Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-11938

json.json_no_table crashes or fails with valgrind warnings in json_find_path / Item_func_json_length::val_int

    XMLWordPrintable

Details

    • Bug
    • Status: Closed (View Workflow)
    • Major
    • Resolution: Fixed
    • 10.2
    • 10.2.4
    • JSON
    • None

    Description

      10.2 3d12587ca

      $ perl ./mtr json.json_no_table --valgrind
      ...
      json.json_no_table                       [ fail ]  Found warnings/errors in server log file!
              Test ended at 2017-01-30 01:39:38
      line
      ==11518== Thread 6:
      ==11518== Conditional jump or move depends on uninitialised value(s)
      ==11518==    at 0x10F5C05: json_find_path (json_lib.c:1309)
      ==11518==    by 0xAF0ACD: Item_func_json_length::val_int() (item_jsonfunc.cc:1746)
      ==11518==    by 0x935F42: Item::send(Protocol*, String*) (item.cc:6888)
      ==11518==    by 0x5E06F9: Protocol::send_result_set_row(List<Item>*) (protocol.cc:979)
      ==11518==    by 0x660A2F: select_send::send_data(List<Item>&) (sql_class.cc:2761)
      ==11518==    by 0x6EE4EC: JOIN::exec_inner() (sql_select.cc:3279)
      ==11518==    by 0x6EDF87: JOIN::exec() (sql_select.cc:3199)
      ==11518==    by 0x6EF0F0: mysql_select(THD*, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) (sql_select.cc:3584)
      ==11518==    by 0x6E40D0: handle_select(THD*, LEX*, select_result*, unsigned long) (sql_select.cc:373)
      ==11518==    by 0x6B05CA: execute_sqlcom_select(THD*, TABLE_LIST*) (sql_parse.cc:6399)
      ==11518==    by 0x6A65E4: mysql_execute_command(THD*) (sql_parse.cc:3429)
      ==11518==    by 0x6B3F9B: mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) (sql_parse.cc:7842)
      ==11518==    by 0x6A20A6: dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) (sql_parse.cc:1800)
      ==11518==    by 0x6A0A9E: do_command(THD*) (sql_parse.cc:1360)
      ==11518==    by 0x7E93DF: do_handle_one_connection(CONNECT*) (sql_connect.cc:1354)
      ==11518==    by 0x7E916C: handle_one_connection (sql_connect.cc:1260)
      ...
      

      It also crashes on labrador:
      http://buildbot.askmonty.org/buildbot/builders/labrador/builds/9011/steps/test/logs/stdio

      Attempting backtrace. You can use the following information to find out
      where mysqld died. If you see no messages after this, something went
      terribly wrong...
      stack_bottom = 0x11746ae60 thread_stack 0x48c00
      0   mysqld                              0x000000011021cbce my_print_stacktrace + 46
      0   mysqld                              0x000000010fb1e160 handle_fatal_signal + 720
      0   libsystem_c.dylib                   0x00007fff8a671cfa _sigtramp + 26
      0   mysqld                              0x000000010fc3afcd my_malloc_size_cb_func + 45
      0   mysqld                              0x000000010fe60670 _ZN22Item_func_json_extract7val_strEP6String + 220
      0   mysqld                              0x000000010fb2bb10 _ZN4Item4sendEP8ProtocolP6String + 76
      0   mysqld                              0x000000010fc66a7c _ZN8Protocol19send_result_set_rowEP4ListI4ItemE + 142
      0   mysqld                              0x000000010fccf5a1 _ZN11select_send9send_dataER4ListI4ItemE + 99
      0   mysqld                              0x000000010fd77008 _ZN4JOIN10exec_innerEv + 700
      0   mysqld                              0x000000010fd768e3 _Z12mysql_selectP3THDP10TABLE_LISTjR4ListI4ItemEPS4_jP8st_orderS9_S7_S9_yP13select_resultP18st_select_lex_unitP13st_select_lex + 707
      0   mysqld                              0x000000010fd778fb _Z13handle_selectP3THDP3LEXP13select_resultm + 299
      0   mysqld                              0x000000010fd10e43 _ZL21execute_sqlcom_selectP3THDP10TABLE_LIST + 1123
      0   mysqld                              0x000000010fd129c4 _Z21mysql_execute_commandP3THD + 5780
      0   mysqld                              0x000000010fd1aaea _Z11mysql_parseP3THDPcjP12Parser_statebb + 410
      0   mysqld                              0x000000010fd1ce19 _Z16dispatch_command19enum_server_commandP3THDPcjbb + 2937
      0   mysqld                              0x000000010fd1edfa _Z10do_commandP3THD + 1354
      0   mysqld                              0x000000010fe000be _Z24do_handle_one_connectionP7CONNECT + 638
      0   mysqld                              0x000000010fe001cb handle_one_connection + 59
      0   mysqld                              0x00000001101c41e8 pfs_spawn_thread + 296
      0   libsystem_c.dylib                   0x00007fff8a61d8bf _pthread_start + 335
      0   libsystem_c.dylib                   0x00007fff8a620b75 thread_start + 13
       
      Trying to get some variables.
      Some pointers may be invalid and cause the dump to abort.
      Query (0x7fb0d2195a20): is an invalid pointer
      Connection ID (thread ID): 619
      Status: NOT_KILLED
      

      Attachments

        Activity

          People

            holyfoot Alexey Botchkov
            elenst Elena Stepanova
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Git Integration

                Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.