Home - Waterfall Grid T-Grid Console Builders Recent Builds Buildslaves Changesources - JSON API - About

Console View


Categories: connectors experimental galera main
Legend:   Passed Failed Warnings Failed Again Running Exception Offline No data

connectors experimental galera main
Sergei Golubchik
MDEV-40411 SFORMAT ignores max_allowed_packet

do our own allocator that implements std::allocator interface
but uses our memory accounting (my_malloc) and limits max allocation
(e.g. to max_allowed_packet).

use it for fmt::vformat_to.
later can be used for various std:: stuff too.
drrtuy
chore: RYOW MTR test for DuckDB.
Dave Gosselin
test updates based on comments from Oleg
Sergei Golubchik
MDEV-40425 handlersocket crashes on read with huge number of fields

* fix handlersocket to unlink it's THD, this apparently was broken
  for years
* add a check for fldnum
* add a first ever handlersocket test
Sergei Golubchik
MDEV-23486 RBR can bypass secure_timestamp=YES

fix TIMESTAMP DEFAULT NOW() and ON UPDATE NOW()

Caveat: rbr cannot work without an index - if the slave overwrites
timestamp columns, before-image won't match in full, this is expected.
Dave Gosselin
MDEV-39397: Document and clean up dump_leaf_key

Add a docblock for dump_leaf_key that describes each parameter
and the leaf payload layout, and documents the return values and
side effects.

Sprinkle inline comments through the body to explain the LIMIT and
OFFSET bookkeeping, the dual purpose of result_finalized, why
borrowing table->record[1] as scratch space is safe, the offset
translation for skipped null bytes, and why the blob_storage
truncation flag is cleared after raising ER_CUT_VALUE_GROUP_CONCAT.

Implement other code cleanups, too, like dropping the unused tmp2
String object and rename old_length to starting_len so the cut_max_length
call reads more directly.  Other changes include narrowing loop
variables to the loop scope, move declarations next to their
first use, and replacing the C casts with static_cast.

There should be no behavior changes at this commit.
Sergei Golubchik
MDEV-24598 Duplicate CHECK constraint names are allowed

Column-level CHECK constraints derive their effective name from the column's
field name when read from frm (name_length=0 fallback in
init_from_binary_frm_image). An explicit table-level constraint with the same
name as a column that carries a column-level check creates a duplicate in
information_schema.check_constraints.

Two cases:
1. CREATE TABLE t (a INT CHECK (a>2), CONSTRAINT a CHECK (a<5)) -- both
  end up named "a".
2. JSON columns auto-receive a JSON_VALID column check named after the field.
  CREATE TABLE t (json_c1 JSON, CONSTRAINT json_c1 CHECK (...)) produces
  a duplicate "json_c1".

Fix in mysql_prepare_create_table_finalize: when validating explicit
table-level constraint names, also check them against field names of columns
that carry column-level check constraints (ER_DUP_CONSTRAINT_NAME).

Fix in make_unique_constraint_name / fix_constraints_names: pass the column
list so that auto-generated names (CONSTRAINT_1, CONSTRAINT_2, ...) skip
names already taken by column-level checks.

Update check_constraint.test: the MDEV-16630 test relied on the now-rejected
duplicate (column check "b" + table constraint "b"). Rename the table-level
constraint to "b_and_a" to preserve the intent: verifying that field
constraints and table constraints produce distinct error-message formats.

Assisted-By: Claude:claude-4.6-sonnet
Sergei Golubchik
MDEV-40426 CONNECT writes unvalidated data from remote server into fixed-len buffer

use size-bounded scanf formats
Sergei Golubchik
MDEV-40409 ST_GeomFromText stack overrun on deeply nested GeometryCollection
Sergei Golubchik
MDEV-40362 #mysql50# mixes up with table names in the table cache and on disk

1.
Only allow #mysql50# prefix on table names that
can not be decoded from a file name to a table name.
It is an error to put this prefix on a name that can be accessed
as a valid table name without a prefix. Use `t1` not `#mysql50#t1`,
use `a-b` not `#mysql50#a@002db`.

2.
Don't allow creation of new tables with the #mysql50# prefix.

Except when in SQLCOM_ALTER_DB_UPGRADE - main.upgrade test runs
ALTER DATABASE `#mysql50#mysqltest-1` UPGRADE DATA DIRECTORY NAME;
This command moves tables from the old db name to the new db name,
and some of these tables also have old #mysql50# names.

3.
Also don't allow to create such databases, views, partitions,
subpartitions, sequences, triggers.
Sun Haiyong
Use CMAKE_SIZEOF_VOID_P EQUAL 8 for 64-bit detection

Use CMAKE_SIZEOF_VOID_P EQUAL 8 for 64‑bit detection instead of
maintaining an architecture list. This is cleaner and more maintainable.
Sergei Golubchik
MDEV-39318 some MTR tests fail with --ssl

* many test expected error 2013 (CR_SERVER_LOST)
  they should also expect 2026 (CR_SSL_CONNECTION_ERROR)
* some test --connect and expect a specific pre-auth error,
  they should use NOSSL option
* some tests start with invalid certificate - they work because
  mariadb-test doesn't connect with ssl by default. With --ssl
  it does and simply cannot connect. These tests use include/not_ssl.inc
* ssl_cipher restarts the server internally with invalid cipher.
  it should reconnect the default connection without SSL, otherwise
  mariadb-test will fail to connect after server is restarted
* tests that print ssl status without forcing it first - shouldn't,
  they don't know whether ssl is enabled or not.
* some perfschema tests are socket-specific and use include/not_ssl.inc
* perfschema status tables had too small column for ssl_ciphers value.
  Fixed as in f34afeaf6b83 (MDEV-39318)
Georg Richter
Infer fixes

- Resolved a critical loop-ordering bug in ma_get_rset_field_lengths
  where a null pointer dereference occurred on early iterations.
- Applied @infer-ignore annotations to ma_save_session_track_info to
  silence false-positive leak and dereference warnings stemming from
  Infer's inability to statically trace custom ma_multi_malloc offsets.
  Further @infer-ignore annotations were applied to boundary checks in
  client/server and replication protocol parsing.
- Converted error-prone preprocessor assignment macros into type-safe,
  architecture-independent C helper functions.
- Migrated mysql->options.extension from a lazy to an eager allocation
  pattern inside mysql_init() to eliminate redundant null checks and cleanly
  unify structural lifecycles.
- Updated mysql_close() teardown paths to cleanly free the eager
  extension container and prevent ASan/LSan leaks.

Two separate alerts reside within the replication/binlog API code;
these are intentionally deferred as that entire subsystem is slated
for a structural rework in an upcoming commit.

Excluded existing 'unittest/' and 'external/' directories from the Infer
analysis scope via `.inferconfig`. The testing framework intentionally
utilizes mock boundaries, structural shortcuts, and sandbox scaffolding to
isolate edge cases. Analyzing these files generates significant static
analysis noise and false positives without providing actual value to the
core runtime stability of the production library client.
Sergei Golubchik
MDEV-40341 store read-only sysvars in a read-only root

Store all READ_ONLY sysvar values in the read_only_root

Even though READ_ONLY sysvars are protected, for string variables
it usually means that the pointer cannot be changed. The value it
points to - the string itself - still can be. Let's store all
values of string READ_ONLY sysvars in the read_only_root.

sysvars that point directly into argv are copied to read_only_root.
sysvars that have their values calculated and allocated now
must be explicitly marked with PREALLOCATED to let it know they
have to be free()-d.

Assisted-By: Claude:claude-4.8-opus
Sergei Golubchik
MDEV-40362 #mysql50# mixes up with table names in the table cache and on disk

1.
Only allow #mysql50# prefix on table names that
can not be decoded from a file name to a table name.
It is an error to put this prefix on a name that can be accessed
as a valid table name without a prefix. Use `t1` not `#mysql50#t1`,
use `a-b` not `#mysql50#a@002db`.

2.
Don't allow creation of new tables with the #mysql50# prefix.

Except when in SQLCOM_ALTER_DB_UPGRADE - main.upgrade test runs
ALTER DATABASE `#mysql50#mysqltest-1` UPGRADE DATA DIRECTORY NAME;
This command moves tables from the old db name to the new db name,
and some of these tables also have old #mysql50# names.

3.
Also don't allow to create such databases, views, partitions,
subpartitions, sequences, triggers.
Dave Gosselin
MDEV-39397: GROUP_CONCAT of BIT returns decimal, not packed bytes

When DISTINCT or ORDER BY is in play, GROUP_CONCAT builds an
internal temp table and converts BIT arguments to integers so records
can be compared by memcmp.  Calling val_str() on that field
then returned the decimal form ("0", "1", "3") instead of the
packed bit bytes that Field_bit::val_str() emits everywhere else,
including the "plain" GROUP_CONCAT path.

Override get_str_from_field() for Item_func_group_concat to detect
when the argument is BIT, read the value as an integer from the
temp table field, and pack it into (max_length + 7) / 8 bytes,
mirroring Field_bit::val_str().  This makes DISTINCT and ORDER BY
agree with the plain path.

Before this change, BIT fields in group_concat were rendered
as ASCII which was incorrect and produced the wrong result as
described in the ticket.  With this fix, we also update the
existing test cases to wrap BIT columns with '+0' so the recorded
output stays in ASCII format.  Now, with this patch and the test
case from the ticket, MariaDB and MySQL produce identical resultset
of a single row, single column having value 08.

By default, a group_concat including BIT fields on MySQL returns a
hexified value for its resultset whereas MariaDB requires the
hex() function to wrap group_concat for the same result:

Setup:
  create table t1(a bit(2), b varchar(10), c bit);
  insert into t1 values (1, 'a', 0), (0, 'b', 1);

MySQL:
  mysql> select group_concat(a, c) from t1;
  +----------------------------------------+
  | group_concat(a, c)                    |
  +----------------------------------------+
  | 0x01002C0001                          |
  +----------------------------------------+
  1 row in set (0.001 sec)

MariaDB:
  MariaDB [test]> select hex(group_concat(a, c)) from t1;
  +-------------------------+
  | hex(group_concat(a, c)) |
  +-------------------------+
  | 01002C0001              |
  +-------------------------+
  1 row in set (0.001 sec)
Georg Richter
Merge branch '3.3' into 3.4
  • cc-x-codbc-windows: 'dojob pwd if '3.4' == '3.4' ls win32/test SET TEST_DSN=master SET TEST_DRIVER=master SET TEST_PORT=3306 SET TEST_SCHEMA=odbcmaster if '3.4' == '3.4' cd win32/test if '3.4' == '3.4' ctest --output-on-failure' failed -  stdio
Sergei Golubchik
MDEV-40395 MyISAM/Aria silently truncate extensions from filenames, if too long

* move all common fn_format flags that mi_create/maria_create use
  into one single #define.
* simplify (MY_APPEND_EXT is redundant and MY_REPLACE_EXT does nothing
  when no . is present in the filename)
* use MY_SAFE_PATH everywhere (return NULL if too long)
* set my_errno= ENAMETOOLONG on too long
* abort mi_create/maria_create if returned NULL
Sergei Golubchik
MDEV-28743 Roles without grants are handled wrong

In propagate_role_grants_action() (called by grant_reload() on startup
and FLUSH PRIVILEGES), role privilege merging uses a counter-based
bottom-up ordering: each role's counter tracks how many of its granted
sub-roles still need to be processed, and merge_role_privileges() merges
a role only once its counter reaches zero.

The bug: when an intermediate role such as org_role_1 (which inherits
only from a USAGE-only app_role_1) was merged with no privilege changes,
merge_role_privileges() returned 1 as an optimisation to stop upward
traversal.  This prevented the traversal from ever reaching user_role_1
to decrement its counter.  A second leaf traversal (from app_role_2)
could decrement user_role_1's counter only once, leaving it at 1
instead of 0, so user_role_1 was never merged and had no effective
privileges.

The "stop if nothing changed" optimisation is valid for incremental
propagate_role_grants() calls (after a single GRANT/REVOKE), where
every ancestor was already correctly merged.  It is not valid for the
full-reload case, where the counters must be decremented by every leaf
traversal to guarantee correct bottom-up ordering.

Fix: add an initial_load flag to PRIVS_TO_MERGE.  When set (only in
propagate_role_grants_action), the early-stop optimisation is disabled
so traversals always visit all ancestors.

Assisted-By: Claude:claude-4.6-sonnet
Sergei Golubchik
MDEV-40337 store user vars in a dedicated memroot

user_var_entry objects and their names have a connection lifetime,
they exist until the connection ends (or is reset), and then they're
all deleted at once. This is exactly the use case for MEM_ROOT,
let's store them there.

Additionally, let's set MY_ROOT_USE_MPROTECT flag to keep this memroot
off the general heap where user_var_entry values are stored
and where heap buffer overflows can happen.

The latter makes memory allocations for the MEM_ROOT about 10x more
expensive, so let's always start with an empty memroot (= zero overhead
if no user variables are used) and on THD cleanup let's retain one
memroot block (= zero overhead if the next connection takes THD from the
cache and uses user variables up to one block size).

Assisted-By: Claude:claude-4.8-opus
Sergei Golubchik
MDEV-30555 The server does not detect changes in NULL-ability of system table columns

Table_check_intact::check() validated column names, types, and charsets but
not NULL-ability. Altering a system table column (e.g. mysql.proc.definer)
to drop NOT NULL would pass the check undetected, silently corrupting data
stored through that column.

Add a CAN_BE_NULL flag bit in the high bit of TABLE_FIELD_TYPE::type.length.
Set it on nullable column entries; the check now validates nullability in both
directions. NOT NULL columns need no annotation (the common case). The flag
is encoded as `{ STRING_WITH_LEN("type") + CAN_BE_NULL }` which keeps the
intent readable at the definition site.

Apply CAN_BE_NULL annotations to all TABLE_FIELD_TYPE arrays:
mysql.proc, mysql.event, mysql.table_stats, mysql.column_stats,
mysql.index_stats.

Assisted-By: Claude:claude-4.6-sonnet
Sergei Golubchik
MDEV-39841 handlersocket plugin default secret is empty

if handlersocket_plain_secret is not specified, generate a random one.
one can still set an empty secret in my.cnf if needed.
Sergei Golubchik
MDEV-40426 CONNECT writes unvalidated data from remote server into fixed-len buffer

use size-bounded scanf formats
drrtuy
fix: MDEV-40379 temporary disable CREATE TEMPORARY TABLE engine=DuckDB b/c of naming temp table naming inconsitencies b/w MariaDB and DuckDB.
Sergei Golubchik
MDEV-23486 RBR can bypass secure_timestamp=YES

Add tests for system versioning.
INSERT is fixed, but UPDATE is still broken.
Sergei Golubchik
MDEV-40341 store read-only sysvars in a read-only segment

Protect all READ_ONLY sysvars from run-time changes.

Put them into a separate ELF section with a special attribute
and mprotect() this section after the server is fully initialized.

Verify that they're all protected in the sys_var constructor.

One exception: opt_noacl (--skip-grant-tables) can be changed
from 1 to 0 on FLUSH PRIVILEGES. Let's briefly drop the
protection for this 1->0 change. It can be needed only once
in a server lifetime and only if it was started with --skip-grant-tables

On shutdown the protection is removed, making variables writable
again because shutdown resets some of them during the cleanup

Assisted-By: Claude:claude-4.8-opus
Dave Gosselin
MDEV-39397: Document and clean up dump_leaf_key

Add a docblock for dump_leaf_key that describes each parameter
and the leaf payload layout, and documents the return values and
side effects.

Sprinkle inline comments through the body to explain the LIMIT and
OFFSET bookkeeping, the dual purpose of result_finalized, why
borrowing table->record[1] as scratch space is safe, the offset
translation for skipped null bytes, and why the blob_storage
truncation flag is cleared after raising ER_CUT_VALUE_GROUP_CONCAT.

Implement other code cleanups, too, like dropping the unused tmp2
String object and rename old_length to starting_len so the cut_max_length
call reads more directly.  Other changes include narrowing loop
variables to the loop scope, move declarations next to their
first use, and replacing the C casts with static_cast.

There should be no behavior changes at this commit.
Georg Richter
CONC-835: Fix pre-auth memory exhaustion in packet reassembly

Enforce a strict 1MB max_allowed_auth_packet
limit during the initial connection and authentication handshake.

Additionally, add comprehensive checks inside ma_net_read() to block
malicious multi-packet streaming vectors that could bypass the threshold
by fragmenting oversized payloads into legitimate sub-16MB frames.

Returns CR_NET_PACKET_TOO_LARGE if the threshold is breached. Normal
operational packet size limits are safely restored post-authentication.
  • cc-x-codbc-windows: 'dojob pwd if '3.4' == '3.4' ls win32/test SET TEST_DSN=master SET TEST_DRIVER=master SET TEST_PORT=3306 SET TEST_SCHEMA=odbcmaster if '3.4' == '3.4' cd win32/test if '3.4' == '3.4' ctest --output-on-failure' failed -  stdio
drrtuy
fix: DuckDB now optionally read same transactions writes applied to other engines tables.
Sergei Golubchik
MDEV-40409 ST_GeomFromText stack overrun on deeply nested GeometryCollection
Sergei Golubchik
MDEV-37951 SHOW TABLES allows users with only GRANT OPTION privilege to read all table names in the database "mysql"

GRANT_ACL bleeds into thd->col_access via check_access()'s
"*save_priv |= db_access" path (db_access inherits master_access).
Two guards that relied on the absence of any privilege bit then
failed to treat GRANT_ACL as exceptional:

1. check_show_access() (sql_parse.cc): the fallback
  "!col_access && check_grant_db()" was bypassed when col_access
  held only GRANT_ACL, letting a global-GRANT-OPTION user pass the
  outer gate for SHOW TABLES / SHOW TABLE STATUS / SHOW TRIGGERS.
  Fix: use !(col_access & ~GRANT_ACL) so any real privilege still
  bypasses check_grant_db while GRANT_ACL alone does not.

2. get_all_tables() (sql_show.cc): the per-table shortcut
  "!(col_access & TABLE_ACLS)" was taken for col_access == GRANT_ACL
  because GRANT_ACL is part of TABLE_ACLS, skipping per-table checks
  and exposing all table names.
  Fix: use TABLE_ACLS & ~GRANT_ACL so that only genuine table-access
  bits suppress the per-table privilege check.

Assisted-By: Claude:claude-4.6-sonnet
Alessandro Vetere
MDEV-40427 lock_move_reorganize_page() early exit check is useful only with lock elision

After MDEV-40128, the early exit check in lock_move_reorganize_page()
is useful only with lock elision support.
This is because, when lock elision is not supported, TMLockGuard falls
back to behave like LockGuard.
The same check would be done using LockGuard later, in any case.
Hence, the early exit check can be skipped when lock elision is not
supported.
Alexander Barkov
MDEV-40396 open SYS_REFCURSOR crash, if too many cursors

When THD::m_statement_cursor was resized by a call of alloc_dynamic,
the memory location of all sp_cursor::result changed.
Therefore all members "select_result *Server_side_cursor::select"
previously initialized in the constructor to addresses of
sp_cursor::result became invalid.

Fix:
- Removing the member "select_result *result;" from Server_side_cursor.
- Passing instead a new "select_result *" parameter to
  methods open() and fetch() of Server_side_cursor and its descendant
  Materialized cursor.

So now, for example, when sp_cursor::fetch() is called, it executes:

    server_side_cursor->fetch(&result/*new parameter*/, 1);

The address value `&result` is now always correct.
Sergei Golubchik
MDEV-40395 MyISAM/Aria silently truncate extensions from filenames, if too long

* move all common fn_format flags that mi_create/maria_create use
  into one single #define.
* simplify (MY_APPEND_EXT is redundant and MY_REPLACE_EXT does nothing
  when no . is present in the filename)
* use MY_SAFE_PATH everywhere (return NULL if too long)
* set my_errno= ENAMETOOLONG on too long
* abort mi_create/maria_create if returned NULL
Sergei Golubchik
MDEV-40413 ALTER TABLE ... CONVERT ... PARTITION doesn't encode partition names
Georg Richter
CONC-821: Preserve bound lengths for all types when fetching NULL values

Previously, during a statement fetch, encountering a NULL value would
reset the bound length of the column to 0. This behavior is incorrect
for two reasons:
1. Numerical and temporal types have fixed buffer sizes that should
  remain constant.
2. For variable-length types (like strings and BLOBs), a length of 0
  specifically denotes an empty string/buffer, not a NULL value.
  • cc-x-codbc-windows: 'dojob pwd if '3.4' == '3.4' ls win32/test SET TEST_DSN=master SET TEST_DRIVER=master SET TEST_PORT=3306 SET TEST_SCHEMA=odbcmaster if '3.4' == '3.4' cd win32/test if '3.4' == '3.4' ctest --output-on-failure' failed -  stdio
Georg Richter
Fixed  2 bugs introduced by infer fixes:

- Fixed resut set length calculation
- Initialize mysql->options in mysql_close_options to avoid potential
  double free.
Georg Richter
Fix test conc_821:

Don't check NULL indicator for timestamp column, since the
result (NULL or NOW()) depends on server setting.
  • cc-x-codbc-windows: 'dojob pwd if '3.4' == '3.4' ls win32/test SET TEST_DSN=master SET TEST_DRIVER=master SET TEST_PORT=3306 SET TEST_SCHEMA=odbcmaster if '3.4' == '3.4' cd win32/test if '3.4' == '3.4' ctest --output-on-failure' failed -  stdio
Sergei Golubchik
MDEV-40426 CONNECT writes unvalidated data from remote server into fixed-len buffer

use size-bounded scanf formats