Home - Waterfall Grid T-Grid Console Builders Recent Builds Buildslaves Changesources - JSON API - About

Console View


Categories: connectors experimental galera main
Legend:   Passed Failed Warnings Failed Again Running Exception Offline No data

connectors experimental galera main
Vladislav Vaintroub
MDEV-37556 Memory leak in proxy protocol with name resolution enabled

When proxy protocol is used and --skip-name-resolve is not set,
thd_set_peer_addr() is called twice per connection: once for the real TCP peer (in check_connection),
and again for the proxied address (in handle_proxy_header).
Each call invokes ip_to_hostname(), which allocates a hostname string
(unless loopback connection is used) and stores it as
thd->main_security_ctx.host. That code missed to free previously
allocated hostname, which results into memory leak.

This is now fixed. Also added debug-only test to mysql_client_test, which
fakes DNS and IP resolution the same way some perfschema tests do, to
emulate remote TCP connection in MTR.
Sergei Golubchik
MDEV-39292 fix incorrect merge
Jan Lindström
MDEV-40027 : Galera Cluster-peer > Donor command execution

An appropriately privileged user (with SUPER privileges) could
execute shell commands as the uid of the mariadbd process
because the values of the system variable wsrep_sst_auth,
which can be modified at runtime, were not properly
sanitized when used to construct a shell command.

Combined rsync and mariabackup test cases and added
test case for incorrect values for wsrep_sst_auth.
Vladislav Vaintroub
bla
Vladislav Vaintroub
meh
Teemu Ollakka
Add missing notify_state_change() in Wsrep_client_service.

The change was forgotten from previous rebase/wsrep-lib update.
Sergei Golubchik
MDEV-40059 too long character_set_collations crash
drrtuy
disable sfinae-incomplete warning for DuckDB code.
forkfun
Merge branch '10.11' into '11.4'
Kristian Nielsen
Document the correct use of replication terminology

Signed-off-by: Kristian Nielsen <[email protected]>
Raghunandan Bhat
MDEV-38971: ASAN/UBSAN errors, assertion `is_valid_value_slow()` failure upon combination temporal functions and `ZERO_DATE_TIME_CAST`

Problem:
  `Item_func_last_day::get_date` forwarded the TIME_INTERVAL_DAY /
  TIME_INTERVAL_hhmmssff flag from an enclosing EXTRACT into the
  Datetime conversion of its argument, making LAST_DAY(200012010000)
  parse as a TIME interval instead of a DATETIME. Under
  ZERO_DATE_TIME_CAST that hour became an out-of-range month,
  overflowing days_in_month[] in `check_date` and invalidating the
  Datetime.

Fix:
  A DATE/DATETIME can never be an interval, so suppress the
  TIME_INTERVAL_hhmmssff / TIME_INTERVAL_DAY flags when `LAST_DAY`
  converts its argument.
Marko Mäkelä
MDEV-39344: trx_disconnect_prepared() uses wrong mutex

trx_t::disconnect_prepared(): Replaces trx_disconnect_prepared().
Protect is_recovered, mysql_thd with mutex, to be consistent with
protecting fetch_data_into_cache_low().

This fixes up
commit c0817dac99c28698dfc2b548d89acf1fb41dc32e (MDEV-29575).

Suggested by: Sergey Vojtovich
Vladislav Vaintroub
meh
Rex Johnston
MDEV-30073 Wrong result on 2nd execution of PS for query with NOT EXISTS

Summary: Items of type Item_direct_view_ref which are reverted with the
change_item_tree mechanism are involved in permanent optimizer
transformations.  This commit ensures that items involved in these
permanent transformations are created during the first execution
and re-used for subsequent executions.

Queries affected by this bug are numerous, but will always involve
1) 2nd execution of a prepared statement or procedure
2) a permanent transformation, such as a semi-join optimization

Detail:

Consider this run as a prepared statement
SELECT * FROM t1
  WHERE EXISTS
  (
    SELECT dt.a FROM
      (
        SELECT t2a as a, t2b as b FROM t2
      ) dt
      WHERE dt.b = t1a
  )

During name resolution of field dt.b (in the where clause) we end
up calling find_field_in_view()/.../create_view_field().
This is responsible for creating a wrapper around the found Item
(Item_field*)`test`.`t2`.`t2b`
While this Item_direct_view_ref representing 'dt.b' is allocated on
Statement (permanent) memory the change is registered to be reversed
at the end of statement execution.  This is odd and contrary to the
permanent nature of this transformation.

Item::exists2in_processor() is called during the preparation in the
first execution.
We transform the query from
select * from t1 where
exists
(
  select `test`.`t2`.`t2b` from
    (
      select `test`.`t2`.`t2a` AS `a`,`test`.`t2`.`t2b` AS `b` from `test`.`t2`
    ) `dt`
    where `test`.`t2`.`t2b` = `test`.`t1`.`t1a`
    limit 1
)

select * from t1 where
`test`.`t1`.`t1a` in
(
  select `test`.`t2`.`t2b` from
    (
      select `test`.`t2`.`t2a` AS `a`,`test`.`t2`.`t2b` AS `b` from `test`.`t2`
    ) `dt`
    where 1
)

later, the optimizer merges the derived table dt into it's parent

select * from t1 where
`test`.`t1`.`t1a` in
(
  select `test`.`t2`.`t2b` from t2 where 1
)

then this is transformed into a semi-join

select t1.* from t1 semi join t2 on t1a = t2b

At the end of the first execution, the item t2b above is reverted to
dt.b.  During the subsequent name resolution of dt.b, it is resolved
t2a, and the semi-join executed corresponds to

select t1.* from t1 semi join t2 on t1a = t2a

causing a different result set.

Initial Author: Igor Babaev
Reformatted and refactored by: Rex Johnston ([email protected])

Add assert to ensure Item_direct_view_refs are not allocated on
the 2nd execution.
Jan Lindström
MDEV-40056 : Analyze Galera Dynamic Variables Susceptible to RCEs

Fix potential issue with wsrep_node_address by allowing
only correctly constructed address.
Hemant Dangi
MDEV-38843: BF applier failed on a node causing complete Cluster lockup

Issue:
When a BF applier failed to apply a write set and the transaction
rollback returned non-zero, wsrep-lib's apply_write_set() short-circuited
log_dummy_write_set(). That call releases commit order through
commit_order_leave() -- which drives the inconsistency vote -- and
advances the storage engine checkpoint. Skipping it left the seqno stuck
in commit order, so following appliers blocked on commit_order_enter and
the node silently locked the cluster while staying in the primary
component.

Solution:
wsrep-lib now always calls log_dummy_write_set() on the apply-error path,
so the apply error reaches the provider and the node is voted out and
evicted instead of hanging. The rollback result is still folded into ret,
and Wsrep_high_priority_service::rollback() returns its real result again.
Thirunarayanan Balathandayuthapani
- Changing the order how --prepare resolves mariadbd
forkfun
Merge branch '11.4' into '11.8'
Vladislav Vaintroub
MDEV-40001 my_sync() does not use NtFlushBuffersFileEx()

Copy the logic from Innodb. Use a fallback to FlushFileBuffers(), if
NtFlushBuffersFileEx() fails.

my_winfile.c is renamed to my_winfile.cc, since it is using a C++ feature,
initialization of global variable using non-constant expression.
Exported functions remain extern "C"
Sergei Golubchik
update CODING_STANDARDS.md for agent era

* moved human-oriented hopefully eventually consistent codiing style
  document to https://mariadb.org/about/coding-style/
* rewrote the document in an agent friendly way: main rule first,
  don't repeat rules that the agent would follow by default anyway,
  highlight differences with the defaults, don't overdo explaining.
* asked claude to look through sql/ and mysys/ extract common patterns and
  add them here as rules
Vladislav Vaintroub
meh2
Daniel Bartholomew
bump the VERSION
Thirunarayanan Balathandayuthapani
MDEV-34998 Assertion `n_fields > n_cols || type & 32' failed in dict_index_t::init_change_cols on ALTER

Problem:
=======
During ALTER TABLE with column type modification and index addition,
InnoDB aborts with an assertion failure when processing collation
changes for single-column secondary indexes.

Solution:
========
dict_index_t::init_change_cols(): A single-column prefix secondary
index can have n_cols == n_fields when the column is the same as
the primary key column and undergoes a collation or type change
during ALTER TABLE.
forkfun
Merge branch '12.3' into '13.0'
drrtuy
chore: avoid building DuckDB at x86_32.
Vladislav Vaintroub
meh3
bsrikanth-mariadb
MDEV-21735: Wrong result with prefix indexes using rocksdb

Rows are missing from the output when searching by indexed text column
when the value is longer than the index's prefix length.
Using "like 'prefix%'" only works when the prefix is shorter than the
index's length (or equal, if value=prefix).
The issue seems to only happen when using utf8/utf8mb4/utf16/utf32 collations.
However, latin1/ascii/ucs2 collations work correctly.

For non-working collations, the mem-comparable buffer created for values
put into the index and the one read from the index are different.

When buffer is being filled with binary form data, the length, and
weights arguments are set to the same value for strnxfrm() when invoked
from Field_blob::sort_string(). Since weights are set to a larger value, we
fill space with unnecessary data in the buffer, and hence
the buffer comparison fail.

Solution
--------
Set the weights argument to length/charset::mbmaxlen() value, which is
what was being done in other types such as Field_varstring, as well as
other methods in Field_blob.
Vladislav Vaintroub
meh4
forkfun
MDEV-35630 Wrong ER_FK_COLUMN_CANNOT_CHANGE with a STORED column before the FK column

prepare_inplace_alter_table() maps a field position to an InnoDB
cols[] position by skipping columns absent from that array. It used
Field::vcol_info, which is also set for STORED generated columns, so
such a column shifted the mapping by one and the FK-membership check
examined the wrong column, raising a false ER_FK_COLUMN_CANNOT_CHANGE.

Skip only truly virtual columns: use !stored_in_db() instead of
vcol_info.
Oleg Smirnov
MDEV-36344: UBSAN Lifo_buffer::have_space_for change

Adjust Lifo_buffer::have_space_for to not lead itself to UBSAN
overflows.
Marko Mäkelä
MDEV-39344: fetch_data_into_cache() clears "is_truncated"

There is a memory limit implemented for the INFORMATION_SCHEMA tables
innodb_trx, innodb_locks, innodb_lock_waits. The predicate
trx_i_s_cache_is_truncated() would never hold in
trx_i_s_common_fill_table() due to a logic bug that had been
introduced in a refactoring.

fetch_data_into_cache(): Shrink the critical section of lock_sys.latch
and do not unconditionally reset cache->is_truncated when leaving the
function. This fixes a correctness regression that had been introduced
back in 2007 by commit 5cbf4e3840491c2d80928641bc0fbb8135e9c201
for the InnoDB Plugin for MySQL 5.1, which later became
the built-in InnoDB in MySQL 5.5 and MariaDB Server 5.5.

Reviewed by: Sergey Vojtovich
forkfun
Merge branch '11.8' into '12.3'
Sergei Golubchik
only check for duckdb stuff if target duckdb is enabled
Sergei Golubchik
refactor submodule.cmake to fetch less

don't update all submodules automatically,
only update those that are actually used by the build
Marko Mäkelä
MDEV-39344: Fix a TOCTOU race

trx_i_s_possibly_fetch_data_into_cache(): Fetch into the cache and
return whether the cache was truncated. Previously, we checked this
flag without holding any latch.

trx_i_s_cache_start_write(), trx_i_s_cache_end_write(),
trx_i_s_cache_is_truncated(): Remove. These are now part of
trx_i_s_possibly_fetch_data_into_cache().

trx_i_s_cache: Remove. The singleton cache object can be a static object
with no pointer indirection.
Vladislav Vaintroub
meh
Oleksandr Byelkin
Merge branch '10.6' into 10.11
Dmitry Shulga
MDEV-40004: Server crashes in sp_head::register_instr_mem_root_for_deallocation upon shutdown

n shutdown server could crash in case triggers executed during server run
and some of triggers instructions were re-compiled.

The crash is caused by attempt to allocate a memory for storing pointers
on mem_roots used for memory allocation taken place on re-parsing failing
trigger's statements. The reason of crash is dereferencing of nullptr
returning by the function current_thd().

To fix the issue, use dummy THD on shutdown the table definition cache.
tdc_start_shutdown() is solely invoked from the function clean_up()
but the later is called from many places around the source code, not only
from mysql_main(), particularly clean_up() is called from unireg_abort().
Therefore, the extra argument added into the signature of the function
cleanup() to allow explicit request of use dummy THD on shutdown the table
definition cache.
Sergei Golubchik
MDEV-40058 cached_sha2_password crashes on zero-length password

valid encrypted password cannot have zero length and must end with '\0'
Daniel Black
MDEV-36344: UBSAN DsMrr_impl::dsmrr_init on null ptr

Under SQL_SELECT::test_quick_select there isn't
a mrr buffer. The TRP_RANGE.mrr_buf_size is explictly
sets its size to 0 in get_best_index_intersect.

Rather than hit undefined behaviour in what
eventually results in full_buf being nullptr,
jump the case and go directly to use_default_impl.