Home - Waterfall Grid T-Grid Console Builders Recent Builds Buildslaves Changesources - JSON API - About

Console View


Categories: connectors experimental galera main
Legend:   Passed Failed Warnings Failed Again Running Exception Offline No data

connectors experimental galera main
Lawrin Novitsky
Merge branch 'odbc-3.1'
Aleksey Midenkov
MDEV-38710 Assertion is_lock_owner on error returning from auto-create in mysql_admin_table

Followup commit for 4802bfe4f90.

After returning error from check_vers_constants() the stack
immediately returns error status up to mysql_admin_table() where it
does close_thread_tables(). The latter expects MDL acquired.

The bug discloses the generic problem of fallback mechanism throwing
an error when the upper frame does close_thread_tables().
Aleksey Midenkov
MDEV-36362 MariaDB crashes when parsing fuzzer generated PARTITION

Function calls in INTERVAL expression of DDL have little
sense. SETVAL() fails because sequences require opened tables and
vers_set_interval() is called at earlier stage.

The fix throws ER_SUBQUERIES_NOT_SUPPORTED for sequence functions
SETVAL(), NEXTVAL(), LASTVAL() when the context does not allow
subselect (determined by clause_that_disallows_subselect).
Aleksey Midenkov
MDEV-25365 Cleanups
Aleksey Midenkov
MDEV-28619 Server crash and UBSAN null-pointer-use in Window_funcs_sort::setup

Optimization in st_select_lex_unit::prepare() removes ORDER BY for
certain subqueries. That excludes ORDER BY items from being fixed, but
sl->window_funcs still contains window function items and those
related to optimized out ORDER BY are unfixed. The error about missing
window spec is thrown when the item is fixed. Hence we get redundant
processing of window function items without checking window spec
existence.

The fix removes the related window function items when ORDER BY is
optimized out. ORDER accumulates window_funcs at parser stage which
are then removed from SELECT_LEX::window_funcs. The fix also updates
similar optimization in mysql_make_view().
rusher
[misc] use DOCKER_LOGIN as user if secret available
Lawrin Novitsky
Merge branch 'odbc-3.1'
Aleksey Midenkov
Compilation: writing to an object of type ‘ORDER’

/home/buildbot/amd64-last-N-failed/build/sql/sql_window.cc: In function ‘ORDER* concat_order_lists(MEM_ROOT*, ORDER*, ORDER*)’:
/home/buildbot/amd64-last-N-failed/build/sql/sql_window.cc:2976:13: error: ‘void* memcpy(void*, const void*, size_t)’ writing to an object of type ‘ORDER’ {aka ‘struct st_order’} with no trivial copy-assignment; use copy-assignment or copy-initialization instead [-Werror=class-memaccess]
2976 |      memcpy(copy, cur, sizeof(ORDER));
      |      ~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from /home/buildbot/amd64-last-N-failed/build/sql/field.h:29,
                from /home/buildbot/amd64-last-N-failed/build/sql/sql_class.h:32,
                from /home/buildbot/amd64-last-N-failed/build/sql/sql_acl.h:21,
                from /home/buildbot/amd64-last-N-failed/build/sql/sql_parse.h:19,
                from /home/buildbot/amd64-last-N-failed/build/sql/sql_window.cc:18:
/home/buildbot/amd64-last-N-failed/build/sql/table.h:236:16: note: ‘ORDER’ {aka ‘struct st_order’} declared here
  236 | typedef struct st_order {
      |                ^~~~~~~~
/home/buildbot/amd64-last-N-failed/build/sql/sql_window.cc: In member function ‘bool Window_funcs_sort::setup(THD*, SQL_SELECT*, List_iterator<Item_window_func>&, JOIN_TAB*)’:
/home/buildbot/amd64-last-N-failed/build/sql/sql_window.cc:3151:11: error: ‘void* memset(void*, int, size_t)’ clearing an object of type ‘ORDER’ {aka ‘struct st_order’} with no trivial copy-assignment; use assignment or value-initialization instead [-Werror=class-memaccess]
3151 |    memset(order, 0, sizeof(*order));
      |    ~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from /home/buildbot/amd64-last-N-failed/build/sql/field.h:29,
                from /home/buildbot/amd64-last-N-failed/build/sql/sql_class.h:32,
                from /home/buildbot/amd64-last-N-failed/build/sql/sql_acl.h:21,
                from /home/buildbot/amd64-last-N-failed/build/sql/sql_parse.h:19,
                from /home/buildbot/amd64-last-N-failed/build/sql/sql_window.cc:18:
/home/buildbot/amd64-last-N-failed/build/sql/table.h:236:16: note: ‘ORDER’ {aka ‘struct st_order’} declared here
  236 | typedef struct st_order {
      |                ^~~~~~~~
cc1plus: all warnings being treated as errors
make[2]: *** [sql/CMakeFiles/sql.dir/build.make:2640: sql/CMakeFiles/sql.dir/sql_window.cc.o] Error 1
make[2]: *** Waiting for unfinished jobs....
make[1]: *** [CMakeFiles/Makefile2:10639: sql/CMakeFiles/sql.dir/all] Error 2
make: *** [Makefile:166: all] Error 2
Lawrin Novitsky
One of tests had bogus dependency

Which somehow never popped up before as a problem.
Lawrin Novitsky
Trick to fix tests on macos-arm

Looks like tests and DM use different alignment and because of that 10th
paramemter of SQLSpesialColumns of type short gets read incorrectly by
the DM
Lawrin Novitsky
Fix of issue with iOdbc on ARM

We support iOdbc only on MacOS thus can be also formulated - ARM build on MacOS

The problem is that iOdbc does nto use exact type of ODBC function pointers fromt he driver,
but call them as variadic functions. That created different stack
parameters location - in fact only for 10th parameter of
SQLSpecialColumns function there 9th and 10th are 2 short parameters
going one after another.
To solve this we create this API function with different signature that
only reads parameters correctly and passes them to the function that
will process them.
Aleksey Midenkov
MDEV-32317 Trace for ref_ptrs array (ref_array keyword)

Usage:

  mtr --mysqld=--debug=d,ref_array,query:i:o,/tmp/mdl.log
Lawrin Novitsky
ODBC-489 Undefined behavior in SQLFetch(Scroll)

The command in question is plainly incorrect from all points of view.
It's incorrectly increments the pointer and even if do that referenced
cursor position increment correctly - it's not needed at this point
Aleksey Midenkov
MDEV-38854 Assertion table->vers_write fails upon ODKU into table with versioned column

In MDEV-25644 vers_check_update() sets vers_write to false in case it
returns false. It is ok for UPDATE but is not correct for ODKU is bulk
insert requires vers_write on next tuple.

The fix return vers_write value back when vers_check_update() and
related vers_insert_history_row() are done in ODKU.
gkodinov
MDEV-38499: cmake and compile errors on MacOSX when compiling mariadb from a git tree

Replace deprecated cmake function calls to avoid warnings

Replaced the deprecated exec_program calls with execute_process()
This removed the deprecation cmake warnings.
Lawrin Novitsky
ODBC-489 Fix of UB found by ubsan - continuation
Aleksey Midenkov
MDEV-28619 with_flags cleanup

The best practice is to init as much info as possible in class
constructor. with_flags access may be needed before fix_fields() or
fix_fields() may be not called at all like it takes place in
MDEV-28619. The fix for MDEV-28619 requires WINDOW_FUNC check on
unfixed item.
Aleksey Midenkov
MDEV-38798 Assertion `mdl_key->length() == 3' failed in MDL_map::find_or_insert

Originally two MDL_EXCLUSIVE are used for pure alias of derived table
and its schema which is empty db name. It is concurrency performance
overhead and there is no obvious reason why such MDL should exist.

MDEV-33985 changed pure alias check from `db.str` to `db.length` and
that allowed `empty_c_string` to be pure alias too. It is important
for MDEV-33985 fix with sequences. Now such kind of pure alias skips
MDL initialization and thus derived table fails falsely on BACKUP
namespace as it is default namespace for 0-filled structure (see TODO
comments).

The fix a) keeps MDL_NOT_INITIALIZED for uninitialized MDL and that
was the consequence of MDL_INTENTION_EXCLUSIVE value 0 (see TODO
comment).

And b) does not update MDL type for pure alias when view is
initialized, so it is MDL_NOT_INITIALIZED. `lock_table_names()` code
naturally skips such kind of MDL with (mdl_request.type <
MDL_SHARED_UPGRADABLE) condition when processing tables list.
Lawrin Novitsky
ODBC-489 Fix of UB found by ubsan - continuation
Georg Richter
Merge branch '3.3' into 3.4
Aleksey Midenkov
MDEV-28619 fix
Georg Richter
Fix for CONC-812:

The `length` element of the MYSQL_BIND structure is
used to obtain the size of variable-length data
types, such as BLOBs or strings, in order to
determine the required buffer size, as described in
the documentation:

"Pointer to the length of the buffer (not used for
parameters). The length is ignored for numeric and
fixed-size data types, as the buffer_type value
determines the size of the data."

Since the prepared statement implementation of
MariaDB Connector/C is based on the PHP mysqlnd
extension code, the initial implementation
incorrectly set the `length` field for fixed-size
data types.

As agreed with the support team, we do not remove
the `length` value for fixed-size types, but retain
it to handle NULL values correctly.
Georg Richter
Use stronger password for test
Aleksey Midenkov
MDEV-25365 Server hangs or crashes in Query_cache::move_by_type upon FLUSH QUERY CACHE

Caused by Bug#988 in 702b5ad.

How it works

QUERY blocks has all its tables in the array coming after
Query_cache_block header. Each such table element
(Query_cache_block_table) is also an element of doubly-linked circular
list associated with TABLE block used to find all queries by a
table. TABLE block data() is actually Query_cache_table: identificator
for table elements by real name. Every element in the circular list
has `parent` set to such Query_cache_table, except the list root. The
list root is the only Query_cache_block_table element owned by a TABLE
block, all other elements are owned by QUERY blocks. Thus TABLE block
n_tables is always 1.

FREE blocks are transformed into gap pointed by `border`. All the
QUERY and TABLE blocks are moved in place of the gap providing free
space defragmentation. Moving is done by creating new block at the
location of the gap and then doing memmove() from an old block to new
block. This may involve blocks overlap when the distance between the
blocks is less than the block size.

What was broken

When the old and the new QUERY blocks overlap, pointer can be in range
of both of them and checking the range does not guarantee affiliation
of the pointer with the old block. Such intra-block checks added by
Bug#988 can wrongly work on an already updated pointer.

In the test case small gap allows both tables 16 and 17 to be in the
overlapping region of old and new blocks. Iteration 16 updated
`prev->next` on the normal manner and the `prev` was table 17.
Iteration 17 sees this `next` as a pointer coming from an old block
though really it is already for a new block (as small gap shift allows
table 16 to be in both blocks), and it shifts it to the wrong
location. That have broken TABLE block circular chain.

How it was fixed

The fix modifies intra-block checks to work only in the forward
direction. F.ex., current table jx references intra-block by `next`
another table jy in later iteration (jx < jy) and we shift this `next`
pointer. Then by normal code (pre-Bug#988) we update `next->prev`. At
iteration jy we skip intra-block check for `prev` as it is in the past
iteration and was updated by iteration jx. The same happens for the
opposite direction, there is no semantic difference between `next` and
`prev` pointers.
Georg Richter
Follow up of 5fe4d03f26045d1215e894d16054935ddd65ecc0:

Always initialize length variables of MYSQL_BIND structure
to make MSAN happy.
rusher
[misc] use DOCKER_LOGIN as user if secret available

(cherry picked from commit 3b3623c0d3ebbf5625ed3598e5ef9e7bc26362f2)
Aleksey Midenkov
MDEV-27569 Valgrind/MSAN errors in ha_partition::swap_blobs

row_sel_store_mysql_field() does:

3113                    mysql_rec[templ->mysql_null_byte_offset]
3114                            &= static_cast<byte>(~templ->mysql_null_bit_mask);

but mysql_rec[] which is prefetch buffer was allocated without
initialization. Prefetch buffers are allocated by
row_sel_prefetch_cache_init():

3881            ptr = static_cast<byte*>(ut_malloc_nokey(sz));

and then it initializes the buffers with the magic numbers.

The fix initializes the buffers with null bytes as well for nullable
fields.
Dmitry Shulga
MDEV-38561: ASAN heap-use-after-free in Query_arena::free_items/sp_lex_cursor::~sp_lex_cursor

On re-parsing of a failed cursor statement inside the stored routine,
the free_list of sp_lex_cursor could point to items placed on a dedicated
memory root that is created during re-parsing of the failed statement.

In result, when sp_head object is destroyed the mem_root created for
re-parsing the cursor's statement is de-allocated but the free_list
pointer of sp_lex_cursor still point to objects previously allocated
on this memory root.

To fix the issue, save the pointer to the cursor's free_list in
a data member of sp_lex_instr class and nullify it right after this
memory root be deallocated.
Alexandru Diaconu
MDEV-38791 TO_DATE() allows duplicate format specifiers

The Oracle-mode TO_DATE() function incorrectly parsed strings containing
conflicting format specifiers within the Day-name family (e.g., 'DAY DY')
without throwing an ER_STD_INVALID_ARGUMENT error.

This patch completes the existing validation framework for family-based
conflict checks in item_timefunc.cc during format string parsing.
Specifically, it adds formats_used() checks for FMT_DAY, ensuring that
specifiers within the Day-name family strictly block each other. This
aligns the Day-name handling with the already existing checks for the
Year, Month, Hour, and Meridian families.

Compatible specifiers, such as YYYY and DDD (Year and Day of Year),
remain unaffected and parse successfully. A comprehensive MTR test
suite has been added to func_to_date.test to cover standard and
edge-case conflicts.

Reported-by: Elena Stepanova <elenastepanova@github>

Signed-off-by: Alexandru Diaconu <[email protected]>
Aleksey Midenkov
MDEV-25365 More query cache debug trace

Usage:

mtr --mysqld=--debug=d,qcache,query:i:O,/tmp/qcache_full.log
sed -nre '/(move_by_type|dispatch_command|pack_cache)/ p' \
    < /tmp/qcache_full.log \
    > /tmp/qcache.log
Georg Richter
Fixed failing test when connecting via unix_socket
  • cc-x-codbc-windows: 'dojob pwd if '3.4' == '3.4' ls win32/test SET TEST_DSN=master SET TEST_DRIVER=master SET TEST_PORT=3306 SET TEST_SCHEMA=odbcmaster if '3.4' == '3.4' cd win32/test if '3.4' == '3.4' ctest --output-on-failure' failed -  stdio
Dmitry Shulga
MDEV-38561: ASAN heap-use-after-free in Query_arena::free_items/sp_lex_cursor::~sp_lex_cursor

On re-parsing of a failed cursor statement inside the stored routine,
the free_list of sp_lex_cursor could point to items placed on a dedicated
memory root that is created during re-parsing of the failed statement.

In result, when sp_head object is destroyed the mem_root created for
re-parsing the cursor's statement is de-allocated but the free_list
pointer of sp_lex_cursor still point to objects previously allocated
on this memory root. Subsequent attempt to release items stored in
the free_list leads to server abnormal termination.

To fix the issue, save the pointer to the cursor's free_list in
a data member of sp_lex_instr class and nullify it right after this
memory root be deallocated.
Lawrin Novitsky
Parsec plugin was missing in tarballs and not compiled in on Windows
Aleksey Midenkov
Compilation: writing to an object of type ‘ORDER’

/home/buildbot/amd64-last-N-failed/build/sql/sql_window.cc: In function ‘ORDER* concat_order_lists(MEM_ROOT*, ORDER*, ORDER*)’:
/home/buildbot/amd64-last-N-failed/build/sql/sql_window.cc:2976:13: error: ‘void* memcpy(void*, const void*, size_t)’ writing to an object of type ‘ORDER’ {aka ‘struct st_order’} with no trivial copy-assignment; use copy-assignment or copy-initialization instead [-Werror=class-memaccess]
2976 |      memcpy(copy, cur, sizeof(ORDER));
      |      ~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from /home/buildbot/amd64-last-N-failed/build/sql/field.h:29,
                from /home/buildbot/amd64-last-N-failed/build/sql/sql_class.h:32,
                from /home/buildbot/amd64-last-N-failed/build/sql/sql_acl.h:21,
                from /home/buildbot/amd64-last-N-failed/build/sql/sql_parse.h:19,
                from /home/buildbot/amd64-last-N-failed/build/sql/sql_window.cc:18:
/home/buildbot/amd64-last-N-failed/build/sql/table.h:236:16: note: ‘ORDER’ {aka ‘struct st_order’} declared here
  236 | typedef struct st_order {
      |                ^~~~~~~~
/home/buildbot/amd64-last-N-failed/build/sql/sql_window.cc: In member function ‘bool Window_funcs_sort::setup(THD*, SQL_SELECT*, List_iterator<Item_window_func>&, JOIN_TAB*)’:
/home/buildbot/amd64-last-N-failed/build/sql/sql_window.cc:3151:11: error: ‘void* memset(void*, int, size_t)’ clearing an object of type ‘ORDER’ {aka ‘struct st_order’} with no trivial copy-assignment; use assignment or value-initialization instead [-Werror=class-memaccess]
3151 |    memset(order, 0, sizeof(*order));
      |    ~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from /home/buildbot/amd64-last-N-failed/build/sql/field.h:29,
                from /home/buildbot/amd64-last-N-failed/build/sql/sql_class.h:32,
                from /home/buildbot/amd64-last-N-failed/build/sql/sql_acl.h:21,
                from /home/buildbot/amd64-last-N-failed/build/sql/sql_parse.h:19,
                from /home/buildbot/amd64-last-N-failed/build/sql/sql_window.cc:18:
/home/buildbot/amd64-last-N-failed/build/sql/table.h:236:16: note: ‘ORDER’ {aka ‘struct st_order’} declared here
  236 | typedef struct st_order {
      |                ^~~~~~~~
cc1plus: all warnings being treated as errors
make[2]: *** [sql/CMakeFiles/sql.dir/build.make:2640: sql/CMakeFiles/sql.dir/sql_window.cc.o] Error 1
make[2]: *** Waiting for unfinished jobs....
make[1]: *** [CMakeFiles/Makefile2:10639: sql/CMakeFiles/sql.dir/all] Error 2
make: *** [Makefile:166: all] Error 2
Rex Johnston
MDEV-29360 Crash when pushing condition with always false IS NULL into derived

When a condition containing an always FALSE range part is pushed
down into a derived table, an enclosed outer reference can cause
a null pointer crash.  An example

SELECT * FROM (SELECT id  FROM t1 GROUP BY id) dt1, (SELECT id FROM t2) dt2, t3
  WHERE dt2.id = t3.id AND dt1.id BETWEEN 0 AND (dt2.id IS NULL);

is considered as one that can be pushed into the derived table dt1
because the expression (dt2.id IS NULL) is identified as always false.
On the on other hand the condition still contains a reference to a
column of the table dt2. When pushing the condition to the where clause
of the derived table dt1 a copy of it is created and this copy is
transformed to be used in the new where clause. When the transformation
procedure encounters a reference dt2.id it crashes the server as only
the references to the columns used in the group by list of the
specification of dt1 or those equal to them are expected in the
condition that can be pushed into the where clause of the derived table.

The fix here is transform the argument to the function Item_func_isnull
from something that may be a column reference, but cannot be null to
an Item_literal that also cannot be null (1).

Based on patch by Igor Babaev.