Home - Waterfall Grid T-Grid Console Builders Recent Builds Buildslaves Changesources - JSON API - About

Console View


Categories: connectors experimental galera main
Legend:   Passed Failed Warnings Failed Again Running Exception Offline No data

connectors experimental galera main
Syed Mohammed Nayyar
MDEV-40201: bound the trailing hex read in my_mb_wc_filename

Problem:
my_mb_wc_filename() decodes the my_charset_filename '@HHHH' escape, which
is 5 bytes, but the length guard only required 4 (s[0..3]) before the hex
branch read the 4th hex digit at s[4]. A truncated escape whose end
pointer sits at s+4 (reachable through well_formed_length()/charpos() on a
my_charset_filename string with a tight, non-terminated bound) read one
byte past e.

Fix/Solution:
A 4-byte escape is not valid, so require all 5 bytes up front: s + 5 > e
now returns MY_CS_TOOSMALL5. The read of s[4] keeps the s[3] guard,
because 'e' may be fake (see the strconvert() note above the function):
a NUL-terminated input such as "@00\0" with an over-long end must still
stop at the terminator instead of reading s[4]. Added a strings-t case
covering both the tight-end (MY_CS_TOOSMALL5) and the NUL-terminated
(MY_CS_ILSEQ) truncations.
Mohammad Tafzeel Shams
MDEV-39795: Assertion `n_reserved > 0' failed

Problem:
========

1. Assertion `n_reserved > 0` failed in fseg_create():

fsp_reserve_free_extents() has a special condition for small
tablespaces where it reserves individual pages instead of full
extents. In such cases, n_reserved can be 0 even when the
reservation succeeds, causing the assertion ut_ad(n_reserved > 0)
to fail incorrectly.

The code was checking n_reserved to determine whether a reservation
had already been attempted, but this logic breaks for small
tablespaces where pages, rather than extents, are reserved.

2. Encryption metadata not cleared for compressed-only pages:

buf_page_encrypt() only cleared encryption-related metadata
fields (key-version and crypt-checksum) when the page was
neither encrypted nor compressed. However, these fields should
also be cleared when page_compressed is true but encrypted is
false, to avoid leaving stale encryption metadata in
compressed-only pages.

Solution:
=========

buf_page_encrypt(): Refactored the early-return logic. Encryption
metadata fields are now cleared whenever encrypted is false,
regardless of page_compressed. The function returns early only
when both !encrypted and !page_compressed.

fseg_create(): Introduced a boolean variable `reserved` to track
whether fsp_reserve_free_extents() has been attempted, replacing
the flawed check of `n_reserved > 0`. Added an early return when
DB_DECRYPTION_FAILED is encountered during inode allocation.

my_error_innodb(): Added handling for DB_DECRYPTION_FAILED to
report decryption errors to the user through ER_GET_ERRMSG.
Vladislav Vaintroub
MDEV-39047 Impossible to create DB grant for long escaped DB name

The database name in GRANT is stored in mysql.db.Db, which holds 64
characters. Escaping '_' or '%' with a backslash to match them literally
can make the stored name longer than 64 characters, and it was silently
truncated into a non-functional grant. Reject it with ER_WRONG_DB_NAME
instead, the same error CREATE DATABASE gives for an over-long name.
PranavKTiwari
MDEV-36896 : Assertion 'marked_for_read()' failed in virtual String *Field_varstring::val_str(String *, String *)

Problem:
Executing queries that require virtual/generated column evaluation during filesort trigger debug assertions due to missing columns in read_set.
Cause:
find_all_keys() temporarily assigns TABLE::tmp_set as both read_set and write_set. Later, TABLE::update_virtual_field() calls bitmap_clear_all(&tmp_set) before evaluating virtual column dependencies. Since all three pointers share the same underlying bitmap buffer, clearing tmp_set also clears the active read_set/write_set, causing required columns to appear missing during execution and triggering the assertion.
Fix:
Before clearing tmp_set in TABLE::update_virtual_field(), save its current state into a stack-allocated bitmap clone using my_safe_alloca + bitmap_copy. After virtual column evaluation is complete, restore tmp_set to its original state before returning. This preserves whatever bits were live in the shared buffer (i.e. the active read_set/write_set) across the call, while still allowing the dependency walk to use tmp_set as scratch space as before. my_safe_alloca is used instead of heap allocation to keep this save/restore overhead minimal on what is a per-row hot path.
Georg Richter
Merge branch '3.3' into 3.4
  • cc-x-codbc-windows: 'dojob pwd if '3.4' == '3.4' ls win32/test SET TEST_DSN=master SET TEST_DRIVER=master SET TEST_PORT=3306 SET TEST_SCHEMA=odbcmaster if '3.4' == '3.4' cd win32/test if '3.4' == '3.4' ctest --output-on-failure' failed -  stdio
Vladislav Vaintroub
MDEV-37781 ASAN build crashes on deep query with low thread stack

check_stack_overrun() was compiled out under ASAN, so a deeply nested
expression recursed in Item_func::fix_fields() until the stack was
exhausted and the server crashed instead of reporting
ER_STACK_OVERRUN_NEED_MORE.

Since MDEV-34533 (Monty) the stack usage seems to be accounted correctly
under ASAN via my_get_stack_pointer(), so the check seems to works there
too.

Fix:
Remove the #ifndef __SANITIZE_ADDRESS__  guard from check_stack_overrun()

Add a test for ER_STACK_OVERRUN_NEED_MORE
ParadoxV5
MDEV-40270 @@default_master_connection does not convert character sets

`Item::val_str()` doesnÂ’t specify the collation of the returned string,
yet `Sys_var_session_lexstring::do_check()`
(for `@@default_master_connection`) and `Sys_var_debug_sync::do_check()`
(for `@@debug_sync`) assume the `@@character_set_system` collation.

This commit replaces `Sys_var_debug_sync::do_check()`
with a delegate to `Sys_var_charptr::do_string_check()` to match
`Sys_var_dbug::do_check()`, as neither of those have this bug.
It ports the character set conversion to
`Sys_var_session_lexstring::do_check()` rather than delegating,
so the length check is not after a memory allocation;
this class has been refactored away in 11.3 (Commit 6151bde48c) anyway.
Vladislav Vaintroub
MDEV-37781 ASAN build crashes on deep query with low thread stack

check_stack_overrun() was compiled out under ASAN, so a deeply nested
expression recursed in Item_func::fix_fields() until the stack was
exhausted and the server crashed instead of reporting
ER_STACK_OVERRUN_NEED_MORE.

Since MDEV-34533 (Monty) the stack usage seems to be accounted correctly
under ASAN via my_get_stack_pointer(), so the check seems to works there
too.

Fix:
Remove the #ifndef __SANITIZE_ADDRESS__  guard from check_stack_overrun()

Add a test for ER_STACK_OVERRUN_NEED_MORE
Hemant Dangi
MDEV-38843: bump wsrep-lib on 10.11 to the commit-order fix

Issue: the 10.6->10.11 merges dropped the wsrep-lib pin bump, so the
commit-order fix (5eeef4009d5) never reached 10.11.

Solution: advance wsrep-lib to 5eeef4009d5 and restore the
Wsrep_client_service::notify_state_change() override it requires.
Yuchen Pei
MDEV-40088 [to-squash] Disallow subqueries in INTERVAL clause in range interval auto partitioning

This is consistent with system time (versioning) partitioning. Also
consistent is that both allow expressions otherwise.
Vladislav Vaintroub
MDEV-39343 Restoring from a mysqldump from older version makes mysql_upgrade version test fail

Do not skip the whole upgrade when mysql_upgrade_info is up to date.
System tables can still be from an older version, e.g when a dump from
an older server was restored. Only checks of user tables are skipped.
bsrikanth-mariadb
MDEV-39916: Crash with having filter when being pushed down

When Item_func_not::fix_fields() is invoked, there are several instances where
ref argument being passed is NULL. One such instance is from the method
st_select_lex::pushdown_from_having_into_where().

Since a null ref is being accessed, a crash occurs.

This PR fixes the problem by adding a null check inside
Item_func_not::fix_fields()
Vladislav Vaintroub
MDEV-39047 Impossible to create DB grant for long escaped DB name

The database name in GRANT is stored in mysql.db.Db, which holds 64
characters. Escaping '_' or '%' with a backslash to match them literally
can make the stored name longer than 64 characters, and it was silently
truncated into a non-functional grant. Reject it with ER_WRONG_DB_NAME
instead, the same error CREATE DATABASE gives for an over-long name.
ParadoxV5
MDEV-40270 @@default_master_connection does not convert character sets

`Item::val_str()` doesn’t specify the collation of the returned string,
yet `Sys_var_session_lexstring::do_check()`
(for `@@default_master_connection`) and `Sys_var_debug_sync::do_check()`
(for `@@debug_sync`) assume the `@@character_set_system` collation.

This commit replaces `Sys_var_debug_sync::do_check()`
with a delegate to `Sys_var_charptr::do_string_check()` to match
`Sys_var_dbug::do_check()`, as neither of those has this bug.
It ports the character set conversion to
`Sys_var_session_lexstring::do_check()` rather than delegating,
so the length check is not after a memory allocation;
this class has been refactored away in 11.3 (Commit 6151bde48c) anyway.
Monty
Removed some not needed checks

- In ha_partition.cc:check_parallel_search(), remove check if
  item_field->field is null. This is not needed as the function is run
  after fix_field() which guarnatees that the field is always set.
- Added DBUG_ASSERT() to Item_field::fix_fields() to ensure that
  item_field->field is not null (should be impossible).
Thirunarayanan Balathandayuthapani
MDEV-27569  Valgrind/MSAN errors in ha_partition::swap_blobs() for BLOB not in secondary index

Problem:
=======
On a partitioned table containing a BLOB/TEXT column, an ordered
index scan calls ha_partition::swap_blobs() for every buffered
row, because it is being called only when table has blob fields.

When the buffered row comes from a secondary index that does not
cover the blob (e.g. KEY(f2) on (f2,f1)), InnoDB's
row_sel_store_mysql_rec() populates only the templated columns.
The blob column's null bit and its value-pointer bytes in
table->record[0] are left uninitialized. The partition handler
memcpy() this record into rec_buf, then swap_blobs() evaluates
blob->is_null(), reading the uninitialized null bit leads to
"use-of-uninitialized-value".

Solution:
=========
row_sel_store_mysql_rec(): When the record is being stored
from a secondary index, seed the NULL bitmap of mysql_rec
from prebuilt->default_rec before populating the templated columns.
Columns present in the index template have their NULL bit rewritten
explicitly while the row is stored, so only the columns absent from
the template (the uncovered blob) rely on this seed.
default_rec marks such nullable columns as NULL and preserves the
reserved NULL bit, so the uncovered blob is now defined as NULL.

Because of this, ha_partition::swap_blobs() skips it via its
"!bitmap_is_set(read_set) || blob->is_null()" guard and
never calls Field_blob::cached()/get_ptr(). This avoids not
only the uninitialized null-bit read and the follow-on
uninitialized blob value-pointer read.
Yuchen Pei
MDEV-15621 [to-squash] Follow some gemini review comments
Yuchen Pei
MDEV-31182 Check for blob too in create_key_parts_for_pseudo_indexes

BLOB and VARCHAR has keys prefixed with length of the payload. This
length data itself has length HA_KEY_BLOB_LENGTH which is 2, as
demonstrated for example in Field_blob::set_key_image and
Field_varstring::set_key_image.

In this patch, when preparing key info for a range analysis, we
account for this extra HA_KEY_BLOB_LENGTH in the total key length for
BLOB. Previously it was only done for VARCHAR. This way, when doing
the actual range analysis, LIKE (Item_func_like::get_mm_leaf) can
correctly identify that it is dealing with a BLOB, thereby allowing
the space of 2 for the length data. This avoids later
Field_blob::set_key_image reading the payload as length data and
causing reading the wrong memory segment for the payload.
Vladislav Vaintroub
MDEV-37499 Crash in check_grant() on SHOW STATUS with a subquery using a CTE

Table references parsed after a WITH clause have their database name
filled in only when CTE references are resolved at the end of parsing,
but SHOW commands never invoked this resolution, leaving the name NULL.
Resolve CTE references at the end of the SHOW rule, as other statements do.
Rex Johnston
MDEV-39323 Fix Item_func_between::get_mm_tree()

Produced by Claude Code.
Alexander Barkov
MDEV-39518 Allow prepared statements in stored functions in assignment right hand

Allowing prepared statements in stored functions when
a stored function is used in an assignment right hand.

Both DEFALT clause of a variable initialization and
the right side of the SET statement are supported:

  CREATE PROCEDURE p1()
  BEGIN
    -- case 1: DEFAULT clause
    DECLARE spvar1 INT DEFAULT f1_with_ps(); -- OK

    -- case 2: SP variable assignment statement
    DECLARE spvar2 INT;
    SET spvar= f1_with_ps(); -- OK
  END;

- The parser now does not reject PS statements in stored functions.
  PS applicability in stored functions is now detected as run time.
  Note, PS statements in triggers are still prohibited by the parser.

- Functions with PS do not acquire MDL locks on tables.
  They work like procedures in terms of table opening.

- Functions with PS are not replicated as a single `SELECT f1()` call.
  They are replicated per-statement, like procedures.
Yuchen Pei
MDEV-31182 Check for blob too in create_key_parts_for_pseudo_indexes

BLOB and VARCHAR has keys prefixed with length of the payload. This
length data itself has length HA_KEY_BLOB_LENGTH which is 2, as
demonstrated for example in Field_blob::set_key_image and
Field_varstring::set_key_image.

In this patch, when preparing key info for a range analysis, we
account for this extra HA_KEY_BLOB_LENGTH in the total key length for
BLOB. Previously it was only done for VARCHAR. This way, when doing
the actual range analysis, LIKE (Item_func_like::get_mm_leaf) can
correctly identify that it is dealing with a BLOB, thereby allowing
the space of 2 for the length data. This avoids later
Field_blob::set_key_image reading the payload as length data and
causing reading the wrong memory segment for the payload.
Yuchen Pei
MDEV-15621 [to-squash] Follow some gemini review comments
Daniel Black
MDEV-40275: plugins.auth_ed25519 test falky - dropped users with connection warning

The slow cleanup of disconnected connections means that they
may still be visible as the DROP USER is executed. Ignore these
warnings.
Yuchen Pei
MDEV-15621 Auto add RANGE COLUMNS partitions by interval

Allow auto partitioning by interval in PARTITION BY RANGE COLUMNS

PARTITION BY RANGE COLUMNS (col_name)
INTERVAL interval [AUTO]
(
  PARTITION partition_name VALUES LESS THAN (value)
  [, PARTITION partition_name VALUES LESS THAN (value) ... ]
)

where

- col_name is the name of one column of type DATE or DATETIME or
  TIMESTAMP

- at least one partition is supplied, and the highest partition cannot
  have MAXVALUE range

- INTERVAL interval is a positive time interval. it can be mariadb
  format or oracle NUMTODSINTERVAL/NUMTOYMINTERVAL format. Like
  versioning, the smallest unit is second, i.e. no subsecond like
  microsecond.

- DATE column cannot have interval with values less than a day

- Subpartitions are allowed, but restricted to existing subpartition
  types, i.e. [LINEAR] (KEY|HASH)

When performing one of the following DML statements on such a table,
it will first add partitions by the specified interval until the
partition covers the current time:

- INSERT
- INSERT ... SELECT
- LOAD
- UPDATE
- REPLACE
- REPLACE ... SELECT

Partition addition will not cause an implicit commit like DDL normally
does.

The partitions are named pN.

Otherwise the table behaves exactly the same as a normal RANGE COLUMNS
partitioned table.

Note that TIMESTAMP is not allowed as a type for PARTITION BY RANGE
COLUMNS otherwise.
Yuchen Pei
MDEV-15621 [refactor] Partitioning cleanup

change p_column_list_val::fixed to a bool
remove redundant end label in partition_info::fix_column_value_functions
Vladislav Vaintroub
MDEV-37996 CMake: MariaDB:: targets for bundled-or-system libraries

Stop overwriting the standard find_package() result variables (ZLIB_FOUND,
ZLIB_LIBRARIES, ZLIB_INCLUDE_DIR(S), ...), this breaks vcpkg.

Provide namespaced INTERFACE targets that point at either the bundled or
the system library and carry their include directories (and, for SSL, the
compile definitions):

  MariaDB::zlib, MariaDB::OpenSSL, MariaDB::pcre2-8, MariaDB::pcre2-posix,
  MariaDB::fmt, MariaDB::readline

Link these consistently instead of the scattered ${*_LIBRARIES} and
${*_INCLUDE_DIR(S)} variables sprinkled across the tree.
Teemu Ollakka
MDEV-40179 Simplify wsrep XA recovery: drop the seqno-continuity check

wsrep_order_and_check_continuity() sorted recovered prepared XIDs by
wsrep seqno and used the contiguous run from the SE checkpoint to
decide which prepared transactions could be committed locally when no
binlog was available for recovery. This was mostly dead weight:

- With a real local binlog, recovery is already fully binlog-
  coordinated (XID_EVENT presence decides commit/rollback); the
  continuity result was computed but never consulted.
- Without one (log_bin=OFF, or a fresh SST joiner with no local
  binlog), any transaction still prepared at recovery time was never
  committed on this node, so rolling it back is always safe - the
  cluster redelivers it via IST/SST, regardless of whether the
  prepared set was contiguous.

Drop wsrep_order_and_check_continuity() and the wsrep_limit-gated
commit path. The final dry-run recovery pass now unconditionally rolls
back any wsrep-tagged prepared transaction when a provider is loaded
(previously only done for the SST-joiner case); the TC_LOG_MMAP path
(log_bin=OFF) takes the same unconditional-rollback fallback instead
of committing a "safe" contiguous prefix. Also remove the now-unused
wsrep_sort_xid_array() and wsrep_is_xid_gtid_undefined() helpers and
the discontinuity-message test suppression.
Pekka Lampio
MDEV-40279 galera.tmp_space_usage test failure

The MTR test galera.tmp_space_usage printed the exact Tmp_space_used /
Max_tmp_space_used byte counts. These come from the binlog cache
temporary file, whose size depends on binary log event encoding and
thus varies across platforms and builds, making the test fail
(e.g. 101706 vs the recorded 102054).

Rewrite the test to check only the invariants the fix is about, as is
already done in main.tmp_space_usage: after the inserts Tmp_space_used
is non-zero and equals Max_tmp_space_used, and after change_user
Tmp_space_used is reset to 0 while Max_tmp_space_used is preserved.

Co-Authored-By: Claude Opus 4.8
Vladislav Vaintroub
MDEV-37996 update libmariadb to use server's MariaDB::zlib

Remove hack in cmake/mariadb_connector_c.cmake that sets variables
to make connectors FIND_PACKAGE(ZLIB) use server's zlib.
it is not necessary anymore, and is expressed more directly.
Georg Richter
CONC-834: Fix poll timeout reset loop on EINTR signals

Ensure that pvio_socket_wait_io_or_timeout() tracks elapsed
time using CLOCK_MONOTONIC when poll() is interrupted by EINTR.
This prevents the timeout deadline from constantly resetting
forward when periodic application signals (like profilers)
are active.

Kudos to Shaohua Wang for finding this issue and providing
a fix!
  • cc-x-codbc-windows: 'dojob pwd if '3.4' == '3.4' ls win32/test SET TEST_DSN=master SET TEST_DRIVER=master SET TEST_PORT=3306 SET TEST_SCHEMA=odbcmaster if '3.4' == '3.4' cd win32/test if '3.4' == '3.4' ctest --output-on-failure' failed -  stdio
PranavKTiwari
MDEV-40167: GTT created with the InnoDB incorrectly accept FULLTEXT/VECTOR indexes
Problem:
GLOBAL TEMPORARY tables were not subject to the same option/index restrictions as session TEMPORARY tables. Several InnoDB and server-layer checks tested only tmp_table(), so GLOBAL TEMPORARY tables could bypass validation for VECTOR/FULLTEXT indexes, DATA DIRECTORY, KEY_BLOCK_SIZE, and ROW_FORMAT=COMPRESSED.

Cause:
global_tmp_table() was added as a separate predicate from tmp_table(), but not all temp-table checks were updated to test both, so GLOBAL TEMPORARY tables fell through to "permanent table" logic in several places.

Fix:
Added global_tmp_table() alongside tmp_table() at each affected check:

Reject VECTOR and FULLTEXT indexes on GLOBAL TEMPORARY tables.
Reject/warn on DATA DIRECTORY, KEY_BLOCK_SIZE, and ROW_FORMAT=COMPRESSED for GLOBAL TEMPORARY tables, with accurate wording in the DATA DIRECTORY warning.
Fixed zip_allowed and related ut_ad assertions to exclude GLOBAL TEMPORARY tables.
Fixed m_use_file_per_table in set_tablespace_type() to exclude GLOBAL TEMPORARY tables (also fixes m_use_data_dir).
GLOBAL TEMPORARY tables now validate the same as session TEMPORARY tables across these options.
Dave Gosselin
MDEV-39323 Fix Item_func_between::get_mm_tree()

simplification of prior commit with additional test cases
Yuchen Pei
MDEV-40048 [to-squash] Allow trigger and LOCK TABLES to work with range interval auto partitioning

When a range interval auto partitioned table is the target of a
trigger, the triggering statement is not necessarily one that would
cause the auto-creation of new partitions, so we need to account for
that.

Also added support for LOCK TABLES ... WRITE.

Improved tests coverage by adapting tests from versioning.partition.
Vladislav Vaintroub
MDEV-39343 Restoring from a mysqldump from older version makes mysql_upgrade version test fail

Do not skip the whole upgrade when mysql_upgrade_info is up to date.
System tables can still be from an older version, e.g when a dump from
an older server was restored. Only checks of user tables are skipped.
forkfun
MDEV-23444 ASAN dynamic-stack-buffer-overflow or Assertion `precision > 0'
failed in decimal_bin_size with div_precision_increment=0

A signed numeric value of display length 1 (WEEKDAY(), DAYOFWEEK(), @v:=<int>)
had decimal_precision() == 0: my_decimal_length_to_precision() subtracted a
digit for the sign with no lower bound. Turning such a value into a DECIMAL
(division, AVG(), a UNION column) produced precision 0, which tripped the
`precision > 0' assertion in decimal_bin_size() on store, GROUP BY or filesort.

Clamp my_decimal_length_to_precision() to a minimum of 1 so precision is never 0.

Side effect: in a query CREATE TABLE t1 SELECT * FROM (SELECT 1 as a,(SELECT a)) a;
`(SELECT a)` column now reports width 2 (digit + sign).
It's an invalid query that's supported for historical reasons, and all valid queries
did not change their results
Vladislav Vaintroub
MDEV-37781 ASAN build crashes on deep query with low thread stack

check_stack_overrun() was compiled out under ASAN, so a deeply nested
expression recursed in Item_func::fix_fields() until the stack was
exhausted and the server crashed instead of reporting
ER_STACK_OVERRUN_NEED_MORE.

Since MDEV-34533 (Monty) the stack usage seems to be accounted correctly
under ASAN via my_get_stack_pointer(), so the check seems to works there
too.

Fix:
Remove the #ifndef __SANITIZE_ADDRESS__  guard from check_stack_overrun()

Add a test for ER_STACK_OVERRUN_NEED_MORE
PranavKTiwari
Added a new bit map
Yuchen Pei
MDEV-31182 Check for blob too in create_key_parts_for_pseudo_indexes

So that in Item_func_like::get_mm_leaf

the condition

key_part->store_length != key_part->length + maybe_null

is correct