From: Jon Olav Hauglid
Date: September 28 2010 12:22pm
Subject: bzr push into mysql-5.5-runtime branch (jon.hauglid:3145 to 3146) Bug#46165
List-Archive: http://lists.mysql.com/commits/119272
X-Bug: 46165
Message-Id: <201009281223.o8S1kTmw029296@acsinet15.oracle.com>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============5231207649033138038=="

--===============5231207649033138038==
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

 3146 Jon Olav Hauglid	2010-09-28
      Bug #46165 server crash in dbug
      
      This crash occured if the same debug trace file was closed twice,
      leading to the same memory being free'd twice. This could occur
      if the "debug" server system variable refered to the same trace
      file in both global and session scope.
      
      Example of an order of events that would lead to a crash:
      1) Enable debug tracing to a trace file (global scope)
      2) Enable debug tracing to the same trace file (session scope)
      3) Reset debug settings (global scope)
      4) Reset debug settings (session scope)
      
      This caused a crash because the trace file was, by mistake, closed
      in 3), leading to the same memory being free'd twice when the file
      was closed again in 4).
      
      Internally, the debug settings are stored in a stack, with session
      settings (if any) on top and the global settings below. Each connection
      has its own stack. When a set of settings is changed, it must be 
      determined if its debug trace file is to be closed. Before, this was done
      by only checking below on the settings stack. So if the global settings
      were changed, an existing debug trace file reference in session settings
      would be missed. This caused the file to be closed even if it was in use,
      leading to a crash later when it was closed again.
      
      This patch fixes the problem by preventing the trace file from being shared
      between global and session settings. If session debug settings are set without
      specifying a new trace file, stderr is used for output. This is a change
      in behaviour and should be reflected in the documentation.
      
      Test case added to variables.test.

    modified:
      dbug/dbug.c
      mysql-test/r/variables.result
      mysql-test/t/variables.test
 3145 Jon Olav Hauglid	2010-09-24
      Bug #56678 Valgrind warnings from binlog.binlog_unsafe
      
      After the patch for Bug#54579, multi inserts done with INSERT DELAYED
      are binlogged as normal INSERT. During processing of the statement,
      a new query string without the DELAYED keyword is made. The problem
      was that this new string was incorrectly made when the INSERT DELAYED
      was part of a prepared statement - data was read outside the allocated
      buffer.
      
      The reason for this bug was that a pointer to the position of the
      DELAYED keyword inside the query string was stored when parsing the
      statement. This pointer was then later (at runtime) used (via pointer
      subtraction) to find the number of characters to skip when making a
      new query string without DELAYED. But when the statement was re-executed
      as part of a prepared statement, the original pointer would be invalid
      and the pointer subtraction would give a wrong/random result.
      
      This patch fixes the problem by instead storing the offsets from the
      beginning of the query string to the start and end of the DELAYED 
      keyword. These values will not depend on the memory position
      of the query string at runtime and therefore not give wrong results
      when the statement is executed in a prepared statement.
      
      This bug was a regression introduced by the patch for Bug#54579.
      
      No test case added as this bug is already covered by the existing
      binlog.binlog_unsafe test case when running with valgrind.

    modified:
      sql/sql_insert.cc
      sql/sql_lex.h
      sql/sql_yacc.yy
=== modified file 'dbug/dbug.c'
--- a/dbug/dbug.c	2010-09-15 11:33:22 +0000
+++ b/dbug/dbug.c	2010-09-28 09:07:58 +0000
@@ -515,11 +515,16 @@ int DbugParse(CODE_STATE *cs, const char
     stack->maxdepth= stack->next->maxdepth;
     stack->sub_level= stack->next->sub_level;
     strcpy(stack->name, stack->next->name);
-    stack->out_file= stack->next->out_file;
     stack->prof_file= stack->next->prof_file;
     if (stack->next == &init_settings)
     {
-      /* never share with the global parent - it can change under your feet */
+      /*
+        Never share with the global parent - it can change under your feet.
+
+        Reset out_file to stderr to prevent sharing of trace files between
+        global and session settings.
+      */
+      stack->out_file= stderr;
       stack->functions= ListCopy(init_settings.functions);
       stack->p_functions= ListCopy(init_settings.p_functions);
       stack->keywords= ListCopy(init_settings.keywords);
@@ -527,6 +532,7 @@ int DbugParse(CODE_STATE *cs, const char
     }
     else
     {
+      stack->out_file= stack->next->out_file;
       stack->functions= stack->next->functions;
       stack->p_functions= stack->next->p_functions;
       stack->keywords= stack->next->keywords;

=== modified file 'mysql-test/r/variables.result'
--- a/mysql-test/r/variables.result	2010-07-27 10:25:53 +0000
+++ b/mysql-test/r/variables.result	2010-09-28 09:07:58 +0000
@@ -1699,3 +1699,47 @@ set @@session.autocommit=t1_min(), @@ses
 drop table t1;
 drop function t1_min;
 drop function t1_max;
+#
+# Bug#46165 server crash in dbug
+#
+SET @old_globaldebug = @@global.debug;
+SET @old_sessiondebug= @@session.debug;
+# Test 1 - Bug test case, single connection
+SET GLOBAL  debug= '+O,../../log/bug46165.1.trace';
+SET SESSION debug= '-d:-t:-i';
+SET GLOBAL  debug= '';
+SET SESSION debug= '';
+# Test 2 - Bug test case, two connections
+# Connection default
+SET GLOBAL  debug= '+O,../../log/bug46165.2.trace';
+SET SESSION debug= '-d:-t:-i';
+# Connection con1
+SET GLOBAL  debug= '';
+# Connection default
+SET SESSION debug= '';
+# Connection con1
+# Connection default
+SET GLOBAL  debug= '';
+# Test 3 - Active session trace file on disconnect
+# Connection con1
+SET GLOBAL  debug= '+O,../../log/bug46165.3.trace';
+SET SESSION debug= '-d:-t:-i';
+SET GLOBAL  debug= '';
+# Test 4 - Active session trace file on two connections
+# Connection default
+SET GLOBAL  debug= '+O,../../log/bug46165.4.trace';
+SET SESSION debug= '-d:-t:-i';
+# Connection con1
+SET SESSION debug= '-d:-t:-i';
+SET GLOBAL  debug= '';
+SET SESSION debug= '';
+# Connection default
+SET SESSION debug= '';
+# Connection con1
+# Connection default
+# Test 5 - Different trace files
+SET SESSION debug= '+O,../../log/bug46165.5.trace';
+SET SESSION debug= '+O,../../log/bug46165.6.trace';
+SET SESSION debug= '-O';
+SET GLOBAL  debug= @old_globaldebug;
+SET SESSION debug= @old_sessiondebug;

=== modified file 'mysql-test/t/variables.test'
--- a/mysql-test/t/variables.test	2010-07-27 10:25:53 +0000
+++ b/mysql-test/t/variables.test	2010-09-28 09:07:58 +0000
@@ -1432,3 +1432,78 @@ drop function t1_max;
 
 
 ###########################################################################
+
+
+--echo #
+--echo # Bug#46165 server crash in dbug
+--echo #
+
+SET @old_globaldebug = @@global.debug;
+SET @old_sessiondebug= @@session.debug;
+
+--echo # Test 1 - Bug test case, single connection
+SET GLOBAL  debug= '+O,../../log/bug46165.1.trace';
+SET SESSION debug= '-d:-t:-i';
+
+SET GLOBAL  debug= '';
+SET SESSION debug= '';
+
+--echo # Test 2 - Bug test case, two connections
+--echo # Connection default
+connection default;
+SET GLOBAL  debug= '+O,../../log/bug46165.2.trace';
+SET SESSION debug= '-d:-t:-i';
+
+--echo # Connection con1
+connect (con1, localhost, root);
+SET GLOBAL  debug= '';
+
+--echo # Connection default
+connection default;
+SET SESSION debug= '';
+--echo # Connection con1
+connection con1;
+disconnect con1;
+--source include/wait_until_disconnected.inc
+--echo # Connection default
+connection default;
+SET GLOBAL  debug= '';
+
+--echo # Test 3 - Active session trace file on disconnect
+--echo # Connection con1
+connect (con1, localhost, root);
+SET GLOBAL  debug= '+O,../../log/bug46165.3.trace';
+SET SESSION debug= '-d:-t:-i';
+SET GLOBAL  debug= '';
+disconnect con1;
+--source include/wait_until_disconnected.inc
+
+--echo # Test 4 - Active session trace file on two connections
+--echo # Connection default
+connection default;
+SET GLOBAL  debug= '+O,../../log/bug46165.4.trace';
+SET SESSION debug= '-d:-t:-i';
+
+--echo # Connection con1
+connect (con1, localhost, root);
+SET SESSION debug= '-d:-t:-i';
+SET GLOBAL  debug= '';
+SET SESSION debug= '';
+
+--echo # Connection default
+connection default;
+SET SESSION debug= '';
+--echo # Connection con1
+connection con1;
+disconnect con1;
+--source include/wait_until_disconnected.inc
+--echo # Connection default
+connection default;
+
+--echo # Test 5 - Different trace files
+SET SESSION debug= '+O,../../log/bug46165.5.trace';
+SET SESSION debug= '+O,../../log/bug46165.6.trace';
+SET SESSION debug= '-O';
+
+SET GLOBAL  debug= @old_globaldebug;
+SET SESSION debug= @old_sessiondebug;


--===============5231207649033138038==
MIME-Version: 1.0
Content-Type: text/bzr-bundle; charset="us-ascii";
	name="bzr/jon.hauglid@stripped"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

# Bazaar merge directive format 2 (Bazaar 0.90)
# revision_id: jon.hauglid@stripped
# target_branch: file:///export/home/x/mysql-5.5-runtime-bug46165/
# testament_sha1: 97ff819ca29bb0a3c59a01eff12925f04ef3ea34
# timestamp: 2010-09-28 14:22:49 +0200
# source_branch: file:///export/home/x/mysql-5.5-bugfixing/
# base_revision_id: jon.hauglid@stripped\
#   e1b5fpajkv23cab3
# 
# Begin bundle
IyBCYXphYXIgcmV2aXNpb24gYnVuZGxlIHY0CiMKQlpoOTFBWSZTWXOCaJAABblfgBQQWP///371
nIC////wYAubvun3vT7PPfN09BJpPN7baurpLbbu1SuM3dqFUMJJTTTVPIxU/KNTbFT9JP0000k9
TT1MmgDQAASkk8jEYJNRoNAAAAAAAAMiAQZRDRtIAaAAA0BoMgBIiCBNVPYgmUfpTyantKbKD1Gm
gPSAACKQiniTBMmT0UzQmmhpkyGTTQ00ZABIkITCZMIQNTCDFMU2UyNqGgGh6jCdKbsRPWhYJKFs
71uwDZLwmXu8FEbYSkuHBTLryvUOZ4n8ECmuFnLobyxKUru5ViFORz1wsrhbKCjWA5TgicKBhaNI
mwmGv8oFm1RFYoFyrWsK1olpoaXRhD8UTY47SWaeqFZWlEwlIl3Ah1yQWcBCLFOwzcZmZMxN5X4L
sWybGNhw/VFFOx8mfDdQpSjkV3QRZBSxjujzriqx88zMP0GDPQO1hwAMEthQE/U8tCgjOsSA3rrz
BYSvob/2/Dt5mVC6QiOCv9GecQ21sgWj4dRkYKGIjQQ8oFEqwVw1Th2Vx3pnC9OLbTbGNCYAxlQR
NZ0bU4Aix2elYc6ClHzQKjGlFqUoElhvQsD4xcBE10xm++D7HzYPy5RVN8LU07Sy/CIDQKFSJQRE
xl0aTYosCimroFVa1kWSbcOyzaua3veERG3NcWxXFYzCuGWEXc3yiSjdp0ZSQZG7UzoXWV27vLo0
xrSI0d3JPXu7NOTZ34LjHrtqoy/nnSo+DBP2NjaGhiaTG22N1jEI9p9Qf94IGk0RAaAmyaBh6evr
lr3xGi/H63ArTj2RHlerFNXNe7IFkpmFMol5YHAAclk4MZmMEhMfEc6cqhZ1CN0VkC7Db45VKIwN
IPMdFNtBdHRk7odB7sgXUC8wCunN7JGpTkySYtGEtKnXYwQORZuxii2ObtyqBe1ZAt/TgqAvNQr7
7AC/tiYdxsFACUmASSMHXnBkC8TvNe4uawI0V2oMRFRLeURRbE46SOOVwwYFUI98lefhQQeWRoSP
t0OnrviW/OsLXLdHx6pGl613ojRv54U5brhXgGRYuRGvmINTdiRaphdIyIVpmJJJCiiZtlQkCYg+
Blz1UG4hswDTnMLd94eSairI9+cri0ZgFgihjeyuVONBci8s/b4lCwuOZ1mC7OMYnE0JZzLpjOXf
rTQp2zNSo1lUO075EliXVEXHl/0oI12guXA7DhrLUq3pqiNx1Qb5CK5G5bH0WKFyNPF+HHQtNg5h
VBG/HbTGRxJ04WN8tClyv4yJAexhI4EylSVhwIiY0vmQojr33Ygqm5axWQheIKJFpg95WfuhUPHG
E0kWbJrluwcY3OJwjeAMGheKqZjANTDar4sWicefXgMOux9ZGTWRVzKHB+Jhj52m7HN2EYRNak5k
t5y7ihzNM+HvEVYMRcfc245fAumjiZbcj07vYajrNZbwEcJAJEYeo2hQgoWNKE83qOksWryW7R5b
qy5JaD7dJ2mxgVIVk7DpExrrJm8wJV+YjU7fYI0EUruDG82ldg6kMuYpwh1OYWCqrf4hxZpBB8vT
ApaMlB52ohw4QxiIZI6HiHbQQhjFcuyrY+C3JQdX0rn9gZB6DA+LASkkawSgW4oIIYPeCfemyBWr
9goSa4RJCMSp4AniCWCPfiPAH6gn5EbmqBG4QK4QsBCkxAmIkMbb9y5hoHKFwQP7b3g4RADrNo9G
YyvXNnweb++Mv9BPynXZWdoHWC6YOqwd2auXRogOk6SRMpUPMdbc3Zxcjix2o1T6UuLmirrCNmQX
CP4gRghuxFiV/4UdfSMPy8SvEF8ygR1S8dh/q1r0cBjBR3CXeUdKFuxmgoQtWQ6OF4QYDpBxzAWv
BGdkJ27IOJx9hltIOcyRWtInsXeuQedABTgsHAmJD3OwkfMjQkHVFaFIl5iStQ1uZAvmJ4sJoNLA
yZAQEIYGKAXtDHbzHka2G13DSZqEO8H2t1g52Ew4cup4TTI3uguwpK1Kp8AlSJjAtztPjBl1up14
F0F+rMaoUEIkYdrEHJOXBcnAJViV/ykaZFCC7O3sfZ8qePtg6+EyRP1ggrQNqE04TgHJSEUZEI+Y
LQ71LFDCTCzBcDeGE/hBa0GNrVEHOuOW9dZ1+MFjZS7vHgKuK81sXZtZwcVWIno1kbgQFxtwSDOv
iBYwEbbCiLXvnF0XjJqZ5dPXF6/M0uEHlZuXy1ywIXX3cu1y/1B4lRys7CnS/jg1IYqQiENbWWg4
Ry8oceqhZcJDYvNpev/XFUIeSlok8bRMuCQO4ctRHlIdU4tW3VhiDtiE+4Woz6eJh0OgehLRIIMC
OhaGUiDzN4siq/pPi0vJqFChL9DH4Oaks3eC0lTp2JXEwbBjCOgHnkiBlKEXwMjcIKK290HWQfY3
Az5cwLxGWHIuiQw52ouHuYBgZWyekSsvHIC2v7+p8BUmkHorpd5p+BvA1EUMzHuQXYKNp4OzimYs
rb7zbg9Yf0w1vAqw1VwRAbIY4TUzZDrpxlXkZuML2PkSBY+3suzoqmCbEDSG0hhfj6CICCMAExyF
9QZm9kUsDdudPdMocha8vMIzX2PzBqNuf5nUB+Qi2PHkeApe+01/RNzLANWXhcVC2umHxXP+3H5A
wLQ7alofMgX5MIYsklCF3HEb9VGFtbFYqwm3OgtjeDcNZkOQsRNSVF03+k7s7RgHUcxEXrFGbWRj
1TLzIrqO/deZYg/q6S9O8tcNE4hYSChNCIklxKlruikgQx6kID72IPkLFTUoHoRos6rLOE0MVwzm
NoAqRf7pEqgxLCu4YIWKD3ZBAWY8gknYW+zXtHMob6Zg75LRfndM2C7sOc1T2phQH4GvsAr4xC4P
9CrYQMEBBAcQsUEGBdtSYl9xDGCYigULA310RLyNb0lUKZ0TK014karF0rWSLNr7XtTX3cU+nBNp
GmokQUGqu1PpaaHW9waIcfCb3JoWV6bjPQdslxMjwZUWHgn1Rh4QSZ8movElRCMOKViznXuUOcSm
cFFWNB7VsN3lYLWAesdRkqMeGueCwpULcYCEfAINEdjUQr0y6CJxKUonJTmSSnz8eeCM8LQJIst0
GGENMZZpUL94wO8zDcSbDZgWpVhpUpi3Ar2NDCS+3joHR2L6r5ttu/DxWODBLRi0TRdkfsMqnCrl
UZinRaHaTn3d7aRfC7sehI0aKLMllVBFb279ihSM8+nHCmfu6BGAs6BWqtwnemglSFPAOZKcXVYh
3BcQJ9DK8mkDxnuwDeaRoC2IAuwKF8QXmOUrrsNt6gGIJlMB4NFRLISol7hHianbqp+7wZ+rEwaI
cDQINUlqHvgFqmLSDDsWmYiaqqsQ4rbeU9mis1EepUdys8thsjkHJWJ4pvjbbMVt8OLT2r23o7SI
ITVV5IJzyPUw3fI8Ppn5mJlwYD0JmuVTnGywzL+e5eTiaieoOJPYIq3bSv/i7kinChIOcE0SAA==


--===============5231207649033138038==--