Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-27573

Valgrind/MSAN errors in convert_to_printable and Field_blob::set_key_image with unique blob and optimizer trace

    XMLWordPrintable

Details

    • Bug
    • Status: Open (View Workflow)
    • Major
    • Resolution: Unresolved
    • 10.4, 10.5, 10.6, 10.7, 10.8
    • 10.4, 10.5, 10.6
    • Optimizer, Server
    • None

    Description

      CREATE TABLE t (b BLOB, UNIQUE KEY (b)) ENGINE=MyISAM;
      INSERT INTO t VALUES ('bar'),('foo');
      SET SESSION optimizer_trace = 'enabled=on';
      ANALYZE TABLE t PERSISTENT FOR ALL;
      SELECT b FROM t WHERE b LIKE 'x%';
       
      # Cleanup
      DROP TABLE t;
      

      10.4 5172f132bf valgrind

      ==1987941== Invalid read of size 1
      ==1987941==    at 0x483FA94: memmove (vg_replace_strmem.c:1270)
      ==1987941==    by 0x15E00A5: my_copy_8bit (ctype-simple.c:1181)
      ==1987941==    by 0xA23416: String_copier::well_formed_copy(charset_info_st const*, char*, unsigned long, charset_info_st const*, char const*, unsigned long, unsigned long) (sql_string.cc:1093)
      ==1987941==    by 0xC77FFA: Field_longstr::well_formed_copy_with_check(char*, unsigned long, charset_info_st const*, char const*, unsigned long, unsigned long, bool, unsigned int*) (field.h:1948)
      ==1987941==    by 0xC6A00A: Field_blob::store(char const*, unsigned long, charset_info_st const*) (field.cc:8534)
      ==1987941==    by 0xC6ABD1: Field_blob::set_key_image(unsigned char const*, unsigned int) (field.cc:8730)
      ==1987941==    by 0xC73EC4: Field::print_key_part_value(String*, unsigned char const*, unsigned int) (field.cc:11576)
      ==1987941==    by 0xE3742D: print_range_for_non_indexed_field(String*, Field*, st_key_multi_range*) (opt_range.cc:16135)
      ==1987941==    by 0xE16CE2: records_in_column_ranges(PARAM*, unsigned int, SEL_ARG*) (opt_range.cc:3236)
      ==1987941==    by 0xE17A20: calculate_cond_selectivity_for_table(THD*, TABLE*, Item**) (opt_range.cc:3521)
      ==1987941==    by 0x9A11E7: make_join_statistics(JOIN*, List<TABLE_LIST>&, st_dynamic_array*) (sql_select.cc:5553)
      ==1987941==    by 0x995549: JOIN::optimize_inner() (sql_select.cc:2316)
      ==1987941==    by 0x992DB0: JOIN::optimize() (sql_select.cc:1659)
      ==1987941==    by 0x99E478: mysql_select(THD*, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) (sql_select.cc:4749)
      ==1987941==    by 0x98DC9B: handle_select(THD*, LEX*, select_result*, unsigned long) (sql_select.cc:436)
      ==1987941==    by 0x95294F: execute_sqlcom_select(THD*, TABLE_LIST*) (sql_parse.cc:6449)
      ==1987941==  Address 0xc2e008f is 1 bytes before a block of size 65,416 alloc'd
      ==1987941==    at 0x483877F: malloc (vg_replace_malloc.c:307)
      ==1987941==    by 0x159D07E: my_malloc (my_malloc.c:101)
      ==1987941==    by 0xA20BC0: Binary_string::real_alloc(unsigned long) (sql_string.cc:44)
      ==1987941==    by 0x81CD9C: Binary_string::alloc(unsigned long) (sql_string.h:619)
      ==1987941==    by 0xC69EE0: Field_blob::store(char const*, unsigned long, charset_info_st const*) (field.cc:8521)
      ==1987941==    by 0xC6ABD1: Field_blob::set_key_image(unsigned char const*, unsigned int) (field.cc:8730)
      ==1987941==    by 0xC73EC4: Field::print_key_part_value(String*, unsigned char const*, unsigned int) (field.cc:11576)
      ==1987941==    by 0xE3742D: print_range_for_non_indexed_field(String*, Field*, st_key_multi_range*) (opt_range.cc:16135)
      ==1987941==    by 0xE16CE2: records_in_column_ranges(PARAM*, unsigned int, SEL_ARG*) (opt_range.cc:3236)
      ==1987941==    by 0xE17A20: calculate_cond_selectivity_for_table(THD*, TABLE*, Item**) (opt_range.cc:3521)
      ==1987941==    by 0x9A11E7: make_join_statistics(JOIN*, List<TABLE_LIST>&, st_dynamic_array*) (sql_select.cc:5553)
      ==1987941==    by 0x995549: JOIN::optimize_inner() (sql_select.cc:2316)
      ==1987941==    by 0x992DB0: JOIN::optimize() (sql_select.cc:1659)
      ==1987941==    by 0x99E478: mysql_select(THD*, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) (sql_select.cc:4749)
      ==1987941==    by 0x98DC9B: handle_select(THD*, LEX*, select_result*, unsigned long) (sql_select.cc:436)
      ==1987941==    by 0x95294F: execute_sqlcom_select(THD*, TABLE_LIST*) (sql_parse.cc:6449)
      ==1987941== Conditional jump or move depends on uninitialised value(s)
      ==1987941==    at 0xA23838: convert_to_printable(char*, unsigned long, char const*, unsigned long, charset_info_st const*, unsigned long) (sql_string.cc:1190)
      ==1987941==    by 0xA239B9: String::append_semi_hex(char const*, unsigned int, charset_info_st const*) (sql_string.cc:1226)
      ==1987941==    by 0xC74039: Field::print_key_value_binary(String*, unsigned char const*, unsigned int) (field.cc:11587)
      ==1987941==    by 0xC73DB4: Field_blob::print_key_value(String*, unsigned int) (field.cc:11538)
      ==1987941==    by 0xC73EF4: Field::print_key_part_value(String*, unsigned char const*, unsigned int) (field.cc:11577)
      ==1987941==    by 0xE3742D: print_range_for_non_indexed_field(String*, Field*, st_key_multi_range*) (opt_range.cc:16135)
      ==1987941==    by 0xE16CE2: records_in_column_ranges(PARAM*, unsigned int, SEL_ARG*) (opt_range.cc:3236)
      ==1987941==    by 0xE17A20: calculate_cond_selectivity_for_table(THD*, TABLE*, Item**) (opt_range.cc:3521)
      ==1987941==    by 0x9A11E7: make_join_statistics(JOIN*, List<TABLE_LIST>&, st_dynamic_array*) (sql_select.cc:5553)
      ==1987941==    by 0x995549: JOIN::optimize_inner() (sql_select.cc:2316)
      ==1987941==    by 0x992DB0: JOIN::optimize() (sql_select.cc:1659)
      ==1987941==    by 0x99E478: mysql_select(THD*, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) (sql_select.cc:4749)
      ==1987941==    by 0x98DC9B: handle_select(THD*, LEX*, select_result*, unsigned long) (sql_select.cc:436)
      ==1987941==    by 0x95294F: execute_sqlcom_select(THD*, TABLE_LIST*) (sql_parse.cc:6449)
      ==1987941==    by 0x949055: mysql_execute_command(THD*) (sql_parse.cc:3963)
      ==1987941==    by 0x9568E3: mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) (sql_parse.cc:7995)
      ==1987941== Use of uninitialised value of size 8
      ==1987941==    at 0xA21085: APPEND_HEX(char*&, unsigned char) (sql_string.cc:153)
      ==1987941==    by 0xA238B1: convert_to_printable(char*, unsigned long, char const*, unsigned long, charset_info_st const*, unsigned long) (sql_string.cc:1202)
      ==1987941==    by 0xA239B9: String::append_semi_hex(char const*, unsigned int, charset_info_st const*) (sql_string.cc:1226)
      ==1987941==    by 0xC74039: Field::print_key_value_binary(String*, unsigned char const*, unsigned int) (field.cc:11587)
      ==1987941==    by 0xC73DB4: Field_blob::print_key_value(String*, unsigned int) (field.cc:11538)
      ==1987941==    by 0xC73EF4: Field::print_key_part_value(String*, unsigned char const*, unsigned int) (field.cc:11577)
      ==1987941==    by 0xE3742D: print_range_for_non_indexed_field(String*, Field*, st_key_multi_range*) (opt_range.cc:16135)
      ==1987941==    by 0xE16CE2: records_in_column_ranges(PARAM*, unsigned int, SEL_ARG*) (opt_range.cc:3236)
      ==1987941==    by 0xE17A20: calculate_cond_selectivity_for_table(THD*, TABLE*, Item**) (opt_range.cc:3521)
      ==1987941==    by 0x9A11E7: make_join_statistics(JOIN*, List<TABLE_LIST>&, st_dynamic_array*) (sql_select.cc:5553)
      ==1987941==    by 0x995549: JOIN::optimize_inner() (sql_select.cc:2316)
      ==1987941==    by 0x992DB0: JOIN::optimize() (sql_select.cc:1659)
      ==1987941==    by 0x99E478: mysql_select(THD*, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) (sql_select.cc:4749)
      ==1987941==    by 0x98DC9B: handle_select(THD*, LEX*, select_result*, unsigned long) (sql_select.cc:436)
      ==1987941==    by 0x95294F: execute_sqlcom_select(THD*, TABLE_LIST*) (sql_parse.cc:6449)
      ==1987941==    by 0x949055: mysql_execute_command(THD*) (sql_parse.cc:3963)
      ==1987941== Use of uninitialised value of size 8
      ==1987941==    at 0xA210B0: APPEND_HEX(char*&, unsigned char) (sql_string.cc:154)
      ==1987941==    by 0xA238B1: convert_to_printable(char*, unsigned long, char const*, unsigned long, charset_info_st const*, unsigned long) (sql_string.cc:1202)
      ==1987941==    by 0xA239B9: String::append_semi_hex(char const*, unsigned int, charset_info_st const*) (sql_string.cc:1226)
      ==1987941==    by 0xC74039: Field::print_key_value_binary(String*, unsigned char const*, unsigned int) (field.cc:11587)
      ==1987941==    by 0xC73DB4: Field_blob::print_key_value(String*, unsigned int) (field.cc:11538)
      ==1987941==    by 0xC73EF4: Field::print_key_part_value(String*, unsigned char const*, unsigned int) (field.cc:11577)
      ==1987941==    by 0xE3742D: print_range_for_non_indexed_field(String*, Field*, st_key_multi_range*) (opt_range.cc:16135)
      ==1987941==    by 0xE16CE2: records_in_column_ranges(PARAM*, unsigned int, SEL_ARG*) (opt_range.cc:3236)
      ==1987941==    by 0xE17A20: calculate_cond_selectivity_for_table(THD*, TABLE*, Item**) (opt_range.cc:3521)
      ==1987941==    by 0x9A11E7: make_join_statistics(JOIN*, List<TABLE_LIST>&, st_dynamic_array*) (sql_select.cc:5553)
      ==1987941==    by 0x995549: JOIN::optimize_inner() (sql_select.cc:2316)
      ==1987941==    by 0x992DB0: JOIN::optimize() (sql_select.cc:1659)
      ==1987941==    by 0x99E478: mysql_select(THD*, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) (sql_select.cc:4749)
      ==1987941==    by 0x98DC9B: handle_select(THD*, LEX*, select_result*, unsigned long) (sql_select.cc:436)
      ==1987941==    by 0x95294F: execute_sqlcom_select(THD*, TABLE_LIST*) (sql_parse.cc:6449)
      ==1987941==    by 0x949055: mysql_execute_command(THD*) (sql_parse.cc:3963)
      

      convert_to_printable is close to the end in the output above.
      Reproducible on 10.4+, not applicable to earlier versions due to the unique blob.

      Intermediate versions of the test case also caused an error on MSAN builds, I didn't check the final one:

      10.7 5e6fd4e8

      ==82174==WARNING: MemorySanitizer: use-of-uninitialized-value
          #0 0x556141bd933e in convert_to_printable(char*, unsigned long, char const*, unsigned long, charset_info_st const*, unsigned long) /home/jenkins/10.7/sql/sql_string.cc:1227:38
          #1 0x556141bd96ca in String::append_semi_hex(char const*, unsigned int, charset_info_st const*) /home/jenkins/10.7/sql/sql_string.cc:1263:16
          #2 0x5561424f88ca in Field::print_key_part_value(String*, unsigned char const*, unsigned int) /home/jenkins/10.7/sql/field.cc:11404:3
          #3 0x55614132ae73 in print_range_for_non_indexed_field(String*, Field*, st_key_multi_range*) /home/jenkins/10.7/sql/opt_range.cc:16455:12
          #4 0x55614132ae73 in records_in_column_ranges(PARAM*, unsigned int, SEL_ARG*) /home/jenkins/10.7/sql/opt_range.cc:3269:7
          #5 0x55614132ae73 in calculate_cond_selectivity_for_table(THD*, TABLE*, Item**) /home/jenkins/10.7/sql/opt_range.cc:3536:17
          #6 0x5561419dfa20 in make_join_statistics(JOIN*, List<TABLE_LIST>&, st_dynamic_array*) /home/jenkins/10.7/sql/sql_select.cc:5792:13
          #7 0x5561419c6de1 in JOIN::optimize_inner() /home/jenkins/10.7/sql/sql_select.cc:2453:7
          #8 0x5561419aac29 in JOIN::optimize() /home/jenkins/10.7/sql/sql_select.cc:1809:10
          #9 0x55614198c5c3 in mysql_select(THD*, TABLE_LIST*, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /home/jenkins/10.7/sql/sql_select.cc:4979:19
          #10 0x55614198b4d8 in handle_select(THD*, LEX*, select_result*, unsigned long) /home/jenkins/10.7/sql/sql_select.cc:545:10
          #11 0x556141861c21 in execute_sqlcom_select(THD*, TABLE_LIST*) /home/jenkins/10.7/sql/sql_parse.cc:6252:12
          #12 0x55614183ba8d in mysql_execute_command(THD*, bool) /home/jenkins/10.7/sql/sql_parse.cc:3943:12
          #13 0x556141823c87 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /home/jenkins/10.7/sql/sql_parse.cc:8027:18
          #14 0x556141817e1d in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /home/jenkins/10.7/sql/sql_parse.cc:1894:7
          #15 0x55614182609c in do_command(THD*, bool) /home/jenkins/10.7/sql/sql_parse.cc:1402:17
          #16 0x556141e960e6 in do_handle_one_connection(CONNECT*, bool) /home/jenkins/10.7/sql/sql_connect.cc:1418:11
          #17 0x556141e95635 in handle_one_connection /home/jenkins/10.7/sql/sql_connect.cc:1312:5
          #18 0x5561431e9511 in pfs_spawn_thread /home/jenkins/10.7/storage/perfschema/pfs.cc:2201:3
          #19 0x7f5a5c70c608 in start_thread /build/glibc-eX1tMB/glibc-2.31/nptl/pthread_create.c:477:8
          #20 0x7f5a5c411292 in clone /build/glibc-eX1tMB/glibc-2.31/misc/../sysdeps/unix/sysv/linux/x86_64/clone.S:95
       
        Uninitialized value was stored to memory at
          #0 0x5561412094b4 in __msan_memmove (/home/jenkins/10.7/sql/mariadbd+0x7224b4)
          #1 0x5561446a5f08 in my_copy_8bit /home/jenkins/10.7/strings/ctype-simple.c:1199:5
       
        Memory was marked as uninitialized
          #0 0x55614120fa4e in __msan_allocated_memory (/home/jenkins/10.7/sql/mariadbd+0x728a4e)
          #1 0x55614459abc0 in my_malloc /home/jenkins/10.7/mysys/my_malloc.c:113:7
       
      SUMMARY: MemorySanitizer: use-of-uninitialized-value /home/jenkins/10.7/sql/sql_string.cc:1227:38 in convert_to_printable(char*, unsigned long, char const*, unsigned long, charset_info_st const*, unsigned long)
      

      Attachments

        Activity

          People

            psergei Sergei Petrunia
            elenst Elena Stepanova
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:

              Git Integration

                Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.