Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-19303

Valgrind warnings about uninitialised values in dtuple_validate or mi_rrnd or ma_rrnd upon DELETE .. ORDER BY from sequence

    Details

    • Type: Bug
    • Status: Open (View Workflow)
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 10.3, 10.4
    • Fix Version/s: 10.3, 10.4
    • Component/s: Sequences
    • Labels:
    • Environment:
      gcc (Debian 4.9.2-10) 4.9.2 valgrind-3.12.0.SVN

      Description

      Remember to run with --valgrind.

      CREATE SEQUENCE s ENGINE=MyISAM;
      DELETE IGNORE FROM s ORDER BY cache_size;
       
      # Cleanup
      DROP SEQUENCE s;
      

      10.3 765ae6e8

      ==25702== Thread 6:
      ==25702== Conditional jump or move depends on uninitialised value(s)
      ==25702==    at 0x123E5F4: mi_rrnd (mi_rrnd.c:40)
      ==25702==    by 0x1201E01: ha_myisam::rnd_pos(unsigned char*, unsigned char*) (ha_myisam.cc:1975)
      ==25702==    by 0x128F699: ha_sequence::rnd_pos(unsigned char*, unsigned char*) (ha_sequence.h:121)
      ==25702==    by 0xAD4339: handler::ha_rnd_pos(unsigned char*, unsigned char*) (handler.cc:2846)
      ==25702==    by 0xC5A42E: rr_from_pointers(READ_RECORD*) (records.cc:547)
      ==25702==    by 0x728E64: READ_RECORD::read_record() (records.h:73)
      ==25702==    by 0xC7870D: mysql_delete(THD*, TABLE_LIST*, Item*, SQL_I_List<st_order>*, unsigned long long, unsigned long long, select_result*) (sql_delete.cc:730)
      ==25702==    by 0x7C8591: mysql_execute_command(THD*) (sql_parse.cc:4927)
      ==25702==    by 0x7D273E: mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) (sql_parse.cc:8091)
      ==25702==    by 0x7BF8C5: dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) (sql_parse.cc:1857)
      ==25702==    by 0x7BE2AF: do_command(THD*) (sql_parse.cc:1403)
      ==25702==    by 0x92CBF0: do_handle_one_connection(CONNECT*) (sql_connect.cc:1402)
      ==25702==    by 0x92C974: handle_one_connection (sql_connect.cc:1308)
      ==25702==    by 0xD2438E: pfs_spawn_thread (pfs.cc:1862)
      ==25702==    by 0x4E3F493: start_thread (pthread_create.c:333)
      ==25702==    by 0x6EB893E: clone (clone.S:97)
      ==25702== Conditional jump or move depends on uninitialised value(s)
      ==25702==    at 0x1245367: _mi_read_rnd_static_record (mi_statrec.c:250)
      ==25702==    by 0x123E6DE: mi_rrnd (mi_rrnd.c:59)
      ==25702==    by 0x1201E01: ha_myisam::rnd_pos(unsigned char*, unsigned char*) (ha_myisam.cc:1975)
      ==25702==    by 0x128F699: ha_sequence::rnd_pos(unsigned char*, unsigned char*) (ha_sequence.h:121)
      ==25702==    by 0xAD4339: handler::ha_rnd_pos(unsigned char*, unsigned char*) (handler.cc:2846)
      ==25702==    by 0xC5A42E: rr_from_pointers(READ_RECORD*) (records.cc:547)
      ==25702==    by 0x728E64: READ_RECORD::read_record() (records.h:73)
      ==25702==    by 0xC7870D: mysql_delete(THD*, TABLE_LIST*, Item*, SQL_I_List<st_order>*, unsigned long long, unsigned long long, select_result*) (sql_delete.cc:730)
      ==25702==    by 0x7C8591: mysql_execute_command(THD*) (sql_parse.cc:4927)
      ==25702==    by 0x7D273E: mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) (sql_parse.cc:8091)
      ==25702==    by 0x7BF8C5: dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) (sql_parse.cc:1857)
      ==25702==    by 0x7BE2AF: do_command(THD*) (sql_parse.cc:1403)
      ==25702==    by 0x92CBF0: do_handle_one_connection(CONNECT*) (sql_connect.cc:1402)
      ==25702==    by 0x92C974: handle_one_connection (sql_connect.cc:1308)
      ==25702==    by 0xD2438E: pfs_spawn_thread (pfs.cc:1862)
      ==25702==    by 0x4E3F493: start_thread (pthread_create.c:333)
      

      --source include/have_innodb.inc
       
      CREATE SEQUENCE s ENGINE=InnoDB;
      DELETE IGNORE FROM s ORDER BY cache_size;
       
      # Cleanup
      DROP SEQUENCE s;
      

      10.3 765ae6e8

      ==25926== Thread 27:
      ==25926== Uninitialised byte(s) found during client check request
      ==25926==    at 0x1023053: dtuple_validate(dtuple_t const*) (data0data.cc:261)
      ==25926==    by 0xE1E84D: page_cur_search_with_match_bytes(buf_block_t const*, dict_index_t const*, dtuple_t const*, page_cur_mode_t, unsigned long*, unsigned long*, unsigned long*, unsigned long*, page_cur_t*) (page0cur.cc:599)
      ==25926==    by 0xFAFF11: btr_cur_search_to_nth_level_func(dict_index_t*, unsigned long, dtuple_t const*, page_cur_mode_t, unsigned long, btr_cur_t*, rw_lock_t*, char const*, unsigned int, mtr_t*, unsigned long) (btr0cur.cc:1841)
      ==25926==    by 0xEDC446: btr_pcur_open_with_no_init_func(dict_index_t*, dtuple_t const*, page_cur_mode_t, unsigned long, btr_pcur_t*, rw_lock_t*, char const*, unsigned int, mtr_t*) (btr0pcur.ic:527)
      ==25926==    by 0xEE842D: row_search_mvcc(unsigned char*, page_cur_mode_t, row_prebuilt_t*, unsigned long, unsigned long) (row0sel.cc:4602)
      ==25926==    by 0xD48B82: ha_innobase::index_read(unsigned char*, unsigned char const*, unsigned int, ha_rkey_function) (ha_innodb.cc:9332)
      ==25926==    by 0xD49CFC: ha_innobase::rnd_pos(unsigned char*, unsigned char*) (ha_innodb.cc:9834)
      ==25926==    by 0x128F699: ha_sequence::rnd_pos(unsigned char*, unsigned char*) (ha_sequence.h:121)
      ==25926==    by 0xAD4339: handler::ha_rnd_pos(unsigned char*, unsigned char*) (handler.cc:2846)
      ==25926==    by 0xC5A42E: rr_from_pointers(READ_RECORD*) (records.cc:547)
      ==25926==    by 0x728E64: READ_RECORD::read_record() (records.h:73)
      ==25926==    by 0xC7870D: mysql_delete(THD*, TABLE_LIST*, Item*, SQL_I_List<st_order>*, unsigned long long, unsigned long long, select_result*) (sql_delete.cc:730)
      ==25926==    by 0x7C8591: mysql_execute_command(THD*) (sql_parse.cc:4927)
      ==25926==    by 0x7D273E: mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) (sql_parse.cc:8091)
      ==25926==    by 0x7BF8C5: dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) (sql_parse.cc:1857)
      ==25926==    by 0x7BE2AF: do_command(THD*) (sql_parse.cc:1403)
      ==25926==  Address 0x19c1e0d8 is 8 bytes inside a block of size 16 alloc'd
      ==25926==    at 0x4C2BBAF: malloc (vg_replace_malloc.c:299)
      ==25926==    by 0x12C0E31: my_malloc (my_malloc.c:101)
      ==25926==    by 0xAC92C7: save_index(Sort_param*, unsigned int, SORT_INFO*) (filesort.cc:1288)
      ==25926==    by 0xAC62C1: filesort(THD*, TABLE*, Filesort*, Filesort_tracker*, JOIN*, unsigned long long) (filesort.cc:283)
      ==25926==    by 0xC77E30: mysql_delete(THD*, TABLE_LIST*, Item*, SQL_I_List<st_order>*, unsigned long long, unsigned long long, select_result*) (sql_delete.cc:636)
      ==25926==    by 0x7C8591: mysql_execute_command(THD*) (sql_parse.cc:4927)
      ==25926==    by 0x7D273E: mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) (sql_parse.cc:8091)
      ==25926==    by 0x7BF8C5: dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) (sql_parse.cc:1857)
      ==25926==    by 0x7BE2AF: do_command(THD*) (sql_parse.cc:1403)
      ==25926==    by 0x92CBF0: do_handle_one_connection(CONNECT*) (sql_connect.cc:1402)
      ==25926==    by 0x92C974: handle_one_connection (sql_connect.cc:1308)
      ==25926==    by 0xD2438E: pfs_spawn_thread (pfs.cc:1862)
      ==25926==    by 0x4E3F493: start_thread (pthread_create.c:333)
      ==25926==    by 0x6EB893E: clone (clone.S:97)
      ==25926== Conditional jump or move depends on uninitialised value(s)
      ==25926==    at 0xE5657E: cmp_dtuple_rec_with_match_bytes(dtuple_t const*, unsigned char const*, dict_index_t const*, unsigned long const*, unsigned long*, unsigned long*) (rem0cmp.cc:916)
      ==25926==    by 0xE1EEE0: page_cur_search_with_match_bytes(buf_block_t const*, dict_index_t const*, dtuple_t const*, page_cur_mode_t, unsigned long*, unsigned long*, unsigned long*, unsigned long*, page_cur_t*) (page0cur.cc:749)
      ==25926==    by 0xFAFF11: btr_cur_search_to_nth_level_func(dict_index_t*, unsigned long, dtuple_t const*, page_cur_mode_t, unsigned long, btr_cur_t*, rw_lock_t*, char const*, unsigned int, mtr_t*, unsigned long) (btr0cur.cc:1841)
      ==25926==    by 0xEDC446: btr_pcur_open_with_no_init_func(dict_index_t*, dtuple_t const*, page_cur_mode_t, unsigned long, btr_pcur_t*, rw_lock_t*, char const*, unsigned int, mtr_t*) (btr0pcur.ic:527)
      ==25926==    by 0xEE842D: row_search_mvcc(unsigned char*, page_cur_mode_t, row_prebuilt_t*, unsigned long, unsigned long) (row0sel.cc:4602)
      ==25926==    by 0xD48B82: ha_innobase::index_read(unsigned char*, unsigned char const*, unsigned int, ha_rkey_function) (ha_innodb.cc:9332)
      ==25926==    by 0xD49CFC: ha_innobase::rnd_pos(unsigned char*, unsigned char*) (ha_innodb.cc:9834)
      ==25926==    by 0x128F699: ha_sequence::rnd_pos(unsigned char*, unsigned char*) (ha_sequence.h:121)
      ==25926==    by 0xAD4339: handler::ha_rnd_pos(unsigned char*, unsigned char*) (handler.cc:2846)
      ==25926==    by 0xC5A42E: rr_from_pointers(READ_RECORD*) (records.cc:547)
      ==25926==    by 0x728E64: READ_RECORD::read_record() (records.h:73)
      ==25926==    by 0xC7870D: mysql_delete(THD*, TABLE_LIST*, Item*, SQL_I_List<st_order>*, unsigned long long, unsigned long long, select_result*) (sql_delete.cc:730)
      ==25926==    by 0x7C8591: mysql_execute_command(THD*) (sql_parse.cc:4927)
      ==25926==    by 0x7D273E: mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) (sql_parse.cc:8091)
      ==25926==    by 0x7BF8C5: dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) (sql_parse.cc:1857)
      ==25926==    by 0x7BE2AF: do_command(THD*) (sql_parse.cc:1403)
      ==25926== Conditional jump or move depends on uninitialised value(s)
      ==25926==    at 0xE56591: cmp_dtuple_rec_with_match_bytes(dtuple_t const*, unsigned char const*, dict_index_t const*, unsigned long const*, unsigned long*, unsigned long*) (rem0cmp.cc:919)
      ==25926==    by 0xE1EEE0: page_cur_search_with_match_bytes(buf_block_t const*, dict_index_t const*, dtuple_t const*, page_cur_mode_t, unsigned long*, unsigned long*, unsigned long*, unsigned long*, page_cur_t*) (page0cur.cc:749)
      ==25926==    by 0xFAFF11: btr_cur_search_to_nth_level_func(dict_index_t*, unsigned long, dtuple_t const*, page_cur_mode_t, unsigned long, btr_cur_t*, rw_lock_t*, char const*, unsigned int, mtr_t*, unsigned long) (btr0cur.cc:1841)
      ==25926==    by 0xEDC446: btr_pcur_open_with_no_init_func(dict_index_t*, dtuple_t const*, page_cur_mode_t, unsigned long, btr_pcur_t*, rw_lock_t*, char const*, unsigned int, mtr_t*) (btr0pcur.ic:527)
      ==25926==    by 0xEE842D: row_search_mvcc(unsigned char*, page_cur_mode_t, row_prebuilt_t*, unsigned long, unsigned long) (row0sel.cc:4602)
      ==25926==    by 0xD48B82: ha_innobase::index_read(unsigned char*, unsigned char const*, unsigned int, ha_rkey_function) (ha_innodb.cc:9332)
      ==25926==    by 0xD49CFC: ha_innobase::rnd_pos(unsigned char*, unsigned char*) (ha_innodb.cc:9834)
      ==25926==    by 0x128F699: ha_sequence::rnd_pos(unsigned char*, unsigned char*) (ha_sequence.h:121)
      ==25926==    by 0xAD4339: handler::ha_rnd_pos(unsigned char*, unsigned char*) (handler.cc:2846)
      ==25926==    by 0xC5A42E: rr_from_pointers(READ_RECORD*) (records.cc:547)
      ==25926==    by 0x728E64: READ_RECORD::read_record() (records.h:73)
      ==25926==    by 0xC7870D: mysql_delete(THD*, TABLE_LIST*, Item*, SQL_I_List<st_order>*, unsigned long long, unsigned long long, select_result*) (sql_delete.cc:730)
      ==25926==    by 0x7C8591: mysql_execute_command(THD*) (sql_parse.cc:4927)
      ==25926==    by 0x7D273E: mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) (sql_parse.cc:8091)
      ==25926==    by 0x7BF8C5: dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) (sql_parse.cc:1857)
      ==25926==    by 0x7BE2AF: do_command(THD*) (sql_parse.cc:1403)
      

      Aria additionally produces an unexpected error, so it needs to be masked in order to get Valgrind errors:

      CREATE SEQUENCE s ENGINE=Aria;
      --error ER_GET_ERRNO
      DELETE FROM s ORDER BY cache_size;
       
      # Cleanup
       
      DROP SEQUENCE s;
      

      10.4 d18ef804

      ERROR HY000: Got error 175 "File too short; Expected more data in file" from storage engine Aria
      ...
      ==5883== Thread 6:
      ==5883== Conditional jump or move depends on uninitialised value(s)
      ==5883==    at 0x126FB91: maria_rrnd (ma_rrnd.c:36)
      ==5883==    by 0x1214E27: ha_maria::rnd_pos(unsigned char*, unsigned char*) (ha_maria.cc:2552)
      ==5883==    by 0x13CC983: ha_sequence::rnd_pos(unsigned char*, unsigned char*) (ha_sequence.h:121)
      ==5883==    by 0xBE3B5F: handler::ha_rnd_pos(unsigned char*, unsigned char*) (handler.cc:2841)
      ==5883==    by 0xD76FE0: rr_from_pointers(READ_RECORD*) (records.cc:547)
      ==5883==    by 0x7EB208: READ_RECORD::read_record() (records.h:73)
      ==5883==    by 0xD958C6: mysql_delete(THD*, TABLE_LIST*, Item*, SQL_I_List<st_order>*, unsigned long long, unsigned long long, select_result*) (sql_delete.cc:804)
      ==5883==    by 0x89A778: mysql_execute_command(THD*) (sql_parse.cc:4977)
      ==5883==    by 0x8A58FA: mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) (sql_parse.cc:8149)
      ==5883==    by 0x890E85: dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) (sql_parse.cc:1828)
      ==5883==    by 0x88F645: do_command(THD*) (sql_parse.cc:1361)
      ==5883==    by 0xA0D0BA: do_handle_one_connection(CONNECT*) (sql_connect.cc:1398)
      ==5883==    by 0xA0CE1E: handle_one_connection (sql_connect.cc:1301)
      ==5883==    by 0x1393800: pfs_spawn_thread (pfs.cc:1862)
      ==5883==    by 0x4E3F4A3: start_thread (pthread_create.c:456)
      ==5883==    by 0x6937D0E: clone (clone.S:97)
      ==5883== Conditional jump or move depends on uninitialised value(s)
      ==5883==    at 0x1271377: _ma_read_static_record (ma_statrec.c:175)
      ==5883==    by 0x126FC42: maria_rrnd (ma_rrnd.c:44)
      ==5883==    by 0x1214E27: ha_maria::rnd_pos(unsigned char*, unsigned char*) (ha_maria.cc:2552)
      ==5883==    by 0x13CC983: ha_sequence::rnd_pos(unsigned char*, unsigned char*) (ha_sequence.h:121)
      ==5883==    by 0xBE3B5F: handler::ha_rnd_pos(unsigned char*, unsigned char*) (handler.cc:2841)
      ==5883==    by 0xD76FE0: rr_from_pointers(READ_RECORD*) (records.cc:547)
      ==5883==    by 0x7EB208: READ_RECORD::read_record() (records.h:73)
      ==5883==    by 0xD958C6: mysql_delete(THD*, TABLE_LIST*, Item*, SQL_I_List<st_order>*, unsigned long long, unsigned long long, select_result*) (sql_delete.cc:804)
      ==5883==    by 0x89A778: mysql_execute_command(THD*) (sql_parse.cc:4977)
      ==5883==    by 0x8A58FA: mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) (sql_parse.cc:8149)
      ==5883==    by 0x890E85: dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) (sql_parse.cc:1828)
      ==5883==    by 0x88F645: do_command(THD*) (sql_parse.cc:1361)
      ==5883==    by 0xA0D0BA: do_handle_one_connection(CONNECT*) (sql_connect.cc:1398)
      ==5883==    by 0xA0CE1E: handle_one_connection (sql_connect.cc:1301)
      ==5883==    by 0x1393800: pfs_spawn_thread (pfs.cc:1862)
      ==5883==    by 0x4E3F4A3: start_thread (pthread_create.c:456)
      ==5883== Syscall param pread64(offset) contains uninitialised byte(s)
      ==5883==    at 0x4E48923: ??? (syscall-template.S:84)
      ==5883==    by 0x1400867: my_pread (my_pread.c:66)
      ==5883==    by 0x11FFFBB: inline_mysql_file_pread (mysql_file.h:1206)
      ==5883==    by 0x12004B1: _ma_nommap_pread (ma_dynrec.c:162)
      ==5883==    by 0x12713F1: _ma_read_static_record (ma_statrec.c:183)
      ==5883==    by 0x126FC42: maria_rrnd (ma_rrnd.c:44)
      ==5883==    by 0x1214E27: ha_maria::rnd_pos(unsigned char*, unsigned char*) (ha_maria.cc:2552)
      ==5883==    by 0x13CC983: ha_sequence::rnd_pos(unsigned char*, unsigned char*) (ha_sequence.h:121)
      ==5883==    by 0xBE3B5F: handler::ha_rnd_pos(unsigned char*, unsigned char*) (handler.cc:2841)
      ==5883==    by 0xD76FE0: rr_from_pointers(READ_RECORD*) (records.cc:547)
      ==5883==    by 0x7EB208: READ_RECORD::read_record() (records.h:73)
      ==5883==    by 0xD958C6: mysql_delete(THD*, TABLE_LIST*, Item*, SQL_I_List<st_order>*, unsigned long long, unsigned long long, select_result*) (sql_delete.cc:804)
      ==5883==    by 0x89A778: mysql_execute_command(THD*) (sql_parse.cc:4977)
      ==5883==    by 0x8A58FA: mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) (sql_parse.cc:8149)
      ==5883==    by 0x890E85: dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) (sql_parse.cc:1828)
      ==5883==    by 0x88F645: do_command(THD*) (sql_parse.cc:1361)
      

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                sanja Oleksandr Byelkin
                Reporter:
                elenst Elena Stepanova
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated: