Analysis
========
CREATE TABLE of InnoDB table with a partition name
which exceeds the path limit can cause the server
to exit.
During the preparation of the partition name,
there was no check to identify whether the complete
path name for partition exceeds the max supported
path length, causing the server to exit during
subsequent processing.
Fix
===
During the preparation of partition name, check and report
an error if the partition path name exceeds the maximum path
name limit.
This is a 5.5 patch.
Problem & Analysis: Slave's Receiver thread, Applier thread and worker
threads are created with LOCAL-INFILE option enabled. As the document
says https://dev.mysql.com/doc/refman/5.7/en/load-data-local.html,
there are some issues if a thread enables local infile.
This flag should be enabled with care. But for the above mentioned
internal threads, server is enabling it at the time of creation.
Fix: Further analysis on the code shows that none of threads really
need this flag to be enabled at any time as Slave never executes
"LOAD DATA LOCAL INFILE" after reading it from Relay log.
Applier thread removes "LOCAL" before start executing the query.
Issue:
------
Running MTR with the --no-reorder option by specifying test cases on the
command line, without prefixing the suite name results in an error saying the
test case was not found in the main suite. This is because MTR looks for the
test case only in the main suite, and no other suites.
Fix:
----
The fix involves searching for the test in every suite if only the test name
is specified. This back-ports two bug fixes: Bug#24967869 and Bug#24365783
Reviewed-by: Pavan Naik <pavan.naik@oracle.com>
RB: 16812
RPL_SEMI_SYNC_MASTER_CLIENTS=1
Analysis: Uninstalling rpl_semi_sync_slave on slave
will trigger removing the slave logic on Master which
will reduce Rpl_semi_sync_master_clients by one number.
But it happens asynchronously on Master. Having assert
to check this value with zero will have problems on
slow pb2 machines.
Fix: Change assert into wait_for_status_var condition.
GROUP BY
Issue 1:
--------
This problem occurs in the following conditions:
1) A UNION is present in the subquery of select list and
handles multiple columns.
2) Query has a GROUP BY.
A temporary table is created to handle the UNION.
Item_field objects are based on the expressions of the
result of the UNION (ie. the fake_select_lex). While
checking validity of the columns in the GROUP BY list, the
columns of the temporary table are checked in
Item_ident::local_column. But the Item_field objects
created for the temporary table don't have information like
the Name_resolution_context that they belong to or whether
they are dependent on an outer query. Since these members
are null, incorrect behavior is caused.
This can happen when such Item objects are cached to apply
the IN-to-EXISTS transform for Item_row.
Solution to Issue 1:
--------------------
Context information of the first select in the UNION will
be assigned to the new Item_field objects.
Issue 2:
--------
This problem occurs in the following conditions:
1) A UNION is present in the subquery of select list.
2) A column in the UNION's first SELECT refers to a table
in the outer-query making it a dependent union.
3) GROUP BY column refers to the outer-referencing column.
While resolving the select list with an outer-reference, an
Item_outer_ref object is created to handle the
outer-query's GROUP BY list. The Item_outer_ref object
replaces the Item_field object in the item tree.
Item_outer_ref::fix_fields will be called only while fixing
the inner references of the outer query.
Before resolving the outer-query, an Item_type_holder
object needs to be created to handle the UNION. But as
explained above, the Item_outer_ref object has not been
fixed yet. Having a fixed Item object is a pre-condition
for creating an Item_type_holder.
Solution to Issue 2:
--------------------
Use the reference (real_item()) of an Item_outer_ref object
instead of the object itself while creating an
Item_type_holder.
Description: If mysql_stmt_close() encountered error,
it recorded error in prepared statement
but then frees memory assigned to prepared
statement. If mysql_stmt_error() is used
to get error information, it will result
into use after free.
In all cases where mysql_stmt_close() can
fail, error would have been set by
cli_advanced_command in MYSQL structure.
Solution: Don't copy error from MYSQL using set_stmt_errmsg.
There is no automated way to test the fix since
it is in mysql_stmt_close() which does not expect
any reply from server.
Reviewed-By: Georgi Kodinov <georgi.kodinov@oracle.com>
Reviewed-By: Ramil Kalimullin <ramil.kalimullin@oracle.com>
When there are quotes in the USE statement, the mysql client does
not correctly escape them.
The USE statement is processed line by line from the client's parser,
and cannot handle multi-line commands as the server.
The fix is to escape the USE parameters whenever quotes are used.
XML
DESCRIPTION
===========
LOAD XML INFILE performance becomes painfully slow if the
tags' value has any space(s) in between them. They're
usually kept intentionally for indentation purpose.
ANALYSIS
========
The extra spaces are calling clear_level() many a times
which is having overhead of clearing taglist etc. This can
be avoided altogether by skipping all such spaces.
FIX
===
Trim all the starting whitespaces from the value before
passing it to read_value()
Backport to 5.5
Current MySQL builds, even on Pushbuild, are not reproducible; they return
different results depending on which directory they are built from (and
Pushbuild uses several different directories). This is because absolute paths
leak into debug information, and even worse, __FILE__. The latter moves code
around enough that we've actually seen sysbench changes on the order of 4% in
some tests.
CMake seemingly insists on using absolute paths, but we can insert our own
layer between CMake and GCC to relativize all paths. Also give the right flags
to get debug information reproducible and turn off build stamping. This makes
the mysqld build 100% bit-for-bit reproducible between runs on my machine,
even when run from different directories.
SYMLINK CHECK RACE CONDITIONS
ANALYSIS:
=========
A potential defect exists in the handling of CREATE
TABLE .. DATA DIRECTORY/ INDEX DIRECTORY which gives way to
the user to gain access to another user table or a system
table.
FIX:
====
The lstat and fstat output of the target files are now
stored which help in determining the identity of the target
files thus preventing the unauthorized access to other
files.
CLIENT (CONTRIBUTION)
DESCRIPTION:
============
Binary data should be printed as hex in the mysql client
when the option binary-as-hex is enabled.
ANALYSIS:
=========
The fix deals only with mysql command line client.
It does not change, at all, the data sent to the
applications. Printing binary data as hex also
allows to use the output in the where clause
of the query.
FIX:
====
A new option 'binary-as-hex' is introduced to print the
binary contents as hex in the mysql client. The option
is disabled by default. When the option is enabled, we
convert the binary data to hex before printing the
contents irrespective of whether it is in tabular,
xml or html format.
Description: If libmysql is compiled with WITH_SSL=NO,
--ssl-* are not useful.
Solution: 1. Restricted WITH_SSL to values : bundled | yes | system
2. Made "bundled" as default value for WITH_SSL. Also,
not specifying WITH_SSL or even specifying WITH_SSL=no
will be treated as/converted to WITH_SSL=bundled.
Reviewed-By: Tor Didriksen <tor.didriksen@oracle.com>
Reviewed-By: Georgi Kodinov <georgi.kodinov@oracle.com>
(cherry picked from commit 3eb2058be34d1a21771fe89ff1a0c08f156899bc)
Description: If libmysql is compiled with WITH_SSL=NO,
--ssl-* are not useful.
Solution: 1. Restricted WITH_SSL to values : bundled | yes | system
2. Made "bundled" as default value for WITH_SSL. Also,
not specifying WITH_SSL or even specifying WITH_SSL=no
will be treated as/converted to WITH_SSL=bundled.
Reviewed-By: Tor Didriksen <tor.didriksen@oracle.com>
Reviewed-By: Georgi Kodinov <georgi.kodinov@oracle.com>
FROM THE CURRENT DIRECTORY
DESCRIPTION
===========
When 'mysqlaccess' tool is run, it reads (and executes) the
content of its configuration file 'mysqlaccess.conf' from
the current directory. This is not a recommended behaviour
as someone with ill intentions can insert malicious
instructions into this file which could be executed
whenever this tool is run.
ANALYSIS
========
The configuration file is presently looked for, in the
following folders (in given order):
1. Current directory
2. SYSCONFDIR //This gets expanded
3. /etc/
Owing to the reasons mentioned above, we should not permit
the file to be in the current directory. Since the other
two folders are assumed to be accessible only to authorized
people, the config file is safe to be read from there.
FIX
===
Modified the script so that it looks for the config file
now in the following two folders (in the given order):
1. SYSCONFDIR
2. /etc/
If it's absent from above locations but present in current
directory, an error is thrown asking the user to move the
file to one of the above locations and retry.
NOTE
====
The location paths and their precedence are not documented
for this tool. It needs to be noted as part of the
associated documentation.
PRIVILEGE.
Backport from mysql-5.7 to mysql-5.5 and mysql-5.6.
BUG#13969578: TEMPORARY TABLE IN A DATABASE ON A READ-ONLY
INSTANCE CAN BE OVERWRITTEN
Analysis:
========
Creation or modification of a persistent table by a non-super user
is NOT ALLOWED in read_only mode. Only TEMPORARY tables are allowed
to be created or modified in read_only mode. But the creation of
a persistent table was being allowed when a temporary table of
the same name existed.
The routine which denies updating a non-temporary table in a
read_only mode does not handle the case of creation of a regular
table when a temporary table of the same exists.
Fix:
===
Handled the condition where an attempt is made to create a persistent
table having the same name as that of the temporary table. Hence
the creation of a persistent table by a non-super user when a
temporary table of the same exists is denied under read_only mode.
While writing comments if database object names has a new
line character, then next line is considered a command, rather
than a comment.
This patch fixes the way comments are constructed in mysqldump.
(cherry picked from commit 1099f9d17b1c697c2760f86556f5bae7d202b444)
While writing comments if database object names has a new
line character, then next line is considered a command, rather
than a comment.
This patch fixes the way comments are constructed in mysqldump.
FT_BOOLEAN_CHECK_SYNTAX_STRING
ISSUE: my_isalnum macro used for checking if character is
alphanumeric dereferences uninitialized pointer
in default character set structure resulting in
server exiting abnormally.
FIX: Used standard isalnum function instead of macro my_isalnum.
MYSQL_OPT_SSL_MODE option introduced.
It is set in case of --ssl-mode=REQUIRED and permits only SSL connection.
(cherry picked from commit 3b2d28578c526f347f5cfe763681eff365731f99)
mysqld_safe is working on real files, however passing these file paths
as is to mysqld as options gives different meaning when paths are
relative.
mysqld_safe uses current working directory as basedir for relative paths,
while mysqld uses $datadir as basedir.
THREE BYTES ON X86
Analysis:
=========
The macro uint3korr reads 4 bytes of data instead of 3 on
on x86 machines.
Multiple definitions were created for this macro for
optimization in WIN32. The idea was to optimize reading of
3 byte ints by reading an ordinary int and masking away the
unused byte. However this is an undefined behavior. It will
be an issue unless users are aware of allocating an extra
byte for using this macro.
Fix:
====
Removing the definition which reads 4 bytes of data. The
only definition of this macro would now read just 3 bytes
of data thus prohibiting the usage of an extra byte.
Note:
=====
This is a backport of Patches #5 and #6 for Bug#17922198.
Description:
============
If you have a relay log index file that has ended up with
some relay log files that do not exists, then RESET SLAVE
ALL is not enough to get back to a clean state.
Analysis:
=========
In the bug scenario slave server is in stopped state and
some of the relay logs got deleted but the relay log index
file is not updated.
During slave server restart replication initialization fails
as some of the required relay logs are missing. User
executes RESET SLAVE/RESET SLAVE ALL command to start a
clean slave. As per the documentation RESET SLAVE command
clears the master info and relay log info repositories,
deletes all the relay log files, and starts a new relay log
file. But in a scenario where the slave server's
Relay_log_info object is not initialized slave will not
purge the existing relay logs. Hence the index file still
remains in a bad state. Users will not be able to start
the slave unless these files are cleared.
Fix:
===
RESET SLAVE/RESET SLAVE ALL commands should do the cleanup
even in a scenario where Relay_log_info object
initialization failed.
Backported a flag named 'error_on_rli_init_info' which is
required to identify slave's Relay_log_info object
initialization failure. This flag exists in MySQL-5.6
onwards as part of BUG#14021292 fix.
During RESET SLAVE/RESET SLAVE ALL execution this flag
indicates the Relay_log_info initialization failure.
In such a case open the relay log index/relay log files
and do the required clean up.
