Details
-
Bug
-
Status: Stalled (View Workflow)
-
Major
-
Resolution: Unresolved
-
10.4(EOL), 10.5, 10.6, 10.10(EOL), 10.11, 11.0(EOL), 11.1(EOL), 11.2(EOL)
-
None
Description
--source include/have_innodb.inc
|
|
|
CREATE TABLE t1 (a VARCHAR(256)) ENGINE=InnoDB; |
INSERT INTO t1 VALUES (1),(5); |
|
|
CREATE TABLE t2 (b INT) ENGINE=InnoDB; |
INSERT INTO t2 VALUES (2),(3); |
|
|
SELECT * FROM t1 WHERE EXISTS (SELECT 1 FROM t2 WHERE b <> t1.a); |
|
|
# Cleanup
|
DROP TABLE t1, t2; |
|
10.4 0c7af6a2 Valgrind |
==1983132== Thread 27:
|
==1983132== Conditional jump or move depends on uninitialised value(s)
|
==1983132== at 0x1280A8A: mach_write_to_2(unsigned char*, unsigned long) (mach0data.inl:58)
|
==1983132== by 0x1282A8D: rec_set_bit_field_2(unsigned char*, unsigned long, unsigned long, unsigned long, unsigned long) (rem0rec.inl:220)
|
==1983132== by 0x1282DD3: rec_set_n_fields_old(unsigned char*, unsigned long) (rem0rec.inl:431)
|
==1983132== by 0x128811B: rec_convert_dtuple_to_rec_old(unsigned char*, dtuple_t const*, unsigned long) (rem0rec.cc:1425)
|
==1983132== by 0x1288971: rec_convert_dtuple_to_rec(unsigned char*, dict_index_t const*, dtuple_t const*, unsigned long) (rem0rec.cc:1776)
|
==1983132== by 0x1411B68: page_cur_tuple_insert(page_cur_t*, dtuple_t const*, dict_index_t*, unsigned short**, mem_block_info_t**, unsigned long, mtr_t*) (page0cur.inl:272)
|
==1983132== by 0x142136A: btr_cur_optimistic_insert(unsigned long, btr_cur_t*, unsigned short**, mem_block_info_t**, dtuple_t*, unsigned char**, big_rec_t**, unsigned long, que_thr_t*, mtr_t*) (btr0cur.cc:3597)
|
==1983132== by 0x12C1DE6: row_ins_clust_index_entry_low(unsigned long, unsigned long, dict_index_t*, unsigned long, dtuple_t*, unsigned long, que_thr_t*) (row0ins.cc:2805)
|
==1983132== by 0x12C37CC: row_ins_clust_index_entry(dict_index_t*, dtuple_t*, que_thr_t*, unsigned long) (row0ins.cc:3281)
|
==1983132== by 0x12C3D67: row_ins_index_entry(dict_index_t*, dtuple_t*, que_thr_t*) (row0ins.cc:3407)
|
==1983132== by 0x12C46AC: row_ins_index_entry_step(ins_node_t*, que_thr_t*) (row0ins.cc:3576)
|
==1983132== by 0x12C4BA4: row_ins(ins_node_t*, que_thr_t*) (row0ins.cc:3713)
|
==1983132== by 0x12C5437: row_ins_step(que_thr_t*) (row0ins.cc:3856)
|
==1983132== by 0x1276DC8: que_thr_step(que_thr_t*) (que0que.cc:945)
|
==1983132== by 0x12771CD: que_run_threads_low(que_thr_t*) (que0que.cc:1028)
|
==1983132== by 0x1277467: que_run_threads(que_thr_t*) (que0que.cc:1068)
|
==1983132==
|
==1983132== Conditional jump or move depends on uninitialised value(s)
|
==1983132== at 0x12809EC: mach_write_to_1(unsigned char*, unsigned long) (mach0data.inl:41)
|
==1983132== by 0x12824A4: rec_set_bit_field_1(unsigned char*, unsigned long, unsigned long, unsigned long, unsigned long) (rem0rec.inl:178)
|
==1983132== by 0x1282FDD: rec_set_info_bits_old(unsigned char*, unsigned long) (rem0rec.inl:575)
|
==1983132== by 0x128813E: rec_convert_dtuple_to_rec_old(unsigned char*, dtuple_t const*, unsigned long) (rem0rec.cc:1428)
|
==1983132== by 0x1288971: rec_convert_dtuple_to_rec(unsigned char*, dict_index_t const*, dtuple_t const*, unsigned long) (rem0rec.cc:1776)
|
==1983132== by 0x1411B68: page_cur_tuple_insert(page_cur_t*, dtuple_t const*, dict_index_t*, unsigned short**, mem_block_info_t**, unsigned long, mtr_t*) (page0cur.inl:272)
|
==1983132== by 0x142136A: btr_cur_optimistic_insert(unsigned long, btr_cur_t*, unsigned short**, mem_block_info_t**, dtuple_t*, unsigned char**, big_rec_t**, unsigned long, que_thr_t*, mtr_t*) (btr0cur.cc:3597)
|
==1983132== by 0x12C1DE6: row_ins_clust_index_entry_low(unsigned long, unsigned long, dict_index_t*, unsigned long, dtuple_t*, unsigned long, que_thr_t*) (row0ins.cc:2805)
|
==1983132== by 0x12C37CC: row_ins_clust_index_entry(dict_index_t*, dtuple_t*, que_thr_t*, unsigned long) (row0ins.cc:3281)
|
==1983132== by 0x12C3D67: row_ins_index_entry(dict_index_t*, dtuple_t*, que_thr_t*) (row0ins.cc:3407)
|
==1983132== by 0x12C46AC: row_ins_index_entry_step(ins_node_t*, que_thr_t*) (row0ins.cc:3576)
|
==1983132== by 0x12C4BA4: row_ins(ins_node_t*, que_thr_t*) (row0ins.cc:3713)
|
==1983132== by 0x12C5437: row_ins_step(que_thr_t*) (row0ins.cc:3856)
|
==1983132== by 0x1276DC8: que_thr_step(que_thr_t*) (que0que.cc:945)
|
==1983132== by 0x12771CD: que_run_threads_low(que_thr_t*) (que0que.cc:1028)
|
==1983132== by 0x1277467: que_run_threads(que_thr_t*) (que0que.cc:1068)
|
==1983132==
|
==1983132== Conditional jump or move depends on uninitialised value(s)
|
==1983132== at 0x1280A8A: mach_write_to_2(unsigned char*, unsigned long) (mach0data.inl:58)
|
==1983132== by 0x1282A8D: rec_set_bit_field_2(unsigned char*, unsigned long, unsigned long, unsigned long, unsigned long) (rem0rec.inl:220)
|
==1983132== by 0x128311A: rec_set_heap_no_new(unsigned char*, unsigned long) (rem0rec.inl:764)
|
==1983132== by 0x1291B9A: void rec_convert_dtuple_to_rec_comp<false, false>(unsigned char*, dict_index_t const*, dfield_t const*, unsigned long, rec_comp_status_t, bool) (rem0rec.cc:1562)
|
==1983132== by 0x1288669: rec_convert_dtuple_to_rec_new(unsigned char*, dict_index_t const*, dtuple_t const*) (rem0rec.cc:1742)
|
==1983132== by 0x1288954: rec_convert_dtuple_to_rec(unsigned char*, dict_index_t const*, dtuple_t const*, unsigned long) (rem0rec.cc:1774)
|
==1983132== by 0x1411B68: page_cur_tuple_insert(page_cur_t*, dtuple_t const*, dict_index_t*, unsigned short**, mem_block_info_t**, unsigned long, mtr_t*) (page0cur.inl:272)
|
==1983132== by 0x142136A: btr_cur_optimistic_insert(unsigned long, btr_cur_t*, unsigned short**, mem_block_info_t**, dtuple_t*, unsigned char**, big_rec_t**, unsigned long, que_thr_t*, mtr_t*) (btr0cur.cc:3597)
|
==1983132== by 0x12C1DE6: row_ins_clust_index_entry_low(unsigned long, unsigned long, dict_index_t*, unsigned long, dtuple_t*, unsigned long, que_thr_t*) (row0ins.cc:2805)
|
==1983132== by 0x12C37CC: row_ins_clust_index_entry(dict_index_t*, dtuple_t*, que_thr_t*, unsigned long) (row0ins.cc:3281)
|
==1983132== by 0x12C3D67: row_ins_index_entry(dict_index_t*, dtuple_t*, que_thr_t*) (row0ins.cc:3407)
|
==1983132== by 0x12C46AC: row_ins_index_entry_step(ins_node_t*, que_thr_t*) (row0ins.cc:3576)
|
==1983132== by 0x12C4BA4: row_ins(ins_node_t*, que_thr_t*) (row0ins.cc:3713)
|
==1983132== by 0x12C5437: row_ins_step(que_thr_t*) (row0ins.cc:3856)
|
==1983132== by 0x12EDBB0: row_insert_for_mysql(unsigned char const*, row_prebuilt_t*, ins_mode_t) (row0mysql.cc:1395)
|
==1983132== by 0x111F5A3: ha_innobase::write_row(unsigned char const*) (ha_innodb.cc:8171)
|
==1983132==
|
==1983132== Conditional jump or move depends on uninitialised value(s)
|
==1983132== at 0x12809EC: mach_write_to_1(unsigned char*, unsigned long) (mach0data.inl:41)
|
==1983132== by 0x12824A4: rec_set_bit_field_1(unsigned char*, unsigned long, unsigned long, unsigned long, unsigned long) (rem0rec.inl:178)
|
==1983132== by 0x1283010: rec_set_info_bits_new(unsigned char*, unsigned long) (rem0rec.inl:587)
|
==1983132== by 0x1288686: rec_convert_dtuple_to_rec_new(unsigned char*, dict_index_t const*, dtuple_t const*) (rem0rec.cc:1747)
|
==1983132== by 0x1288954: rec_convert_dtuple_to_rec(unsigned char*, dict_index_t const*, dtuple_t const*, unsigned long) (rem0rec.cc:1774)
|
==1983132== by 0x1411B68: page_cur_tuple_insert(page_cur_t*, dtuple_t const*, dict_index_t*, unsigned short**, mem_block_info_t**, unsigned long, mtr_t*) (page0cur.inl:272)
|
==1983132== by 0x142136A: btr_cur_optimistic_insert(unsigned long, btr_cur_t*, unsigned short**, mem_block_info_t**, dtuple_t*, unsigned char**, big_rec_t**, unsigned long, que_thr_t*, mtr_t*) (btr0cur.cc:3597)
|
==1983132== by 0x12C1DE6: row_ins_clust_index_entry_low(unsigned long, unsigned long, dict_index_t*, unsigned long, dtuple_t*, unsigned long, que_thr_t*) (row0ins.cc:2805)
|
==1983132== by 0x12C37CC: row_ins_clust_index_entry(dict_index_t*, dtuple_t*, que_thr_t*, unsigned long) (row0ins.cc:3281)
|
==1983132== by 0x12C3D67: row_ins_index_entry(dict_index_t*, dtuple_t*, que_thr_t*) (row0ins.cc:3407)
|
==1983132== by 0x12C46AC: row_ins_index_entry_step(ins_node_t*, que_thr_t*) (row0ins.cc:3576)
|
==1983132== by 0x12C4BA4: row_ins(ins_node_t*, que_thr_t*) (row0ins.cc:3713)
|
==1983132== by 0x12C5437: row_ins_step(que_thr_t*) (row0ins.cc:3856)
|
==1983132== by 0x12EDBB0: row_insert_for_mysql(unsigned char const*, row_prebuilt_t*, ins_mode_t) (row0mysql.cc:1395)
|
==1983132== by 0x111F5A3: ha_innobase::write_row(unsigned char const*) (ha_innodb.cc:8171)
|
==1983132== by 0xD0ACD9: handler::ha_write_row(unsigned char const*) (handler.cc:6860)
|
==1983132==
|
|
10.6 8941bdc47 MSAN |
Uninitialized bytes in MemcmpInterceptorCommon at offset 4 inside [0x7150000a03b8, 259)
|
==2014396==WARNING: MemorySanitizer: use-of-uninitialized-value
|
#0 0x55b671823c3e in bcmp (/mnt8t/src/10.6-msan/sql/mariadbd+0x79dc3e)
|
#1 0x55b671f635e0 in cmp_buffer_with_ref(THD*, TABLE*, st_table_ref*) /data/src/10.6-msan/sql/sql_select.cc:25596:10
|
#2 0x55b671f635e0 in join_read_key2(THD*, st_join_table*, TABLE*, st_table_ref*) /data/src/10.6-msan/sql/sql_select.cc:22391:7
|
#3 0x55b6724ee6d7 in Expression_cache_tmptable::check_value(Item**) /data/src/10.6-msan/sql/sql_expression_cache.cc:223:15
|
#4 0x55b672b2072b in Item_cache_wrapper::check_cache() /data/src/10.6-msan/sql/item.cc:8848:22
|
#5 0x55b672b20fca in Item_cache_wrapper::val_int() /data/src/10.6-msan/sql/item.cc:8911:22
|
#6 0x55b672b8aace in Item_in_optimizer::val_int() /data/src/10.6-msan/sql/item_cmpfunc.cc:1637:28
|
#7 0x55b671f617b9 in evaluate_join_record(JOIN*, st_join_table*, int) /data/src/10.6-msan/sql/sql_select.cc:21825:25
|
#8 0x55b671e33847 in sub_select(JOIN*, st_join_table*, bool) /data/src/10.6-msan/sql/sql_select.cc:21766:9
|
#9 0x55b671ed39cd in do_select(JOIN*, Procedure*) /data/src/10.6-msan/sql/sql_select.cc:21257:14
|
#10 0x55b671ed39cd in JOIN::exec_inner() /data/src/10.6-msan/sql/sql_select.cc:4834:50
|
#11 0x55b671ecf547 in JOIN::exec() /data/src/10.6-msan/sql/sql_select.cc:4612:3
|
#12 0x55b671e367d0 in mysql_select(THD*, TABLE_LIST*, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /data/src/10.6-msan/sql/sql_select.cc:5091:9
|
#13 0x55b671e351e6 in handle_select(THD*, LEX*, select_result*, unsigned long) /data/src/10.6-msan/sql/sql_select.cc:559:10
|
#14 0x55b671d6a64a in execute_sqlcom_select(THD*, TABLE_LIST*) /data/src/10.6-msan/sql/sql_parse.cc:6285:12
|
#15 0x55b671d442fe in mysql_execute_command(THD*, bool) /data/src/10.6-msan/sql/sql_parse.cc:3961:12
|
#16 0x55b671d2bd5a in mysql_parse(THD*, char*, unsigned int, Parser_state*) /data/src/10.6-msan/sql/sql_parse.cc:8050:18
|
#17 0x55b671d202a0 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /data/src/10.6-msan/sql/sql_parse.cc:1896:7
|
#18 0x55b671d2e150 in do_command(THD*, bool) /data/src/10.6-msan/sql/sql_parse.cc:1409:17
|
#19 0x55b67235de9f in do_handle_one_connection(CONNECT*, bool) /data/src/10.6-msan/sql/sql_connect.cc:1416:11
|
#20 0x55b67235d485 in handle_one_connection /data/src/10.6-msan/sql/sql_connect.cc:1318:5
|
#21 0x55b6737d24ca in pfs_spawn_thread /data/src/10.6-msan/storage/perfschema/pfs.cc:2201:3
|
#22 0x7f3b2b3b1fd3 in start_thread nptl/./nptl/pthread_create.c:442:8
|
#23 0x7f3b2b4325bb in clone3 misc/../sysdeps/unix/sysv/linux/x86_64/clone3.S:81
|
|
|
Uninitialized value was stored to memory at
|
#0 0x55b671819749 in __msan_memcpy (/mnt8t/src/10.6-msan/sql/mariadbd+0x793749)
|
#1 0x55b671f6393f in cmp_buffer_with_ref(THD*, TABLE*, st_table_ref*) /data/src/10.6-msan/sql/sql_select.cc:25588:7
|
#2 0x55b671f6393f in join_read_key2(THD*, st_join_table*, TABLE*, st_table_ref*) /data/src/10.6-msan/sql/sql_select.cc:22391:7
|
|
|
Uninitialized value was stored to memory at
|
#0 0x55b671819749 in __msan_memcpy (/mnt8t/src/10.6-msan/sql/mariadbd+0x793749)
|
#1 0x55b6729fe792 in field_conv_memcpy(Field*, Field*) /data/src/10.6-msan/sql/field_conv.cc:881:5
|
#2 0x55b6729fe792 in field_conv(Field*, Field*) /data/src/10.6-msan/sql/field_conv.cc:911:10
|
|
|
Memory was marked as uninitialized
|
#0 0x55b67181feee in __msan_allocated_memory (/mnt8t/src/10.6-msan/sql/mariadbd+0x799eee)
|
#1 0x55b67414981e in row_sel_field_store_in_mysql_format_func(unsigned char*, mysql_row_templ_t const*, dict_index_t const*, unsigned long, unsigned char const*, unsigned long) /data/src/10.6-msan/storage/innobase/row/row0sel.cc:2802:2
|
|
|
SUMMARY: MemorySanitizer: use-of-uninitialized-value (/mnt8t/src/10.6-msan/sql/mariadbd+0x79dc3e) in bcmp
|
Exiting
|