List:Commits« Previous MessageNext Message »
From:Jon Olav Hauglid Date:December 13 2010 2:45pm
Subject:bzr commit into mysql-trunk-bugfixing branch (jon.hauglid:3424) Bug#50619
View as plain text  
#At file:///export/home/x/mysql-trunk-bugfixing-bug50619/ based on revid:sergey.glukhov@stripped

 3424 Jon Olav Hauglid	2010-12-13
      Bug #50619 assert in handler::update_auto_increment
      
      This assert could be triggered if -1 was inserted into
      an auto increment column by a statement writing more than
      one row.
      
      Unless explicitly given, an interval of auto increment values
      is generated when a statement first needs an auto increment
      value. The triggered assert checks that the auto increment
      counter is equal to or higher than the lower bound of this
      interval.
      
      Generally, the auto increment counter starts at 1 and is
      incremented by 1 each time it is used. However, inserting an
      explicit value into the auto increment column, sets the auto
      increment counter to this value + 1 if this value is higher
      than the current value of the auto increment counter.
      
      This bug was triggered if the explicit value was -1. Since the
      value was converted to unsigned before any comparisons were made,
      it was found to be higher than the current vale of the auto
      increment counter and the counter was set to -1 + 1. This value
      was below the reserved interval and caused the assert to be
      triggered the next time the statement tried to write a row.
      
      This patch fixes the problem by only allowing the auto increment
      counter to be set if the given explicit value is positive.
      
      Test case added to auto_increment.test.

    modified:
      mysql-test/r/auto_increment.result
      mysql-test/t/auto_increment.test
      sql/handler.cc
=== modified file 'mysql-test/r/auto_increment.result'
--- a/mysql-test/r/auto_increment.result	2010-12-13 12:11:16 +0000
+++ b/mysql-test/r/auto_increment.result	2010-12-13 14:45:43 +0000
@@ -497,3 +497,22 @@ SET @@SESSION.AUTO_INCREMENT_INCREMENT=d
 SET @@SESSION.AUTO_INCREMENT_OFFSET=default;
 DROP TABLE t1;
 End of 5.1 tests
+#
+# Bug#50619 assert in handler::update_auto_increment
+#
+CREATE TABLE t1 (pk INT AUTO_INCREMENT, PRIMARY KEY (pk));
+INSERT INTO t1 VALUES (NULL), (-1), (NULL);
+SELECT * FROM t1;
+pk
+-1
+1
+2
+DROP TABLE t1;
+CREATE TABLE t1 (pk BIGINT UNSIGNED AUTO_INCREMENT, PRIMARY KEY (pk));
+INSERT INTO t1 VALUES (NULL), (18446744073709551615-1), (NULL);
+ERROR HY000: Failed to read auto-increment value from storage engine
+SELECT * FROM t1;
+pk
+1
+18446744073709551614
+DROP TABLE t1;

=== modified file 'mysql-test/t/auto_increment.test'
--- a/mysql-test/t/auto_increment.test	2010-12-13 12:11:16 +0000
+++ b/mysql-test/t/auto_increment.test	2010-12-13 14:45:43 +0000
@@ -363,3 +363,20 @@ SET @@SESSION.AUTO_INCREMENT_OFFSET=defa
 DROP TABLE t1;
 
 --echo End of 5.1 tests
+
+--echo #
+--echo # Bug#50619 assert in handler::update_auto_increment
+--echo #
+
+CREATE TABLE t1 (pk INT AUTO_INCREMENT, PRIMARY KEY (pk));
+# This triggered the assert
+INSERT INTO t1 VALUES (NULL), (-1), (NULL);
+SELECT * FROM t1;
+DROP TABLE t1;
+
+# Check that that true overflow still gives error
+CREATE TABLE t1 (pk BIGINT UNSIGNED AUTO_INCREMENT, PRIMARY KEY (pk));
+--error ER_AUTOINC_READ_FAILED
+INSERT INTO t1 VALUES (NULL), (18446744073709551615-1), (NULL);
+SELECT * FROM t1;
+DROP TABLE t1;

=== modified file 'sql/handler.cc'
--- a/sql/handler.cc	2010-12-13 12:32:16 +0000
+++ b/sql/handler.cc	2010-12-13 14:45:43 +0000
@@ -2571,8 +2571,12 @@ int handler::update_auto_increment()
       statement (case of INSERT VALUES(null),(3763),(null):
       the last NULL needs to insert 3764, not the value of the first NULL plus
       1).
+
+      Only update next_insert_id if the explicit value is positive,
+      as negative auto increment values are not supported.
     */
-    adjust_next_insert_id_after_explicit_value(nr);
+    if (table->next_number_field->flags & UNSIGNED_FLAG || (longlong)nr > 0)
+      adjust_next_insert_id_after_explicit_value(nr);
     insert_id_for_cur_row= 0; // didn't generate anything
     DBUG_RETURN(0);
   }


Attachment: [text/bzr-bundle] bzr/jon.hauglid@oracle.com-20101213144543-avxpbow7tpq8xja8.bundle
Thread
bzr commit into mysql-trunk-bugfixing branch (jon.hauglid:3424) Bug#50619Jon Olav Hauglid13 Dec