Home - Waterfall Grid T-Grid Console Builders Recent Builds Buildslaves Changesources - JSON API - About

Console View


Categories: connectors experimental galera main
Legend:   Passed Failed Warnings Failed Again Running Exception Offline No data

connectors experimental galera main
Sergei Golubchik
MDEV-40411 SFORMAT ignores max_allowed_packet

do our own allocator that implements std::allocator interface
but uses our memory accounting (my_malloc) and limits max allocation
(e.g. to max_allowed_packet).

use it for fmt::vformat_to.
later can be used for various std:: stuff too.
Georg Richter
Merge branch '3.3-rpl' into 3.3
  • cc-x-codbc-windows: 'dojob pwd if '3.4' == '3.4' ls win32/test SET TEST_DSN=master SET TEST_DRIVER=master SET TEST_PORT=3306 SET TEST_SCHEMA=odbcmaster if '3.4' == '3.4' cd win32/test if '3.4' == '3.4' ctest --output-on-failure' failed -  stdio
Sergei Golubchik
MDEV-40425 handlersocket crashes on read with huge number of fields

* fix handlersocket to unlink it's THD, this apparently was broken
  for years
* add a check for fldnum
* add a first ever handlersocket test
Sergei Golubchik
MDEV-23486 RBR can bypass secure_timestamp=YES

fix TIMESTAMP DEFAULT NOW() and ON UPDATE NOW()

Caveat: rbr cannot work without an index - if the slave overwrites
timestamp columns, before-image won't match in full, this is expected.
Sergei Golubchik
MDEV-40409 ST_GeomFromText stack overrun on deeply nested GeometryCollection
Rucha Deodhar
MDEV-40130: SIGSEGV in Field_iterator_table::set_table at sql/table.h:3350

Analysis:
The if...else block in sp_head::add_instr() checks for existence of
items in m_cur_instr_trig_row_items. Since we also have elements in
m_cur_instr_trig_field_items, the block where we check for
m_cur_instr_trig_row_items and populate m_trg_table_row gets skipped
entirely. Additionally the missing iterate_trigger_row_and_run_func
over m_trg_table_row does not setup table and trigger values either.
This eventually causes crash while setting table for field iterator
during trigger execution.

Fix:
Check for m_cur_instr_trig_row_items exclusively. Also added
iterate_trigger_row_and_run_func over m_trg_table_row to set up the table
and over relevant values correctly.
Sergei Golubchik
MDEV-24598 Duplicate CHECK constraint names are allowed

Column-level CHECK constraints derive their effective name from the column's
field name when read from frm (name_length=0 fallback in
init_from_binary_frm_image). An explicit table-level constraint with the same
name as a column that carries a column-level check creates a duplicate in
information_schema.check_constraints.

Two cases:
1. CREATE TABLE t (a INT CHECK (a>2), CONSTRAINT a CHECK (a<5)) -- both
  end up named "a".
2. JSON columns auto-receive a JSON_VALID column check named after the field.
  CREATE TABLE t (json_c1 JSON, CONSTRAINT json_c1 CHECK (...)) produces
  a duplicate "json_c1".

Fix in mysql_prepare_create_table_finalize: when validating explicit
table-level constraint names, also check them against field names of columns
that carry column-level check constraints (ER_DUP_CONSTRAINT_NAME).

Fix in make_unique_constraint_name / fix_constraints_names: pass the column
list so that auto-generated names (CONSTRAINT_1, CONSTRAINT_2, ...) skip
names already taken by column-level checks.

Update check_constraint.test: the MDEV-16630 test relied on the now-rejected
duplicate (column check "b" + table constraint "b"). Rename the table-level
constraint to "b_and_a" to preserve the intent: verifying that field
constraints and table constraints produce distinct error-message formats.

Assisted-By: Claude:claude-4.6-sonnet
Sun Haiyong
Use CMAKE_SIZEOF_VOID_P EQUAL 8 for 64-bit detection

Use CMAKE_SIZEOF_VOID_P EQUAL 8 for 64‑bit detection instead of
maintaining an architecture list. This is cleaner and more maintainable.
Sergei Golubchik
MDEV-40395 MyISAM/Aria silently truncate extensions from filenames, if too long

* move all common fn_format flags that mi_create/maria_create use
  into one single #define.
* simplify (MY_APPEND_EXT is redundant and MY_REPLACE_EXT does nothing
  when no . is present in the filename)
* use MY_SAFE_PATH everywhere (return NULL if too long)
* set my_errno= ENAMETOOLONG on too long
* abort mi_create/maria_create if returned NULL
Sergei Golubchik
MDEV-39318 some MTR tests fail with --ssl

* many test expected error 2013 (CR_SERVER_LOST)
  they should also expect 2026 (CR_SSL_CONNECTION_ERROR)
* some test --connect and expect a specific pre-auth error,
  they should use NOSSL option
* some tests start with invalid certificate - they work because
  mariadb-test doesn't connect with ssl by default. With --ssl
  it does and simply cannot connect. These tests use include/not_ssl.inc
* ssl_cipher restarts the server internally with invalid cipher.
  it should reconnect the default connection without SSL, otherwise
  mariadb-test will fail to connect after server is restarted
* tests that print ssl status without forcing it first - shouldn't,
  they don't know whether ssl is enabled or not.
* some perfschema tests are socket-specific and use include/not_ssl.inc
* perfschema status tables had too small column for ssl_ciphers value.
  Fixed as in f34afeaf6b83 (MDEV-39318)
Sergei Golubchik
MDEV-40362 #mysql50# mixes up with table names in the table cache and on disk

1.
Only allow #mysql50# prefix on table names that
can not be decoded from a file name to a table name.
It is an error to put this prefix on a name that can be accessed
as a valid table name without a prefix. Use `t1` not `#mysql50#t1`,
use `a-b` not `#mysql50#a@002db`.

2.
Don't allow creation of new tables with the #mysql50# prefix.

Except when in SQLCOM_ALTER_DB_UPGRADE - main.upgrade test runs
ALTER DATABASE `#mysql50#mysqltest-1` UPGRADE DATA DIRECTORY NAME;
This command moves tables from the old db name to the new db name,
and some of these tables also have old #mysql50# names.

3.
Also don't allow to create such databases, views, partitions,
subpartitions, sequences, triggers.
Georg Richter
Infer fixes

- Resolved a critical loop-ordering bug in ma_get_rset_field_lengths
  where a null pointer dereference occurred on early iterations.
- Applied @infer-ignore annotations to ma_save_session_track_info to
  silence false-positive leak and dereference warnings stemming from
  Infer's inability to statically trace custom ma_multi_malloc offsets.
  Further @infer-ignore annotations were applied to boundary checks in
  client/server and replication protocol parsing.
- Converted error-prone preprocessor assignment macros into type-safe,
  architecture-independent C helper functions.
- Migrated mysql->options.extension from a lazy to an eager allocation
  pattern inside mysql_init() to eliminate redundant null checks and cleanly
  unify structural lifecycles.
- Updated mysql_close() teardown paths to cleanly free the eager
  extension container and prevent ASan/LSan leaks.

Two separate alerts reside within the replication/binlog API code;
these are intentionally deferred as that entire subsystem is slated
for a structural rework in an upcoming commit.

Excluded existing 'unittest/' and 'external/' directories from the Infer
analysis scope via `.inferconfig`. The testing framework intentionally
utilizes mock boundaries, structural shortcuts, and sandbox scaffolding to
isolate edge cases. Analyzing these files generates significant static
analysis noise and false positives without providing actual value to the
core runtime stability of the production library client.
  • cc-x-codbc-windows: 'dojob pwd if '3.4' == '3.4' ls win32/test SET TEST_DSN=master SET TEST_DRIVER=master SET TEST_PORT=3306 SET TEST_SCHEMA=odbcmaster if '3.4' == '3.4' cd win32/test if '3.4' == '3.4' ctest --output-on-failure' failed -  stdio
Sergei Golubchik
MDEV-40341 store read-only sysvars in a read-only root

Store all READ_ONLY sysvar values in the read_only_root

Even though READ_ONLY sysvars are protected, for string variables
it usually means that the pointer cannot be changed. The value it
points to - the string itself - still can be. Let's store all
values of string READ_ONLY sysvars in the read_only_root.

sysvars that point directly into argv are copied to read_only_root.
sysvars that have their values calculated and allocated now
must be explicitly marked with PREALLOCATED to let it know they
have to be free()-d.

Assisted-By: Claude:claude-4.8-opus
Georg Richter
Merge branch '3.3' into 3.4
  • cc-x-codbc-windows: 'dojob pwd if '3.4' == '3.4' ls win32/test SET TEST_DSN=master SET TEST_DRIVER=master SET TEST_PORT=3306 SET TEST_SCHEMA=odbcmaster if '3.4' == '3.4' cd win32/test if '3.4' == '3.4' ctest --output-on-failure' failed -  stdio
Dave Gosselin
MDEV-38669:  ASAN fail in Item_func_collect::add during ST_COLLECT

st_collect read past the end of its input because it assumed
that the input was a valid geometry.  Check that the length of the
input is at least long enough to possibly contain a valid geometry.
Sergei Golubchik
MDEV-28743 Roles without grants are handled wrong

In propagate_role_grants_action() (called by grant_reload() on startup
and FLUSH PRIVILEGES), role privilege merging uses a counter-based
bottom-up ordering: each role's counter tracks how many of its granted
sub-roles still need to be processed, and merge_role_privileges() merges
a role only once its counter reaches zero.

The bug: when an intermediate role such as org_role_1 (which inherits
only from a USAGE-only app_role_1) was merged with no privilege changes,
merge_role_privileges() returned 1 as an optimisation to stop upward
traversal.  This prevented the traversal from ever reaching user_role_1
to decrement its counter.  A second leaf traversal (from app_role_2)
could decrement user_role_1's counter only once, leaving it at 1
instead of 0, so user_role_1 was never merged and had no effective
privileges.

The "stop if nothing changed" optimisation is valid for incremental
propagate_role_grants() calls (after a single GRANT/REVOKE), where
every ancestor was already correctly merged.  It is not valid for the
full-reload case, where the counters must be decremented by every leaf
traversal to guarantee correct bottom-up ordering.

Fix: add an initial_load flag to PRIVS_TO_MERGE.  When set (only in
propagate_role_grants_action), the early-stop optimisation is disabled
so traversals always visit all ancestors.

Assisted-By: Claude:claude-4.6-sonnet
Sergei Golubchik
MDEV-40426 CONNECT writes unvalidated data from remote server into fixed-len buffer

use size-bounded scanf formats
Sergei Golubchik
MDEV-40337 store user vars in a dedicated memroot

user_var_entry objects and their names have a connection lifetime,
they exist until the connection ends (or is reset), and then they're
all deleted at once. This is exactly the use case for MEM_ROOT,
let's store them there.

Additionally, let's set MY_ROOT_USE_MPROTECT flag to keep this memroot
off the general heap where user_var_entry values are stored
and where heap buffer overflows can happen.

The latter makes memory allocations for the MEM_ROOT about 10x more
expensive, so let's always start with an empty memroot (= zero overhead
if no user variables are used) and on THD cleanup let's retain one
memroot block (= zero overhead if the next connection takes THD from the
cache and uses user variables up to one block size).

Assisted-By: Claude:claude-4.8-opus
Sergei Golubchik
MDEV-30555 The server does not detect changes in NULL-ability of system table columns

Table_check_intact::check() validated column names, types, and charsets but
not NULL-ability. Altering a system table column (e.g. mysql.proc.definer)
to drop NOT NULL would pass the check undetected, silently corrupting data
stored through that column.

Add a CAN_BE_NULL flag bit in the high bit of TABLE_FIELD_TYPE::type.length.
Set it on nullable column entries; the check now validates nullability in both
directions. NOT NULL columns need no annotation (the common case). The flag
is encoded as `{ STRING_WITH_LEN("type") + CAN_BE_NULL }` which keeps the
intent readable at the definition site.

Apply CAN_BE_NULL annotations to all TABLE_FIELD_TYPE arrays:
mysql.proc, mysql.event, mysql.table_stats, mysql.column_stats,
mysql.index_stats.

Assisted-By: Claude:claude-4.6-sonnet
Sergei Golubchik
MDEV-39841 handlersocket plugin default secret is empty

if handlersocket_plain_secret is not specified, generate a random one.
one can still set an empty secret in my.cnf if needed.
Georg Richter
Merge branch '3.3' into 3.4
  • cc-x-codbc-windows: 'dojob pwd if '3.4' == '3.4' ls win32/test SET TEST_DSN=master SET TEST_DRIVER=master SET TEST_PORT=3306 SET TEST_SCHEMA=odbcmaster if '3.4' == '3.4' cd win32/test if '3.4' == '3.4' ctest --output-on-failure' failed -  stdio
Sergei Golubchik
MDEV-23486 RBR can bypass secure_timestamp=YES

Add tests for system versioning.
INSERT is fixed, but UPDATE is still broken.
Georg Richter
Fix HEARTBEAT_LOG_EVENT
Sergei Golubchik
MDEV-40341 store read-only sysvars in a read-only segment

Protect all READ_ONLY sysvars from run-time changes.

Put them into a separate ELF section with a special attribute
and mprotect() this section after the server is fully initialized.

Verify that they're all protected in the sys_var constructor.

One exception: opt_noacl (--skip-grant-tables) can be changed
from 1 to 0 on FLUSH PRIVILEGES. Let's briefly drop the
protection for this 1->0 change. It can be needed only once
in a server lifetime and only if it was started with --skip-grant-tables

On shutdown the protection is removed, making variables writable
again because shutdown resets some of them during the cleanup

Assisted-By: Claude:claude-4.8-opus
Georg Richter
CONC-835: Fix pre-auth memory exhaustion in packet reassembly

Enforce a strict 1MB max_allowed_auth_packet
limit during the initial connection and authentication handshake.

Additionally, add comprehensive checks inside ma_net_read() to block
malicious multi-packet streaming vectors that could bypass the threshold
by fragmenting oversized payloads into legitimate sub-16MB frames.

Returns CR_NET_PACKET_TOO_LARGE if the threshold is breached. Normal
operational packet size limits are safely restored post-authentication.
  • cc-x-codbc-windows: 'dojob pwd if '3.4' == '3.4' ls win32/test SET TEST_DSN=master SET TEST_DRIVER=master SET TEST_PORT=3306 SET TEST_SCHEMA=odbcmaster if '3.4' == '3.4' cd win32/test if '3.4' == '3.4' ctest --output-on-failure' failed -  stdio
Georg Richter
rpl: Fix boundary underflows, alignment UB, and secure fuzzer paths

Extensively hardened the replication event parsing loop and rpl_fuzzer
against integer truncation bugs, unaligned memory accesses, and stack
exhaustion vulnerabilities exposed by coverage-guided fuzzing.

Replication Engine & Packet Boundary Fixes:
- Hardened FORMAT_DESCRIPTION_EVENT parsing by enforcing strict minimum
  event length layout constraints to prevent downstream array parsing corruption.
- Hardened pointer subtraction math in RPL_CALC_SAFE_LEN to assert bounds
  checks before casting to unsigned size_t, preventing wrapped negative
  offsets (e.g., -7 length allocations) from bypassing fuzzer guardrails.
- Upgraded event validation checks throughout the case state matrix to
  strictly reject any computed lengths that evaluate to <= 0.
- Refactored loose string tracking handlers to enforce length-bounded
  memory boundary matching (memcmp) instead of raw strstr/strlen, blocking
  potential out-of-bounds reads on non-null-terminated network payloads.

rpl_fuzzer Stabilization & Sanitizer Fixes:
- Fixed UndefinedBehaviorSanitizer (UBSan) alignment runtime errors inside
  the fuzzer's length clamping loop by substituting direct uint32_t pointer
  dereferences with safe unaligned memcpy operations.
- Hardened mariadb_rpl_send_semisync_ack to eliminate dangerous unbounded
  alloca() calls on the execution stack, implementing a safe, bounded local
  fallback workspace with clean malloc/free degradation routing.
- Added explicit null verification to deep connection handles (rpl->mysql)
  to eliminate crash vectors under flaky connection drops.
  • cc-x-codbc-windows: 'dojob pwd if '3.4' == '3.4' ls win32/test SET TEST_DSN=master SET TEST_DRIVER=master SET TEST_PORT=3306 SET TEST_SCHEMA=odbcmaster if '3.4' == '3.4' cd win32/test if '3.4' == '3.4' ctest --output-on-failure' failed -  stdio
Sergei Golubchik
MDEV-37951 SHOW TABLES allows users with only GRANT OPTION privilege to read all table names in the database "mysql"

GRANT_ACL bleeds into thd->col_access via check_access()'s
"*save_priv |= db_access" path (db_access inherits master_access).
Two guards that relied on the absence of any privilege bit then
failed to treat GRANT_ACL as exceptional:

1. check_show_access() (sql_parse.cc): the fallback
  "!col_access && check_grant_db()" was bypassed when col_access
  held only GRANT_ACL, letting a global-GRANT-OPTION user pass the
  outer gate for SHOW TABLES / SHOW TABLE STATUS / SHOW TRIGGERS.
  Fix: use !(col_access & ~GRANT_ACL) so any real privilege still
  bypasses check_grant_db while GRANT_ACL alone does not.

2. get_all_tables() (sql_show.cc): the per-table shortcut
  "!(col_access & TABLE_ACLS)" was taken for col_access == GRANT_ACL
  because GRANT_ACL is part of TABLE_ACLS, skipping per-table checks
  and exposing all table names.
  Fix: use TABLE_ACLS & ~GRANT_ACL so that only genuine table-access
  bits suppress the per-table privilege check.

Assisted-By: Claude:claude-4.6-sonnet
Alexander Barkov
MDEV-39587 Package-wide TYPE for variable declarations

SET sql_mode=ORACLE;
DELIMITER $$
CREATE OR REPLACE PACKAGE pkg AS
  -- Declare a package public data type
  TYPE varchar_array IS TABLE OF VARCHAR(2000) INDEX BY INTEGER;
END;
$$
DELIMITER ;
DELIMITER $$

CREATE OR REPLACE PROCEDURE p1 AS
  v pkg.varchar_array; -- Use the package public data type
BEGIN
  v(0):='test';
  SELECT v(0);
END;
$$
DELIMITER ;

Note, the change is done only for sql_mode=ORACLE, because the TYPE
declaration is not available for the default mode.

Where package-wide types are available
--------------------------------------
- Variabe list type:
    DECLARE var pkg1.type1;

- RETURN type for a package routine:
    CREATE FUNCTION .. RETURN pkg1.type1 ...

- Parameter type for a package routine:
    PROCEDURE p1(param1 pkg1.type1);

- Assoc array element type:
    TYPE assoc1_t IS TABLE OF pkg1.type1 ...

- REF CURSOR RETURN type:
    TYPE cur1_t IS REF CURSOR RETURN pkg1.type1;

Change details
--------------

- Adding a member Lex_length_and_dec_st::m_foreign_module_type
  It's set to true when the data type was initialized from a TYPE
  in foreign routine (e.g. in PACKAGE spec).
  It's needed to prevent use of qualified identifiers in public contexts,
  i.e. in schema public routine parameter types and schema publuc function
  RETURN types.
  Adding a helper method sp_head::check_applicability() which prevents
  use of qualified types in public context.

- Adding a helper method sp_head::raise_unknown_data_type().

- Adding methods LEX::set_field_type_typedef_package_spec() for
  2-step and 3-step qualified indentifiers.
  It's used in field_type_all_with_typedefs which covers cases:
  - Variabe list type        : DECLARE var pkg1.type1;
  - RETURN type              : CREATE FUNCTION .. RETURN pkg1.type1 ...
  - Parameter type          : PROCEDURE p1(param1 pkg1.type1);
  - Assoc array element type : TYPE assoc1_t IS TABLE OF pkg1.type1 ...

- Adding a method LEX::declare_type_ref_cursor_return_typedef().
  It handles cases when a new TYPE REF CURSOR RETURN is declared,
  for both for qualified RETURN types and non-qualified RETURN types:
  - TYPE cur0_t IS REF CURSOR RETURN rec1_t;
  - TYPE cur0_t IS REF CURSOR RETURN pkg1.rec1_t;
  - TYPE cur0_t IS REF CURSOR RETURN db1.pkg1.rec1_t;

  The code was moved from LEX::declare_type_ref_cursor() into
  LEX::declare_type_ref_cursor_return_typedef() and extended
  to cover qualified RETURN types.

- Adding a method Sql_path::find_package_spec_type().
  It iterates through all schemas specified in @@path and searches
  for the given type in the given package.

- Adding a helper method sp_pcontext::type_defs_add_ref_cursor()
  to reuse the code.

- Adding a new method sp_package::get_typedef() to search
  for TYPE definitions in PACKAGE specifications.

- Adding a new method sp_head::get_typedef_package_spec()
  to search for TYPE definitions used by a PROCEDURE or FUNCTION.

- Adding a helper method
    Sp_handler::sp_cache_routine_reentrant_suppress_errors
  Adding a method Sp_handler::find_package_spec().
Georg Richter
Merge branch '3.3' into 3.4
  • cc-x-codbc-windows: 'dojob pwd if '3.4' == '3.4' ls win32/test SET TEST_DSN=master SET TEST_DRIVER=master SET TEST_PORT=3306 SET TEST_SCHEMA=odbcmaster if '3.4' == '3.4' cd win32/test if '3.4' == '3.4' ctest --output-on-failure' failed -  stdio
Sergei Golubchik
MDEV-40413 ALTER TABLE ... CONVERT ... PARTITION doesn't encode partition names
Georg Richter
CONC-821: Preserve bound lengths for all types when fetching NULL values

Previously, during a statement fetch, encountering a NULL value would
reset the bound length of the column to 0. This behavior is incorrect
for two reasons:
1. Numerical and temporal types have fixed buffer sizes that should
  remain constant.
2. For variable-length types (like strings and BLOBs), a length of 0
  specifically denotes an empty string/buffer, not a NULL value.
  • cc-x-codbc-windows: 'dojob pwd if '3.4' == '3.4' ls win32/test SET TEST_DSN=master SET TEST_DRIVER=master SET TEST_PORT=3306 SET TEST_SCHEMA=odbcmaster if '3.4' == '3.4' cd win32/test if '3.4' == '3.4' ctest --output-on-failure' failed -  stdio
Georg Richter
Fixed  2 bugs introduced by infer fixes:

- Fixed resut set length calculation
- Initialize mysql->options in mysql_close_options to avoid potential
  double free.
  • cc-x-codbc-windows: 'dojob pwd if '3.4' == '3.4' ls win32/test SET TEST_DSN=master SET TEST_DRIVER=master SET TEST_PORT=3306 SET TEST_SCHEMA=odbcmaster if '3.4' == '3.4' cd win32/test if '3.4' == '3.4' ctest --output-on-failure' failed -  stdio
Georg Richter
Fix test conc_821:

Don't check NULL indicator for timestamp column, since the
result (NULL or NOW()) depends on server setting.
  • cc-x-codbc-windows: 'dojob pwd if '3.4' == '3.4' ls win32/test SET TEST_DSN=master SET TEST_DRIVER=master SET TEST_PORT=3306 SET TEST_SCHEMA=odbcmaster if '3.4' == '3.4' cd win32/test if '3.4' == '3.4' ctest --output-on-failure' failed -  stdio
Sergei Golubchik
MDEV-40426 CONNECT writes unvalidated data from remote server into fixed-len buffer

use size-bounded scanf formats