Home - Waterfall Grid T-Grid Console Builders Recent Builds Buildslaves Changesources - JSON API - About

Console View


Categories: connectors experimental galera main
Legend:   Passed Failed Warnings Failed Again Running Exception Offline No data

connectors experimental galera main
Sergei Golubchik
MDEV-30555 The server does not detect changes in NULL-ability of system table columns

Table_check_intact::check() validated column names, types, and charsets but
not NULL-ability. Altering a system table column (e.g. mysql.proc.definer)
to drop NOT NULL would pass the check undetected, silently corrupting data
stored through that column.

Add a CAN_BE_NULL flag bit in the high bit of TABLE_FIELD_TYPE::type.length.
Set it on nullable column entries; the check now validates nullability in both
directions. NOT NULL columns need no annotation (the common case). The flag
is encoded as `{ STRING_WITH_LEN("type") + CAN_BE_NULL }` which keeps the
intent readable at the definition site.

Apply CAN_BE_NULL annotations to all TABLE_FIELD_TYPE arrays:
mysql.proc, mysql.event, mysql.table_stats, mysql.column_stats,
mysql.index_stats.

Assisted-By: Claude:claude-4.6-sonnet
Sergei Golubchik
MDEV-39654 schema-qualified unquoted table name starting with digit fails to parse

add tests
Sergei Golubchik
MDEV-39841 handlersocket plugin default secret is empty

if handlersocket_plain_secret is not specified, generate a random one.
one can still set an empty secret in my.cnf if needed.
Sergei Golubchik
MDEV-23486 RBR can bypass secure_timestamp=YES

fix TIMESTAMP DEFAULT NOW() and ON UPDATE NOW()

Caveat: rbr cannot work without an index - if the slave overwrites
timestamp columns, before-image won't match in full, this is expected.
Georg Richter
Add diagnostic output
Sergei Golubchik
MDEV-39363 Logical Bug in `NOT ( ... XOR ... )` Evaluation with Implicit Type Conversion

for 0.1f val_int() is 0, val_bool() is 1.
Alessandro Vetere
MDEV-40129 Retry transient trylock failures in lock-release fast paths

The trylock attempts on per-cell lock_sys_t::hash_latch (try_acquire())
and on per-table dict_table_t::lock_mutex_trylock() inside
lock_release_try(), lock_release_on_prepare_try() and
lock_rec_unlock_unmodified() now use a bounded spin loop
(up to LOCK_RELEASE_TRY_SPIN_BUDGET CAS attempts, with MY_RELAX_CPU()
between them) instead of a single CAS attempt.

These paths hold trx->mutex while attempting the trylock, which is the
reverse of the standard order used by lock_rec_convert_impl_to_expl().
Blocking acquisition is therefore unsafe, hence the trylock pattern.
However, a single failed CAS marks the entire pass of lock_release_try()
as unsuccessful, and after 5 such failed passes lock_release() falls
back to exclusive lock_sys.wr_lock() for the whole transaction. That
global wr_lock then blocks every concurrent lock_sys.rd_lock() acquirer
in lock_rec_lock() and lock_table(), producing a server-wide convoy
under heavy concurrency.

The bounded spin (no syscall, no blocking) gives a transient latch
holder time to release without weakening the deadlock-avoidance
guarantee that motivated the trylock pattern. The extra trx->mutex hold
time is bounded by LOCK_RELEASE_TRY_SPIN_BUDGET times the pause cost.

This is a first, still to be fine-tuned implementation. Only the
lock_release_try() path has been positively tested; the
lock_release_on_prepare_try() path is not yet covered.
Aleksey Midenkov
MDEV-17613 bitmap_range() refactoring
Alexey (Holyfoot) Botchkov
MDEV-40361 Server crashes after select xmlisvalid (validate_prepare/base).

Type definitions have to be checked on circular references.
Dave Gosselin
MDEV-39323: Wrong result with NOT BETWEEN and mismatched types

For 1 NOT BETWEEN float_key AND int_key, the range optimizer was
building a SEL_TREE for only float_key > 1 and dropping the
int_key < 1 disjunct.  can_optimize_range_const rejected int_key
because of a type mismatch.

The case from the ticket returned no rows (instead of the expected six
rows) because the index range scan on float_key fetched only matches for
float_key > 1 but then they were discarded by the t1.c1 = t1.int_key
predicate.

Plan before the fix (range scan on float_key, key_len 5):
  +----+-------+-------+-------------+---------+------+
  | id | table | type  | key        | key_len | rows |
  +----+-------+-------+-------------+---------+------+
  |  1 | t1    | range | float_key  |      5 |    1 |
  |  1 | t2    | index | float_key  |      6 |    3 |
  +----+-------+-------+-------------+---------+------+

Plan after the fix (Item_func_between::get_mm_tree returns no
usable range tree, so the optimizer falls back to using the
covering index scan on i0):
  +----+-------+-------+-------------+---------+------+
  | id | table | type  | key        | key_len | rows |
  +----+-------+-------+-------------+---------+------+
  |  1 | t2    | index | float_key  |      6 |    6 |
  |  1 | t1    | index | i0          |      14 |    8 |
  +----+-------+-------+-------------+---------+------+

In Item_func_between::get_mm_tree, when can_optimize_range_const fails
for a range bound argument and the predicate is negated, we now
abandon the whole tree instead of continuing the loop.  The new code
mirrors the existing guard in the same function for non FIELD_ITEM
arguments.

The bug was introduced by MDEV-36235 which added
can_optimize_range_const without considering the negated path.
While we could fine tune the rejection behavior in
can_optimize_range_const, I think that should be a separate patch as
it requires careful consideration for each pair of types that could
be supplied to [NOT] BETWEEN and that's outside the scope of this
ticket (which is intended to fix the wrong result issue).

This behavior matches MySQL 9.

The Type_handler::is_numeric() gives one definition of the numeric
comparison family (INT, REAL, DECIMAL).  Switch the checks in
json_table, set_var, and window frame setup to is_numeric().  Each
already reached its type handler through result_type(), which agrees
with is_numeric() for every type, so the behavior does not change.
Georg Richter
Build fix: Fix signed/unsigned warning
Sergei Golubchik
Revert "MDEV-17677: Keywords followed by .number parsed as identifiers"

This reverts commit 895b28d6721eadfad0d47723fcc949eae75cf8cf.
Alexander Barkov
MDEV-39022 Add `LOCAL spvar` syntax for prepared statements and SYS_REFCURSORs

This patch adds the following syntax:

OPEN c0 FOR LOCAL spvar_with_ps_name;
PREPARE LOCAL spvar_with_ps_name FROM 'dynamic sql';
EXECUTE LOCAL spvar_with_ps_name;
DEALLOCATE PREPARE LOCAL spvar_with_ps_name;

OPEN c0 FOR PREPARE stmt;
Georg Richter
Windows fixes
test fixes
Aleksey Midenkov
MDEV-17613 Refactor partition pruning to build into a dedicated bitmap

prune_partitions() built the used-partition set directly in
read_partitions: it cleared it, let find_used_partitions*() fill it, and
in the index-merge case used it as scratch too - both buffer and result.

The patch adds PART_PRUNE_PARAM::parts_bitmap and builds the return
into it instead. read_partitions is produced from it only at the end:
copied when the condition was analyzed (IMPOSSIBLE included,
parts_bitmap left empty), or set to all locked partitions via
mark_all_partitions_as_used() when nothing could be pruned.

Pure refactoring: read_partitions ends up identical on every path. It
decouples the pruning scratch from read_partitions, so a later commit can
switch the final bitmap_copy() to bitmap_intersect() - letting pruning
narrow a pre-set read_partitions (e.g. a versioned table selecting only
its current partition) instead of overwriting it.
Aleksey Midenkov
MDEV-17613 prune_partitions() narrows read_partitions instead of rewrite

read_partitions is reset from lock_partitions once per statement in
open_table() (set_partition_bitmaps()), and prune_partitions() only
intersects it with the pruned set instead of rebuilding it.
mark_all_partitions_as_used() is dropped.

Pure refactoring, results unchanged. It lets a restriction set on
read_partitions before pruning survive it - needed when read_partitions
is pre-restricted, e.g. a versioned table whose history is partitioned
reads only the current partition.
Sergei Golubchik
MDEV-28743 Roles without grants are handled wrong

In propagate_role_grants_action() (called by grant_reload() on startup
and FLUSH PRIVILEGES), role privilege merging uses a counter-based
bottom-up ordering: each role's counter tracks how many of its granted
sub-roles still need to be processed, and merge_role_privileges() merges
a role only once its counter reaches zero.

The bug: when an intermediate role such as org_role_1 (which inherits
only from a USAGE-only app_role_1) was merged with no privilege changes,
merge_role_privileges() returned 1 as an optimisation to stop upward
traversal.  This prevented the traversal from ever reaching user_role_1
to decrement its counter.  A second leaf traversal (from app_role_2)
could decrement user_role_1's counter only once, leaving it at 1
instead of 0, so user_role_1 was never merged and had no effective
privileges.

The "stop if nothing changed" optimisation is valid for incremental
propagate_role_grants() calls (after a single GRANT/REVOKE), where
every ancestor was already correctly merged.  It is not valid for the
full-reload case, where the counters must be decremented by every leaf
traversal to guarantee correct bottom-up ordering.

Fix: add an initial_load flag to PRIVS_TO_MERGE.  When set (only in
propagate_role_grants_action), the early-stop optimisation is disabled
so traversals always visit all ancestors.

Assisted-By: Claude:claude-4.6-sonnet
Sergei Golubchik
MDEV-39318 some MTR tests fail with --ssl

* many test expected error 2013 (CR_SERVER_LOST)
  they should also expect 2026 (CR_SSL_CONNECTION_ERROR)
* some test --connect and expect a specific pre-auth error,
  they should use NOSSL option
* some tests start with invalid certificate - they work because
  mariadb-test doesn't connect with ssl by default. With --ssl
  it does and simply cannot connect. These tests use include/not_ssl.inc
* ssl_cipher restarts the server internally with invalid cipher.
  it should reconnect the default connection without SSL, otherwise
  mariadb-test will fail to connect after server is restarted
* tests that print ssl status without forcing it first - shouldn't,
  they don't know whether ssl is enabled or not.
* some perfschema tests are socket-specific and use include/not_ssl.inc
* perfschema status tables had too small column for ssl_ciphers value.
  Fixed as in f34afeaf6b83 (MDEV-39318)
Sergei Golubchik
MDEV-24598 Duplicate CHECK constraint names are allowed

Column-level CHECK constraints derive their effective name from the column's
field name when read from frm (name_length=0 fallback in
init_from_binary_frm_image). An explicit table-level constraint with the same
name as a column that carries a column-level check creates a duplicate in
information_schema.check_constraints.

Two cases:
1. CREATE TABLE t (a INT CHECK (a>2), CONSTRAINT a CHECK (a<5)) -- both
  end up named "a".
2. JSON columns auto-receive a JSON_VALID column check named after the field.
  CREATE TABLE t (json_c1 JSON, CONSTRAINT json_c1 CHECK (...)) produces
  a duplicate "json_c1".

Fix in mysql_prepare_create_table_finalize: when validating explicit
table-level constraint names, also check them against field names of columns
that carry column-level check constraints (ER_DUP_CONSTRAINT_NAME).

Fix in make_unique_constraint_name / fix_constraints_names: pass the column
list so that auto-generated names (CONSTRAINT_1, CONSTRAINT_2, ...) skip
names already taken by column-level checks.

Update check_constraint.test: the MDEV-16630 test relied on the now-rejected
duplicate (column check "b" + table constraint "b"). Rename the table-level
constraint to "b_and_a" to preserve the intent: verifying that field
constraints and table constraints produce distinct error-message formats.

Assisted-By: Claude:claude-4.6-sonnet
Alexey (Holyfoot) Botchkov
MDEV-40361 Server crashes after select xmlisvalid (validate_prepare/base).

Type definitions have to be checked on circular references.
Sergei Golubchik
MDEV-40186 MEMORY tables incorrectly restart index scan on DELETE

remember the last found key and restart the search (if needed)
from it not from the original one.
Sergei Golubchik
MDEV-40337 store user vars in a dedicated memroot

user_var_entry objects and their names have a connection lifetime,
they exist until the connection ends (or is reset), and then they're
all deleted at once. This is exactly the use case for MEM_ROOT,
let's store them there.

Additionally, let's set MY_ROOT_USE_MPROTECT flag to keep this memroot
off the general heap where user_var_entry values are stored
and where heap buffer overflows can happen.

The latter makes memory allocations for the MEM_ROOT about 10x more
expensive, so let's always start with an empty memroot (= zero overhead
if no user variables are used) and on THD cleanup let's retain one
memroot block (= zero overhead if the next connection takes THD from the
cache and uses user variables up to one block size).

Assisted-By: Claude:claude-4.8-opus
Sergei Golubchik
MDEV-23486 RBR can bypass secure_timestamp=YES

Add tests for system versioning.
INSERT is fixed, but UPDATE is still broken.
Sergei Golubchik
MDEV-39821 heap-use-after-free in heap_rnext with tree indexes

heap_update() forgot to update key_changed
Georg Richter
Check if we are running against MySQL or MariaDB
Aleksey Midenkov
MDEV-17613 prune_partitions() narrows read_partitions instead of rewrite

read_partitions is reset from lock_partitions once per statement in
open_table() (set_partition_bitmaps()), and prune_partitions() only
intersects it with the pruned set instead of rebuilding it.
mark_all_partitions_as_used() is dropped.

Pure refactoring, results unchanged. It lets a restriction set on
read_partitions before pruning survive it - needed when read_partitions
is pre-restricted, e.g. a versioned table whose history is partitioned
reads only the current partition.
Georg Richter
MySQL 9.7 fix: SHOW REPLICAS (without HOSTS)
Alexey (Holyfoot) Botchkov
MDEV-40356 Server crashes in XMLSchema_simpleContent::validate_prepare.

Return an error when simpleContent is empty.
Sergei Golubchik
MDEV-40341 store read-only sysvars in a read-only segment

Protect all READ_ONLY sysvars from run-time changes.

Put them into a separate ELF section with a special attribute
and mprotect() this section after the server is fully initialized.

Verify that they're all protected in the sys_var constructor.

One exception: opt_noacl (--skip-grant-tables) can be changed
from 1 to 0 on FLUSH PRIVILEGES. Let's briefly drop the
protection for this 1->0 change. It can be needed only once
in a server lifetime and only if it was started with --skip-grant-tables

On shutdown the protection is removed, making variables writable
again because shutdown resets some of them during the cleanup

Assisted-By: Claude:claude-4.8-opus
Sergei Golubchik
MDEV-37951 SHOW TABLES allows users with only GRANT OPTION privilege to read all table names in the database "mysql"

GRANT_ACL bleeds into thd->col_access via check_access()'s
"*save_priv |= db_access" path (db_access inherits master_access).
Two guards that relied on the absence of any privilege bit then
failed to treat GRANT_ACL as exceptional:

1. check_show_access() (sql_parse.cc): the fallback
  "!col_access && check_grant_db()" was bypassed when col_access
  held only GRANT_ACL, letting a global-GRANT-OPTION user pass the
  outer gate for SHOW TABLES / SHOW TABLE STATUS / SHOW TRIGGERS.
  Fix: use !(col_access & ~GRANT_ACL) so any real privilege still
  bypasses check_grant_db while GRANT_ACL alone does not.

2. get_all_tables() (sql_show.cc): the per-table shortcut
  "!(col_access & TABLE_ACLS)" was taken for col_access == GRANT_ACL
  because GRANT_ACL is part of TABLE_ACLS, skipping per-table checks
  and exposing all table names.
  Fix: use TABLE_ACLS & ~GRANT_ACL so that only genuine table-access
  bits suppress the per-table privilege check.

Assisted-By: Claude:claude-4.6-sonnet
Sergei Golubchik
MDEV-40341 store read-only sysvars in a read-only root

Store all READ_ONLY sysvar values in the read_only_root

Even though READ_ONLY sysvars are protected, for string variables
it usually means that the pointer cannot be changed. The value it
points to - the string itself - still can be. Let's store all
values of string READ_ONLY sysvars in the read_only_root.

sysvars that point directly into argv are copied to read_only_root.
sysvars that have their values calculated and allocated now
must be explicitly marked with PREALLOCATED to let it know they
have to be free()-d.

Assisted-By: Claude:claude-4.8-opus
Sergei Golubchik
cleanup: only include my_compare.h into heap code as needed

to avoid name conflict on `get_key_length`
Aleksey Midenkov
MDEV-17613 Read sole now-partition for non-historical versioned query

When a versioned table stores its history in partitions, an implicit
query (no FOR SYSTEM_TIME) needs only current rows, which all live in the
current partition. Restrict read_partitions to that partition in
vers_setup_conds() instead of relying on a row_end condition.

read_partitions is reset to all partitions every statement in
open_table(), so this restriction must be re-applied on each execution.
Guard it with !vers_conditions.was_set() rather than !is_set():
set_all() sets type (flips is_set()) but not orig_type (was_set()), so
is_set() would stay true across prepared-statement / stored-procedure
re-executions and skip the restriction, leaving history partitions
readable - rows matched then grow on each execute/call.

EXPLAIN no longer shows "Using where" for such a query: correctness now
comes from partition selection rather than a row_end filter.
Thirunarayanan Balathandayuthapani
MDEV-40332 InnoDB: Defragmentation of BASE_IDX in SYS_VIRTUAL failed: Data structure corruption

Problem:
========
- While shrinking the system tablespace, InnoDB defragments the
system tables to move used pages out of the extents
near the end of the file so the tail can be truncated.
defragment_level() relocates every page of a to-be-moved extent
and, to do so, rewrites the node pointer in the page's parent.

A B-tree root page has no parent node pointer, so it is
never recorded in m_parent_pages.
When the root of a system-table index happens to reside in an extent
that was selected for relocation, the parent lookup fails and
defragmentation is aborted with DB_CORRUPTION even though nothing is
corrupt.

Solution:
=========
  Because a root page cannot move, the system tablespace cannot
shrink below the highest root page, and relocating any
page at or below it cannot reduce the file size.
Exclude that region from relocation up front.

SpaceDefragmenter::max_root_extent(): New function returning the
highest extent that holds a root page of a system-table index

SpaceDefragmenter::find_new_extents(): Use max_root_extent()
together with the minimum tablespace size as the lower bound
(floor) of the relocation scan, so no extent at or below the
highest root is ever added to the relocation map.
This avoids the false corruption and also avoids reserving a
destination extent for a move that would never happen.
The free tail above the highest root is still reclaimed by truncation.
Alexey (Holyfoot) Botchkov
Additional fix.
Alexey (Holyfoot) Botchkov
MDEV-40361 Server crashes after select xmlisvalid (validate_prepare/base).

Type definitions have to be checked on circular references.
Sergei Golubchik
.gitignore plugin/auth_pam/testing/mariadb_mtr
Alexey (Holyfoot) Botchkov
MDEV-40357 Server crashes in XMLSchema_group_reference::validate_prepare.

The <group> in the XML Schema can legally be empty. Handle that case.
Alexey (Holyfoot) Botchkov
MDEV-40357 Server crashes in XMLSchema_group_reference::validate_prepare.

The <group> in the XML Schema can legally be empty. Handle that case.