[MDEV-32481] Valgrind / MSAN errors in alloc_query upon SP containing a zero symbol - Jira

XML

Word

Printable

Details

Type: Bug
Status: Open (View Workflow)
Priority: Major
Resolution: Unresolved
Affects Version/s: 10.4, 10.5, 10.6, 10.10, 10.11, 11.0, 11.1, 11.2
Fix Version/s: 10.4, 10.5, 10.6, 10.11, 11.1
Component/s: Stored routines
Labels:
None

Description

The reproducer is cumbersome, because the SP definition contains "\0" symbol and mysqltest apparently doesn't like it or converts it into something else. Maybe you'll find a better way to write it. Meanwhile, please copy the one-line attachment into /tmp dir, and then run this as a regular MTR:

--exec $MYSQL --binary-mode < /tmp/mdev32481.sql

CALL test.sp();

# Cleanup

DROP PROCEDURE test.sp;

Alternatively, you can add CALL test.sp() directly into mdev32481.sql and run it via the client.

10.4 0c7af6a2 valgrind
==236449== Thread 6:
==236449== Conditional jump or move depends on uninitialised value(s)
==236449== at 0x9872CE: alloc_query(THD, char const, unsigned long) (sql_parse.cc:2743)
==236449== by 0x88EE17: sp_instr_stmt::execute(THD, unsigned int) (sp_head.cc:3654)
==236449== by 0x888294: sp_head::execute(THD*, bool) (sp_head.cc:1372)
==236449== by 0x88B0E7: sp_head::execute_procedure(THD, List<Item>) (sp_head.cc:2407)
==236449== by 0x987E23: do_execute_sp(THD, sp_head) (sql_parse.cc:3064)
==236449== by 0x988B4B: Sql_cmd_call::execute(THD*) (sql_parse.cc:3306)
==236449== by 0x99388A: mysql_execute_command(THD*) (sql_parse.cc:6218)
==236449== by 0x998D2E: mysql_parse(THD, char, unsigned int, Parser_state*, bool, bool) (sql_parse.cc:8012)
==236449== by 0x984581: dispatch_command(enum_server_command, THD, char, unsigned int, bool, bool) (sql_parse.cc:1857)
==236449== by 0x982DE8: do_command(THD*) (sql_parse.cc:1378)
==236449== by 0xB2AE2D: do_handle_one_connection(CONNECT*) (sql_connect.cc:1420)
==236449== by 0xB2AB95: handle_one_connection (sql_connect.cc:1324)
==236449== by 0x10A2813: pfs_spawn_thread (pfs.cc:1869)
==236449== by 0x4D7DFD3: start_thread (pthread_create.c:442)
==236449== by 0x4DFD81F: clone (clone.S:100)
==236449==
==236449== Use of uninitialised value of size 8
==236449== at 0x9872F5: alloc_query(THD, char const, unsigned long) (sql_parse.cc:2744)
==236449== by 0x88EE17: sp_instr_stmt::execute(THD, unsigned int) (sp_head.cc:3654)
==236449== by 0x888294: sp_head::execute(THD*, bool) (sp_head.cc:1372)
==236449== by 0x88B0E7: sp_head::execute_procedure(THD, List<Item>) (sp_head.cc:2407)
==236449== by 0x987E23: do_execute_sp(THD, sp_head) (sql_parse.cc:3064)
==236449== by 0x988B4B: Sql_cmd_call::execute(THD*) (sql_parse.cc:3306)
==236449== by 0x99388A: mysql_execute_command(THD*) (sql_parse.cc:6218)
==236449== by 0x998D2E: mysql_parse(THD, char, unsigned int, Parser_state*, bool, bool) (sql_parse.cc:8012)
==236449== by 0x984581: dispatch_command(enum_server_command, THD, char, unsigned int, bool, bool) (sql_parse.cc:1857)
==236449== by 0x982DE8: do_command(THD*) (sql_parse.cc:1378)
==236449== by 0xB2AE2D: do_handle_one_connection(CONNECT*) (sql_connect.cc:1420)
==236449== by 0xB2AB95: handle_one_connection (sql_connect.cc:1324)
==236449== by 0x10A2813: pfs_spawn_thread (pfs.cc:1869)
==236449== by 0x4D7DFD3: start_thread (pthread_create.c:442)
==236449== by 0x4DFD81F: clone (clone.S:100)
==236449==

11.2 872ed5342d8f1ec02f8f8a7a25a606e4ff512234 MSAN
==237277==WARNING: MemorySanitizer: use-of-uninitialized-value
#0 0x562637fce9e6 in alloc_query(THD, char const, unsigned long) /data/src/11.2-msan/sql/sql_parse.cc:2711:19
#1 0x56263894830a in sp_instr_stmt::execute(THD, unsigned int) /data/src/11.2-msan/sql/sp_instr.cc:849:14
#2 0x562637c3c87c in sp_head::execute(THD*, bool) /data/src/11.2-msan/sql/sp_head.cc:1277:20
#3 0x562637c4604a in sp_head::execute_procedure(THD, List<Item>) /data/src/11.2-msan/sql/sp_head.cc:2264:5
#4 0x562637fd9643 in do_execute_sp(THD, sp_head) /data/src/11.2-msan/sql/sql_parse.cc:3035:16
#5 0x562637fd867c in Sql_cmd_call::execute(THD*) /data/src/11.2-msan/sql/sql_parse.cc:3280:9
#6 0x562637fe063f in mysql_execute_command(THD*, bool) /data/src/11.2-msan/sql/sql_parse.cc:5775:26
#7 0x562637fc778a in mysql_parse(THD, char, unsigned int, Parser_state*) /data/src/11.2-msan/sql/sql_parse.cc:7810:18
#8 0x562637fbbcd7 in dispatch_command(enum_server_command, THD, char, unsigned int, bool) /data/src/11.2-msan/sql/sql_parse.cc:1893:7
#9 0x562637fc9b80 in do_command(THD*, bool) /data/src/11.2-msan/sql/sql_parse.cc:1406:17
#10 0x562638681adf in do_handle_one_connection(CONNECT*, bool) /data/src/11.2-msan/sql/sql_connect.cc:1445:11
#11 0x5626386810b5 in handle_one_connection /data/src/11.2-msan/sql/sql_connect.cc:1347:5
#12 0x562639a91aba in pfs_spawn_thread /data/src/11.2-msan/storage/perfschema/pfs.cc:2201:3
#13 0x7f529ace4fd3 in start_thread nptl/./nptl/pthread_create.c:442:8
#14 0x7f529ad655bb in clone3 misc/../sysdeps/unix/sysv/linux/x86_64/clone3.S:81

Memory was marked as uninitialized
#0 0x5626379af9ce in __msan_allocated_memory (/mnt8t/src/11.2-msan/sql/mariadbd+0x7c49ce)
#1 0x56263ad66471 in my_malloc /data/src/11.2-msan/mysys/my_malloc.c:116:7

SUMMARY: MemorySanitizer: use-of-uninitialized-value /data/src/11.2-msan/sql/sql_parse.cc:2711:19 in alloc_query(THD, char const, unsigned long)

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

mdev32481.sql
0.1 kB
2023-10-16 14:39

Activity

People

Assignee:: Oleksandr Byelkin

Reporter:: Elena Stepanova

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 2023-10-16 14:38

Updated:: 5 days ago 14:42

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.