Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-11641

innobase_get_stmt_safe() does not copy the last byte of thd->query_string

    XMLWordPrintable

Details

    Description

      http://buildbot.askmonty.org/buildbot/builders/xenial-amd64-valgrind/builds/183/steps/test/logs/stdio
      Also reproducible locally with cmake . -DCMAKE_BUILD_TYPE=Debug -DWITH_VALGRIND=YES

      innodb.innodb_information_schema_tables 'innodb' w3 [ fail ]  Found warnings/errors in server log file!
      		 
              Test ended at 2016-12-22 09:15:35
      		 
      line
      		 
      ==26507== Thread 27:
      		 
      ==26507== Conditional jump or move depends on uninitialised value(s)
      		 
      ==26507==    at 0xFB1FA9: hash_get_nth_cell(hash_table_t*, unsigned long) (hash0hash.ic:40)
      		 
      ==26507==    by 0xFB2440: ha_storage_get(ha_storage_t*, void const*, unsigned long) (ha0storage.cc:59)
      		 
      ==26507==    by 0xFB24CF: ha_storage_put_memlim(ha_storage_t*, void const*, unsigned long, unsigned long) (ha0storage.cc:100)
      		 
      ==26507==    by 0xE36F5A: fill_trx_row(i_s_trx_row_t*, trx_t const*, i_s_locks_row_t const*, trx_i_s_cache_t*) (trx0i_s.cc:503)
      		 
      ==26507==    by 0xE38A17: fetch_data_into_cache_low(trx_i_s_cache_t*, bool, ut_list_base<trx_t, ut_list_node<trx_t> trx_t::*>*) (trx0i_s.cc:1312)
      		 
      ==26507==    by 0xE38B29: fetch_data_into_cache(trx_i_s_cache_t*) (trx0i_s.cc:1338)
      		 
      ==26507==    by 0xE38C07: trx_i_s_possibly_fetch_data_into_cache(trx_i_s_cache_t*) (trx0i_s.cc:1366)
      		 
      ==26507==    by 0xC8D457: trx_i_s_common_fill_table(THD*, TABLE_LIST*, Item*) (i_s.cc:1274)
      		 
      ==26507==    by 0x74BD50: get_schema_tables_result(JOIN*, enum_schema_table_state) (sql_show.cc:8204)
      		 
      ==26507==    by 0x6EAD24: JOIN::exec_inner() (sql_select.cc:3352)
      		 
      ==26507==    by 0x6EA463: JOIN::exec() (sql_select.cc:3199)
      		 
      ==26507==    by 0x6EB5C5: mysql_select(THD*, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) (sql_select.cc:3584)
      		 
      ==26507== Use of uninitialised value of size 8
      		 
      ==26507==    at 0xFB2441: ha_storage_get(ha_storage_t*, void const*, unsigned long) (ha0storage.cc:59)
      		 
      ==26507==    by 0xFB24CF: ha_storage_put_memlim(ha_storage_t*, void const*, unsigned long, unsigned long) (ha0storage.cc:100)
      		 
      ==26507==    by 0xE36F5A: fill_trx_row(i_s_trx_row_t*, trx_t const*, i_s_locks_row_t const*, trx_i_s_cache_t*) (trx0i_s.cc:503)
      		 
      ==26507==    by 0xE38A17: fetch_data_into_cache_low(trx_i_s_cache_t*, bool, ut_list_base<trx_t, ut_list_node<trx_t> trx_t::*>*) (trx0i_s.cc:1312)
      		 
      ==26507==    by 0xE38B29: fetch_data_into_cache(trx_i_s_cache_t*) (trx0i_s.cc:1338)
      		 
      ==26507==    by 0xE38C07: trx_i_s_possibly_fetch_data_into_cache(trx_i_s_cache_t*) (trx0i_s.cc:1366)
      		 
      ==26507==    by 0xC8D457: trx_i_s_common_fill_table(THD*, TABLE_LIST*, Item*) (i_s.cc:1274)
      		 
      ==26507==    by 0x74BD50: get_schema_tables_result(JOIN*, enum_schema_table_state) (sql_show.cc:8204)
      		 
      ==26507==    by 0x6EAD24: JOIN::exec_inner() (sql_select.cc:3352)
      		 
      ==26507==    by 0x6EA463: JOIN::exec() (sql_select.cc:3199)
      		 
      ==26507==    by 0x6EB5C5: mysql_select(THD*, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) (sql_select.cc:3584)
      		 
      ==26507==    by 0x6E055F: handle_select(THD*, LEX*, select_result*, unsigned long) (sql_select.cc:373)
      		 
      ==26507== Conditional jump or move depends on uninitialised value(s)
      		 
      ==26507==    at 0xFB1FA9: hash_get_nth_cell(hash_table_t*, unsigned long) (hash0hash.ic:40)
      		 
      ==26507==    by 0xFB263E: ha_storage_put_memlim(ha_storage_t*, void const*, unsigned long, unsigned long) (ha0storage.cc:132)
      		 
      ==26507==    by 0xE36F5A: fill_trx_row(i_s_trx_row_t*, trx_t const*, i_s_locks_row_t const*, trx_i_s_cache_t*) (trx0i_s.cc:503)
      		 
      ==26507==    by 0xE38A17: fetch_data_into_cache_low(trx_i_s_cache_t*, bool, ut_list_base<trx_t, ut_list_node<trx_t> trx_t::*>*) (trx0i_s.cc:1312)
      		 
      ==26507==    by 0xE38B29: fetch_data_into_cache(trx_i_s_cache_t*) (trx0i_s.cc:1338)
      		 
      ==26507==    by 0xE38C07: trx_i_s_possibly_fetch_data_into_cache(trx_i_s_cache_t*) (trx0i_s.cc:1366)
      		 
      ==26507==    by 0xC8D457: trx_i_s_common_fill_table(THD*, TABLE_LIST*, Item*) (i_s.cc:1274)
      		 
      ==26507==    by 0x74BD50: get_schema_tables_result(JOIN*, enum_schema_table_state) (sql_show.cc:8204)
      		 
      ==26507==    by 0x6EAD24: JOIN::exec_inner() (sql_select.cc:3352)
      		 
      ==26507==    by 0x6EA463: JOIN::exec() (sql_select.cc:3199)
      		 
      ==26507==    by 0x6EB5C5: mysql_select(THD*, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) (sql_select.cc:3584)
      		 
      ==26507==    by 0x6E055F: handle_select(THD*, LEX*, select_result*, unsigned long) (sql_select.cc:373)
      		 
      ==26507== Use of uninitialised value of size 8
      		 
      ==26507==    at 0xFB2647: ha_storage_put_memlim(ha_storage_t*, void const*, unsigned long, unsigned long) (ha0storage.cc:132)
      		 
      ==26507==    by 0xE36F5A: fill_trx_row(i_s_trx_row_t*, trx_t const*, i_s_locks_row_t const*, trx_i_s_cache_t*) (trx0i_s.cc:503)
      		 
      ==26507==    by 0xE38A17: fetch_data_into_cache_low(trx_i_s_cache_t*, bool, ut_list_base<trx_t, ut_list_node<trx_t> trx_t::*>*) (trx0i_s.cc:1312)
      		 
      ==26507==    by 0xE38B29: fetch_data_into_cache(trx_i_s_cache_t*) (trx0i_s.cc:1338)
      		 
      ==26507==    by 0xE38C07: trx_i_s_possibly_fetch_data_into_cache(trx_i_s_cache_t*) (trx0i_s.cc:1366)
      		 
      ==26507==    by 0xC8D457: trx_i_s_common_fill_table(THD*, TABLE_LIST*, Item*) (i_s.cc:1274)
      		 
      ==26507==    by 0x74BD50: get_schema_tables_result(JOIN*, enum_schema_table_state) (sql_show.cc:8204)
      		 
      ==26507==    by 0x6EAD24: JOIN::exec_inner() (sql_select.cc:3352)
      		 
      ==26507==    by 0x6EA463: JOIN::exec() (sql_select.cc:3199)
      		 
      ==26507==    by 0x6EB5C5: mysql_select(THD*, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) (sql_select.cc:3584)
      		 
      ==26507==    by 0x6E055F: handle_select(THD*, LEX*, select_result*, unsigned long) (sql_select.cc:373)
      		 
      ==26507==    by 0x6AC2D9: execute_sqlcom_select(THD*, TABLE_LIST*) (sql_parse.cc:6399)
      		 
      ==26507== Use of uninitialised value of size 8
      		 
      ==26507==    at 0xFB2657: ha_storage_put_memlim(ha_storage_t*, void const*, unsigned long, unsigned long) (ha0storage.cc:132)
      		 
      ==26507==    by 0xE36F5A: fill_trx_row(i_s_trx_row_t*, trx_t const*, i_s_locks_row_t const*, trx_i_s_cache_t*) (trx0i_s.cc:503)
      		 
      ==26507==    by 0xE38A17: fetch_data_into_cache_low(trx_i_s_cache_t*, bool, ut_list_base<trx_t, ut_list_node<trx_t> trx_t::*>*) (trx0i_s.cc:1312)
      		 
      ==26507==    by 0xE38B29: fetch_data_into_cache(trx_i_s_cache_t*) (trx0i_s.cc:1338)
      		 
      ==26507==    by 0xE38C07: trx_i_s_possibly_fetch_data_into_cache(trx_i_s_cache_t*) (trx0i_s.cc:1366)
      		 
      ==26507==    by 0xC8D457: trx_i_s_common_fill_table(THD*, TABLE_LIST*, Item*) (i_s.cc:1274)
      		 
      ==26507==    by 0x74BD50: get_schema_tables_result(JOIN*, enum_schema_table_state) (sql_show.cc:8204)
      		 
      ==26507==    by 0x6EAD24: JOIN::exec_inner() (sql_select.cc:3352)
      		 
      ==26507==    by 0x6EA463: JOIN::exec() (sql_select.cc:3199)
      		 
      ==26507==    by 0x6EB5C5: mysql_select(THD*, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) (sql_select.cc:3584)
      		 
      ==26507==    by 0x6E055F: handle_select(THD*, LEX*, select_result*, unsigned long) (sql_select.cc:373)
      		 
      ==26507==    by 0x6AC2D9: execute_sqlcom_select(THD*, TABLE_LIST*) (sql_parse.cc:6399)
      		 
      ==26507== Conditional jump or move depends on uninitialised value(s)
      		 
      ==26507==    at 0x4C30F78: strlen (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
      		 
      ==26507==    by 0xC8C3C0: fill_innodb_trx_from_cache(trx_i_s_cache_t*, THD*, TABLE*) (i_s.cc:644)
      		 
      ==26507==    by 0xC8D57F: trx_i_s_common_fill_table(THD*, TABLE_LIST*, Item*) (i_s.cc:1289)
      		 
      ==26507==    by 0x74BD50: get_schema_tables_result(JOIN*, enum_schema_table_state) (sql_show.cc:8204)
      		 
      ==26507==    by 0x6EAD24: JOIN::exec_inner() (sql_select.cc:3352)
      		 
      ==26507==    by 0x6EA463: JOIN::exec() (sql_select.cc:3199)
      		 
      ==26507==    by 0x6EB5C5: mysql_select(THD*, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) (sql_select.cc:3584)
      		 
      ==26507==    by 0x6E055F: handle_select(THD*, LEX*, select_result*, unsigned long) (sql_select.cc:373)
      		 
      ==26507==    by 0x6AC2D9: execute_sqlcom_select(THD*, TABLE_LIST*) (sql_parse.cc:6399)
      		 
      ==26507==    by 0x6A1AE4: mysql_execute_command(THD*) (sql_parse.cc:3423)
      		 
      ==26507==    by 0x6AFC4E: mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) (sql_parse.cc:7842)
      		 
      ==26507==    by 0x69D551: dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) (sql_parse.cc:1799)

      Attachments

        Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. MDEV-12070 Introduce thd_query_safe() from MySQL 5.7

          • Major - Major loss of function.
          • Closed

          Task - A task that needs to be done. MDEV-7069 Fix buildbot failures in main server trees

          • Major - Major loss of function.
          • Stalled

          Activity

            People

              marko Marko Mäkelä
              elenst Elena Stepanova
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.