Home - Waterfall Grid T-Grid Console Builders Recent Builds Buildslaves Changesources - JSON API - About

Console View


Categories: connectors experimental galera main
Legend:   Passed Failed Warnings Failed Again Running Exception Offline No data

connectors experimental galera main
Sergei Golubchik
MDEV-40362 #mysql50# mixes up with table names in the table cache

Only allow #mysql50# prefix on table names that would've been
otherwise encoded.

It is an error to put this prefix on a table that maps to the file name
without a conversion.
Rex Johnston
MDEV-36610 Subquery wrongly eliminated by table elimination

When equality propagation (build_equal_items()) merges an equality that
contains a subquery, such as "t1.a = (SELECT ...)", with an outer join's
ON equality, it can inject a reference to that subquery into the ON
expression. If the join columns have compatible types the subquery ends
up as the constant of a multiple equality (which Item::walk() skips); if
they differ (e.g. BIGINT vs INT) the field cannot be merged and the
subquery is substituted in as a plain "tbl.col = (SELECT ...)" argument.

In the latter case, if that outer join is removed by table elimination,
mark_as_eliminated() walks the ON expression and flags the shared
Item_subselect as eliminated. The subquery, however, still lives in
another part of the query and has to be executed, tripping
DBUG_ASSERT(!eliminated) in Item_subselect::exec() (and, in release
builds, disabling the subquery cache and hiding it from EXPLAIN).

The surviving reference can be:
- a WHERE/HAVING/select-list/ORDER/GROUP expression (subquery written
  there and pushed down into the eliminated ON), or
- the ON expression of an outer join that was not eliminated (subquery
  written in a surviving outer ON and pushed down into an eliminated
  inner one).

Fix: after table elimination, walk the expressions that survive into
execution (WHERE, HAVING, select list, ORDER/GROUP BY and the ON
expressions of outer joins that were not eliminated) and clear the
"eliminated" flag on any subquery still reachable from them.

Because a subquery can also be the constant of a multiple equality, and
Item::walk() does not visit an Item_equal's constant, Item_equal gets an
unmark_as_eliminated_processor() override that descends into its constant
explicitly.

Assisted by Claude Opus 4.8
PranavKTiwari
MDEV-40167: GTT created with the InnoDB incorrectly accept FULLTEXT/VECTOR indexes
Problem:
GLOBAL TEMPORARY tables were not subject to the same option/index restrictions as session TEMPORARY tables. Several InnoDB and server-layer checks tested only tmp_table(), so GLOBAL TEMPORARY tables could bypass validation for VECTOR/FULLTEXT indexes, DATA DIRECTORY, KEY_BLOCK_SIZE, and ROW_FORMAT=COMPRESSED.

Cause:
global_tmp_table() was added as a separate predicate from tmp_table(), but not all temp-table checks were updated to test both, so GLOBAL TEMPORARY tables fell through to "permanent table" logic in several places.

Fix:
Added global_tmp_table() alongside tmp_table() at each affected check:

Reject VECTOR and FULLTEXT indexes on GLOBAL TEMPORARY tables.
Reject/warn on DATA DIRECTORY, KEY_BLOCK_SIZE, and ROW_FORMAT=COMPRESSED for GLOBAL TEMPORARY tables, with accurate wording in the DATA DIRECTORY warning.
Fixed zip_allowed and related ut_ad assertions to exclude GLOBAL TEMPORARY tables.
Fixed m_use_file_per_table in set_tablespace_type() to exclude GLOBAL TEMPORARY tables (also fixes m_use_data_dir).
GLOBAL TEMPORARY tables now validate the same as session TEMPORARY tables across these options.
Daniel Black
MDEV-39743: IS JSON was not interuptable

The IS JSON predicate in a query wasn't able to be killed,
and could exceed the max_statement_time of a query.

Introduce the mechanics so that a killed query would
result in the correct error.
Sergei Golubchik
MDEV-40358 symlinked table name is not encoded

encode table name in file name in DATA/INDEX DIRECTORY
Sergei Golubchik
MDEV-40340 mariadb-import --lock-tables crashes

don't change `argv` pointer, it's needed later for --lock-tables
Georgi (Joro) Kodinov
MDEV-39718: Produce Markdown plugin API documentation

Generated the plugin API headers using a shell script.
Fixed some doxygen comment mistakes in the headers.
Added a cmake conveninence target to generate the docs into $BUILD_DIR/docs
Added a main page for the API docs.
Included all of the existing group .md files into the CMake target
Leveraged moxygen 2.1.11's fixes to produce the full API docs in a single go
Removed the list of output .md files from the CMake target and switched to a
stamp file to avoid unnecessary rebuilds of the docs when the list of .md
files changes.
Aleksey Midenkov
MDEV-39306 Index corruption on UPDATE when using versioned InnoDB table (on UPDATE)

VCOL_UPDATE_FOR_READ does not update virtual fields for the following
cases:

1. It is not in read_set;
2. It is not in the index, but can be calculated from index columns;
3. It is stored virtual column.

VCOL_UPDATE_FOR_WRITE does not have conditions 2. and 3.

Test case fails condition 3., stored vcol was not updated by
VCOL_UPDATE_FOR_READ. Since vers_update_fields() is only for write
operations it is safe to change it to VCOL_UPDATE_FOR_WRITE.
Sergei Golubchik
MDEV-40358 symlinked table name is not encoded

encode table name in file name in DATA/INDEX DIRECTORY
Alexey (Holyfoot) Botchkov
MDEV-40356 Server crashes in XMLSchema_simpleContent::validate_prepare.

Return an error when simpleContent is empty.
bsrikanth-mariadb
MDEV-39916: Crash when pushing "NOT col" from HAVING into WHERE

"NOT column" rewrites itself into "column = 0" in fix_fields().
However the rewrite is not done when the "column" is wrapped in an Item_ref.

Later, pushdown_from_having_into_where() will strip the Item_ref object
and will call
  Item_func_not(Item_field())->fix_fields(thd, ref=NULL);
This call will attempt the rewrite and crash when writing into NULL pointer.

Fixed this in two places:
* Make Ittem_func_not::fix_fields() use real_item() and so recognize fields
  wrapped in Item_ref-like objects.

* Make pushdown_from_having_into_where() pass the right pointer as
  fix_fields() argument.
Aleksey Midenkov
WITHOUT_ABI_CHECK followup

Followup for b337e14440b as info_src takes time too.
info_src does not make much sense without ABI check.
Vladislav Vaintroub
MDEV-27561 Fix uninitialized memory in DES_ENCRYPT

Initialize keyblock to zero before EVP_BytesToKey to prevent ununitialized
access later in DES_set_key_unchecked()
Vladislav Vaintroub
MDEV-27561 Fix uninitialized memory in DES_ENCRYPT

Initialize keyblock to zero before EVP_BytesToKey to prevent ununitialized
access later in DES_set_key_unchecked()
Sergei Golubchik
MDEV-40362 #mysql50# mixes up with table names in the table cache and on disk

Only allow #mysql50# prefix on table names that would've been
otherwise encoded. It is an error to put this prefix on a table
that maps to the file name without a conversion.

Don't allow creation of new tables with the #mysql50# prefix.
bsrikanth-mariadb
MDEV-39916: Crash when pushing "NOT col" from HAVING into WHERE

Add comments near "List<Item> attach_to_conds", inside class
st_select_lex, stating that the conditions from having clause into where
optimization are added to this list.
Yuchen Pei
MDEV-31182 Make Field_geom::set_key_image do nothing

In fact, it should not be called at all, as GIS indexes do not store
the whole data.

Remove the only known callsite covered by a testcase (added in this
commit), in print_key_part_value
Alexey (Holyfoot) Botchkov
MDEV-39683 Numeric aggregates should end up with an error for xmltype.

Appropriate xxx_fix_length_and_dec() added to the Type_handler_xmltype.
Aleksey Midenkov
MDEV-32317 Trace for ref_ptrs array (ref_array keyword)

Usage:

  mtr --mysqld=--debug=d,ref_array,query:i:o,/tmp/mdl.log
Rex Johnston
MDEV-26940 Item_cond::remove_eq_conds leaves corrupt Item_equal

pushdown_cond_for_derived/merge_into_list/remove_eq_conds leaves
an Item_equal in an invalid state.  This Item_equal is later used
by find_producing_item causing an assert in debug builds and perhaps
incorrect results in a release build. This Item_equal should no longer
be referred to, so rather than correct the Item_equal, we correct the
reference used later to look up our base table field.

Affected queries will likely have an outer condition pushed down into
2 different derived tables based on the same base table.
Aleksey Midenkov
MDEV-39384 Comments on update_virtual_fields() modes
Mohammad Tafzeel Shams
MDEV-39848 : MSAN use-of-uninitialized-value in
btr_sea::hash_table::lock_get()

Issue:

Race condition in adaptive hash index:
btr_sea::partition::insert() allocates a new ahi_node,
increments free_offset, and then releases blocks_mutex before
initializing the node's fields (fold, rec, next).
Meanwhile, cleanup_after_erase_start() could acquire the
mutex and retrieve the uninitialized "top" node via
last->frame + last->free_offset - sizeof(ahi_node), then
access top->fold, triggering an MSAN error.

Fix:

- btr_sea::partition::insert() :
Initialize ahi_node fields (fold, rec, next, and debug
block) while still holding blocks_mutex, before the
wr_unlock() call. This ensures the node is fully
initialized before any other thread can observe it via
cleanup_after_erase_start().
Jaeheon Shim
MDEV-39932 Accept aggregated outer columns in subquery

Under ONLY_FULL_GROUP_BY, a query that aggregated an outer column inside
a subquery was wrongly rejected. This is fixed in
Item_field::fix_outer_field by not appending the field to
select->join->non_agg_fields when thd->lex->in_sum_func is not null.

Furthermore, in Item_sum::check_sum_func, for all outer fields that are
not aggregated at their SELECT_LEX's nest level, we append these fields
to sel->join->non_agg_fields in order to ensure proper aggregation after
the Item_sum's nest_level is known.

Make sure marker still gets set upon outer field resolution, even if that
field is inside an aggregate

Later on we may find that the aggregate does not aggregate that field at the
proper level, but for this to work correctly the marker needs to be set to
the cur_pos_in_select_list at the query level of outer_field resolution

Guard against sel->join being nullptr

Approved-by: Rex Johnston ([email protected])
Aleksey Midenkov
MDEV-39184 TABLE_LIST C++-friendly initialization refactoring

The problem with the current initialization is that TABLE_LIST ctors
as well as init_one_table*() functions call reset() that byte-zeroes
the object after encapsulated objects were initialized by their
constructors. That specifically creates the wrong value for
mdl_request.type which must be MDL_NOT_INITIALIZED (-1) by default and
bzero() reverts it to MDL_INTENTION_EXCLUSIVE (0). And these constant
values is not easy (if not possible) to change.

The fix introduces utility base class Byte_zero which moves bzero()
call before the encapsulated ctors (as parent classes' ctors are
called first). So now encapsulated ctors are not called redundantly
and no double initialization is needed.

All the C++-constructed objects call init_one_table*() as before, only
without reset(). The C-alloced objects call init_one_tab*_r() versions
that call reset(). These will be replaced back to no-reset() versions
after their allocation is refactored to C++ version.
Sergei Golubchik
cleanup: main.drop test
Sergei Golubchik
MDEV-40360 CONNECT REST can pass arguments to curl via HTTP parameter

tell curl to not try to interpret url as a parameter
Georg Richter
Fix build error (macos)
Georg Richter
rpl: Fix boundary underflows, alignment UB, and secure fuzzer paths

Extensively hardened the replication event parsing loop and rpl_fuzzer
against integer truncation bugs, unaligned memory accesses, and stack
exhaustion vulnerabilities exposed by coverage-guided fuzzing.

Replication Engine & Packet Boundary Fixes:
- Hardened FORMAT_DESCRIPTION_EVENT parsing by enforcing strict minimum
  event length layout constraints to prevent downstream array parsing corruption.
- Hardened pointer subtraction math in RPL_CALC_SAFE_LEN to assert bounds
  checks before casting to unsigned size_t, preventing wrapped negative
  offsets (e.g., -7 length allocations) from bypassing fuzzer guardrails.
- Upgraded event validation checks throughout the case state matrix to
  strictly reject any computed lengths that evaluate to <= 0.
- Refactored loose string tracking handlers to enforce length-bounded
  memory boundary matching (memcmp) instead of raw strstr/strlen, blocking
  potential out-of-bounds reads on non-null-terminated network payloads.

rpl_fuzzer Stabilization & Sanitizer Fixes:
- Fixed UndefinedBehaviorSanitizer (UBSan) alignment runtime errors inside
  the fuzzer's length clamping loop by substituting direct uint32_t pointer
  dereferences with safe unaligned memcpy operations.
- Hardened mariadb_rpl_send_semisync_ack to eliminate dangerous unbounded
  alloca() calls on the execution stack, implementing a safe, bounded local
  fallback workspace with clean malloc/free degradation routing.
- Added explicit null verification to deep connection handles (rpl->mysql)
  to eliminate crash vectors under flaky connection drops.
PranavKTiwari
Added check.
ParadoxV5
Fix `Gtid_log_event::is_part_of_group()`

It is the only event type that returns `true` in
`Log_event::is_part_of_group(enum Log_event_type)` but `false` in
`Log_event::is_part_of_group()`.
Georg Richter
rpl: Fix boundary underflows, alignment UB, and secure fuzzer paths

Extensively hardened the replication event parsing loop and rpl_fuzzer
against integer truncation bugs, unaligned memory accesses, and stack
exhaustion vulnerabilities exposed by coverage-guided fuzzing.

Replication Engine & Packet Boundary Fixes:
- Hardened FORMAT_DESCRIPTION_EVENT parsing by enforcing strict minimum
  event length layout constraints to prevent downstream array parsing corruption.
- Hardened pointer subtraction math in RPL_CALC_SAFE_LEN to assert bounds
  checks before casting to unsigned size_t, preventing wrapped negative
  offsets (e.g., -7 length allocations) from bypassing fuzzer guardrails.
- Upgraded event validation checks throughout the case state matrix to
  strictly reject any computed lengths that evaluate to <= 0.
- Refactored loose string tracking handlers to enforce length-bounded
  memory boundary matching (memcmp) instead of raw strstr/strlen, blocking
  potential out-of-bounds reads on non-null-terminated network payloads.

rpl_fuzzer Stabilization & Sanitizer Fixes:
- Fixed UndefinedBehaviorSanitizer (UBSan) alignment runtime errors inside
  the fuzzer's length clamping loop by substituting direct uint32_t pointer
  dereferences with safe unaligned memcpy operations.
- Hardened mariadb_rpl_send_semisync_ack to eliminate dangerous unbounded
  alloca() calls on the execution stack, implementing a safe, bounded local
  fallback workspace with clean malloc/free degradation routing.
- Added explicit null verification to deep connection handles (rpl->mysql)
  to eliminate crash vectors under flaky connection drops.
Yuchen Pei
MDEV-31182 Make Field_geom::set_key_image do nothing

In fact, it should not be called at all, as GIS indexes do not store
the whole data.

Remove the only known callsite covered by a testcase (added in this
commit), in print_key_part_value
Sergei Golubchik
mysqldump: remove dead and broken code

since 2006 (3840774309bc) mysqldump tried to be smart when dumping
events - it tried to automatically detected a delimiter per event
that was not present in the event body, using ";;" by default.

This never worked, was broken since the first commit. It either used
the default ";;" or failed after trying the same ";;" delimiter
2147483646 times.

All other objects (routines, triggers, etc) used a hard-coded ";;"
for 20 years, which apparently worked fine. Let's remove the old
broken logic and dump events like all other objects,
Vladislav Vaintroub
MDEV-27561 Fix uninitialized memory in DES_ENCRYPT

Initialize keyblock to zero before EVP_BytesToKey to prevent ununitialized
access later in DES_set_key_unchecked()

Also, harden DES_ENCRYPT against second PS execution.
Aleksey Midenkov
MDEV-39063 Server crashes at Item_func_lastval and Item_func_setval with CTE alias

Pure aliases are not handled properly by Item_func_lastval::val_int()
and Item_func_setval::val_int().

This is followup fix for MDEV-33985 where it missed similar cases for
LASTVAL() and SETVAL().

add_table_to_list() does not create MDL request for pure aliases,
i.e. when there is no table_list->db set or TL_OPTION_ALIAS was
set. When the expression is not inside CTE the case with empty db is
handled by:

  else if (!lex->with_cte_resolution && lex->copy_db_to(&db))
    DBUG_RETURN(0);

So, table_list gets current database name and the query is failed with
ER_NO_SUCH_TABLE error.

The fix adds the case of is_pure_alias() check for val_int() methods
and fails it with ER_NOT_SEQUENCE2 error.

Note: semantics for TL_OPTION_ALIAS cannot be based on empty db, only
parser can set TL_OPTION_ALIAS as resolve_references_to_cte() relies
on TL_OPTION_ALIAS after copy_db_to().
Sergei Golubchik
cleanup: main.drop test
Aleksey Midenkov
MDEV-38854 Assertion table->vers_write fails upon ODKU into table with versioned column

In MDEV-25644 vers_check_update() sets vers_write to false in case it
returns false. It is ok for UPDATE but is not correct for ODKU is bulk
insert requires vers_write on next tuple.

The fix return vers_write value back when vers_check_update() and
related vers_insert_history_row() are done in ODKU.
Yuchen Pei
MDEV-31182 Check for blob too in create_key_parts_for_pseudo_indexes

BLOB and VARCHAR has keys prefixed with length of the payload. This
length data itself has length HA_KEY_BLOB_LENGTH which is 2, as
demonstrated for example in Field_blob::set_key_image and
Field_varstring::set_key_image.

In this patch, when preparing key info for a range analysis, we
account for this extra HA_KEY_BLOB_LENGTH in the total key length for
BLOB. Previously it was only done for VARCHAR. This way, when doing
the actual range analysis, LIKE (Item_func_like::get_mm_leaf) can
correctly identify that it is dealing with a BLOB, thereby allowing
the space of 2 for the length data. This avoids later
Field_blob::set_key_image reading the payload as length data and
causing reading the wrong memory segment for the payload.
Aleksey Midenkov
MDEV-39184 Cleanup for MDL_NOT_INITIALIZED

As C++ style initialization of TABLE_LIST now works correctly after
Byte_zero refactoring. We may remove MDL_NOT_INITIALIZED double
initialiation.
Hemant Dangi
MDEV-40280: FreeBSD galera.galera_max_ws_rows test failure

Issue:
For unknown error numbers, BSD-derived libc (macOS, FreeBSD, ...) formats
"Unknown error: <n>" with a colon, while glibc uses "Unknown error <n>".
my_strerror()'s colon-stripping (MDEV-35578) was gated on __APPLE__ only,
so FreeBSD output diverged from the .result.

Solution:
Normalize by behavior instead of by platform: always strip the colon after
"Unknown error". glibc never emits it, so it is a no-op there, and
macOS/FreeBSD/other BSD libc are all covered without enumeration. This is
what MDEV-35578 already intended ("consistent across the platforms ...
when present"); the __APPLE__ guard was just narrower than that intent.
Runs only in the unknown-error path.