A Tale of Two MySQL Bugs

New submitter Archie Cobbs writes "Last May I encountered a relatively obscure performance bug present in both MySQL 5.5.x and MariaDB 5.5.x (not surprising since they share the same codebase). This turned out to be a great opportunity to see whether Oracle or the MariaDB project is more responsive to bug reports. On May 31 Oracle got their bug report; within 24 hours they had confirmed the bug — pretty impressive. But since then, it's been radio silence for 3 months and counting. On July 25, MariaDB got their own copy. Within a week, a MariaDB developer had analyzed the bug and committed a patch. The resulting fix will be included in the next release, MariaDB 5.5.33."

Why fix it?

[Anonymous Coward]

Why would Oracle fix a bug in something they're trying to kill off?

We need more data

[WWJohnBrowningDo]

A sample size of one is insufficient to make any meaningful conclusions.

Anyone up for scraping the two bug trackers and finding more identical bug reports?

Re:who cares?

[Daniel Dvorkin]

mysql is of historical curiosity. At best.

I'd be willing to bet there are more deployments of MySQL than of all other standalone RDBMSs combined.

What about 10 year old mysql bugs?

[the_B0fh]

For example, #1341. 10 fucking years old.

#68892 - best comment on the bug: 'Not quite sure how the severity scales are generally used, but shouldn't a trivial command that breaks the one feature that is being splatted all over the homepage as having significant improvements be a little higher than "non-critical" ?'

What about stupid shit like this: http://www.darkreading.com/database/expect-a-surge-in-breaches-following-mys/240001958?cid=nl_DR_daily_2012-06-14_html&elq=7e0510c44883432fa8e79c2ebde2ecb8 [darkreading.com] "The vulnerability itself is in the way MySQL accepts passwords -- the bug makes it such that there's a one in 256 chance that the wrong password will still grant the user access to an account. So an endless loop of attempts will eventually grant an attacker access. It was a bug so unique that Moore says some MySQL developers ran into it, couldn't reproduce it ,and eventually chalked it up as a fluke."

Is MySQL even ACID compliant yet, without addons?

http://nosql.mypopescu.com/post/1085685966/mysql-is-not-acid-compliant [mypopescu.com]

Re:Translation

[rudy_wayne]

Indeed. This "bug" seems pretty stupid. I mean on the submitter's part. Why would any vendor spend much time solving this problem when it should be simple enough not to write such stupid SQL to begin with. Anyone who spent time working on this probably had nothing much better to do.

I mean really, I get it, but what is the use case for 'if a constant is equal to a different constant'?

That's what I thought when the submitter said:

But when I comment out the 'M002649397' IS NULL OR clause (which has no effect on the result),

Yes, I guess technically this is a bug, but the obvious answer seems to be "Don't write stupid code in the first place". If you can take it out with no effect on the result, then why is it in there in the first place?

Re:who cares?

[marcello_dl]

The confusion arising from the fact that oracle mysql shares the same name with the former mysql, while mariadb which is philosophically the natural heir of the latter had to choose a different name.

Apparently Oracle did the right thing by buying up the name, many fall for it and many others mod them up. Depressing, huh.
And now you all proper slashdotters are thanking God that something named "postgresql" has basically no marketing value, aren't you.