; *** must be a warning master-bin.000001 was not found *** Warnings: Warning 1477 Being purged log MYSQLTEST_VARDIR/log/master-bin.000001 was not found +Warning 1477 Being purged log MYSQLTEST_VARDIR/log/master-bin.000001 was not found *** must show one record, of the active binlog, left in the index file after PURGE *** show binary logs; Log_name File_size diff --git a/sql/log.cc b/sql/log.cc index 5a1cfe46686..477cb21b2f3 100644 --- a/sql/log.cc +++ b/sql/log.cc @@ -417,6 +417,7 @@ MYSQL_LOG::MYSQL_LOG() index_file_name[0] = 0; bzero((char*) &log_file,sizeof(log_file)); bzero((char*) &index_file, sizeof(index_file)); + bzero((char*) &purge_temp, sizeof(purge_temp)); } /* this is called only once */ @@ -1059,10 +1060,10 @@ err: IMPLEMENTATION - Protects index file with LOCK_index + - Read the next file name from the index file and store in rli->linfo - Delete relevant relay log files - Copy all file names after these ones to the front of the index file - If the OS has truncate, truncate the file, else fill it with \n' - - Read the next file name from the index file and store in rli->linfo RETURN VALUES 0 ok @@ -1076,6 +1077,7 @@ err: int MYSQL_LOG::purge_first_log(struct st_relay_log_info* rli, bool included) { int error; + char *to_purge_if_included= NULL; DBUG_ENTER("purge_first_log"); DBUG_ASSERT(is_open()); @@ -1083,36 +1085,20 @@ int MYSQL_LOG::purge_first_log(struct st_relay_log_info* rli, bool included) DBUG_ASSERT(!strcmp(rli->linfo.log_file_name,rli->event_relay_log_name)); pthread_mutex_lock(&LOCK_index); - pthread_mutex_lock(&rli->log_space_lock); - rli->relay_log.purge_logs(rli->group_relay_log_name, included, - 0, 0, &rli->log_space_total); - // Tell the I/O thread to take the relay_log_space_limit into account - rli->ignore_log_space_limit= 0; - pthread_mutex_unlock(&rli->log_space_lock); + to_purge_if_included= my_strdup(rli->group_relay_log_name, MYF(0)); - /* - Ok to broadcast after the critical region as there is no risk of - the mutex being destroyed by this thread later - this helps save - context switches - */ - pthread_cond_broadcast(&rli->log_space_cond); - /* Read the next log file name from the index file and pass it back to - the caller - If included is true, we want the first relay log; - otherwise we want the one after event_relay_log_name. + the caller. */ - if ((included && (error=find_log_pos(&rli->linfo, NullS, 0))) || - (!included && - ((error=find_log_pos(&rli->linfo, rli->event_relay_log_name, 0)) || - (error=find_next_log(&rli->linfo, 0))))) + if((error=find_log_pos(&rli->linfo, rli->event_relay_log_name, 0)) || + (error=find_next_log(&rli->linfo, 0))) { char buff[22]; sql_print_error("next log error: %d offset: %s log: %s included: %d", error, llstr(rli->linfo.index_file_offset,buff), - rli->group_relay_log_name, + rli->event_relay_log_name, included); goto err; } @@ -1140,7 +1126,42 @@ int MYSQL_LOG::purge_first_log(struct st_relay_log_info* rli, bool included) /* Store where we are in the new file for the execution thread */ flush_relay_log_info(rli); + DBUG_EXECUTE_IF("crash_before_purge_logs", abort();); + + pthread_mutex_lock(&rli->log_space_lock); + rli->relay_log.purge_logs(to_purge_if_included, included, + 0, 0, &rli->log_space_total); + // Tell the I/O thread to take the relay_log_space_limit into account + rli->ignore_log_space_limit= 0; + pthread_mutex_unlock(&rli->log_space_lock); + + /* + Ok to broadcast after the critical region as there is no risk of + the mutex being destroyed by this thread later - this helps save + context switches + */ + pthread_cond_broadcast(&rli->log_space_cond); + + /* + * Need to update the log pos because purge logs has been called + * after fetching initially the log pos at the begining of the method. + */ + if(error=find_log_pos(&rli->linfo, rli->event_relay_log_name, 0)) + { + char buff[22]; + sql_print_error("next log error: %d offset: %s log: %s included: %d", + error, + llstr(rli->linfo.index_file_offset,buff), + rli->group_relay_log_name, + included); + goto err; + } + + /* If included was passed, rli->linfo should be the first entry. */ + DBUG_ASSERT(!included || rli->linfo.index_file_start_offset == 0); + err: + my_free(to_purge_if_included, MYF(0)); pthread_mutex_unlock(&LOCK_index); DBUG_RETURN(error); } @@ -1199,8 +1220,36 @@ int MYSQL_LOG::purge_logs(const char *to_log, if (need_mutex) pthread_mutex_lock(&LOCK_index); - if ((error=find_log_pos(&log_info, to_log, 0 /*no mutex*/))) + if ((error=find_log_pos(&log_info, to_log, 0 /*no mutex*/))) + { + sql_print_error("MYSQL_LOG::purge_logs was called with file %s not " + "listed in the index.", to_log); goto err; + } + + /* + For crash recovery reasons the index needs to be updated before + any files are deleted. Move files to be deleted into a temp file + to be processed after the index is updated. + */ + if (!my_b_inited(&purge_temp)) + { + if (error=open_cached_file(&purge_temp, mysql_tmpdir, TEMP_PREFIX, + DISK_BUFFER_SIZE, MYF(MY_WME))) + { + sql_print_error("MYSQL_LOG::purge_logs failed to open purge_temp"); + goto err; + } + } + else + { + if (error=reinit_io_cache(&purge_temp, WRITE_CACHE, 0, 0, 1)) + { + sql_print_error("MYSQL_LOG::purge_logs failed to reinit purge_temp " + "for write"); + goto err; + } + } /* File name exists in index file; delete until we find this file @@ -1211,6 +1260,59 @@ int MYSQL_LOG::purge_logs(const char *to_log, while ((strcmp(to_log,log_info.log_file_name) || (exit_loop=included)) && !log_in_use(log_info.log_file_name)) { + if ((error=my_b_write(&purge_temp, (byte*)log_info.log_file_name, + strlen(log_info.log_file_name))) || + (error=my_b_write(&purge_temp, (byte*)"\n", 1))) + { + sql_print_error("MYSQL_LOG::purge_logs failed to copy %s to purge_temp", + log_info.log_file_name); + goto err; + } + + if (find_next_log(&log_info, 0) || exit_loop) + break; + } + + /* We know how many files to delete. Update index file. */ + if (error=update_log_index(&log_info, need_update_threads)) + { + sql_print_error("MSYQL_LOG::purge_logs failed to update the index file"); + goto err; + } + + DBUG_EXECUTE_IF("crash_after_update_index", abort();); + + /* Switch purge_temp for read. */ + if (error=reinit_io_cache(&purge_temp, READ_CACHE, 0, 0, 0)) + { + sql_print_error("MSYQL_LOG::purge_logs failed to reinit purge_temp " + "for read"); + goto err; + } + + /* Read each entry from purge_temp and delete the file. */ + for (;;) + { + uint length; + + if ((length=my_b_gets(&purge_temp, log_info.log_file_name, + FN_REFLEN)) <= 1) + { + if (purge_temp.error) + { + error= purge_temp.error; + sql_print_error("MSYQL_LOG::purge_logs error %d reading from " + "purge_temp", error); + goto err; + } + + /* Reached EOF */ + break; + } + + /* Get rid of the trailing '\n' */ + log_info.log_file_name[length-1]= 0; + MY_STAT s; if (!my_stat(log_info.log_file_name, &s, MYF(0))) { @@ -1304,15 +1406,7 @@ int MYSQL_LOG::purge_logs(const char *to_log, } } } - if (find_next_log(&log_info, 0) || exit_loop) - break; } - - /* - If we get killed -9 here, the sysadmin would have to edit - the log index file after restart - otherwise, this should be safe - */ - error= update_log_index(&log_info, need_update_threads); err: if (need_mutex) @@ -1326,7 +1420,6 @@ err: SYNOPSIS purge_logs_before_date() - thd Thread pointer before_date Delete all log files before given date. NOTES @@ -1343,6 +1436,7 @@ err: int MYSQL_LOG::purge_logs_before_date(time_t purge_time) { int error; + char to_log[FN_REFLEN]; LOG_INFO log_info; MY_STAT stat_area; THD *thd= current_thd; @@ -1350,12 +1444,8 @@ int MYSQL_LOG::purge_logs_before_date(time_t purge_time) DBUG_ENTER("purge_logs_before_date"); pthread_mutex_lock(&LOCK_index); + to_log[0]= 0; - /* - Delete until we find curren file - or a file that is used or a file - that is older than purge_time. - */ if ((error=find_log_pos(&log_info, NullS, 0 /*no mutex*/))) goto err; @@ -1405,54 +1495,18 @@ int MYSQL_LOG::purge_logs_before_date(time_t purge_time) } else { - if (stat_area.st_mtime >= purge_time) + if (stat_area.st_mtime < purge_time) + strmake(to_log, + log_info.log_file_name, + sizeof(log_info.log_file_name)); + else break; - if (my_delete(log_info.log_file_name, MYF(0))) - { - if (my_errno == ENOENT) - { - /* It's not fatal even if we can't delete a log file */ - if (thd) - { - push_warning_printf(thd, MYSQL_ERROR::WARN_LEVEL_WARN, - ER_LOG_PURGE_NO_FILE, ER(ER_LOG_PURGE_NO_FILE), - log_info.log_file_name); - } - sql_print_information("Failed to delete file '%s'", - log_info.log_file_name); - my_errno= 0; - } - else - { - if (thd) - { - push_warning_printf(thd, MYSQL_ERROR::WARN_LEVEL_ERROR, - ER_BINLOG_PURGE_FATAL_ERR, - "a problem with deleting %s; " - "consider examining correspondence " - "of your binlog index file " - "to the actual binlog files", - log_info.log_file_name); - } - else - { - sql_print_information("Failed to delete log file '%s'", - log_info.log_file_name); - } - error= LOG_INFO_FATAL; - goto err; - } - } } if (find_next_log(&log_info, 0)) break; } - /* - If we get killed -9 here, the sysadmin would have to edit - the log index file after restart - otherwise, this should be safe - */ - error= update_log_index(&log_info, 1); + error= (to_log[0] ? purge_logs(to_log, 1, 0, 1, (ulonglong *) 0) : 0); err: pthread_mutex_unlock(&LOCK_index); diff --git a/sql/sql_class.h b/sql/sql_class.h index c8d42d44df7..cc7ef7809d4 100644 --- a/sql/sql_class.h +++ b/sql/sql_class.h @@ -205,6 +205,13 @@ class MYSQL_LOG: public TC_LOG time_t last_time,query_start; IO_CACHE log_file; IO_CACHE index_file; + /* + purge_temp is a temp file used in purge_logs so that the index file + can be updated before deleting files from disk, yielding better crash + recovery. It is created on demand the first time purge_logs is called + and then reused for subsequent calls. It is cleaned up in cleanup(). + */ + IO_CACHE purge_temp; char *name; char time_buff[20],db[NAME_LEN+1]; char log_file_name[FN_REFLEN],index_file_name[FN_REFLEN]; From 2405e47df065e731cd9a35d57d97802810497650 Mon Sep 17 00:00:00 2001 From: Mattias Jonsson Date: Thu, 4 Dec 2008 10:47:25 +0100 Subject: [PATCH 04/10] Bug#40515: Query on a partitioned table does not return 'lock wait timeout exceeded' Problem was a bug in the implementation of scan in partitioning which masked the error code from the partition's handler. Fixed by returning the value from the underlying handler. --- mysql-test/suite/parts/r/partition_special_innodb.result | 5 +++++ mysql-test/suite/parts/t/partition_special_innodb.test | 2 ++ sql/ha_partition.cc | 2 +- 3 files changed, 8 insertions(+), 1 deletion(-) diff --git a/mysql-test/suite/parts/r/partition_special_innodb.result b/mysql-test/suite/parts/r/partition_special_innodb.result index 5eab78de8c2..8869f6d450c 100644 --- a/mysql-test/suite/parts/r/partition_special_innodb.result +++ b/mysql-test/suite/parts/r/partition_special_innodb.result @@ -213,5 +213,10 @@ START TRANSACTION; INSERT INTO t1 VALUES (NULL, 'first row t2'); SET autocommit=OFF; ALTER TABLE t1 AUTO_INCREMENT = 10; +ERROR HY000: Lock wait timeout exceeded; try restarting transaction INSERT INTO t1 VALUES (NULL, 'second row t2'); +SELECT a,b FROM t1 ORDER BY a; +a b +1 first row t2 +2 second row t2 DROP TABLE t1; diff --git a/mysql-test/suite/parts/t/partition_special_innodb.test b/mysql-test/suite/parts/t/partition_special_innodb.test index b9fc8bdcd56..eac19f6d588 100644 --- a/mysql-test/suite/parts/t/partition_special_innodb.test +++ b/mysql-test/suite/parts/t/partition_special_innodb.test @@ -68,10 +68,12 @@ INSERT INTO t1 VALUES (NULL, 'first row t2'); --connection con2 SET autocommit=OFF; +--error ER_LOCK_WAIT_TIMEOUT ALTER TABLE t1 AUTO_INCREMENT = 10; --connection con1 INSERT INTO t1 VALUES (NULL, 'second row t2'); +SELECT a,b FROM t1 ORDER BY a; --disconnect con2 --disconnect con1 --connection default diff --git a/sql/ha_partition.cc b/sql/ha_partition.cc index 0c96b06381c..852f437b213 100644 --- a/sql/ha_partition.cc +++ b/sql/ha_partition.cc @@ -3431,7 +3431,7 @@ int ha_partition::rnd_next(uchar *buf) while (TRUE) { - int result= file->rnd_next(buf); + result= file->rnd_next(buf); if (!result) { m_last_part= part_id; From 71296ae2e2c3b6f87ad392aa3f45b9c53a41b2f2 Mon Sep 17 00:00:00 2001 From: Georgi Kodinov Date: Tue, 9 Dec 2008 19:46:03 +0200 Subject: [PATCH 05/10] Bug #37936: ASSERT_COLUMN_MARKED_FOR_WRITE in Field_datetime::store , Field_varstring::store The code that temporary saved the bitmaps of the read set and the write set so that it can set it to all columns for debug purposes was not expecting that the table->read_set and table->write_set can be the same. And was always saving both in sequence. As a result the original value was never restored. Fixed by saving & restoring the original value only once if the two sets are the same (in a special set of functions). --- mysql-test/r/select.result | 26 ++++++++++++++++++++++++++ mysql-test/t/select.test | 33 +++++++++++++++++++++++++++++++++ sql/item_cmpfunc.cc | 18 ++++++------------ sql/opt_range.cc | 26 +++++++++++--------------- sql/table.h | 30 ++++++++++++++++++++++++++++++ 5 files changed, 106 insertions(+), 27 deletions(-) diff --git a/mysql-test/r/select.result b/mysql-test/r/select.result index 4b2464af688..313bc9b9630 100644 --- a/mysql-test/r/select.result +++ b/mysql-test/r/select.result @@ -4358,3 +4358,29 @@ a 4 5 DROP TABLE t1; +CREATE TABLE A (date_key date); +CREATE TABLE C ( +pk int, +int_nokey int, +int_key int, +date_key date NOT NULL, +date_nokey date, +varchar_key varchar(1) +); +INSERT INTO C VALUES +(1,1,1,'0000-00-00',NULL,NULL), +(1,1,1,'0000-00-00',NULL,NULL); +SELECT 1 FROM C WHERE pk > ANY (SELECT 1 FROM C); +1 +SELECT COUNT(DISTINCT 1) FROM C +WHERE date_key = (SELECT 1 FROM A WHERE C.date_key IS NULL) GROUP BY pk; +COUNT(DISTINCT 1) +SELECT date_nokey FROM C +WHERE int_key IN (SELECT 1 FROM A) +HAVING date_nokey = '10:41:7' +ORDER BY date_key; +date_nokey +Warnings: +Warning 1292 Incorrect date value: '10:41:7' for column 'date_nokey' at row 1 +DROP TABLE A,C; +End of 5.1 tests diff --git a/mysql-test/t/select.test b/mysql-test/t/select.test index 30abb797e83..020f94699f9 100644 --- a/mysql-test/t/select.test +++ b/mysql-test/t/select.test @@ -3701,3 +3701,36 @@ SELECT a FROM t1 ORDER BY a LIMIT 2; SELECT a FROM t1 ORDER BY a LIMIT 2,4294967296; SELECT a FROM t1 ORDER BY a LIMIT 2,4294967297; DROP TABLE t1; + +# +# Bug #37936: ASSERT_COLUMN_MARKED_FOR_WRITE in Field_datetime::store , +# Field_varstring::store +# + +CREATE TABLE A (date_key date); + +CREATE TABLE C ( + pk int, + int_nokey int, + int_key int, + date_key date NOT NULL, + date_nokey date, + varchar_key varchar(1) +); + +INSERT INTO C VALUES +(1,1,1,'0000-00-00',NULL,NULL), +(1,1,1,'0000-00-00',NULL,NULL); + +SELECT 1 FROM C WHERE pk > ANY (SELECT 1 FROM C); + +SELECT COUNT(DISTINCT 1) FROM C + WHERE date_key = (SELECT 1 FROM A WHERE C.date_key IS NULL) GROUP BY pk; +SELECT date_nokey FROM C + WHERE int_key IN (SELECT 1 FROM A) + HAVING date_nokey = '10:41:7' + ORDER BY date_key; + +DROP TABLE A,C; + +--echo End of 5.1 tests diff --git a/sql/item_cmpfunc.cc b/sql/item_cmpfunc.cc index cefa479fea6..564632fbb9b 100644 --- a/sql/item_cmpfunc.cc +++ b/sql/item_cmpfunc.cc @@ -394,19 +394,16 @@ static bool convert_constant_item(THD *thd, Item_field *field_item, TABLE *table= field->table; ulong orig_sql_mode= thd->variables.sql_mode; enum_check_fields orig_count_cuted_fields= thd->count_cuted_fields; - my_bitmap_map *old_write_map; - my_bitmap_map *old_read_map; + my_bitmap_map *old_maps[2]; ulonglong orig_field_val; /* original field value if valid */ - LINT_INIT(old_write_map); - LINT_INIT(old_read_map); + LINT_INIT(old_maps[0]); + LINT_INIT(old_maps[1]); LINT_INIT(orig_field_val); if (table) - { - old_write_map= dbug_tmp_use_all_columns(table, table->write_set); - old_read_map= dbug_tmp_use_all_columns(table, table->read_set); - } + dbug_tmp_use_all_columns(table, old_maps, + table->read_set, table->write_set); /* For comparison purposes allow invalid dates like 2000-01-32 */ thd->variables.sql_mode= (orig_sql_mode & ~MODE_NO_ZERO_DATE) | MODE_INVALID_DATES; @@ -437,10 +434,7 @@ static bool convert_constant_item(THD *thd, Item_field *field_item, thd->variables.sql_mode= orig_sql_mode; thd->count_cuted_fields= orig_count_cuted_fields; if (table) - { - dbug_tmp_restore_column_map(table->write_set, old_write_map); - dbug_tmp_restore_column_map(table->read_set, old_read_map); - } + dbug_tmp_restore_column_maps(table->read_set, table->write_set, old_maps); } return result; } diff --git a/sql/opt_range.cc b/sql/opt_range.cc index bafc368e415..7d9709909c3 100644 --- a/sql/opt_range.cc +++ b/sql/opt_range.cc @@ -2668,7 +2668,7 @@ bool prune_partitions(THD *thd, TABLE *table, Item *pprune_cond) PART_PRUNE_PARAM prune_param; MEM_ROOT alloc; RANGE_OPT_PARAM *range_par= &prune_param.range_param; - my_bitmap_map *old_read_set, *old_write_set; + my_bitmap_map *old_sets[2]; prune_param.part_info= part_info; init_sql_alloc(&alloc, thd->variables.range_alloc_block_size, 0); @@ -2682,8 +2682,8 @@ bool prune_partitions(THD *thd, TABLE *table, Item *pprune_cond) DBUG_RETURN(FALSE); } - old_write_set= dbug_tmp_use_all_columns(table, table->write_set); - old_read_set= dbug_tmp_use_all_columns(table, table->read_set); + dbug_tmp_use_all_columns(table, old_sets, + table->read_set, table->write_set); range_par->thd= thd; range_par->table= table; /* range_par->cond doesn't need initialization */ @@ -2773,8 +2773,7 @@ all_used: retval= FALSE; // some partitions are used mark_all_partitions_as_used(prune_param.part_info); end: - dbug_tmp_restore_column_map(table->write_set, old_write_set); - dbug_tmp_restore_column_map(table->read_set, old_read_set); + dbug_tmp_restore_column_maps(table->read_set, table->write_set, old_sets); thd->no_errors=0; thd->mem_root= range_par->old_root; free_root(&alloc,MYF(0)); // Return memory & allocator @@ -11145,9 +11144,9 @@ print_key(KEY_PART *key_part, const uchar *key, uint used_length) String tmp(buff,sizeof(buff),&my_charset_bin); uint store_length; TABLE *table= key_part->field->table; - my_bitmap_map *old_write_set, *old_read_set; - old_write_set= dbug_tmp_use_all_columns(table, table->write_set); - old_read_set= dbug_tmp_use_all_columns(table, table->read_set); + my_bitmap_map *old_sets[2]; + + dbug_tmp_use_all_columns(table, old_sets, table->read_set, table->write_set); for (; key < key_end; key+=store_length, key_part++) { @@ -11173,8 +11172,7 @@ print_key(KEY_PART *key_part, const uchar *key, uint used_length) if (key+store_length < key_end) fputc('/',DBUG_FILE); } - dbug_tmp_restore_column_map(table->write_set, old_write_set); - dbug_tmp_restore_column_map(table->read_set, old_read_set); + dbug_tmp_restore_column_maps(table->read_set, table->write_set, old_sets); } @@ -11182,18 +11180,16 @@ static void print_quick(QUICK_SELECT_I *quick, const key_map *needed_reg) { char buf[MAX_KEY/8+1]; TABLE *table; - my_bitmap_map *old_read_map, *old_write_map; + my_bitmap_map *old_sets[2]; DBUG_ENTER("print_quick"); if (!quick) DBUG_VOID_RETURN; DBUG_LOCK_FILE; table= quick->head; - old_read_map= dbug_tmp_use_all_columns(table, table->read_set); - old_write_map= dbug_tmp_use_all_columns(table, table->write_set); + dbug_tmp_use_all_columns(table, old_sets, table->read_set, table->write_set); quick->dbug_dump(0, TRUE); - dbug_tmp_restore_column_map(table->read_set, old_read_map); - dbug_tmp_restore_column_map(table->write_set, old_write_map); + dbug_tmp_restore_column_maps(table->read_set, table->write_set, old_sets); fprintf(DBUG_FILE,"other_keys: 0x%s:\n", needed_reg->print(buf)); diff --git a/sql/table.h b/sql/table.h index ccd6b60664e..a89434b23ed 100644 --- a/sql/table.h +++ b/sql/table.h @@ -1692,5 +1692,35 @@ static inline void dbug_tmp_restore_column_map(MY_BITMAP *bitmap, #endif } + +/* + Variant of the above : handle both read and write sets. + Provide for the possiblity of the read set being the same as the write set +*/ +static inline void dbug_tmp_use_all_columns(TABLE *table, + my_bitmap_map **save, + MY_BITMAP *read_set, + MY_BITMAP *write_set) +{ +#ifndef DBUG_OFF + save[0]= read_set->bitmap; + save[1]= write_set->bitmap; + (void) tmp_use_all_columns(table, read_set); + (void) tmp_use_all_columns(table, write_set); +#endif +} + + +static inline void dbug_tmp_restore_column_maps(MY_BITMAP *read_set, + MY_BITMAP *write_set, + my_bitmap_map **old) +{ +#ifndef DBUG_OFF + tmp_restore_column_map(read_set, old[0]); + tmp_restore_column_map(write_set, old[1]); +#endif +} + + size_t max_row_length(TABLE *table, const uchar *data); From d506265f2ccbaea41f268aa58f0272273537e443 Mon Sep 17 00:00:00 2001 From: Georgi Kodinov Date: Tue, 9 Dec 2008 20:35:02 +0200 Subject: [PATCH 06/10] backported the fix for bug #34773 to 5.0 --- mysql-test/r/explain.result | 48 +++++++++++++++++++++++++++++++++++++ mysql-test/t/explain.test | 29 ++++++++++++++++++++++ sql/item.cc | 4 ++-- sql/item_sum.cc | 37 +++++++++++++++++++++++++--- sql/item_sum.h | 25 +++++++++++++------ sql/opt_range.cc | 2 +- sql/opt_sum.cc | 6 ++--- sql/sql_select.cc | 16 ++++++------- 8 files changed, 143 insertions(+), 24 deletions(-) diff --git a/mysql-test/r/explain.result b/mysql-test/r/explain.result index a4c8432d2a4..3aa189f4a9d 100644 --- a/mysql-test/r/explain.result +++ b/mysql-test/r/explain.result @@ -107,3 +107,51 @@ X X X X X X X X X X X X X X X X X X Range checked for each record (index map: 0xFFFFFFFFFF) DROP TABLE t2; DROP TABLE t1; +CREATE TABLE t1(a INT); +CREATE TABLE t2(a INT); +INSERT INTO t1 VALUES (1),(2); +INSERT INTO t2 VALUES (1),(2); +EXPLAIN EXTENDED SELECT 1 +FROM (SELECT COUNT(DISTINCT t1.a) FROM t1,t2 GROUP BY t1.a) AS s1; +id select_type table type possible_keys key key_len ref rows Extra +1 PRIMARY ALL NULL NULL NULL NULL 2 +2 DERIVED t1 ALL NULL NULL NULL NULL 2 Using temporary; Using filesort +2 DERIVED t2 ALL NULL NULL NULL NULL 2 +Warnings: +Note 1003 select 1 AS `1` from (select count(distinct `test`.`t1`.`a`) AS `COUNT(DISTINCT t1.a)` from `test`.`t1` join `test`.`t2` group by `test`.`t1`.`a`) `s1` +EXPLAIN EXTENDED SELECT 1 +FROM (SELECT COUNT(DISTINCT t1.a) FROM t1,t2 GROUP BY t1.a) AS s1; +id select_type table type possible_keys key key_len ref rows Extra +1 PRIMARY ALL NULL NULL NULL NULL 2 +2 DERIVED t1 ALL NULL NULL NULL NULL 2 Using temporary; Using filesort +2 DERIVED t2 ALL NULL NULL NULL NULL 2 +Warnings: +Note 1003 select 1 AS `1` from (select count(distinct `test`.`t1`.`a`) AS `COUNT(DISTINCT t1.a)` from `test`.`t1` join `test`.`t2` group by `test`.`t1`.`a`) `s1` +prepare s1 from +'EXPLAIN EXTENDED SELECT 1 + FROM (SELECT COUNT(DISTINCT t1.a) FROM t1,t2 GROUP BY t1.a) AS s1'; +execute s1; +id select_type table type possible_keys key key_len ref rows Extra +1 PRIMARY ALL NULL NULL NULL NULL 2 +2 DERIVED t1 ALL NULL NULL NULL NULL 2 Using temporary; Using filesort +2 DERIVED t2 ALL NULL NULL NULL NULL 2 +Warnings: +Note 1003 select 1 AS `1` from (select count(distinct `test`.`t1`.`a`) AS `COUNT(DISTINCT t1.a)` from `test`.`t1` join `test`.`t2` group by `test`.`t1`.`a`) `s1` +prepare s1 from +'EXPLAIN EXTENDED SELECT 1 + FROM (SELECT COUNT(DISTINCT t1.a) FROM t1,t2 GROUP BY t1.a) AS s1'; +execute s1; +id select_type table type possible_keys key key_len ref rows Extra +1 PRIMARY ALL NULL NULL NULL NULL 2 +2 DERIVED t1 ALL NULL NULL NULL NULL 2 Using temporary; Using filesort +2 DERIVED t2 ALL NULL NULL NULL NULL 2 +Warnings: +Note 1003 select 1 AS `1` from (select count(distinct `test`.`t1`.`a`) AS `COUNT(DISTINCT t1.a)` from `test`.`t1` join `test`.`t2` group by `test`.`t1`.`a`) `s1` +execute s1; +id select_type table type possible_keys key key_len ref rows Extra +1 PRIMARY ALL NULL NULL NULL NULL 2 +2 DERIVED t1 ALL NULL NULL NULL NULL 2 Using temporary; Using filesort +2 DERIVED t2 ALL NULL NULL NULL NULL 2 +Warnings: +Note 1003 select 1 AS `1` from (select count(distinct `test`.`t1`.`a`) AS `COUNT(DISTINCT t1.a)` from `test`.`t1` join `test`.`t2` group by `test`.`t1`.`a`) `s1` +DROP TABLE t1,t2; diff --git a/mysql-test/t/explain.test b/mysql-test/t/explain.test index c9ae8aceaf6..0247aca82df 100644 --- a/mysql-test/t/explain.test +++ b/mysql-test/t/explain.test @@ -94,4 +94,33 @@ EXPLAIN SELECT 1 FROM DROP TABLE t2; DROP TABLE t1; +# +# Bug #34773: query with explain extended and derived table / other table +# crashes server +# + +CREATE TABLE t1(a INT); +CREATE TABLE t2(a INT); +INSERT INTO t1 VALUES (1),(2); +INSERT INTO t2 VALUES (1),(2); + +EXPLAIN EXTENDED SELECT 1 + FROM (SELECT COUNT(DISTINCT t1.a) FROM t1,t2 GROUP BY t1.a) AS s1; + +EXPLAIN EXTENDED SELECT 1 + FROM (SELECT COUNT(DISTINCT t1.a) FROM t1,t2 GROUP BY t1.a) AS s1; + +prepare s1 from +'EXPLAIN EXTENDED SELECT 1 + FROM (SELECT COUNT(DISTINCT t1.a) FROM t1,t2 GROUP BY t1.a) AS s1'; +execute s1; + +prepare s1 from +'EXPLAIN EXTENDED SELECT 1 + FROM (SELECT COUNT(DISTINCT t1.a) FROM t1,t2 GROUP BY t1.a) AS s1'; +execute s1; +execute s1; + +DROP TABLE t1,t2; + # End of 5.0 tests. diff --git a/sql/item.cc b/sql/item.cc index 243c22bb7e6..2a89c86cd88 100644 --- a/sql/item.cc +++ b/sql/item.cc @@ -6795,7 +6795,7 @@ enum_field_types Item_type_holder::get_real_type(Item *item) */ Item_sum *item_sum= (Item_sum *) item; if (item_sum->keep_field_type()) - return get_real_type(item_sum->args[0]); + return get_real_type(item_sum->get_arg(0)); break; } case FUNC_ITEM: @@ -7059,7 +7059,7 @@ void Item_type_holder::get_full_info(Item *item) if (item->type() == Item::SUM_FUNC_ITEM && (((Item_sum*)item)->sum_func() == Item_sum::MAX_FUNC || ((Item_sum*)item)->sum_func() == Item_sum::MIN_FUNC)) - item = ((Item_sum*)item)->args[0]; + item = ((Item_sum*)item)->get_arg(0); /* We can have enum/set type after merging only if we have one enum|set field (or MIN|MAX(enum|set field)) and number of NULL fields diff --git a/sql/item_sum.cc b/sql/item_sum.cc index 91320d6b56b..d33d92a5238 100644 --- a/sql/item_sum.cc +++ b/sql/item_sum.cc @@ -370,6 +370,10 @@ Item_sum::Item_sum(List &list) :arg_count(list.elements), args[i++]= item; } } + if (!(orig_args= (Item **) sql_alloc(sizeof(Item *) * arg_count))) + { + args= NULL; + } mark_as_sum_func(); list.empty(); // Fields are used } @@ -380,18 +384,28 @@ Item_sum::Item_sum(List &list) :arg_count(list.elements), */ Item_sum::Item_sum(THD *thd, Item_sum *item): - Item_result_field(thd, item), arg_count(item->arg_count), + Item_result_field(thd, item), aggr_sel(item->aggr_sel), nest_level(item->nest_level), aggr_level(item->aggr_level), - quick_group(item->quick_group), used_tables_cache(item->used_tables_cache), + quick_group(item->quick_group), + arg_count(item->arg_count), orig_args(NULL), + used_tables_cache(item->used_tables_cache), forced_const(item->forced_const) { if (arg_count <= 2) + { args=tmp_args; + orig_args=tmp_orig_args; + } else + { if (!(args= (Item**) thd->alloc(sizeof(Item*)*arg_count))) return; + if (!(orig_args= (Item**) thd->alloc(sizeof(Item*)*arg_count))) + return; + } memcpy(args, item->args, sizeof(Item*)*arg_count); + memcpy(orig_args, item->orig_args, sizeof(Item*)*arg_count); } @@ -426,12 +440,13 @@ void Item_sum::make_field(Send_field *tmp_field) void Item_sum::print(String *str) { + Item **pargs= orig_args; str->append(func_name()); for (uint i=0 ; i < arg_count ; i++) { if (i) str->append(','); - args[i]->print(str); + pargs[i]->print(str); } str->append(')'); } @@ -532,6 +547,13 @@ void Item_sum::update_used_tables () } +Item *Item_sum::set_arg(int i, THD *thd, Item *new_val) +{ + thd->change_item_tree(args + i, new_val); + return new_val; +} + + String * Item_sum_num::val_str(String *str) { @@ -583,6 +605,7 @@ Item_sum_num::fix_fields(THD *thd, Item **ref) if (check_sum_func(thd, ref)) return TRUE; + memcpy (orig_args, args, sizeof (Item *) * arg_count); fixed= 1; return FALSE; } @@ -670,6 +693,7 @@ Item_sum_hybrid::fix_fields(THD *thd, Item **ref) if (check_sum_func(thd, ref)) return TRUE; + orig_args[0]= args[0]; fixed= 1; return FALSE; } @@ -3107,6 +3131,12 @@ Item_func_group_concat(Name_resolution_context *context_arg, sizeof(ORDER*)*arg_count_order))) return; + if (!(orig_args= (Item **) sql_alloc(sizeof(Item *) * arg_count))) + { + args= NULL; + return; + } + order= (ORDER**)(args + arg_count); /* fill args items of show and sort */ @@ -3334,6 +3364,7 @@ Item_func_group_concat::fix_fields(THD *thd, Item **ref) if (check_sum_func(thd, ref)) return TRUE; + memcpy (orig_args, args, sizeof (Item *) * arg_count); fixed= 1; return FALSE; } diff --git a/sql/item_sum.h b/sql/item_sum.h index d39fc96e254..51a1eff9bbf 100644 --- a/sql/item_sum.h +++ b/sql/item_sum.h @@ -228,10 +228,8 @@ public: VARIANCE_FUNC, SUM_BIT_FUNC, UDF_SUM_FUNC, GROUP_CONCAT_FUNC }; - Item **args, *tmp_args[2]; Item **ref_by; /* pointer to a ref to the object used to register it */ Item_sum *next; /* next in the circular chain of registered objects */ - uint arg_count; Item_sum *in_sum_func; /* embedding set function if any */ st_select_lex * aggr_sel; /* select where the function is aggregated */ int8 nest_level; /* number of the nesting level of the set function */ @@ -248,24 +246,32 @@ public: List outer_fields; protected: + uint arg_count; + Item **args, *tmp_args[2]; + /* + Copy of the arguments list to hold the original set of arguments. + Used in EXPLAIN EXTENDED instead of the current argument list because + the current argument list can be altered by usage of temporary tables. + */ + Item **orig_args, *tmp_orig_args[2]; table_map used_tables_cache; bool forced_const; public: void mark_as_sum_func(); - Item_sum() :arg_count(0), quick_group(1), forced_const(FALSE) + Item_sum() :quick_group(1), arg_count(0), forced_const(FALSE) { mark_as_sum_func(); } - Item_sum(Item *a) :args(tmp_args), arg_count(1), quick_group(1), - forced_const(FALSE) + Item_sum(Item *a) :quick_group(1), arg_count(1), args(tmp_args), + orig_args(tmp_orig_args), forced_const(FALSE) { args[0]=a; mark_as_sum_func(); } - Item_sum( Item *a, Item *b ) :args(tmp_args), arg_count(2), quick_group(1), - forced_const(FALSE) + Item_sum( Item *a, Item *b ) :quick_group(1), arg_count(2), args(tmp_args), + orig_args(tmp_orig_args), forced_const(FALSE) { args[0]=a; args[1]=b; mark_as_sum_func(); @@ -374,6 +380,10 @@ public: bool register_sum_func(THD *thd, Item **ref); st_select_lex *depended_from() { return (nest_level == aggr_level ? 0 : aggr_sel); } + + Item *get_arg(int i) { return args[i]; } + Item *set_arg(int i, THD *thd, Item *new_val); + uint get_arg_count() { return arg_count; } }; @@ -981,6 +991,7 @@ public: if (udf.fix_fields(thd, this, this->arg_count, this->args)) return TRUE; + memcpy (orig_args, args, sizeof (Item *) * arg_count); return check_sum_func(thd, ref); } enum Sumfunctype sum_func () const { return UDF_SUM_FUNC; } diff --git a/sql/opt_range.cc b/sql/opt_range.cc index 204ebdb6f33..7d9b1179d87 100644 --- a/sql/opt_range.cc +++ b/sql/opt_range.cc @@ -7735,7 +7735,7 @@ get_best_group_min_max(PARAM *param, SEL_TREE *tree) DBUG_RETURN(NULL); /* The argument of MIN/MAX. */ - Item *expr= min_max_item->args[0]->real_item(); + Item *expr= min_max_item->get_arg(0)->real_item(); if (expr->type() == Item::FIELD_ITEM) /* Is it an attribute? */ { if (! min_max_arg_item) diff --git a/sql/opt_sum.cc b/sql/opt_sum.cc index 3fc62d05ae5..39db1344588 100644 --- a/sql/opt_sum.cc +++ b/sql/opt_sum.cc @@ -160,7 +160,7 @@ int opt_sum_query(TABLE_LIST *tables, List &all_fields,COND *conds) to the number of rows in the tables if this number is exact and there are no outer joins. */ - if (!conds && !((Item_sum_count*) item)->args[0]->maybe_null && + if (!conds && !((Item_sum_count*) item)->get_arg(0)->maybe_null && !outer_tables && is_exact_count) { ((Item_sum_count*) item)->make_const(count); @@ -176,7 +176,7 @@ int opt_sum_query(TABLE_LIST *tables, List &all_fields,COND *conds) parts of the key is found in the COND, then we can use indexes to find the key. */ - Item *expr=item_sum->args[0]; + Item *expr=item_sum->get_arg(0); if (expr->real_item()->type() == Item::FIELD_ITEM) { byte key_buff[MAX_KEY_LENGTH]; @@ -319,7 +319,7 @@ int opt_sum_query(TABLE_LIST *tables, List &all_fields,COND *conds) parts of the key is found in the COND, then we can use indexes to find the key. */ - Item *expr=item_sum->args[0]; + Item *expr=item_sum->get_arg(0); if (expr->real_item()->type() == Item::FIELD_ITEM) { byte key_buff[MAX_KEY_LENGTH]; diff --git a/sql/sql_select.cc b/sql/sql_select.cc index b080fff8725..48276170caf 100644 --- a/sql/sql_select.cc +++ b/sql/sql_select.cc @@ -9444,11 +9444,11 @@ create_tmp_table(THD *thd,TMP_TABLE_PARAM *param,List &fields, } if (type == Item::SUM_FUNC_ITEM && !group && !save_sum_fields) { /* Can't calc group yet */ - ((Item_sum*) item)->result_field=0; - for (i=0 ; i < ((Item_sum*) item)->arg_count ; i++) + Item_sum *sum_item= (Item_sum *) item; + sum_item->result_field=0; + for (i=0 ; i < sum_item->get_arg_count() ; i++) { - Item **argp= ((Item_sum*) item)->args + i; - Item *arg= *argp; + Item *arg= sum_item->get_arg(i); if (!arg->const_item()) { uint field_index= (uint) (reg_field - table->field); @@ -9478,7 +9478,7 @@ create_tmp_table(THD *thd,TMP_TABLE_PARAM *param,List &fields, string_total_length+= new_field->pack_length(); } thd->mem_root= mem_root_save; - thd->change_item_tree(argp, new Item_field(new_field)); + arg= sum_item->set_arg(i, thd, new Item_field(new_field)); thd->mem_root= &table->mem_root; if (!(new_field->flags & NOT_NULL_FLAG)) { @@ -9487,7 +9487,7 @@ create_tmp_table(THD *thd,TMP_TABLE_PARAM *param,List &fields, new_field->maybe_null() is still false, it will be changed below. But we have to setup Item_field correctly */ - (*argp)->maybe_null=1; + arg->maybe_null=1; } new_field->query_id= thd->query_id; } @@ -13922,9 +13922,9 @@ count_field_types(SELECT_LEX *select_lex, TMP_TABLE_PARAM *param, param->quick_group=0; // UDF SUM function param->sum_func_count++; - for (uint i=0 ; i < sum_item->arg_count ; i++) + for (uint i=0 ; i < sum_item->get_arg_count() ; i++) { - if (sum_item->args[0]->real_item()->type() == Item::FIELD_ITEM) + if (sum_item->get_arg(i)->real_item()->type() == Item::FIELD_ITEM) param->field_count++; else param->func_count++; From f5a850109afea58f5b04af3d4b3703466a5a122c Mon Sep 17 00:00:00 2001 From: Alexander Barkov Date: Wed, 10 Dec 2008 13:05:57 +0400 Subject: [PATCH 07/10] Bug#38227 EXTRACTVALUE doesn't work with DTD declarations Problem: XML syntax parser allowed to use quoted strings as attribute names, and tried to put them into parser state stack instead of identifiers. After that parser failed, if quoted string contained some slash characters. Fix: - Disallowing quoted strings in regular tags. - Allowing quoted string in DOCTYPE declararion, but don't push it into parse state stack (just skip it). --- mysql-test/r/xml.result | 24 ++++++++++++++++++++++++ mysql-test/t/xml.test | 25 +++++++++++++++++++++++++ strings/xml.c | 13 +++++++++++-- 3 files changed, 60 insertions(+), 2 deletions(-) diff --git a/mysql-test/r/xml.result b/mysql-test/r/xml.result index 56c884343e3..41c0d6bee21 100644 --- a/mysql-test/r/xml.result +++ b/mysql-test/r/xml.result @@ -1029,4 +1029,28 @@ SELECT 1 FROM t1 ORDER BY(UPDATEXML(a, '1', '1')); 1 1 DROP TABLE t1; +SET @xml= +' + + + Title - document with document declaration + + Hi, Im a webpage with document a declaration +'; +SELECT ExtractValue(@xml, 'html/head/title'); +ExtractValue(@xml, 'html/head/title') + Title - document with document declaration +SELECT ExtractValue(@xml, 'html/body'); +ExtractValue(@xml, 'html/body') + Hi, Im a webpage with document a declaration +SELECT ExtractValue('CharData', '/xml'); +ExtractValue('CharData', '/xml') +NULL +Warnings: +Warning 1525 Incorrect XML value: 'parse error at line 1 pos 11: STRING unexpected ('>' wanted)' +SELECT ExtractValue('CharData', '/xml'); +ExtractValue('CharData', '/xml') +NULL +Warnings: +Warning 1525 Incorrect XML value: 'parse error at line 1 pos 17: STRING unexpected ('>' wanted)' End of 5.1 tests diff --git a/mysql-test/t/xml.test b/mysql-test/t/xml.test index 5ca9c7afd76..d840e14ba5f 100644 --- a/mysql-test/t/xml.test +++ b/mysql-test/t/xml.test @@ -551,4 +551,29 @@ INSERT INTO t1 VALUES (0), (0); SELECT 1 FROM t1 ORDER BY(UPDATEXML(a, '1', '1')); DROP TABLE t1; +# +# BUG#38227 EXTRACTVALUE doesn't work with DTD declarations +# +# Check that quoted strings work fine in DOCTYPE declaration. +# + +SET @xml= +' + + + Title - document with document declaration + + Hi, Im a webpage with document a declaration +'; + +SELECT ExtractValue(@xml, 'html/head/title'); +SELECT ExtractValue(@xml, 'html/body'); + +# These two documents will fail. +# Quoted strings are not allowed in regular tags +# +SELECT ExtractValue('CharData', '/xml'); +SELECT ExtractValue('CharData', '/xml'); + + --echo End of 5.1 tests diff --git a/strings/xml.c b/strings/xml.c index 5c62a8e8603..1b697ec6b26 100644 --- a/strings/xml.c +++ b/strings/xml.c @@ -328,7 +328,7 @@ int my_xml_parse(MY_XML_PARSER *p,const char *str, size_t len) } while ((MY_XML_IDENT == (lex=my_xml_scan(p,&a))) || - (MY_XML_STRING == lex)) + ((MY_XML_STRING == lex && exclam))) { MY_XML_ATTR b; if (MY_XML_EQ == (lex=my_xml_scan(p,&b))) @@ -349,13 +349,22 @@ int my_xml_parse(MY_XML_PARSER *p,const char *str, size_t len) return MY_XML_ERROR; } } - else if ((MY_XML_STRING == lex) || (MY_XML_IDENT == lex)) + else if (MY_XML_IDENT == lex) { p->current_node_type= MY_XML_NODE_ATTR; if ((MY_XML_OK != my_xml_enter(p,a.beg,(size_t) (a.end-a.beg))) || (MY_XML_OK != my_xml_leave(p,a.beg,(size_t) (a.end-a.beg)))) return MY_XML_ERROR; } + else if ((MY_XML_STRING == lex) && exclam) + { + /* + We are in , e.g. + + + Just skip "SystemLiteral" and "PublicidLiteral" + */ + } else break; } From 33bac53782bda23d4ff9a063c049e06c22bd3c4f Mon Sep 17 00:00:00 2001 From: Alexey Kopytov Date: Wed, 10 Dec 2008 16:07:32 +0300 Subject: [PATCH 08/10] Fix for a test failure on Solaris/x86/gcc introduced by the patch for bug #27483. Removed values with more than 15 significant digits from the test case. Results of reading/printing such values using system library functions depend on implementation and thus are not portable. --- mysql-test/r/type_float.result | 6 +----- mysql-test/t/type_float.test | 4 +--- 2 files changed, 2 insertions(+), 8 deletions(-) diff --git a/mysql-test/r/type_float.result b/mysql-test/r/type_float.result index d86c515062a..8caabbff047 100644 --- a/mysql-test/r/type_float.result +++ b/mysql-test/r/type_float.result @@ -393,15 +393,11 @@ f1 + 0e0 -1.0000000150475e+30 drop table t1; create table t1(d double, u bigint unsigned); -insert into t1(d) values (9.2233720368547777e+18), -(9.223372036854779e18), -(9.22337203685479e18), +insert into t1(d) values (9.22337203685479e18), (1.84e19); update t1 set u = d; select u from t1; u -9223372036854775808 -9223372036854779904 9223372036854790144 18400000000000000000 drop table t1; diff --git a/mysql-test/t/type_float.test b/mysql-test/t/type_float.test index 3ceef129912..53bcf44061d 100644 --- a/mysql-test/t/type_float.test +++ b/mysql-test/t/type_float.test @@ -259,9 +259,7 @@ drop table t1; create table t1(d double, u bigint unsigned); -insert into t1(d) values (9.2233720368547777e+18), - (9.223372036854779e18), - (9.22337203685479e18), +insert into t1(d) values (9.22337203685479e18), (1.84e19); update t1 set u = d; From 2b64acde8bbf5148fb288895a114f1832e909937 Mon Sep 17 00:00:00 2001 From: Sergey Glukhov Date: Wed, 10 Dec 2008 18:13:11 +0400 Subject: [PATCH 09/10] Bug#37956 memory leak and / or crash with geometry and prepared statements! Bug#37671 crash on prepared statement + cursor + geometry + too many open files! if mysql_execute_command() returns error then free materialized_cursor object. is_rnd_inited is added to satisfy rnd_end() assertion (handler may be uninitialized in some cases) --- sql/sql_cursor.cc | 18 +++++++++---- sql/sql_select.cc | 7 +++-- tests/mysql_client_test.c | 54 +++++++++++++++++++++++++++++++++++++++ 3 files changed, 72 insertions(+), 7 deletions(-) diff --git a/sql/sql_cursor.cc b/sql/sql_cursor.cc index 16567765ba6..83c60814cf3 100644 --- a/sql/sql_cursor.cc +++ b/sql/sql_cursor.cc @@ -85,6 +85,7 @@ class Materialized_cursor: public Server_side_cursor List item_list; ulong fetch_limit; ulong fetch_count; + bool is_rnd_inited; public: Materialized_cursor(select_result *result, TABLE *table); @@ -191,7 +192,11 @@ int mysql_open_cursor(THD *thd, uint flags, select_result *result, such command is SHOW VARIABLES or SHOW STATUS. */ if (rc) + { + if (result_materialize->materialized_cursor) + delete result_materialize->materialized_cursor; goto err_open; + } if (sensitive_cursor->is_open()) { @@ -532,7 +537,8 @@ Materialized_cursor::Materialized_cursor(select_result *result_arg, :Server_side_cursor(&table_arg->mem_root, result_arg), table(table_arg), fetch_limit(0), - fetch_count(0) + fetch_count(0), + is_rnd_inited(0) { fake_unit.init_query(); fake_unit.thd= table->in_use; @@ -589,11 +595,12 @@ int Materialized_cursor::open(JOIN *join __attribute__((unused))) THD *thd= fake_unit.thd; int rc; Query_arena backup_arena; - thd->set_n_backup_active_arena(this, &backup_arena); /* Create a list of fields and start sequential scan */ - rc= (result->prepare(item_list, &fake_unit) || - table->file->ha_rnd_init(TRUE)); + rc= result->prepare(item_list, &fake_unit); + if (!rc && !(rc= table->file->ha_rnd_init(TRUE))) + is_rnd_inited= 1; + thd->restore_active_arena(this, &backup_arena); if (rc == 0) { @@ -673,7 +680,8 @@ void Materialized_cursor::close() { /* Free item_list items */ free_items(); - (void) table->file->ha_rnd_end(); + if (is_rnd_inited) + (void) table->file->ha_rnd_end(); /* We need to grab table->mem_root to prevent free_tmp_table from freeing: the cursor object was allocated in this memory. diff --git a/sql/sql_select.cc b/sql/sql_select.cc index 48276170caf..d2c469f99da 100644 --- a/sql/sql_select.cc +++ b/sql/sql_select.cc @@ -1599,8 +1599,11 @@ JOIN::exec() (zero_result_cause?zero_result_cause:"No tables used")); else { - result->send_fields(*columns_list, - Protocol::SEND_NUM_ROWS | Protocol::SEND_EOF); + if (result->send_fields(*columns_list, + Protocol::SEND_NUM_ROWS | Protocol::SEND_EOF)) + { + DBUG_VOID_RETURN; + } /* We have to test for 'conds' here as the WHERE may not be constant even if we don't have any tables for prepared statements or if diff --git a/tests/mysql_client_test.c b/tests/mysql_client_test.c index ee3a053f8bd..ea4d363bdac 100644 --- a/tests/mysql_client_test.c +++ b/tests/mysql_client_test.c @@ -15899,6 +15899,59 @@ static void test_bug28934() } +/** + Bug#37956 memory leak and / or crash with geometry and prepared statements! +*/ + +static void test_bug37956(void) +{ + const char *query="select point(?,?)"; + MYSQL_STMT *stmt=NULL; + unsigned int val=0; + MYSQL_BIND bind_param[2]; + unsigned char buff[2]= { 134, 211 }; + DBUG_ENTER("test_bug37956"); + myheader("test_bug37956"); + + stmt= mysql_simple_prepare(mysql, query); + check_stmt(stmt); + + val=1; + mysql_stmt_attr_set(stmt, STMT_ATTR_UPDATE_MAX_LENGTH, (void *)&val); + val=CURSOR_TYPE_READ_ONLY; + mysql_stmt_attr_set(stmt, STMT_ATTR_CURSOR_TYPE, (void *)&val); + val=0; + mysql_stmt_attr_set(stmt, STMT_ATTR_PREFETCH_ROWS, (void *)&val); + + memset(bind_param, 0, sizeof(bind_param)); + bind_param[0].buffer_type=MYSQL_TYPE_TINY; + bind_param[0].buffer= (void *)buff; + bind_param[0].is_null=NULL; + bind_param[0].error=NULL; + bind_param[0].is_unsigned=1; + bind_param[1].buffer_type=MYSQL_TYPE_TINY; + bind_param[1].buffer= (void *)(buff+1); + bind_param[1].is_null=NULL; + bind_param[1].error=NULL; + bind_param[1].is_unsigned=1; + + if (mysql_stmt_bind_param(stmt, bind_param)) + { + mysql_stmt_close(stmt); + DIE_UNLESS(0); + } + + if (mysql_stmt_execute(stmt)) + { + mysql_stmt_close(stmt); + DBUG_VOID_RETURN; + } + /* Should never reach here: execution returns an error. */ + mysql_stmt_close(stmt); + DIE_UNLESS(0); + DBUG_VOID_RETURN; +} + /* Bug#27592 (stack overrun when storing datetime value using prepared statements) */ @@ -16595,6 +16648,7 @@ static struct my_tests_st my_tests[]= { { "test_bug32265", test_bug32265 }, { "test_bug38486", test_bug38486 }, { "test_bug40365", test_bug40365 }, + { "test_bug37956", test_bug37956 }, { 0, 0 } }; From 5fdd9c99c246c27f92f85e9919dea2ed537d460d Mon Sep 17 00:00:00 2001 From: Sergey Glukhov Date: Wed, 10 Dec 2008 18:38:27 +0400 Subject: [PATCH 10/10] Bug#35275 INFORMATION_SCHEMA.TABLES.CREATE_OPTIONS omits KEY_BLOCK_SIZE Added KEY_BLOCK_SIZE option to I_S.TABLES.CREATE_OPTIONS field --- mysql-test/r/information_schema.result | 5 +++++ mysql-test/t/information_schema.test | 7 +++++++ sql/sql_show.cc | 5 +++++ 3 files changed, 17 insertions(+) diff --git a/mysql-test/r/information_schema.result b/mysql-test/r/information_schema.result index 85af461eb14..4fd0bdde063 100644 --- a/mysql-test/r/information_schema.result +++ b/mysql-test/r/information_schema.result @@ -1707,4 +1707,9 @@ where a.VARIABLE_NAME = b.VARIABLE_NAME; a.VARIABLE_VALUE - b.VARIABLE_VALUE 2 drop table t0; +CREATE TABLE t1(a INT) KEY_BLOCK_SIZE=1; +SELECT CREATE_OPTIONS FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_NAME='t1'; +CREATE_OPTIONS +KEY_BLOCK_SIZE=1 +DROP TABLE t1; End of 5.1 tests. diff --git a/mysql-test/t/information_schema.test b/mysql-test/t/information_schema.test index bcb22c44076..3dbdf76c220 100644 --- a/mysql-test/t/information_schema.test +++ b/mysql-test/t/information_schema.test @@ -1383,4 +1383,11 @@ select a.VARIABLE_VALUE - b.VARIABLE_VALUE from t0 b, information_schema.global_ where a.VARIABLE_NAME = b.VARIABLE_NAME; drop table t0; +# +# Bug#35275 INFORMATION_SCHEMA.TABLES.CREATE_OPTIONS omits KEY_BLOCK_SIZE +# +CREATE TABLE t1(a INT) KEY_BLOCK_SIZE=1; +SELECT CREATE_OPTIONS FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_NAME='t1'; +DROP TABLE t1; + --echo End of 5.1 tests. diff --git a/sql/sql_show.cc b/sql/sql_show.cc index a506429fb97..3fd06aba672 100644 --- a/sql/sql_show.cc +++ b/sql/sql_show.cc @@ -3589,6 +3589,11 @@ static int get_schema_tables_record(THD *thd, TABLE_LIST *tables, (share->transactional == HA_CHOICE_YES ? "1" : "0"), NullS); } + if (share->key_block_size) + { + ptr= strmov(ptr, " KEY_BLOCK_SIZE="); + ptr= longlong10_to_str(share->key_block_size, ptr, 10); + } #ifdef WITH_PARTITION_STORAGE_ENGINE if (is_partitioned) ptr= strmov(ptr, " partitioned");