maria:bb-10.4-MDEV-31185-pins

Last commit made on 2023-05-19
Get this branch:
git clone -b bb-10.4-MDEV-31185-pins https://git.launchpad.net/maria

Branch merges

Branch information

Name:
bb-10.4-MDEV-31185-pins
Repository:
lp:maria

Recent commits

f408200... by Vlad Lesin

MDEV-31185 rw_trx_hash_t::find() unpins pins too early

rw_trx_hash_t::find() acquires element->mutex, then unpins pins, used for
lf_hash element search. After that the "element" can be deallocated and
reused by some other thread.

If we take a look rw_trx_hash_t::insert()->lf_hash_insert()->lf_alloc_new()
calls, we will not find any element->mutex acquisition, as it was not
initialized yet before it's allocation. rw_trx_hash_t::insert() can reuse
the chunk, unpinned in rw_trx_hash_t::find().

The scenario is the following:

1. Thread 1 have just executed lf_hash_search() in
rw_trx_hash_t::find(), but have not acquired element->mutex yet.
2. Thread 2 have removed the element from hash table with
rw_trx_hash_t::erase() call.
3. Thread 1 acquired element->mutex and unpinned pin 2 pin with
lf_hash_search_unpin(pins) call.
4. Some thread purged memory of the element.
5. Thread 3 reused the memory for the element, filled element->id,
element->trx.
6. Thread 1 crashes with failed "DBUG_ASSERT(trx_id == trx->id)"
assertion.

Note that trx_t objects are also reused, see the code around trx_pools
for details.

The fix is to invoke "lf_hash_search_unpin(pins);" after element->trx is
stored in local variable in rw_trx_hash_t::find().

Reviewed by: Nikita Malyavin, Marko Mäkelä.

956d6c4... by =?utf-8?q?Jan_Lindstr=C3=B6m?= <email address hidden>

MDEV-21479 : Galera 4 unable to query cluster state if not primary component

Set mysql.wsrep_cluster and mysql.wsrep_cluster_members as
TABLE_CATEGORY_INFORMATION as mysql.wsrep_streaming_log
so that they can be queried even if node is not primary
component.

Signed-off-by: Julius Goryavsky <email address hidden>

ffd5d74... by =?utf-8?q?Jan_Lindstr=C3=B6m?= <email address hidden>

MDEV-30013 : Assertion `state() == s_aborting || state() == s_must_replay' failed in int wsrep::transaction::after_rollback()

This must be some kind of merge error because at ha_check_engine
we just find out used engine or default engine. There is
no need to roll-back transaction here even if engine is not
supported as it will be handled later.

Signed-off-by: Julius Goryavsky <email address hidden>

b7b8a9e... by Rucha Deodhar <email address hidden>

MDEV-23187: Assorted assertion failures in json_find_path with certain
collations

Fix by Alexey Botchkov

The 'value_len' is calculated wrong for the multibyte charsets. In the
read_strn() function we get the length of the string with the final ' " '
character. So have to subtract it's length from the value_len. And the
length of '1' isn't correct for the ucs2 charset (must be 2).

996b040... by Angelique Sklavounos

MDEV-30232: Increase timeouts to fix sporadic fails

8810b1e... by Andrew Hutchings

Fix Connect compile issue

2ff01e7... by Mikhail Chalov <email address hidden>

Fix insecure use of strcpy, strcat and sprintf in Connect

Old style C functions `strcpy()`, `strcat()` and `sprintf()` are vulnerable to
security issues due to lacking memory boundary checks. Replace these in the
Connect storage engine with safe new and/or custom functions such as
`snprintf()` `safe_strcpy()` and `safe_strcat()`.

With this change FlawFinder and other static security analyzers report 287
fewer findings.

All new code of the whole pull request, including one or several files that are
either new files or modified ones, are contributed under the BSD-new license. I
am contributing on behalf of my employer Amazon Web Services, Inc.

b3cdb61... by Alexander Barkov

MDEV-31250 ROW variables do not get assigned from subselects

ROW variables did not get assigned from subselects in these contexts:

BEGIN
  DECLARE r ROW TYPE OF t1;
  SET r=(SELECT * FROM t1 WHERE a=1);
END;

BEGIN
  DECLARE r ROW TYPE OF t1 DEFAULT (SELECT * FROM t1 WHERE a=1);
END;

All fields of the ROW variable remained NULL.

0474466... by Igor Babaev

MDEV-31240 Crash with condition pushable into derived and containing outer reference

This bug could affect queries containing a subquery over splittable derived
tables and having an outer references in its WHERE clause. If such subquery
contained an equality condition whose left part was a reference to a column
of the derived table and the right part referred only to outer columns
then the server crashed in the function st_join_table::choose_best_splitting()
The crashing code was added in the commit ce7ffe61d836fe9f0cfc1087f058bc40d66e5cfb
that made the code of the function sensitive to presence of the flag
OUTER_REF_TABLE_BIT in the KEYUSE_EXT::needed_in_prefix fields.

The field needed_in_prefix of the KEYUSE_EXT structure should not contain
table maps with OUTER_REF_TABLE_BIT or RAND_TABLE_BIT.

Note that this fix is quite conservative: for affected queries it just
returns the query plans that were used before the above mentioned commit.
In fact the equalities causing crashes should be pushed into derived tables
without any usage of split optimization.

Approved by Sergei Petrunia <email address hidden>

f102b59... by =?utf-8?q?Jan_Lindstr=C3=B6m?= <email address hidden>

MDEV-28433 : Server crashes when wsrep_sst_donor and wsrep_cluster_address set to NULL

Do not allow setting wsrep_sst_donor as NULL as it is
incorrect value. User can use value '' (default) that represents
same as NULL. Setting wsrep_cluster_address to NULL is
already handled correctly.

Signed-off-by: Julius Goryavsky <email address hidden>