Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-22060

MSAN use-of-uninitialized-value in main.query_cache_innodb

    XMLWordPrintable

Details

    Description

      MemorySanitizer (see MDEV-20377 how to use it) revealed a use of an uninitialized value in the test main.query_cache_innodb:

      10.5 53aabda6b5ac6af989a97a00ff97efda9ff8772e

      		 
      CURRENT_TEST: main.query_cache_innodb
      		 
      mysqltest: At line 43: query 'select * from `t2$ї`' failed: 2013: Lost connection to MySQL server during query
      		 
      Version: '10.5.3-MariaDB-debug-log'  socket: '/dev/shm/10.5ms/mysql-test/var/tmp/11/mysqld.1.sock'  port: 16200  Source distribution
      		 
      Uninitialized bytes in MemcmpInterceptorCommon at offset 14 inside [0x7fbbb6ff0f00, 17)
      		 
      ==2528976==WARNING: MemorySanitizer: use-of-uninitialized-value
      		 
          #0 0x5608be9a9adc in bcmp (/dev/shm/10.5ms/sql/mariadbd+0x6deadc)
      		 
          #1 0x5608c18e5d0b in dict_table_t* dict_acquire_mdl_shared<false>(dict_table_t*, THD*,MDL_ticket**, dict_table_op_t) /mariadb/10.5m/storage/innobase/dict/dict0dict.cc:892:10
      		 
          #2 0x5608c1892a20 in dict_table_open_on_id(unsigned long, bool, dict_table_op_t, THD*, MDL_ticket**) /mariadb/10.5m/storage/innobase/dict/dict0dict.cc:947:12
      		 
          #3 0x5608c129fdeb in row_purge_parse_undo_rec(purge_node_t*, unsigned char*, que_thr_t*, bool*) /mariadb/10.5m/storage/innobase/row/row0purge.cc:933:16
      		 
          #4 0x5608c129fdeb in row_purge(purge_node_t*, unsigned char*, que_thr_t*) /mariadb/10.5m/storage/innobase/row/row0purge.cc:1107:10
      		 
          #5 0x5608c129fdeb in row_purge_step(que_thr_t*) /mariadb/10.5m/storage/innobase/row/row0purge.cc:1159:3
      		 
        Uninitialized value was created by an allocation of 'db_buf' in the stack frame of function '_Z23dict_acquire_mdl_sharedILb0EEP12dict_table_tS1_P3THDPP10MDL_ticket15dict_table_op_t'
      		 
          #0 0x5608c18e4de0 in dict_table_t* dict_acquire_mdl_shared<false>(dict_table_t*, THD*, MDL_ticket**, dict_table_op_t) /mariadb/10.5m/storage/innobase/dict/dict0dict.cc:790

      Only 16 bytes of the db_buf are initialized, but we are comparing 20 of them. The reason is that the name shrunk in dict_table_t::parse_name(), but the length was not adjusted accordingly. Something similar was fixed in MDEV-21344, but only for the table name.

      Attachments

        Issue Links

          is caused by

          Task - A task that needs to be done. MDEV-16678 Use MDL for innodb background threads instead of dict_operation_lock

          • Critical - Crashes, loss of data, severe memory leak.
          • Closed
          relates to

          Bug - A problem which impairs or prevents the functions of the product. MDEV-20377 Make WITH_MSAN more usable

          • Major - Major loss of function.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. MDEV-21344 Valgrind uninitialised value warnings in dict_acquire_mdl_shared / dict_table_open_on_id

          • Major - Major loss of function.
          • Closed

          Activity

            People

              marko Marko Mäkelä
              marko Marko Mäkelä
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.