Home - Waterfall Grid T-Grid Console Builders Recent Builds Buildslaves Changesources - JSON API - About

Console View


Categories: connectors experimental galera main
Legend:   Passed Failed Warnings Failed Again Running Exception Offline No data

connectors experimental galera main
Sergei Golubchik
MDEV-39673 group_concat ignores max_allowed_packet

GROUP_CONCAT is limited by group_concat_max_len,
but also, as a string function it must respect max_allowed_packet.

Let's introduce THD::gconcat_max_len() helper to simplify checks.

Also:
* make max group_concat_max_len value the same as max max_allowed_packet
* use the same MY_MIN((ulonglong) ..., UINT_MAX32) in
  Item_func_json_objectagg as in Item_func_group_concat
* use overflow-safe type for lengths in Item_func_quote
  (MAX_MAX_ALLOWED_PACKET is 1G so uint cannot overflow yet, but it's
  a fragile assumption)
Vladislav Vaintroub
MDEV-37556 Memory leak in proxy protocol with name resolution enabled

When proxy protocol is used and --skip-name-resolve is not set,
thd_set_peer_addr() is called twice per connection: once for the real TCP peer (in check_connection),
and again for the proxied address (in handle_proxy_header).
Each call invokes ip_to_hostname(), which allocates a hostname string
(unless loopback connection is used) and stores it as
thd->main_security_ctx.host. That code missed to free previously
allocated hostname, which results into memory leak.

This is now fixed. Also added debug-only test to mysql_client_test, which
fakes DNS and IP resolution the same way some perfschema tests do, to
emulate remote TCP connection in MTR.
Jan Lindström
MDEV-40027 : Galera Cluster-peer > Donor command execution

An appropriately privileged user (with SUPER privileges) could
execute shell commands as the uid of the mariadbd process
because the values of the system variable wsrep_sst_auth,
which can be modified at runtime, were not properly
sanitized when used to construct a shell command.

Combined rsync and mariabackup test cases and added
test case for incorrect values for wsrep_sst_auth.
Daniel Bartholomew
bump the VERSION
Hemant Dangi
MDEV-39721: wsrep_notify.cc: reject shell-unsafe characters in joiner-supplied member fields

Issue:
wsrep_notify_status() interpolated members[i].name() (the peer's
wsrep_node_name) and members[i].incoming() verbatim into a command
string that is then executed via 'sh -c' by wsp::process. A peer
joining the cluster with shell metacharacters in its wsrep_node_name
or wsrep_node_incoming_address caused arbitrary commands to run on
every cluster member that had wsrep_notify_cmd configured.
MDEV-39413 introduced safe() for the same threat class in the SST
scripts but did not cover the C++ wsrep_notify path.

Solution:
Validate each substituted field against a narrow whitelist before
interpolating. Node name allows alnum and -_. ; node address
additionally allows :[]/ for host:port and [ipv6] forms. On bad
input the notification is skipped with an error log instead of
forwarding the unsafe value to sh -c.
Vladislav Vaintroub
MDEV-40026 acl_insert_db crashes on overlong dbname in "denies" array.

Fix to return error when json_unescape() fails.
Also return error, if length from json_unescape happens to be larger
that size of buffer - 1, to make sure that null-termination of string
does not override memory.

Some cleanup - only complain once about invalid "denies" entry during
FLUSH privileges. Avoid full parsing during when processing
mysql.global_priv in grant_reload() in the first pass.
Marko Mäkelä
Simplify the logic around max_first_lsn
ParadoxV5
MDEV-38972 Refactor MDEV-37530 and MDEV-28302 to Use Internal Data Structures

Replace the `std::unordered_map` in `Info_file::load_from_file_impl()`
with `Hash_set` from `sql/sql_hset.h`.

For consistency’s sake, as long as there is no call to switch to a
“third-party alternative” (C++ Standard, Boost, etc.) library (if ever),
we should prever in-house data structures whenever feasible.

As this commit contains no other changes,
this change from one library to the other is also a
suitable sample for a formal performance comparison.
ParadoxV5
fixup force reorganize

Reörganize
Hemant Dangi
MDEV-39648: wsrep_sst_rsync.sh: apply safe() to joiner-supplied parameters

Issue:
wsrep_sst_rsync.sh interpolated WSREP_SST_OPT_REMOTE_USER and
WSREP_SST_OPT_REMOTE_PSWD verbatim. Because both values originate from
the joiner side of the SST request, a newline in either could splice
an extra directive into the donor-written stunnel.conf (silently
downgrading peer-cert verification) or an extra line into the rsync
magic file. MDEV-39413 had introduced safe() for the same threat class
in wsrep_sst_mariabackup but did not extend it to the rsync script.

Solution:
Routing the rsync interpolations through safe() closes the gap, and
extending safe() to also reject tab and newline ensures multi-line
values cannot survive into a config-file heredoc.
Monty
Ensure that mtr.out-of-source is not acccidently calling itself

Calling itself will cause extensive memory usage that can kill
the machine when it runs out of memory (happend to me).

Fixed by having mtr.out-of-source checking that it is not calling itself.
In addition added a check for cmake to expand symlinks to make the
check if we are running mtr 'out of source' safer.

Author: Sergei Golubchik <[email protected]> (CMakeList.txt changes)
Teemu Ollakka
Add missing notify_state_change() in Wsrep_client_service.

The change was forgotten from previous rebase/wsrep-lib update.
ParadoxV5
amend "remodel structs"

TODO fixup (cosmetic issues made obsolete by later changes):
* `mysqld.cc` `master_heartbeat_period` use `std::move()`
* fix doc for `operator T()`:
  ```c++
  ///@pre @ref optional and @ref default_value are not both null.
  ```
Sergei Golubchik
MDEV-39564 One-byte OOB write in PROXY protocol v1 header parser
Sergei Golubchik
strengthen safe() in wsrep_sst_common, just in case
Marko Mäkelä
MDEV-39344: trx_disconnect_prepared() uses wrong mutex

trx_t::disconnect_prepared(): Replaces trx_disconnect_prepared().
Protect is_recovered, mysql_thd with mutex, to be consistent with
protecting fetch_data_into_cache_low().

This fixes up
commit c0817dac99c28698dfc2b548d89acf1fb41dc32e (MDEV-29575).

Suggested by: Sergey Vojtovich
ParadoxV5
MDEV-38972 Refactor MDEV-37530 and MDEV-28302 to Use Internal Data Structures

For consistency with the (dated) rest of the codebase, this commit
replaces most miscellaneous C++ standard utilities MDEV-37530
used with equivalents in the C standard and MariaDB libraries:

* `std::initializer_list<E>` → `E *, size_t`
* `std::optional<T>` → `T, bool`
  * `::master_heartbeat_period` is refactored
* `std::pair<K, V>` → `struct { K; V; }`
* `std::string_view` → `LEX_CSTRING`

The following are kept:
* `std::numeric_limits<T>`:
  Alternatives (`UINTn_MAX`, `MY_INTn_NUM_DECIMAL_DIGITS`)
  don’t integrate well with templates, *especially when `T`
  is `my_off_t` (a platform-dependent MariaDB-library type)*.
  * Though `std::numeric_limits<T>::is_signed` is currently not used.
* Explicit move-semantic markers `std::move()` and `std::forward()`

The commit also unrolls the structured binding in
the `for` loop in `sql_repl.cc`’s `change_master()`.

The changeset of this separate commit is mainly a comparison of style,
as the performance differences are well expected to be negligible.
Sergei Golubchik
MDEV-39676 disallow global.wsrep_sst_donor=NULL again

it crashes in galera.mdev-28433
Sergei Golubchik
MDEV-39581 dynamic column header missing sanity checks
Jan Lindström
MDEV-40056 : Analyze Galera Dynamic Variables Susceptible to RCEs

Fix potential issue with wsrep_node_address by allowing
only correctly constructed address.
Hemant Dangi
MDEV-38843: BF applier failed on a node causing complete Cluster lockup

Issue:
When a BF applier failed to apply a write set and the transaction
rollback returned non-zero, wsrep-lib's apply_write_set() short-circuited
log_dummy_write_set(). That call releases commit order through
commit_order_leave() -- which drives the inconsistency vote -- and
advances the storage engine checkpoint. Skipping it left the seqno stuck
in commit order, so following appliers blocked on commit_order_enter and
the node silently locked the cluster while staying in the primary
component.

Solution:
wsrep-lib now always calls log_dummy_write_set() on the apply-error path,
so the apply error reaches the provider and the node is voted out and
evicted instead of hanging. The rollback result is still folded into ret,
and Wsrep_high_priority_service::rollback() returns its real result again.
ParadoxV5
fixup "move to init list"

This reverts a9a2aa90be for `sql/rpl_info_file.h`.
Rex Johnston
MDEV-30073 Wrong result on 2nd execution of PS for query with NOT EXISTS

Summary: Items of type Item_direct_view_ref which are reverted with the
change_item_tree mechanism are involved in permanent optimizer
transformations.  This commit ensures that items involved in these
permanent transformations are created during the first execution
and re-used for subsequent executions.

Queries affected by this bug are numerous, but will always involve
1) 2nd execution of a prepared statement or procedure
2) a permanent transformation, such as a semi-join optimization

Detail:

Consider this run as a prepared statement
SELECT * FROM t1
  WHERE EXISTS
  (
    SELECT dt.a FROM
      (
        SELECT t2a as a, t2b as b FROM t2
      ) dt
      WHERE dt.b = t1a
  )

During name resolution of field dt.b (in the where clause) we end
up calling find_field_in_view()/.../create_view_field().
This is responsible for creating a wrapper around the found Item
(Item_field*)`test`.`t2`.`t2b`
While this Item_direct_view_ref representing 'dt.b' is allocated on
Statement (permanent) memory the change is registered to be reversed
at the end of statement execution.  This is odd and contrary to the
permanent nature of this transformation.

Item::exists2in_processor() is called during the preparation in the
first execution.
We transform the query from
select * from t1 where
exists
(
  select `test`.`t2`.`t2b` from
    (
      select `test`.`t2`.`t2a` AS `a`,`test`.`t2`.`t2b` AS `b` from `test`.`t2`
    ) `dt`
    where `test`.`t2`.`t2b` = `test`.`t1`.`t1a`
    limit 1
)

select * from t1 where
`test`.`t1`.`t1a` in
(
  select `test`.`t2`.`t2b` from
    (
      select `test`.`t2`.`t2a` AS `a`,`test`.`t2`.`t2b` AS `b` from `test`.`t2`
    ) `dt`
    where 1
)

later, the optimizer merges the derived table dt into it's parent

select * from t1 where
`test`.`t1`.`t1a` in
(
  select `test`.`t2`.`t2b` from t2 where 1
)

then this is transformed into a semi-join

select t1.* from t1 semi join t2 on t1a = t2b

At the end of the first execution, the item t2b above is reverted to
dt.b.  During the subsequent name resolution of dt.b, it is resolved
t2a, and the semi-join executed corresponds to

select t1.* from t1 semi join t2 on t1a = t2a

causing a different result set.

Initial Author: Igor Babaev
Reformatted and refactored by: Rex Johnston ([email protected])

Add assert to ensure Item_direct_view_refs are not allocated on
the 2nd execution.
Daniel Bartholomew
bump the VERSION
Thirunarayanan Balathandayuthapani
MDEV-34998 Assertion `n_fields > n_cols || type & 32' failed in dict_index_t::init_change_cols on ALTER

Problem:
=======
During ALTER TABLE with column type modification and index addition,
InnoDB aborts with an assertion failure when processing collation
changes for single-column secondary indexes.

Solution:
========
dict_index_t::init_change_cols(): A single-column prefix secondary
index can have n_cols == n_fields when the column is the same as
the primary key column and undergoes a collation or type change
during ALTER TABLE.
Marko Mäkelä
MDEV-13542 fixup: Remove orphan trx_print()
Sergei Golubchik
fix columnstore for new cmake
Sergei Golubchik
MDEV-39658 ASAN crash on invalid proxy_protocol_networks value

max_subnet estimate was off by one.

* only allow address with a known family
  (trips an assert in addr_matches_subnet())
* adjust max_subnet estimate accordinly
Jan Lindström
Prepare for Galera library version 26.4.27
Marko Mäkelä
MDEV-39344: fetch_data_into_cache() clears "is_truncated"

There is a memory limit implemented for the INFORMATION_SCHEMA tables
innodb_trx, innodb_locks, innodb_lock_waits. The predicate
trx_i_s_cache_is_truncated() would never hold in
trx_i_s_common_fill_table() due to a logic bug that had been
introduced in a refactoring.

fetch_data_into_cache(): Shrink the critical section of lock_sys.latch
and do not unconditionally reset cache->is_truncated when leaving the
function. This fixes a correctness regression that had been introduced
back in 2007 by commit 5cbf4e3840491c2d80928641bc0fbb8135e9c201
for the InnoDB Plugin for MySQL 5.1, which later became
the built-in InnoDB in MySQL 5.5 and MariaDB Server 5.5.

Reviewed by: Sergey Vojtovich
Sergei Golubchik
MDEV-39657 ASAN error on malformed WKB point

check data length for Gis_point
Sergei Golubchik
proxy protocol v2: fix a harmless typo

according to the rfc, the length is 2 bytes,
but the max length is 226 and there's a validity
check for length <= 240.
Sergei Golubchik
MDEV-39565 missing filename check in mariadb-backup --decompress

check for tablename-safe characters in backed up table files
Marko Mäkelä
MDEV-39344: Fix a TOCTOU race

trx_i_s_possibly_fetch_data_into_cache(): Fetch into the cache and
return whether the cache was truncated. Previously, we checked this
flag without holding any latch.

trx_i_s_cache_start_write(), trx_i_s_cache_end_write(),
trx_i_s_cache_is_truncated(): Remove. These are now part of
trx_i_s_possibly_fetch_data_into_cache().

trx_i_s_cache: Remove. The singleton cache object can be a static object
with no pointer indirection.
Jan Lindström
MDEV-39676 : Galera Cluster-peer > Donor command execution

Add verification of wsrep_sst_donor, wsrep_sst_method and
wsrep_sst_receive_address so that they contain only
supported characters. But allow NULL or empty value.
Sergei Golubchik
MDEV-39622 OBJECT_INSTANCE_BEGIN in P_S are unstable, difficult to compare

let's show stable values that don't change between runs
Oleksandr Byelkin
Merge branch '10.6' into 10.11
Sergei Golubchik
MDEV-39576 PROXY v2 protocol uninitialized memory reads
Jan Lindström
Fix test failure on galera_sst_mariabackup_encrypt_with_key_server

Joiner mariadbd exits when SST is aborted; the exit code varies by
platform (clean 0 on some systems, signalled 134 / 1 on others).

pkill exit code can also vary by platform (clean 0 on some systems,
signalled 1 others).
ParadoxV5
amend "move to init list"