Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-23742

ASAN use-after-poison in sys_var::val_str_nolock or Valgrind Conditional jump or move depends on uninitialised value

    XMLWordPrintable

    Details

      Description

      SET SESSION session_track_system_variables= 'ARIA_USED_FOR_TEMP_TABLES';
      SELECT COUNT(*) FROM INFORMATION_SCHEMA.SYSTEM_VARIABLES WHERE READ_ONLY='YES';
      

      10.2 80075ba0 ASAN

      ==37734==ERROR: AddressSanitizer: use-after-poison on address 0x62b0000059f2 at pc 0x7f1f16303a6d bp 0x7f1f0b4679d0 sp 0x7f1f0b467178
      READ of size 2229 at 0x62b0000059f2 thread T5
          #0 0x7f1f16303a6c  (/lib/x86_64-linux-gnu/libasan.so.5+0x67a6c)
          #1 0x55efc08400c7 in sys_var::val_str_nolock(String*, THD*, unsigned char const*) /data/src/10.2/sql/set_var.cc:367
          #2 0x55efc084418f in store_value_ptr /data/src/10.2/sql/set_var.cc:1051
          #3 0x55efc08442e8 in store_var /data/src/10.2/sql/set_var.cc:1062
          #4 0x55efc0844a7a in fill_sysvars(THD*, TABLE_LIST*, Item*) /data/src/10.2/sql/set_var.cc:1100
          #5 0x55efc0c1343e in get_schema_tables_result(JOIN*, enum_schema_table_state) /data/src/10.2/sql/sql_show.cc:8467
          #6 0x55efc0afbdb3 in JOIN::exec_inner() /data/src/10.2/sql/sql_select.cc:3602
          #7 0x55efc0af9f95 in JOIN::exec() /data/src/10.2/sql/sql_select.cc:3433
          #8 0x55efc0afd777 in mysql_select(THD*, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /data/src/10.2/sql/sql_select.cc:3833
          #9 0x55efc0ada37b in handle_select(THD*, LEX*, select_result*, unsigned long) /data/src/10.2/sql/sql_select.cc:361
          #10 0x55efc0a52ac1 in execute_sqlcom_select /data/src/10.2/sql/sql_parse.cc:6218
          #11 0x55efc0a3f8c9 in mysql_execute_command(THD*) /data/src/10.2/sql/sql_parse.cc:3524
          #12 0x55efc0a5bf77 in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /data/src/10.2/sql/sql_parse.cc:7733
          #13 0x55efc0a35272 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /data/src/10.2/sql/sql_parse.cc:1823
          #14 0x55efc0a3204e in do_command(THD*) /data/src/10.2/sql/sql_parse.cc:1377
          #15 0x55efc0db5765 in do_handle_one_connection(CONNECT*) /data/src/10.2/sql/sql_connect.cc:1336
          #16 0x55efc0db5028 in handle_one_connection /data/src/10.2/sql/sql_connect.cc:1241
          #17 0x55efc2135105 in pfs_spawn_thread /data/src/10.2/storage/perfschema/pfs.cc:1869
          #18 0x7f1f161c9608 in start_thread /build/glibc-YYA7BZ/glibc-2.31/nptl/pthread_create.c:477
          #19 0x7f1f15da3102 in __clone (/lib/x86_64-linux-gnu/libc.so.6+0x122102)
       
      0x62b00000628c is located 0 bytes to the right of 24716-byte region [0x62b000000200,0x62b00000628c)
      allocated by thread T5 here:
          #0 0x7f1f163a9bc8 in malloc (/lib/x86_64-linux-gnu/libasan.so.5+0x10dbc8)
          #1 0x55efc23182b3 in sf_malloc /data/src/10.2/mysys/safemalloc.c:118
          #2 0x55efc22e4668 in my_malloc /data/src/10.2/mysys/my_malloc.c:101
          #3 0x55efc22c1703 in reset_root_defaults /data/src/10.2/mysys/my_alloc.c:147
          #4 0x55efc097ca39 in THD::init_for_queries() /data/src/10.2/sql/sql_class.cc:1313
          #5 0x55efc0db49a6 in prepare_new_connection_state(THD*) /data/src/10.2/sql/sql_connect.cc:1172
          #6 0x55efc0db5072 in thd_prepare_connection(THD*) /data/src/10.2/sql/sql_connect.cc:1256
          #7 0x55efc0db5690 in do_handle_one_connection(CONNECT*) /data/src/10.2/sql/sql_connect.cc:1326
          #8 0x55efc0db5028 in handle_one_connection /data/src/10.2/sql/sql_connect.cc:1241
          #9 0x55efc2135105 in pfs_spawn_thread /data/src/10.2/storage/perfschema/pfs.cc:1869
          #10 0x7f1f161c9608 in start_thread /build/glibc-YYA7BZ/glibc-2.31/nptl/pthread_create.c:477
       
      Thread T5 created by T0 here:
          #0 0x7f1f162d6805 in pthread_create (/lib/x86_64-linux-gnu/libasan.so.5+0x3a805)
          #1 0x55efc21354f6 in spawn_thread_v1 /data/src/10.2/storage/perfschema/pfs.cc:1919
          #2 0x55efc07d9f97 in inline_mysql_thread_create /data/src/10.2/include/mysql/psi/mysql_thread.h:1246
          #3 0x55efc07f1927 in create_thread_to_handle_connection(CONNECT*) /data/src/10.2/sql/mysqld.cc:6518
          #4 0x55efc07f20b8 in create_new_thread /data/src/10.2/sql/mysqld.cc:6588
          #5 0x55efc07f3243 in handle_connections_sockets() /data/src/10.2/sql/mysqld.cc:6846
          #6 0x55efc07f0c99 in mysqld_main(int, char**) /data/src/10.2/sql/mysqld.cc:6137
          #7 0x55efc07d887c in main /data/src/10.2/sql/main.cc:25
          #8 0x7f1f15ca80b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)
       
      SUMMARY: AddressSanitizer: use-after-poison (/lib/x86_64-linux-gnu/libasan.so.5+0x67a6c) 
      Shadow bytes around the buggy address:
        0x0c567fff8ae0: 00 00 00 00 f7 00 00 00 00 00 00 00 00 00 00 00
        0x0c567fff8af0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
        0x0c567fff8b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
        0x0c567fff8b10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
        0x0c567fff8b20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
      =>0x0c567fff8b30: 00 00 00 00 00 00 00 00 00 f7 00 00 00 00[02]f7
        0x0c567fff8b40: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
        0x0c567fff8b50: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
        0x0c567fff8b60: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
        0x0c567fff8b70: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
        0x0c567fff8b80: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
      Shadow byte legend (one shadow byte represents 8 application bytes):
        Addressable:           00
        Partially addressable: 01 02 03 04 05 06 07 
        Heap left redzone:       fa
        Freed heap region:       fd
        Stack left redzone:      f1
        Stack mid redzone:       f2
        Stack right redzone:     f3
        Stack after return:      f5
        Stack use after scope:   f8
        Global redzone:          f9
        Global init order:       f6
        Poisoned by user:        f7
        Container overflow:      fc
        Array cookie:            ac
        Intra object redzone:    bb
        ASan internal:           fe
        Left alloca redzone:     ca
        Right alloca redzone:    cb
        Shadow gap:              cc
      ==37734==ABORTING
      

      10.2 80075ba0 Valgrind

      COUNT(*)
      146
      Warnings:
      Warning	1366	Incorrect string value: '\xA5\xA5\xA5\xA5\xA5\xA5...' for column `information_schema`.`(temporary)`.`SESSION_VALUE` at row 343
      bug.sysvar1                              [ fail ]  Found warnings/errors in server log file!
              Test ended at 2020-09-16 22:22:33
      line
      ==37833== Thread 6:
      ==37833== Conditional jump or move depends on uninitialised value(s)
      ==37833==    at 0x483EF49: strlen (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so)
      ==37833==    by 0x62C572: sys_var::val_str_nolock(String*, THD*, unsigned char const*) (set_var.cc:367)
      ==37833==    by 0x62E0D2: store_value_ptr(Field*, sys_var*, String*, unsigned char*) (set_var.cc:1051)
      ==37833==    by 0x62E19C: store_var(Field*, sys_var*, enum_var_type, String*) (set_var.cc:1062)
      ==37833==    by 0x62E4E3: fill_sysvars(THD*, TABLE_LIST*, Item*) (set_var.cc:1100)
      ==37833==    by 0x7B2AB5: get_schema_tables_result(JOIN*, enum_schema_table_state) (sql_show.cc:8467)
      ==37833==    by 0x74B7DF: JOIN::exec_inner() (sql_select.cc:3602)
      ==37833==    by 0x74AE93: JOIN::exec() (sql_select.cc:3433)
      ==37833==    by 0x74C059: mysql_select(THD*, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) (sql_select.cc:3833)
      ==37833==    by 0x74009F: handle_select(THD*, LEX*, select_result*, unsigned long) (sql_select.cc:361)
      ==37833==    by 0x70A5D1: execute_sqlcom_select(THD*, TABLE_LIST*) (sql_parse.cc:6218)
      ==37833==    by 0x700E91: mysql_execute_command(THD*) (sql_parse.cc:3524)
      ==37833==    by 0x70E360: mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) (sql_parse.cc:7733)
      ==37833==    by 0x6FC66F: dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) (sql_parse.cc:1823)
      ==37833==    by 0x6FB16A: do_command(THD*) (sql_parse.cc:1377)
      ==37833==    by 0x85A5AE: do_handle_one_connection(CONNECT*) (sql_connect.cc:1336)
      ==37833== Conditional jump or move depends on uninitialised value(s)
      ==37833==    at 0x483EF58: strlen (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so)
      ==37833==    by 0x62C572: sys_var::val_str_nolock(String*, THD*, unsigned char const*) (set_var.cc:367)
      ==37833==    by 0x62E0D2: store_value_ptr(Field*, sys_var*, String*, unsigned char*) (set_var.cc:1051)
      ==37833==    by 0x62E19C: store_var(Field*, sys_var*, enum_var_type, String*) (set_var.cc:1062)
      ==37833==    by 0x62E4E3: fill_sysvars(THD*, TABLE_LIST*, Item*) (set_var.cc:1100)
      ==37833==    by 0x7B2AB5: get_schema_tables_result(JOIN*, enum_schema_table_state) (sql_show.cc:8467)
      ==37833==    by 0x74B7DF: JOIN::exec_inner() (sql_select.cc:3602)
      ==37833==    by 0x74AE93: JOIN::exec() (sql_select.cc:3433)
      ==37833==    by 0x74C059: mysql_select(THD*, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) (sql_select.cc:3833)
      ==37833==    by 0x74009F: handle_select(THD*, LEX*, select_result*, unsigned long) (sql_select.cc:361)
      ==37833==    by 0x70A5D1: execute_sqlcom_select(THD*, TABLE_LIST*) (sql_parse.cc:6218)
      ==37833==    by 0x700E91: mysql_execute_command(THD*) (sql_parse.cc:3524)
      ==37833==    by 0x70E360: mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) (sql_parse.cc:7733)
      ==37833==    by 0x6FC66F: dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) (sql_parse.cc:1823)
      ==37833==    by 0x6FB16A: do_command(THD*) (sql_parse.cc:1377)
      ==37833==    by 0x85A5AE: do_handle_one_connection(CONNECT*) (sql_connect.cc:1336)
      ==37833== Invalid read of size 1
      ==37833==    at 0x483EF54: strlen (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so)
      ==37833==    by 0x62C572: sys_var::val_str_nolock(String*, THD*, unsigned char const*) (set_var.cc:367)
      ==37833==    by 0x62E0D2: store_value_ptr(Field*, sys_var*, String*, unsigned char*) (set_var.cc:1051)
      ==37833==    by 0x62E19C: store_var(Field*, sys_var*, enum_var_type, String*) (set_var.cc:1062)
      ==37833==    by 0x62E4E3: fill_sysvars(THD*, TABLE_LIST*, Item*) (set_var.cc:1100)
      ==37833==    by 0x7B2AB5: get_schema_tables_result(JOIN*, enum_schema_table_state) (sql_show.cc:8467)
      ==37833==    by 0x74B7DF: JOIN::exec_inner() (sql_select.cc:3602)
      ==37833==    by 0x74AE93: JOIN::exec() (sql_select.cc:3433)
      ==37833==    by 0x74C059: mysql_select(THD*, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) (sql_select.cc:3833)
      ==37833==    by 0x74009F: handle_select(THD*, LEX*, select_result*, unsigned long) (sql_select.cc:361)
      ==37833==    by 0x70A5D1: execute_sqlcom_select(THD*, TABLE_LIST*) (sql_parse.cc:6218)
      ==37833==    by 0x700E91: mysql_execute_command(THD*) (sql_parse.cc:3524)
      ==37833==    by 0x70E360: mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) (sql_parse.cc:7733)
      ==37833==    by 0x6FC66F: dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) (sql_parse.cc:1823)
      ==37833==    by 0x6FB16A: do_command(THD*) (sql_parse.cc:1377)
      ==37833==    by 0x85A5AE: do_handle_one_connection(CONNECT*) (sql_connect.cc:1336)
      ==37833==  Address 0xb9a0898 is 0 bytes after a block of size 72 alloc'd
      ==37833==    at 0x483B7F3: malloc (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so)
      ==37833==    by 0x11803CB: my_malloc (my_malloc.c:101)
      ==37833==    by 0x1170A9C: alloc_root (my_alloc.c:189)
      ==37833==    by 0x611F10: Query_arena::alloc(unsigned long) (sql_class.h:981)
      ==37833==    by 0x888D8C: Sys_var_sesvartrack::session_value_ptr(THD*, st_mysql_lex_string const*) (sys_vars.ic:643)
      ==37833==    by 0x62C13A: sys_var::value_ptr(THD*, enum_var_type, st_mysql_lex_string const*) (set_var.cc:284)
      ==37833==    by 0x62E185: store_var(Field*, sys_var*, enum_var_type, String*) (set_var.cc:1062)
      ==37833==    by 0x62E4E3: fill_sysvars(THD*, TABLE_LIST*, Item*) (set_var.cc:1100)
      ==37833==    by 0x7B2AB5: get_schema_tables_result(JOIN*, enum_schema_table_state) (sql_show.cc:8467)
      ==37833==    by 0x74B7DF: JOIN::exec_inner() (sql_select.cc:3602)
      ==37833==    by 0x74AE93: JOIN::exec() (sql_select.cc:3433)
      ==37833==    by 0x74C059: mysql_select(THD*, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) (sql_select.cc:3833)
      ==37833==    by 0x74009F: handle_select(THD*, LEX*, select_result*, unsigned long) (sql_select.cc:361)
      ==37833==    by 0x70A5D1: execute_sqlcom_select(THD*, TABLE_LIST*) (sql_parse.cc:6218)
      ==37833==    by 0x700E91: mysql_execute_command(THD*) (sql_parse.cc:3524)
      ==37833==    by 0x70E360: mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) (sql_parse.cc:7733)
      ==37833== Conditional jump or move depends on uninitialised value(s)
      ==37833==    at 0x11E463A: my_charlen_utf8 (ctype-utf8.c:5395)
      ==37833==    by 0x11E4698: my_well_formed_char_length_utf8 (ctype-mb.ic:187)
      ==37833==    by 0x11CC0AD: my_copy_fix_mb (ctype-mb.c:406)
      ==37833==    by 0x7C3117: String_copier::well_formed_copy(charset_info_st const*, char*, unsigned int, charset_info_st const*, char const*, unsigned int, unsigned int) (sql_string.cc:1082)
      ==37833==    by 0x9738D4: Field_varstring::store(char const*, unsigned int, charset_info_st const*) (field.cc:7703)
      ==37833==    by 0x62E127: store_value_ptr(Field*, sys_var*, String*, unsigned char*) (set_var.cc:1053)
      ==37833==    by 0x62E19C: store_var(Field*, sys_var*, enum_var_type, String*) (set_var.cc:1062)
      ==37833==    by 0x62E4E3: fill_sysvars(THD*, TABLE_LIST*, Item*) (set_var.cc:1100)
      ==37833==    by 0x7B2AB5: get_schema_tables_result(JOIN*, enum_schema_table_state) (sql_show.cc:8467)
      ==37833==    by 0x74B7DF: JOIN::exec_inner() (sql_select.cc:3602)
      ==37833==    by 0x74AE93: JOIN::exec() (sql_select.cc:3433)
      ==37833==    by 0x74C059: mysql_select(THD*, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) (sql_select.cc:3833)
      ==37833==    by 0x74009F: handle_select(THD*, LEX*, select_result*, unsigned long) (sql_select.cc:361)
      ==37833==    by 0x70A5D1: execute_sqlcom_select(THD*, TABLE_LIST*) (sql_parse.cc:6218)
      ==37833==    by 0x700E91: mysql_execute_command(THD*) (sql_parse.cc:3524)
      ==37833==    by 0x70E360: mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) (sql_parse.cc:7733)
      ==37833== Conditional jump or move depends on uninitialised value(s)
      ==37833==    at 0x11E2972: my_valid_mbcharlen_utf8mb3 (ctype-utf8.c:150)
      ==37833==    by 0x11E464E: my_charlen_utf8 (ctype-utf8.c:5396)
      ==37833==    by 0x11E4698: my_well_formed_char_length_utf8 (ctype-mb.ic:187)
      ==37833==    by 0x11CC0AD: my_copy_fix_mb (ctype-mb.c:406)
      ==37833==    by 0x7C3117: String_copier::well_formed_copy(charset_info_st const*, char*, unsigned int, charset_info_st const*, char const*, unsigned int, unsigned int) (sql_string.cc:1082)
      ==37833==    by 0x9738D4: Field_varstring::store(char const*, unsigned int, charset_info_st const*) (field.cc:7703)
      ==37833==    by 0x62E127: store_value_ptr(Field*, sys_var*, String*, unsigned char*) (set_var.cc:1053)
      ==37833==    by 0x62E19C: store_var(Field*, sys_var*, enum_var_type, String*) (set_var.cc:1062)
      ==37833==    by 0x62E4E3: fill_sysvars(THD*, TABLE_LIST*, Item*) (set_var.cc:1100)
      ==37833==    by 0x7B2AB5: get_schema_tables_result(JOIN*, enum_schema_table_state) (sql_show.cc:8467)
      ==37833==    by 0x74B7DF: JOIN::exec_inner() (sql_select.cc:3602)
      ==37833==    by 0x74AE93: JOIN::exec() (sql_select.cc:3433)
      ==37833==    by 0x74C059: mysql_select(THD*, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) (sql_select.cc:3833)
      ==37833==    by 0x74009F: handle_select(THD*, LEX*, select_result*, unsigned long) (sql_select.cc:361)
      ==37833==    by 0x70A5D1: execute_sqlcom_select(THD*, TABLE_LIST*) (sql_parse.cc:6218)
      ==37833==    by 0x700E91: mysql_execute_command(THD*) (sql_parse.cc:3524)
      ==37833== Conditional jump or move depends on uninitialised value(s)
      ==37833==    at 0x11E2982: my_valid_mbcharlen_utf8mb3 (ctype-utf8.c:153)
      ==37833==    by 0x11E464E: my_charlen_utf8 (ctype-utf8.c:5396)
      ==37833==    by 0x11E4698: my_well_formed_char_length_utf8 (ctype-mb.ic:187)
      ==37833==    by 0x11CC0AD: my_copy_fix_mb (ctype-mb.c:406)
      ==37833==    by 0x7C3117: String_copier::well_formed_copy(charset_info_st const*, char*, unsigned int, charset_info_st const*, char const*, unsigned int, unsigned int) (sql_string.cc:1082)
      ==37833==    by 0x9738D4: Field_varstring::store(char const*, unsigned int, charset_info_st const*) (field.cc:7703)
      ==37833==    by 0x62E127: store_value_ptr(Field*, sys_var*, String*, unsigned char*) (set_var.cc:1053)
      ==37833==    by 0x62E19C: store_var(Field*, sys_var*, enum_var_type, String*) (set_var.cc:1062)
      ==37833==    by 0x62E4E3: fill_sysvars(THD*, TABLE_LIST*, Item*) (set_var.cc:1100)
      ==37833==    by 0x7B2AB5: get_schema_tables_result(JOIN*, enum_schema_table_state) (sql_show.cc:8467)
      ==37833==    by 0x74B7DF: JOIN::exec_inner() (sql_select.cc:3602)
      ==37833==    by 0x74AE93: JOIN::exec() (sql_select.cc:3433)
      ==37833==    by 0x74C059: mysql_select(THD*, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) (sql_select.cc:3833)
      ==37833==    by 0x74009F: handle_select(THD*, LEX*, select_result*, unsigned long) (sql_select.cc:361)
      ==37833==    by 0x70A5D1: execute_sqlcom_select(THD*, TABLE_LIST*) (sql_parse.cc:6218)
      ==37833==    by 0x700E91: mysql_execute_command(THD*) (sql_parse.cc:3524)
      ==37833== Conditional jump or move depends on uninitialised value(s)
      ==37833==    at 0x11E463A: my_charlen_utf8 (ctype-utf8.c:5395)
      ==37833==    by 0x11CBEB5: my_append_fix_badly_formed_tail (ctype-mb.c:357)
      ==37833==    by 0x11CC162: my_copy_fix_mb (ctype-mb.c:414)
      ==37833==    by 0x7C3117: String_copier::well_formed_copy(charset_info_st const*, char*, unsigned int, charset_info_st const*, char const*, unsigned int, unsigned int) (sql_string.cc:1082)
      ==37833==    by 0x9738D4: Field_varstring::store(char const*, unsigned int, charset_info_st const*) (field.cc:7703)
      ==37833==    by 0x62E127: store_value_ptr(Field*, sys_var*, String*, unsigned char*) (set_var.cc:1053)
      ==37833==    by 0x62E19C: store_var(Field*, sys_var*, enum_var_type, String*) (set_var.cc:1062)
      ==37833==    by 0x62E4E3: fill_sysvars(THD*, TABLE_LIST*, Item*) (set_var.cc:1100)
      ==37833==    by 0x7B2AB5: get_schema_tables_result(JOIN*, enum_schema_table_state) (sql_show.cc:8467)
      ==37833==    by 0x74B7DF: JOIN::exec_inner() (sql_select.cc:3602)
      ==37833==    by 0x74AE93: JOIN::exec() (sql_select.cc:3433)
      ==37833==    by 0x74C059: mysql_select(THD*, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) (sql_select.cc:3833)
      ==37833==    by 0x74009F: handle_select(THD*, LEX*, select_result*, unsigned long) (sql_select.cc:361)
      ==37833==    by 0x70A5D1: execute_sqlcom_select(THD*, TABLE_LIST*) (sql_parse.cc:6218)
      ==37833==    by 0x700E91: mysql_execute_command(THD*) (sql_parse.cc:3524)
      ==37833==    by 0x70E360: mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) (sql_parse.cc:7733)
      ==37833== Conditional jump or move depends on uninitialised value(s)
      ==37833==    at 0x11E2972: my_valid_mbcharlen_utf8mb3 (ctype-utf8.c:150)
      ==37833==    by 0x11E464E: my_charlen_utf8 (ctype-utf8.c:5396)
      ==37833==    by 0x11CBEB5: my_append_fix_badly_formed_tail (ctype-mb.c:357)
      ==37833==    by 0x11CC162: my_copy_fix_mb (ctype-mb.c:414)
      ==37833==    by 0x7C3117: String_copier::well_formed_copy(charset_info_st const*, char*, unsigned int, charset_info_st const*, char const*, unsigned int, unsigned int) (sql_string.cc:1082)
      ==37833==    by 0x9738D4: Field_varstring::store(char const*, unsigned int, charset_info_st const*) (field.cc:7703)
      ==37833==    by 0x62E127: store_value_ptr(Field*, sys_var*, String*, unsigned char*) (set_var.cc:1053)
      ==37833==    by 0x62E19C: store_var(Field*, sys_var*, enum_var_type, String*) (set_var.cc:1062)
      ==37833==    by 0x62E4E3: fill_sysvars(THD*, TABLE_LIST*, Item*) (set_var.cc:1100)
      ==37833==    by 0x7B2AB5: get_schema_tables_result(JOIN*, enum_schema_table_state) (sql_show.cc:8467)
      ==37833==    by 0x74B7DF: JOIN::exec_inner() (sql_select.cc:3602)
      ==37833==    by 0x74AE93: JOIN::exec() (sql_select.cc:3433)
      ==37833==    by 0x74C059: mysql_select(THD*, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) (sql_select.cc:3833)
      ==37833==    by 0x74009F: handle_select(THD*, LEX*, select_result*, unsigned long) (sql_select.cc:361)
      ==37833==    by 0x70A5D1: execute_sqlcom_select(THD*, TABLE_LIST*) (sql_parse.cc:6218)
      ==37833==    by 0x700E91: mysql_execute_command(THD*) (sql_parse.cc:3524)
      ==37833== Conditional jump or move depends on uninitialised value(s)
      ==37833==    at 0x11E2982: my_valid_mbcharlen_utf8mb3 (ctype-utf8.c:153)
      ==37833==    by 0x11E464E: my_charlen_utf8 (ctype-utf8.c:5396)
      ==37833==    by 0x11CBEB5: my_append_fix_badly_formed_tail (ctype-mb.c:357)
      ==37833==    by 0x11CC162: my_copy_fix_mb (ctype-mb.c:414)
      ==37833==    by 0x7C3117: String_copier::well_formed_copy(charset_info_st const*, char*, unsigned int, charset_info_st const*, char const*, unsigned int, unsigned int) (sql_string.cc:1082)
      ==37833==    by 0x9738D4: Field_varstring::store(char const*, unsigned int, charset_info_st const*) (field.cc:7703)
      ==37833==    by 0x62E127: store_value_ptr(Field*, sys_var*, String*, unsigned char*) (set_var.cc:1053)
      ==37833==    by 0x62E19C: store_var(Field*, sys_var*, enum_var_type, String*) (set_var.cc:1062)
      ==37833==    by 0x62E4E3: fill_sysvars(THD*, TABLE_LIST*, Item*) (set_var.cc:1100)
      ==37833==    by 0x7B2AB5: get_schema_tables_result(JOIN*, enum_schema_table_state) (sql_show.cc:8467)
      ==37833==    by 0x74B7DF: JOIN::exec_inner() (sql_select.cc:3602)
      ==37833==    by 0x74AE93: JOIN::exec() (sql_select.cc:3433)
      ==37833==    by 0x74C059: mysql_select(THD*, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) (sql_select.cc:3833)
      ==37833==    by 0x74009F: handle_select(THD*, LEX*, select_result*, unsigned long) (sql_select.cc:361)
      ==37833==    by 0x70A5D1: execute_sqlcom_select(THD*, TABLE_LIST*) (sql_parse.cc:6218)
      ==37833==    by 0x700E91: mysql_execute_command(THD*) (sql_parse.cc:3524)
      ==37833== Conditional jump or move depends on uninitialised value(s)
      ==37833==    at 0x7C35D6: convert_to_printable(char*, unsigned long, char const*, unsigned long, charset_info_st const*, unsigned long) (sql_string.cc:1199)
      ==37833==    by 0x9716C0: Field_longstr::check_string_copy_error(String_copier const*, char const*, charset_info_st const*) (field.cc:7071)
      ==37833==    by 0x9802DC: Field_longstr::check_conversion_status(String_copier const*, char const*, charset_info_st const*, bool) (field.h:1794)
      ==37833==    by 0x97393C: Field_varstring::store(char const*, unsigned int, charset_info_st const*) (field.cc:7713)
      ==37833==    by 0x62E127: store_value_ptr(Field*, sys_var*, String*, unsigned char*) (set_var.cc:1053)
      ==37833==    by 0x62E19C: store_var(Field*, sys_var*, enum_var_type, String*) (set_var.cc:1062)
      ==37833==    by 0x62E4E3: fill_sysvars(THD*, TABLE_LIST*, Item*) (set_var.cc:1100)
      ==37833==    by 0x7B2AB5: get_schema_tables_result(JOIN*, enum_schema_table_state) (sql_show.cc:8467)
      ==37833==    by 0x74B7DF: JOIN::exec_inner() (sql_select.cc:3602)
      ==37833==    by 0x74AE93: JOIN::exec() (sql_select.cc:3433)
      ==37833==    by 0x74C059: mysql_select(THD*, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) (sql_select.cc:3833)
      ==37833==    by 0x74009F: handle_select(THD*, LEX*, select_result*, unsigned long) (sql_select.cc:361)
      ==37833==    by 0x70A5D1: execute_sqlcom_select(THD*, TABLE_LIST*) (sql_parse.cc:6218)
      ==37833==    by 0x700E91: mysql_execute_command(THD*) (sql_parse.cc:3524)
      ==37833==    by 0x70E360: mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) (sql_parse.cc:7733)
      ==37833==    by 0x6FC66F: dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) (sql_parse.cc:1823)
      ==37833== Conditional jump or move depends on uninitialised value(s)
      ==37833==    at 0x7C35E1: convert_to_printable(char*, unsigned long, char const*, unsigned long, charset_info_st const*, unsigned long) (sql_string.cc:1199)
      ==37833==    by 0x9716C0: Field_longstr::check_string_copy_error(String_copier const*, char const*, charset_info_st const*) (field.cc:7071)
      ==37833==    by 0x9802DC: Field_longstr::check_conversion_status(String_copier const*, char const*, charset_info_st const*, bool) (field.h:1794)
      ==37833==    by 0x97393C: Field_varstring::store(char const*, unsigned int, charset_info_st const*) (field.cc:7713)
      ==37833==    by 0x62E127: store_value_ptr(Field*, sys_var*, String*, unsigned char*) (set_var.cc:1053)
      ==37833==    by 0x62E19C: store_var(Field*, sys_var*, enum_var_type, String*) (set_var.cc:1062)
      ==37833==    by 0x62E4E3: fill_sysvars(THD*, TABLE_LIST*, Item*) (set_var.cc:1100)
      ==37833==    by 0x7B2AB5: get_schema_tables_result(JOIN*, enum_schema_table_state) (sql_show.cc:8467)
      ==37833==    by 0x74B7DF: JOIN::exec_inner() (sql_select.cc:3602)
      ==37833==    by 0x74AE93: JOIN::exec() (sql_select.cc:3433)
      ==37833==    by 0x74C059: mysql_select(THD*, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) (sql_select.cc:3833)
      ==37833==    by 0x74009F: handle_select(THD*, LEX*, select_result*, unsigned long) (sql_select.cc:361)
      ==37833==    by 0x70A5D1: execute_sqlcom_select(THD*, TABLE_LIST*) (sql_parse.cc:6218)
      ==37833==    by 0x700E91: mysql_execute_command(THD*) (sql_parse.cc:3524)
      ==37833==    by 0x70E360: mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) (sql_parse.cc:7733)
      ==37833==    by 0x6FC66F: dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) (sql_parse.cc:1823)
      ==37833== Use of uninitialised value of size 8
      ==37833==    at 0x7C3661: convert_to_printable(char*, unsigned long, char const*, unsigned long, charset_info_st const*, unsigned long) (sql_string.cc:1211)
      ==37833==    by 0x9716C0: Field_longstr::check_string_copy_error(String_copier const*, char const*, charset_info_st const*) (field.cc:7071)
      ==37833==    by 0x9802DC: Field_longstr::check_conversion_status(String_copier const*, char const*, charset_info_st const*, bool) (field.h:1794)
      ==37833==    by 0x97393C: Field_varstring::store(char const*, unsigned int, charset_info_st const*) (field.cc:7713)
      ==37833==    by 0x62E127: store_value_ptr(Field*, sys_var*, String*, unsigned char*) (set_var.cc:1053)
      ==37833==    by 0x62E19C: store_var(Field*, sys_var*, enum_var_type, String*) (set_var.cc:1062)
      ==37833==    by 0x62E4E3: fill_sysvars(THD*, TABLE_LIST*, Item*) (set_var.cc:1100)
      ==37833==    by 0x7B2AB5: get_schema_tables_result(JOIN*, enum_schema_table_state) (sql_show.cc:8467)
      ==37833==    by 0x74B7DF: JOIN::exec_inner() (sql_select.cc:3602)
      ==37833==    by 0x74AE93: JOIN::exec() (sql_select.cc:3433)
      ==37833==    by 0x74C059: mysql_select(THD*, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) (sql_select.cc:3833)
      ==37833==    by 0x74009F: handle_select(THD*, LEX*, select_result*, unsigned long) (sql_select.cc:361)
      ==37833==    by 0x70A5D1: execute_sqlcom_select(THD*, TABLE_LIST*) (sql_parse.cc:6218)
      ==37833==    by 0x700E91: mysql_execute_command(THD*) (sql_parse.cc:3524)
      ==37833==    by 0x70E360: mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) (sql_parse.cc:7733)
      ==37833==    by 0x6FC66F: dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) (sql_parse.cc:1823)
      ==37833== Use of uninitialised value of size 8
      ==37833==    at 0x7C368C: convert_to_printable(char*, unsigned long, char const*, unsigned long, charset_info_st const*, unsigned long) (sql_string.cc:1212)
      ==37833==    by 0x9716C0: Field_longstr::check_string_copy_error(String_copier const*, char const*, charset_info_st const*) (field.cc:7071)
      ==37833==    by 0x9802DC: Field_longstr::check_conversion_status(String_copier const*, char const*, charset_info_st const*, bool) (field.h:1794)
      ==37833==    by 0x97393C: Field_varstring::store(char const*, unsigned int, charset_info_st const*) (field.cc:7713)
      ==37833==    by 0x62E127: store_value_ptr(Field*, sys_var*, String*, unsigned char*) (set_var.cc:1053)
      ==37833==    by 0x62E19C: store_var(Field*, sys_var*, enum_var_type, String*) (set_var.cc:1062)
      ==37833==    by 0x62E4E3: fill_sysvars(THD*, TABLE_LIST*, Item*) (set_var.cc:1100)
      ==37833==    by 0x7B2AB5: get_schema_tables_result(JOIN*, enum_schema_table_state) (sql_show.cc:8467)
      ==37833==    by 0x74B7DF: JOIN::exec_inner() (sql_select.cc:3602)
      ==37833==    by 0x74AE93: JOIN::exec() (sql_select.cc:3433)
      ==37833==    by 0x74C059: mysql_select(THD*, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) (sql_select.cc:3833)
      ==37833==    by 0x74009F: handle_select(THD*, LEX*, select_result*, unsigned long) (sql_select.cc:361)
      ==37833==    by 0x70A5D1: execute_sqlcom_select(THD*, TABLE_LIST*) (sql_parse.cc:6218)
      ==37833==    by 0x700E91: mysql_execute_command(THD*) (sql_parse.cc:3524)
      ==37833==    by 0x70E360: mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) (sql_parse.cc:7733)
      ==37833==    by 0x6FC66F: dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) (sql_parse.cc:1823)
      ^ Found warnings in /data/bld/10.2-valgrind-nightly/mysql-test/var/log/mysqld.1.err
      

      The problem is not limited to only this Aria variable, e.g. also reproducible with innodb_use_atomic_writes (it would require --source include/have_innodb.inc in the MTR test case).
      Not reproducible on 10.3+.
      No obvious immediate problem on a non-instrumented build.

        Attachments

          Activity

            People

            Assignee:
            Unassigned Unassigned
            Reporter:
            elenst Elena Stepanova
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Dates

              Created:
              Updated:

                Git Integration

                Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.