Console View

Categories: connectors experimental galera main

Legend:

Passed

Failed

Warnings

Failed Again

Running

Exception

Offline

No data

connectors

experimental

galera

main

fb9d6e444c37...

fb9d6e444c370bcce5f00047ad335953f174897a

Georgi (Joro) Kodinov

joro@mariadb.org

MDEV-35986 - Use memory safe snprintf() in client

Replace sprintf(buf, ...) with snprintf(buf, sizeof(buf), ...),
where buf is allocated with a size known at compile time.

This makes sure we are not writing outside array/string bounds which will
lead to undefined behaviour. In case the code is trying to write outside bounds
- safe version of functions simply cut the string messages so we process this
gracefully.

f6bdbcfdd480...

f6bdbcfdd48043f602e07864eba712c2cd55dddb

Aleksey Midenkov

midenok@gmail.com

MDEV-38710 Assertion is_lock_owner on error returning from auto-create in mysql_admin_table

Followup commit for 4802bfe4f90.

After returning error from check_vers_constants() the stack
immediately returns error status up to mysql_admin_table() where it
does close_thread_tables(). The latter expects MDL acquired.

The bug discloses the generic problem of fallback mechanism throwing
an error when the upper frame does close_thread_tables().

f385a2aaf56d...

f385a2aaf56d23b259460fc46f4d4ef20a1f3a0a

Alexey Botchkov

holyfoot@askmonty.org

Progress report
03.04.2026

e955e6c8eacb...

e955e6c8eacbe4f97637699f68a74d10ed2d5c6b

Aleksey Midenkov

midenok@gmail.com

MDEV-28619 Server crash and UBSAN null-pointer-use in Window_funcs_sort::setup

Optimization in st_select_lex_unit::prepare() removes ORDER BY for
certain subqueries. That excludes ORDER BY items from being fixed, but
sl->window_funcs still contains window function items and those
related to optimized out ORDER BY are unfixed. The error about missing
window spec is thrown when the item is fixed. Hence we get redundant
processing of window function items without checking window spec
existence.

The fix removes the related window function items when ORDER BY is
optimized out. ORDER accumulates window_funcs at parser stage which
are then removed from SELECT_LEX::window_funcs. The fix also updates
similar optimization in mysql_make_view().

e950b5acdc4e...

e950b5acdc4ea5ef5a01b03deca7ca426aaccd78

Daniel Black

daniel@mariadb.org

deb: format debian/control of videx

cb32aa9aa85b...

cb32aa9aa85b243bead6ed47653db0f0ffc218e8

Marko Mäkelä

marko.makela@mariadb.com

MDEV-16926 fixup: GCC 16 -Wmaybe-uninitialized

Year::year_precision(): Make static, so that VYear::VYear
and VYear_op::VYear_op() will avoid invoking this function with
an unnecessary "this" pointer to an uninitialized object.

c0849d98f7ca...

c0849d98f7ca2627ea90283b125b5b86f75b173a

Daniel Black

daniel@mariadb.org

MDEV-30953: mariadb-server-galera - separate systemd component

There was elements of mariadb.service exclusively for galera.

Separate these out to a galera.conf file installed in
/usr/lib/systemd/systemd/mariadb.service.d/galera.conf.

b91bfcc88360...

b91bfcc88360161a9ddb4af7ee58f7a40ea785af

Sergei Petrunia

sergey@mariadb.com

MDEV-39251: Add an option to count records_in_range calls and skip them for point lookups

Add @@optimizer_min_point_range_size_to_use_stats. If the range
optimizer estimates a point lookup and the index statistics
say that expected number of matching rows is less than that,
then skip records_in_range() and use index statistics.

The default is @@optimizer_min_point_range_size_to_use_stats=0
which means the old behavior (use records_in_range(), unless
the lookup is over unique key, or @@eq_range_index_dive_limit is
hit)

b4bc43e5c196...

b4bc43e5c196e7f434ad18fc84d15b7134fe93ea

Mohammad Tafzeel Shams

tafzeel.shams@mariadb.com

MDEV-22186: Add innodb_buffer_pool_in_core_dump to exclude InnoDB buffer pool from cores

Problem:
There is no control to include or exclude large InnoDB buffer pool from
core files, which can lead to unnecessarily large core dumps or prevent
capturing useful memory state.

Solution:
Introduce a new global dynamic system variable innodb_buffer_pool_in_core_dump
that allows excluding InnoDB buffer pool from core dumps using MADV_DONTDUMP
where supported. When enabled the server marks relevant memory regions to be
omitted from core files. The madvise state is dynamically updated when the
variable changes.

This variable is only available on Linux & FreeBSD.

Additionally, a test helper script is introduced to inspect
/proc/<pid>/smaps and verify whether large memory regions are marked
for trimming.

- innodb_buffer_pool_in_core_dump
Global boolean system variable controlling whether InnoDB buffer
pool should be excluded from core dumps.
Default: OFF on non-debug builds with MADV_DONTDUMP support,
ON otherwise.

- innodb_buffer_pool_in_core_dump_update()
Update hook that sets innodb_buffer_pool_in_core_dump and triggers runtime
updates of madvise state for the buffer pool.

- buf_pool_t::in_core_dump
Variable backing @@innodb_buffer_pool_in_core_dump.

- buf_pool_t::core_advise()
Advises MADV_DONTDUMP or MADV_DODUMP according to latest
innodb_buffer_pool_in_core_dump value.

- buf_pool_t::create()
Updates madvise flag to the buffer pool memory based on
innodb_buffer_pool_in_core_dump.
Also moves the mutex initialization at the beginiing of function.

- buf_pool_t::resize()
Updates the madvise flag for buffer pool to keep it in sync with
the innodb_buffer_pool_in_core_dump.

- check_core_dump_trim.inc
Test helper that inspects /proc/<pid>/smaps to detect memory regions
with the dd VmFlag and determine whether the core file is expected
to be trimmed based on buffer pool and log buffer sizes.

b23f598f977b...

b23f598f977bad4bafbab7be1e1d5f954aeed7c6

Marko Mäkelä

marko.makela@mariadb.com

Merge 12.3

a13fbcf6cde1...

a13fbcf6cde1891e22b2cf7a1f914f0ea515fd92

Sergei Petrunia

sergey@mariadb.com

MDEV-39251: Step 1: Count records_in_range calls in a counter.

a103be381b38...

a103be381b3819138540841c91b2a81cbeca3e4b

Tuukka Pasanen

tuukka.pasanen@ilmi.fi

MDEV-30953: Add package for Galera server for RPM

Following the previous commit, we apply the same
to RPM.

Add new package Mariadb-server-galera to RPM build
recude mariadb-server package dependencies.
Galera cluster scripts and libraries are currently
in package mariadb-server. Move Galera cluster
scripts and libraries to new package mariadb-server-galera
as most of the people does not need them and
it allows to slim down mariadb-server package

The MariaDB-test package unlike its Debian
equal, didn't depend on the MariaDB-server
(and now it does), except if WITH_WSREP is
specified in which case it depends on the
MariaDB-server-galera package

Also from a865a7c23bd8c06bf1de0a759703f898f6c180c2
lsof, socat and pv are RECOMMENDS.
* lsof/socat - when selinux is enabled, these aren't used
* pv - the galera sst scripts will silently ignore its absence

Updated/Edited by: Daniel Black <[email protected]>

9bd0ea0d0395...

9bd0ea0d039523a0d2294b6ee57d92f321ec6cc7

Abhishek Bansal

abhibansal593@gmail.com

MDEV-38264: Fix failed assertion in json_find_path with trailing commas

The function json_skip_array_and_count() was trapping syntax errors
(e.g., trailing commas) in a local engine copy. Because the error state
wasn't propagated back to the main engine, json_find_path() would
proceed with an inconsistent state, eventually triggering an assertion
failure.

This patch ensures that any error encountered during the lookahead
scan is propagated to the primary engine. This allows the parser to
fail gracefully with a syntax error instead of crashing.

9b5239fb15e8...

9b5239fb15e8c3737d4c9d09f2f7de0a82e40d12

Marko Mäkelä

marko.makela@mariadb.com

Merge MDEV-39225 fixup

97a19f86609f...

97a19f86609fde284c400b86539392ae6caaab13

Tuukka Pasanen

tuukka.pasanen@ilmi.fi

MDEV-30953: Add package for Galera server (Deb)

MDEV-38744 removed the galera as a server dependency,
and we've decided to put it back.

While we put it back and there's a fresh release
series, lets incorporate some packaging improvements.

Historicly, since 10.1 when Galera became part
of the server the MariaDB-server package included
all the dependencies of Galera, its SST scripts,
in case the user wanted them. There where many
cases where this wasn't the case. As we
separate out to a separate mariadb-server-galera
package, we give the option if they want a
galera install and have its dependencies, or
a more minimal installation.

To facilitate this:

Add new package mariadb-server-galera to Debian to
recude mariadb-server package dependencies.
Galera cluster scripts and libraries are currently
in package mariadb-server. Move Galera cluster
scripts and libraries to new package mariadb-server-galera
as most of the people does not need them and
it allows to slim down mariadb-server package

More explictly:

As such this moves the following files that were previously
in the MariaDB-server packgage to the MariaDB-server-galera package:
* README-wsrep
* Galera SST scripts
* /etc/systemd/system/[email protected]/use_galera_new_cluster.conf

The dependencies of the Galera SST scripts are moved to
the dependencies of the MariaDB-server-galera package.

As the installation of this package is a key indication that
galera is required 60-galera.cnf in the configuration has
explict galera required configuration items set. The
wsrep_cluster_address will however be required to be set by the
user. When the user test this they must also enable
wsrep_on.

The galera-4 is also a dependency of MariaDB-server-galera package
rather than the MariaDB-server package.

MariaDB users previously using galera installed instance, that are
doing a major upgrade will need to be aware that the new package
is required.

Non-galera users during a major upgrade are going to get a slightly
smaller install, and a bunch of previous installed dependencies that
are no longer required and can be removed.

The mariadb-test package change its dependency from mariadb-server
to mariadb-server-galera so all the requirement of the server
are there.

Updated/Edited by: Daniel Black <[email protected]>

9692a8942fca...

9692a8942fca761d04e415f1d97a7c81432fc3e3

bsrikanth-mariadb

srikanth.bondalapati@mariadb.com

MDEV-39222: Error when inserting data from seq

When the replayed optimizer context doesn't contain seq table info,
which is used to insert data into a new/existing table, errors are displayed.
This is happening because, if any table or index that is used by the
engine is not available in the context, then a warning is generated.
However, this warning is converted to an error message for insert into
statements.

Solution here is not to continue using the replayed context after the
required query has been replayed.

7c5cac0d515b...

7c5cac0d515b629df4e17833eac8d258eecd3900

Marko Mäkelä

marko.makela@mariadb.com

Merge 10.11 into 11.4

7b93c8af178b...

7b93c8af178bc9329e9f742384a48acf128da7e0

Marko Mäkelä

marko.makela@mariadb.com

fixup! 4018e39988f301b2c138d0d0e3e88e0e77ba3e6d

Remove all traces of the buf_size= capacity() assignments

78ccd8020bde...

78ccd8020bde2379bd57a79c7997f17cb8075c8f

Sergei Petrunia

sergey@mariadb.com

76a443b621b8...

76a443b621b8b4ef07a66b19ebc67b2232812424

ShenLin

773933146@qq.com

MDEV-39041: Execute permissions required to make dh_link execute this to expand $DEB_HOST_MULTIARCH

76123426ec6f...

76123426ec6f4abc248326280b7637af02cb5e50

Alexander Barkov

bar@mariadb.com

MDEV-38933 Implement basic low level functions for DBMS_SQL

Adding SYS_REFCURSOR methods:
- id()
- attach()
- detach()

Adding non-DBMS_SQL-specific function plugins (pseudo-procedures):
- SQL.BIND_PARAM_BY_NAME(ps_name, pos, value)
- SQL.COLUMN_VALUE(sys_refcursor_id, pos, dst)

Adding DBMS_SQL-specific function plugins (pseduo-procedures)
- DBMS_SQL.BIND_VARIABLE(dbms_sql_cursor_id, pos, value)
- DBMS_SQL.COLUMN_VALUE(dbms_sql_cursor_id, pos, value)

6d9f47cbdb3e...

6d9f47cbdb3ed5a76f806e823796ce8088997b45

Aleksey Midenkov

midenok@gmail.com

MDEV-28619 with_flags cleanup

The best practice is to init as much info as possible in class
constructor. with_flags access may be needed before fix_fields() or
fix_fields() may be not called at all like it takes place in
MDEV-28619. The fix for MDEV-28619 requires WINDOW_FUNC check on
unfixed item.

678b7709e2bb...

678b7709e2bb25046bc3205ddac31a19f1ab2f23

Aleksey Midenkov

midenok@gmail.com

MDEV-38798 Assertion `mdl_key->length() == 3' failed in MDL_map::find_or_insert

Originally two MDL_EXCLUSIVE are used for pure alias of derived table
and its schema which is empty db name. It is concurrency performance
overhead and there is no obvious reason why such MDL should exist.

MDEV-33985 changed pure alias check from `db.str` to `db.length` and
that allowed `empty_c_string` to be pure alias too. It is important
for MDEV-33985 fix with sequences. Now such kind of pure alias skips
MDL initialization and thus derived table fails falsely on BACKUP
namespace as it is default namespace for 0-filled structure (see TODO
comments).

The fix a) keeps MDL_NOT_INITIALIZED for uninitialized MDL and that
was the consequence of MDL_INTENTION_EXCLUSIVE value 0 (see TODO
comment).

And b) does not update MDL type for pure alias when view is
initialized, so it is MDL_NOT_INITIALIZED. `lock_table_names()` code
naturally skips such kind of MDL with (mdl_request.type <
MDL_SHARED_UPGRADABLE) condition when processing tables list.

669e7aa798f9...

669e7aa798f984c0c4178c20f6926b956c8f095e

Daniel Black

daniel@mariadb.org

systemd: deprecate MYSQLD_OPTS

It was added without a good use case as
all MariaDB options where available to
uses to put in configuration files.

Put a notice of deprecation for now.

5f518b6bd442...

5f518b6bd4426336f0774190b5fdbf1c4d7e5241

Vladislav Vaintroub

vvaintroub@gmail.com

MDEV-39258 Make THIRD_PARTY_DOWNLOAD_LOCATION settable

Also, on request of Razvan, increase HeidiSQL download timeout

5a1f349b82b7...

5a1f349b82b714d09d557ad202e39355ac733cc7

Michal Schorm

mschorm@redhat.com

MDEV-18359, MDEV-26905: Fix invalid XML in charsets Index.xml

Summary:
The charset definition files sql/share/charsets/Index.xml and
mysql-test/std_data/ldml/Index.xml contained duplicate "flag" attributes
on single <collation> elements, violating XML well-formedness rules.
Standard XML parsers (xmllint, libxml2, etc.) reject duplicate attributes,
making these files unparseable by any spec-compliant tool.

Root Cause:
When nopad_bin collations were added, their flags were specified as
XML attributes: flag="binary" flag="nopad". The XML specification
(Section 3.1, Well-Formedness Constraint: Unique Att Spec) prohibits
duplicate attribute names on a single element. MariaDB's custom XML
parser in strings/xml.c happened to process both duplicates because
it handles attributes sequentially in a while loop, but this is
non-standard behavior that breaks interoperability with standard
XML tooling.

What the patch does:
Converts all 24 occurrences of duplicate flag attributes from
self-closing elements with duplicate attributes to elements with
child <flag> nodes. This follows the existing pattern already used
by many collations in the same file (e.g., big5_chinese_ci,
latin1_swedish_ci, utf8mb3_general_ci).

Before (invalid XML):
<collation name="latin2_nopad_bin" id="1101" flag="binary" flag="nopad"/>

After (valid XML):
<collation name="latin2_nopad_bin" id="1101">
<flag>binary</flag>
<flag>nopad</flag>
</collation>

No C code changes are required. The _CS_FLAG handler in
strings/ctype.c (around line 621) already processes <flag> child
elements using bitwise OR (|=) to accumulate flags, so both "binary"
(MY_CS_BINSORT) and "nopad" (MY_CS_NOPAD) flags are correctly applied.

Files modified:
- sql/share/charsets/Index.xml (23 collations fixed)
- mysql-test/std_data/ldml/Index.xml (1 collation fixed)

Complete list of 24 collations fixed:

sql/share/charsets/Index.xml:
1. latin2_nopad_bin (id=1101)
2. dec8_nopad_bin (id=1093)
3. cp850_nopad_bin (id=1104)
4. hp8_nopad_bin (id=1096)
5. koi8r_nopad_bin (id=1098)
6. swe7_nopad_bin (id=1106)
7. ascii_nopad_bin (id=1089)
8. cp1251_nopad_bin (id=1074)
9. hebrew_nopad_bin (id=1095)
10. latin7_nopad_bin (id=1103)
11. koi8u_nopad_bin (id=1099)
12. greek_nopad_bin (id=1094)
13. cp1250_nopad_bin (id=1090)
14. cp1257_nopad_bin (id=1082)
15. latin5_nopad_bin (id=1102)
16. armscii8_nopad_bin (id=1088)
17. cp866_nopad_bin (id=1092)
18. keybcs2_nopad_bin (id=1097)
19. macce_nopad_bin (id=1067)
20. macroman_nopad_bin (id=1077)
21. cp852_nopad_bin (id=1105)
22. cp1256_nopad_bin (id=1091)
23. geostd8_nopad_bin (id=1117)

mysql-test/std_data/ldml/Index.xml:
24. ascii2_nopad_bin (id=325)

Validation:
- xmllint --noout passes cleanly on both files after the fix
- Zero duplicate flag attributes remain (verified with grep)
- The fix is consistent with the existing pattern used by other
collations in the same files

Co-Authored-By: Claude AI <[email protected]>

5a19ed3248e5...

5a19ed3248e5f6016eea9900fb1f2b136bc33315

Thirunarayanan Balathandayuthapani

thiru@mariadb.com

MDEV-37924 segv in flst::remove_complete(buf_block_t*, unsigned short, unsigned char*, mtr_t*)

Problem:
=======
During system tablespace defragmentation, extent movement occurs
in two phases: prepare and complete.
1) prepare phase validates involved pages and acquires necessary
resources.
2) complete phase performs the actual data copy.

Prepare phase fails to check whether allocating a page will
make the extent FULL. When an extent has exactly (extent_size - 1)
pages used, the prepare phase returns early without latching
the prev/next extent descriptors needed for list manipulation.

Complete phase then allocates the final page, making the
extent full, and attempts to move it from
FSEG_NOT_FULL/FSP_FREE_FRAG to FSEG_FULL/FSP_FULL_FRAG list.
This fails with an assertion because the required blocks were
never latched, causing a crash in flst::remove_complete().

Solution:
========
alloc_from_fseg_prepare(), alloc_from_free_frag_prepare(): Check
if the extent will become full after allocation. This makes the
prepare phase to acquire the necessary pages for FSP list manipulation

find_new_extents(): Print more revised information about moving
of extent data and destination extent also.

defragment_level(): Move get_child_pages(new_block) before committing
changes to enable proper rollback on failure. Well, this failure
is theoretically impossible (new block is exact copy of
validated old block).

57a172f22f77...

57a172f22f778ab75244cdc9c5feedc67a68a7b3

bsrikanth-mariadb

srikanth.bondalapati@mariadb.com

55b3dced055b...

55b3dced055b091e3364aee0304703d4beda7cc6

Marko Mäkelä

marko.makela@mariadb.com

Merge 11.8 into 12.3

527e60fe2cc1...

527e60fe2cc11f7f29afaef9b055c3da88960377

Daniel Black

daniel@mariadb.org

wsrep_info plugin config file created

41462ed60b47...

41462ed60b47f2dc84a2c93fcbfb3e2603e74813

Raghunandan Bhat

raghunandan.bhat96@gmail.com

MDEV-38562: `mariabackup` exits with success (0) despite "No space left on device" errors

Problem:
`mariabackup` ignores `my_close()` failures, resulting in false
success report with a 'completed OK!' message.

Fix:
Update `local_close()` function in `mariabackup` to check `my_close()`
failures and enusre errors are reported.

3b206b9cc6ac...

3b206b9cc6ac3e8a975c7e1c0b5fd72024544fe7

Fariha Shaikh

farihais@amazon.com

MDEV-39028 DROP PARTITION, CONVERT OUT require both ALTER and DROP privileges

ALTER TABLE ... DROP PARTITION requires both ALTER and DROP privileges,
which is inconsistent with TRUNCATE PARTITION that only requires DROP.
This prevents fine-grained privilege separation since users who need to
drop partitions must also be granted ALTER, allowing them to perform
any other DDL changes on the table.

Change DROP PARTITION to require only DROP privilege, consistent with
TRUNCATE PARTITION. Users allowed to drop the table should also be
allowed to drop partitions without needing ALTER rights.

All new code of the whole pull request, including one or several files
that are either new files or modified ones, are contributed under the
BSD-new license. I am contributing on behalf of my employer Amazon Web
Services, Inc.

2f4743f1515d...

2f4743f1515d241ed0c903e376759291c9c41800

Alexandru Diaconu

alexandrudiaconu93@gmail.com

MDEV-38791 TO_DATE() allows duplicate format specifiers

The Oracle-mode TO_DATE() function incorrectly parsed strings containing
conflicting format specifiers within the Day-name family (e.g., 'DAY DY')
without throwing an ER_STD_INVALID_ARGUMENT error.

This patch completes the existing validation framework for family-based
conflict checks in item_timefunc.cc during format string parsing.
Specifically, it adds formats_used() checks for FMT_DAY, ensuring that
specifiers within the Day-name family strictly block each other. This
aligns the Day-name handling with the already existing checks for the
Year, Month, Hour, and Meridian families.

Compatible specifiers, such as YYYY and DDD (Year and Day of Year),
remain unaffected and parse successfully. A comprehensive MTR test
suite has been added to func_to_date.test to cover standard and
edge-case conflicts.

Reported-by: Elena Stepanova <elenastepanova@github>

Signed-off-by: Alexandru Diaconu <[email protected]>

29be734aaf9e...

29be734aaf9ea5a51a97de32e1db9d5c8a6ceec3

Marko Mäkelä

marko.makela@mariadb.com

Merge 10.6 into 10.11

1f95fe6fd378...

1f95fe6fd378c808c6805be6f1ba81a602eb049a

forkfun

alice.sherepa@gmail.com

MDEV-36183 mariadb-dump backup corrupt if stored procedure ends with comment

When a stored procedure, trigger, or event ends with a line comment (#comment
or --comment), mariadb-dump would append the custom delimiter (;;) on the same line.
This caused the comment to "comment out" the delimiter, leading to syntax errors
during restoration.

Fixed by ensuring a newline is inserted before the delimiter in the dump output.

1a144f713ab7...

1a144f713ab700f471b99e6ef6b7a0f105bdbf25

Marko Mäkelä

marko.makela@mariadb.com

Merge 11.4 into 11.8

10d5ee6f11fe...

10d5ee6f11fece23398d6f98da34b1b0903a91e0

Jan Lindström

jan.lindstrom@mariadb.com

MDEV-38917 : Galera test failure on galera.galera_sst_mysqldump

This regression is caused by commit c380e165973 (MDEV-38833 "Suboptimal
or dead code at server startup"). Problem is that there should never
be an expectation that InnoDB bootstrap is crash-safe. Therefore,
after wsrep has initialized wsrep schema force checkpoint. This
ensured that InnoDB has successfully bootstrapped and wsrep chema
is initialized. This checkpoint ensures that wsrep-recover
is successful.

Other changes:
* Splitted galera_sst_mysqldump to two parts wsrep_sst_mysqldump
and wsrep_sst_mysqldump_debug that is run only on debug builds.
* Changed wserp_schema initialization not to use std::string
because it is unnecessary.
* Force checkpoint after wsrep_schema has been created.
* Make test wsrep_sst_mysqldump_with_key smaller
* Stabilize test cases

0bbec68242a9...

0bbec68242a9fa4c681993a895807cf077991790

forkfun

alice.sherepa@gmail.com

MDEV-32770 mariadb-dump produces not loadable dump due to temporary view structure

When mariadb-dump produces a dump, it first creates a temporary placeholder for views
to satisfy potential dependencies before their actual creation later in the dump file.
Previously, these views were populated with int literals for their columns (1 AS `col_name`).
This could cause syntax or type-resolution errors during restoration if another view depended
on this placeholder view.

This commit changes the placeholder column values from 1 to NULL, as it is more permissive
and allowing the dump to be restored successfully.

0b467c2c128d...

0b467c2c128dd226c9a1386f358742797a2b6919

Aleksey Midenkov

midenok@gmail.com

Compilation: writing to an object of type ‘ORDER’

/home/buildbot/amd64-last-N-failed/build/sql/sql_window.cc: In function ‘ORDER* concat_order_lists(MEM_ROOT*, ORDER*, ORDER*)’:
/home/buildbot/amd64-last-N-failed/build/sql/sql_window.cc:2976:13: error: ‘void* memcpy(void*, const void*, size_t)’ writing to an object of type ‘ORDER’ {aka ‘struct st_order’} with no trivial copy-assignment; use copy-assignment or copy-initialization instead [-Werror=class-memaccess]
2976 | memcpy(copy, cur, sizeof(ORDER));
| ~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from /home/buildbot/amd64-last-N-failed/build/sql/field.h:29,
from /home/buildbot/amd64-last-N-failed/build/sql/sql_class.h:32,
from /home/buildbot/amd64-last-N-failed/build/sql/sql_acl.h:21,
from /home/buildbot/amd64-last-N-failed/build/sql/sql_parse.h:19,
from /home/buildbot/amd64-last-N-failed/build/sql/sql_window.cc:18:
/home/buildbot/amd64-last-N-failed/build/sql/table.h:236:16: note: ‘ORDER’ {aka ‘struct st_order’} declared here
236 | typedef struct st_order {
| ^~~~~~~~
/home/buildbot/amd64-last-N-failed/build/sql/sql_window.cc: In member function ‘bool Window_funcs_sort::setup(THD*, SQL_SELECT*, List_iterator<Item_window_func>&, JOIN_TAB*)’:
/home/buildbot/amd64-last-N-failed/build/sql/sql_window.cc:3151:11: error: ‘void* memset(void*, int, size_t)’ clearing an object of type ‘ORDER’ {aka ‘struct st_order’} with no trivial copy-assignment; use assignment or value-initialization instead [-Werror=class-memaccess]
3151 | memset(order, 0, sizeof(*order));
| ~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from /home/buildbot/amd64-last-N-failed/build/sql/field.h:29,
from /home/buildbot/amd64-last-N-failed/build/sql/sql_class.h:32,
from /home/buildbot/amd64-last-N-failed/build/sql/sql_acl.h:21,
from /home/buildbot/amd64-last-N-failed/build/sql/sql_parse.h:19,
from /home/buildbot/amd64-last-N-failed/build/sql/sql_window.cc:18:
/home/buildbot/amd64-last-N-failed/build/sql/table.h:236:16: note: ‘ORDER’ {aka ‘struct st_order’} declared here
236 | typedef struct st_order {
| ^~~~~~~~
cc1plus: all warnings being treated as errors
make[2]: *** [sql/CMakeFiles/sql.dir/build.make:2640: sql/CMakeFiles/sql.dir/sql_window.cc.o] Error 1
make[2]: *** Waiting for unfinished jobs....
make[1]: *** [CMakeFiles/Makefile2:10639: sql/CMakeFiles/sql.dir/all] Error 2
make: *** [Makefile:166: all] Error 2

0933a57b6d1d...

0933a57b6d1d941bc2fb46b6140f95c1c31c4b7c

Dmitry Shulga

dmitry.shulga@mariadb.com

MDEV-38561: ASAN heap-use-after-free in Query_arena::free_items/sp_lex_cursor::~sp_lex_cursor

On re-parsing of a failed cursor statement inside the stored routine,
the free_list of sp_lex_cursor could point to items placed on a dedicated
memory root that is created during re-parsing of the failed statement.

In result, when sp_head object is destroyed the mem_root created for
re-parsing the cursor's statement is de-allocated but the free_list
pointer of sp_lex_cursor still point to objects previously allocated
on this memory root.

To fix the issue, save the pointer to the cursor's free_list in
a data member of sp_lex_instr class and nullify it right after this
memory root be deallocated.