Console View

Categories: connectors experimental galera main

Legend:

Passed

Failed

Warnings

Failed Again

Running

Exception

Offline

No data

connectors

experimental

galera

main

fd96002425af...

fd96002425af09248b5f9df914d5e34e6aa81dc5

Vladislav Vaintroub

vvaintroub@gmail.com

wip

f99245bdd6ef...

f99245bdd6ef7e47c8bed9c92b2c60f0605bd7d6

Hemant Dangi

hemant.dangi@mariadb.com

MDEV-39721: wsrep_notify.cc: reject shell-unsafe characters in joiner-supplied member fields

Issue:
wsrep_notify_status() interpolated members[i].name() (the peer's
wsrep_node_name) and members[i].incoming() verbatim into a command
string that is then executed via 'sh -c' by wsp::process. A peer
joining the cluster with shell metacharacters in its wsrep_node_name
or wsrep_node_incoming_address caused arbitrary commands to run on
every cluster member that had wsrep_notify_cmd configured.
MDEV-39413 introduced safe() for the same threat class in the SST
scripts but did not cover the C++ wsrep_notify path.

Solution:
Validate each substituted field against a narrow whitelist before
interpolating. Node name allows alnum and -_. ; node address
additionally allows :[]/ for host:port and [ipv6] forms. On bad
input the notification is skipped with an error log instead of
forwarding the unsafe value to sh -c.

f279551013d1...

f279551013d1319f27344080e2c0758f3959cebf

Sergei Golubchik

serg@mariadb.org

MDEV-39288 SHOW CREATE ROUTINE does not apply to roles

Reported by Aisle Research

ed8404a73f93...

ed8404a73f93e79aff7227bb4560a44cbfdb5d1c

Hemant Dangi

hemant.dangi@mariadb.com

e9f080ec5792...

e9f080ec5792cba9e8895839a938d4640073e8a2

Hemant Dangi

hemant.dangi@mariadb.com

e4bdee5a0d68...

e4bdee5a0d681b96073d0c005109058f0979ee34

Daniel Black

daniel@mariadb.org

MDEV-36453 UBSAN: main.mysqltest - runtime error: null pointer

..passed as argument 2, which is declared to never be null
(dynstr_append_mem).

dynstr_append_mem, uses memcpy to append to the string which in the glibc
library is declared to not take null string as the src. Defensively we
declare dynstr_append_mem to not take a null argument too.

mariadb-test, to prevent it calling dynstr_append_mem with a null
mtr variable value, one that hasn't been initialized, we return an
error if the value is null. The result of this is the $6 in the test
case is never assigned a value and would error.

With this resolved, strchr, if the string isn't found, a null pointer is
returned. UBSAN will complain both about incrementing a pointer beyond
the boundary, and also incrementing if it is null.

e41fc2243552...

e41fc224355224fe67d3f5d3acae530ba31a4b32

Vladislav Vaintroub

vvaintroub@gmail.com

CI - Fix Github Actions warning, bump actions/checkout version

e1972bc579ad...

e1972bc579adf1a181fb337a7422a5ce25ac8275

Daniel Black

daniel@mariadb.org

MDEV-36808 json_array_intersect incorrect results

After JSON_ARRAY_INTERSECT returned a NULL result, within the
table scan, all subsequent values where NULL.

The checking of null_value in Item_func_json_array_intersect::val_str
meant that after the first occurrence of null, all values
were null.

The purpose of this check started in
Item_func_json_array_intersect::prepare_json_and_create_hash
where null_value=1 was used to indicate that an object
wasn't an array. Replaced to use dedicated is_array boolean.

Reviewed by: Rucha Deodhar

d37e50c6d04c...

d37e50c6d04c7c27362f1668ae86fa592b94fb23

Oleksandr Byelkin

sanja@mariadb.com

fix long name on view protocol

d2c98ad8df14...

d2c98ad8df14afd022512511d74b8374565848af

Hemant Dangi

hemant.dangi@mariadb.com

d0501281ecb0...

d0501281ecb025b0d3ccf72b2d7e3e9473705f35

Sergei Golubchik

serg@mariadb.org

MDEV-39481 ASAN error on malformed WKB polygon

let's make is difficult for wkb and len to desync

c0fb84483329...

c0fb8448332972fce3adc176f195a573f9fdc83d

Sergei Golubchik

serg@mariadb.org

MDEV-39493 FILE privilege isn't checked for derived

check global privileges separately,
before checking for per-table SELECT_ACL

bedacb3eeb94...

bedacb3eeb94a04e35633580f8423c010338bc34

Oleksandr Byelkin

sanja@mariadb.com

new CC 3.3

b74f39db60f7...

b74f39db60f79a22f0f1d614d30565fea8e70c76

Daniel Black

daniel@mariadb.org

MDEV-35545 UBSAN Gis_geometry_collection::init_from_opresult

From the UBSAN error:

sql/spatial.cc:3364:10: runtime error: applying non-zero offset 1 to null pointer

In Gis_geometry_collection::init_from_opresult, a pointer argument
was being treated as a counter for the Special case of
GEOMETRYCOLLECTION EMPTY. The memory location was never accessed.

Rather than use points to count and return a difference at the end, the
code is replace to use g_len_total as a counter. This gets a 1 value for
the GEOMETRYCOLLECTION EMPTY case and no ointer undefined behaviours
occur.

As other init_from_opresult functions return uint both g_len and
result use that type.

b66db0f23bd2...

b66db0f23bd253bfdcd8f475b017d49f36d05d9f

Marko Mäkelä

marko.makela@mariadb.com

MDEV-32115: Log checkpoint race with wsrep_sst_method=rsync

Galera snapshot transfer (SST) using the default wsrep_sst_method=rsync
is prone to creating corrupted snapshots. The probability for this is
rather low and might only affect installations that include
ENGINE=InnoDB tables that contain FULLTEXT INDEX.

The function sst_disable_innodb_writes() aims to disable all InnoDB writes
during the time a snapshot transfer (SST) is in progress using the
default wsrep_sst_method=rsync.

The logic based on invoking log_make_checkpoint() almost works, except
for two things: We failed to ensure that fts_optimize_callback() has
stopped executing, and we did not block updates of the log checkpoint
header.

log_checkpoint_low(): Assert that writes to the log are allowed.

buf_flush_page_cleaner(): Do not try to advance the checkpoint while
wsrep_sst_method=rsync is in progress. This prevents the assertion
in log_checkpoint_low() from failing.

fts_optimize_pause(), fts_optimize_resume(): Pause and resume the
fts_optimize_callback().

sst_disable_innodb_writes(): Disable all background writers
before initiating the log checkpoint.

fts_optimize_callback(): Assert that wsrep_sst_method=rsync is not
active, and remove the previous incorrect attempt at fixing this race.

aeb477b71a8b...

aeb477b71a8b5b7ddd3e01036f60f63aaebdcde4

Dave Gosselin

dave.gosselin@mariadb.com

MDEV-23278: Incorrect Calculation with AVG() Function

Type_handler_int_result::Item_decimal_precision assumes that
max_length includes space for a sign, but Item_int literals don't
include such a space. When aggregate_attributes_int propagates these
into functions via a Item_type_holder, the formula computes
precision-1 (or 0 for 1-digit cases), producing the incorrect
calculation with AVG.

This fix changes aggregate_attributes_int to follow the convention the
Type_handler expects, that max_length = max digit-count + (signed ? 1
: 0). This matches the TODO comment that begins with "TODO: rewrite
aggregate_attributes_int()... " which suggested this idea.

97642a1353bb...

97642a1353bb69dc5f1ba2c6c91b4bd26b77386e

Daniel Black

daniel@mariadb.org

MDEV-26814: UBSAN: offset to nullptr in JSON_ARRAY_INSERT

SELECT JSON_ARRAY_INSERT (0,NULL,1); triggered a UBSAN error.
Specification of JSON_ARRAY_INSERT should return NULL if any arguments
are null.

SQL NULL, aka Item_null::val_str will return a nullptr so check this and
then return a NULL value.

92641e4aa867...

92641e4aa867bc7d7068e7e6829a92007feb9162

Sergei Golubchik

serg@mariadb.org

MDEV-39478 COM_STMT_EXECUTE incorrectly checks for parameter value length

* remove redundant checks for `len` in `get_param_length()`
* validate return value `length` in `get_param_length()`
* fix all `Item_param::set_param_XXX()` methods to never read past `len`

note that all `Item_param::set_param_XXX()` methods correctly handle
zero-length values.

902d05a22a75...

902d05a22a754ceb79669c6a9ecb37399282c17a

Rucha Deodhar

rucha.deodhar@mariadb.com

MDEV-39213: json range syntax crash

Analysis:
When json is being parsed, the step decreases without a out-of-bound check
resulting in failure.
Fix:
Before decreasing the step, check if it will result into out of bound.

8f434a13a78f...

8f434a13a78f5c5bfb4cb906e455876a1a172480

Daniel Black

daniel@mariadb.org

MDEV-36451: blackhole float-cast-overflow

As UBSAN error, the attempt of evaluating a best_acess_path in the
optimizer was using -nan as its worst_seeks value. This didn't cast to
an integer for a rows estimate value resulting in the UBSAN error.

The blackhole engine had a worst_seeks derived from read_time (same
value). This was derived in the default handler::scan_time as
stats.data_file_length / stats.block_size expression where both where 0.

Corrected this by giving the default handler::scan_time an implementation
that just returns 0 for the case where stats.block_size was 0, to avoid
returning a NaN values for all storage engines that leave their
stats block_size as 0, including the backhole.

83ba0123af38...

83ba0123af382701cf339f9596f722ec085f1bf8

ayush-jha123

kumarayushjha123@gmail.com

MDEV-38010: Master & relay log info files ignore trailing garbage in numeric lines

This patch fixes an issue where Int_IO_CACHE::from_chars stops parsing at the
first invalid character but fails to consume the remainder of the line. This
caused trailing garbage on a numeric field (like Master_Port) to be interpreted
as the value for the subsequent field.

The fix introduces a strict validation helper is_string_blank_or_empty which
ensures that only whitespace or control characters follow the parsed numeric
value. The init_*_from_file functions now zero-initialize variables, perform
error checking immediately after string conversion, and safely reject files with
trailing garbage.

The test master_info_numeric_validation has been updated to use --move_file
for robust backup and restoration of the master.info file.

7efbb0d0b267...

7efbb0d0b267a9548d58574179bac056a173931f

Daniel Black

daniel@mariadb.org

MDEV-38913: pam_mariadb_mtr.so installation path change

This reverts the effect of MDEV-21654 and includes
pam_mariadb_mtr in the mariadb-test-data Deb package.

This allows our CI systems to run tests on the
pam implementation on Debian systems.

As the pam configuration can include a full path,
we've change the installation of the pam module
pam_mariadb_mtr.so to under the /usr/lib*/plugins/test_pam_modules
directory and configured the pam configuration file,
suite/plugins/pam/mariadb_mtr, to include the
full path to pam_mariadb_mtr.so.

7b8ce800968d...

7b8ce800968d97509fa278a635c8fc70c5178e24

Jan Lindström

jan.lindstrom@mariadb.com

Fix test failure on galera_sst_mariabackup_encrypt_with_key_server

Galera mariabackup SST when it fails could also print error like
WSREP_SST: [ERROR] Removing /tmp/tmp.SQCXmWb7TI/mariadb_backup_galera_info file due to signal

Test case intentionally uses parameter that causes mariabacup
SST to fail. Add suppression for message about removing
mariadb_backcup_galera_info file.

7984408bbdf0...

7984408bbdf061c66267d97dc5ca925cedd73217

Sergei Golubchik

serg@mariadb.org

MDEV-39481 ASAN error on malformed WKB polygon

7598e4e95d2c...

7598e4e95d2c7217f09b4c406484e0e52d0a6a24

Oleksandr Byelkin

sanja@mariadb.com

Merge branch '10.11' into 11.4

6bc640a79327...

6bc640a79327aa5bdc966c02fb5e98167e119c92

Rex Johnston

rex.johnston@mariadb.com

MDEV-39492 Parallel Query: Study how to create worker threads

Introduces parallel_worker_threads variable to control the number
of worker threads created by a parallel execution query.

2 new files, sql_parallel_workers.h sql_parallel_workers.cc which
contain structures for the creation, management and deletion of
parallel worker threads (pwt_ in the name). Main management
class created in the stack in JOIN::exec, implemented for the
top level select.

Current parallel_worker_thread_func sleeps for 10 seconds, generates
a warning, signals the main thread, sleeps 10 seconds, signals the
main thread again, sets it's finished flag and cleans it's THD.

The main thread loops through worker threads, looking for finished
thread and cleans them up if they have finished.
It then waits for a signal, then processes it's message queue.

The thread management data is allocated on the stack in JOIN::exec.
Everything else is allocated using my_malloc() and my_free().

Threads are registed in server_threads, so are visible in
information_schema.processlist and the show processlist command.

We check that a kill query on a parallel worker is passed onto it's
manager and the query is properly aborted, and that a kill connection
is handled properly in parallel_worker.test.

Review input 1: cleanup earlier

Do cleanup before we've finished sending the result to the client.
This way, one can see the errors (and eventually warnings) marshalled
back to the main thread and returned to the user:

MariaDB [test]> set parallel_worker_threads=10;
Query OK, 0 rows affected (0.001 sec)

MariaDB [test]> select seq from seq_1_to_10;
ERROR 4103 (HY000): Argument to the worker_busted_function() function does not belong to the range [0,1]

6828ff7390a6...

6828ff7390a6e46155343be2e8a1443b52b208b5

Oleksandr Byelkin

sanja@mariadb.com

Merge branch '10.6' into 10.11

673cc11797b5...

673cc11797b51c226c29cc4b56c240fb397eb307

Sergei Golubchik

serg@mariadb.org

MDEV-39498 mroonga_command() incorrect result length metadata

56ad23b88e7b...

56ad23b88e7bcf62898a6dd86e9410fdfba09377

Andrey Sokolov

sokolov.andrey.yurevich@gmail.com

MDEV-39487: mroonga: remove flags local variable from grn_io_open

This variable is unused.

557bd9ef90f0...

557bd9ef90f0ac500cc8fa951ae036721db82b71

Sergei Golubchik

serg@mariadb.org

MDEV-39498 more fixes

* use max_length=640
* also fix mroonga_highlight_html, mroonga_normalize, mroonga_snippet_html
* remove disable_cursor_protocol from all mroonga tests

551c980587fd...

551c980587fd286c43dfbefc5efe35550093d932

Varun Deep Saini

deepsainivarun@gmail.com

MDEV-35548: Fix out-of-bounds array access in json_get_path_start

json_get_path_start() set p->last_step to p->steps - 1, creating a
pointer before the beginning of the steps[] array. This is undefined
behavior flagged by UBSAN as "index -1 out of bounds for type
json_path_step_t[32]".

Use NULL as the sentinel value instead, and check for NULL in
json_get_path_next() rather than comparing against p->steps.

Backport to 10.6 of commit 4f546897b87144f4219094c5a852d766d5a46b74.

Additional test case from Rucha Deodhar

Signed-off-by: Varun Deep Saini <[email protected]>
Signed-off-by: Varun Deep Saini <[email protected]>

3d2ae78f843e...

3d2ae78f843ed1b5ba715439014aa7bbd1eceaa3

Dave Gosselin

dave.gosselin@mariadb.com

MDEV-39494: UBSAN error on division by zero.

An incorrectly backported test from 11.x revealed an UBSAN error in 10.11, so
fix that problem by preventing a division-by-zero from happening.

Remove the other incorrectly backported tests and relabel the retained test
in terms of the current ticket.

328ee0c01f4a...

328ee0c01f4a47bb9b2443f314539e56ee1d3f12

Daniel Bartholomew

db@dbart.us

bump the VERSION

32327e572bbd...

32327e572bbdfee6a2c2c60b4d37d3d1a0d61e3b

Sergei Golubchik

serg@mariadb.org

MDEV-39540 crash due to narrowing cast in update_ref_and_keys()

2a31a0f893d8...

2a31a0f893d8640c2baf8b3418d75230087e3b21

Sergei Golubchik

serg@mariadb.org

MDEV-38802 MariaDB server start emits error but continues anyway: Can't open and lock privilege tables: Table 'mysql.servers' doesn't exist

it's not an error, as the server continues anyway

200eb5365a4d...

200eb5365a4ded078cfbdb51e755d74885cfbc41

Sergei Golubchik

serg@mariadb.org

MDEV-39516 s3 curl_easy_setopt requires long values otherwise compile failure

update submodule to compile on fc44

19c59f2c7963...

19c59f2c79637cc360cc6d6b219ed9131124500d

Oleksandr Byelkin

sanja@mariadb.com

Merge branch '11.4' into 11.4 release

190838348d42...

190838348d4246c8eb876073e4e09fc1074f6894

Vladislav Vaintroub

vvaintroub@gmail.com

MDEV-39719 Fix memory allocation errors on Windows ARM64 CI

Reduce the default max size from 8TB to 512GB. on ARM64, allocating
multiple huge areas (like CI does, for multiple processes) can result in
exhaustion of internal kernel memory. Presumably non-paged pool, used
for page translation tables (this info is provided by AI, can't verify).
512GB is chosen as presumably a sweet spot that consumes exactly one
Level1 page table entry.

10034c14cd9f...

10034c14cd9f8161014d1a0de45f8bec4c277487

Sergei Golubchik

serg@mariadb.org

Merge branch '11.4' into bb-11.4-release

05f36e67d373...

05f36e67d373255100e91fe54f04e1316290337d

Sergei Golubchik

serg@mariadb.org

MDEV-39266 Stack Overflow via alloca() in Privilege Table JSON Parser