Bug #19217 dict_load_indexes() may read the delete-mark incorrectly
Submitted: 20 Apr 2006 11:52 Modified: 19 Jun 2010 0:06
Reporter: Marko Mäkelä Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server: InnoDB storage engine Severity:S2 (Serious)
Version:5.0.3 and later OS:Any (all)
Assigned to: Marko Mäkelä CPU Architecture:Any

[20 Apr 2006 11:52] Marko Mäkelä
Description:
The InnoDB system tables are in ROW_FORMAT=REDUNDANT format. However, the function dict_load_indexes() will pass the wrong format flag to rec_get_deleted_flag() when attempting to load indexes belonging to a ROW_FORMAT=COMPACT table.

How to repeat:
It is unsure if this bug can manifest itself. It appears as if the bit would always read as '0' for ROW_FORMAT=COMPACT tables. It might be that the records in SYS_INDEXES never are delete-marked in the current version of MySQL/InnoDB.

The bug was found when trying to implement fast index creation (smart ALTER TABLE).

Suggested fix:
Pass the "compact format" flag as 0.
[20 Apr 2006 14:52] Heikki Tuuri
Marko,

I think the bug does not manifest itself in < InnoDB-5.2.

When a table is altered in those earlier versions, a new table id and index ids are assigned to it. I do not see how load_table could scan a delete-marked record. There are assertions in InnoDB-5.0 that specifically say that the records cannot be delete-marked. Jan had to remove those assertions in 5.2 to get new CREATE INDEX to work.

Regards,

Heikki
[21 Apr 2006 0:26] Heikki Tuuri
Marko,

after second thought, this could affect 5.0, too. If it reads the delete mark from a wrong location then it could see it as 1, and our assertions would fail.

Regards,

Heikki
[21 Apr 2006 7:15] Marko Mäkelä
Like I wrote in the original report, the bit is very likely read as '0'. When read from the wrong location, it would be read from one of the most significant bits of heap_no, which should always be 0, given the minimum record size of SYS_INDEXES.
[21 Apr 2006 8:18] Heikki Tuuri
The patch:

dict0load.c:
>>> @@ -617,7 +617,7 @@
>>>              break;
>>>          }
>>>
>>> -        if (rec_get_deleted_flag(rec, table->comp)) {
>>> +        if (rec_get_deleted_flag(rec, 0)) {
>>>              dict_load_report_deleted_index(table->name,
>>>                  ULINT_UNDEFINED);
[21 Apr 2006 9:00] Marko Mäkelä
The patch has been committed to the InnoDB Subversion repositories and will be shipped to MySQL AB shortly.
[25 Apr 2006 19:42] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/5506
[25 Apr 2006 19:58] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/5508
[25 Apr 2006 20:37] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/5511
[26 Apr 2006 6:57] Alexander Ivanov
Fixed in 5.0.22 and 5.1.10-beta.
[27 Apr 2006 13:09] Paul Dubois
Noted in 5.0.21 (it was merged into 5.0.21), 5.1.10 changelogs.
[5 May 2010 15:12] Bugs System
Pushed into 5.1.47 (revid:joro@sun.com-20100505145753-ivlt4hclbrjy8eye) (version source revid:vasil.dimov@oracle.com-20100331130613-8ja7n0vh36a80457) (merge vers: 5.1.46) (pib:16)
[6 May 2010 2:05] Paul Dubois
Push resulted from incorporation of InnoDB tree. No changes pertinent to this bug. Re-closing.
[28 May 2010 6:02] Bugs System
Pushed into mysql-next-mr (revid:alik@sun.com-20100524190136-egaq7e8zgkwb9aqi) (version source revid:vasil.dimov@oracle.com-20100331130613-8ja7n0vh36a80457) (pib:16)
[28 May 2010 6:30] Bugs System
Pushed into 6.0.14-alpha (revid:alik@sun.com-20100524190941-nuudpx60if25wsvx) (version source revid:vasil.dimov@oracle.com-20100331130613-8ja7n0vh36a80457) (merge vers: 5.1.46) (pib:16)
[28 May 2010 6:58] Bugs System
Pushed into 5.5.5-m3 (revid:alik@sun.com-20100524185725-c8k5q7v60i5nix3t) (version source revid:vasil.dimov@oracle.com-20100331130613-8ja7n0vh36a80457) (merge vers: 5.1.46) (pib:16)
[29 May 2010 15:29] Paul Dubois
Push resulted from incorporation of InnoDB tree. No changes pertinent to this bug.
Re-closing.
[17 Jun 2010 12:05] Bugs System
Pushed into 5.1.47-ndb-7.0.16 (revid:martin.skold@mysql.com-20100617114014-bva0dy24yyd67697) (version source revid:vasil.dimov@oracle.com-20100331130613-8ja7n0vh36a80457) (merge vers: 5.1.46) (pib:16)
[17 Jun 2010 12:50] Bugs System
Pushed into 5.1.47-ndb-6.2.19 (revid:martin.skold@mysql.com-20100617115448-idrbic6gbki37h1c) (version source revid:vasil.dimov@oracle.com-20100331130613-8ja7n0vh36a80457) (merge vers: 5.1.46) (pib:16)
[17 Jun 2010 13:32] Bugs System
Pushed into 5.1.47-ndb-6.3.35 (revid:martin.skold@mysql.com-20100617114611-61aqbb52j752y116) (version source revid:vasil.dimov@oracle.com-20100331130613-8ja7n0vh36a80457) (merge vers: 5.1.46) (pib:16)