Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-32481

Valgrind / MSAN errors in alloc_query upon SP containing a zero symbol

    XMLWordPrintable

Details

    • Bug
    • Status: Open (View Workflow)
    • Major
    • Resolution: Unresolved
    • 10.4(EOL), 10.5, 10.6, 10.10(EOL), 10.11, 11.0(EOL), 11.1(EOL), 11.2(EOL)
    • 10.5, 10.6, 10.11
    • Stored routines
    • None

    Description

      The reproducer is cumbersome, because the SP definition contains "\0" symbol and mysqltest apparently doesn't like it or converts it into something else. Maybe you'll find a better way to write it. Meanwhile, please copy the one-line attachment into /tmp dir, and then run this as a regular MTR:

      --exec $MYSQL --binary-mode < /tmp/mdev32481.sql
      CALL test.sp();
       
      # Cleanup
      DROP PROCEDURE test.sp;
      

      Alternatively, you can add CALL test.sp() directly into mdev32481.sql and run it via the client.

      10.4 0c7af6a2 valgrind

      ==236449== Thread 6:
      ==236449== Conditional jump or move depends on uninitialised value(s)
      ==236449==    at 0x9872CE: alloc_query(THD*, char const*, unsigned long) (sql_parse.cc:2743)
      ==236449==    by 0x88EE17: sp_instr_stmt::execute(THD*, unsigned int*) (sp_head.cc:3654)
      ==236449==    by 0x888294: sp_head::execute(THD*, bool) (sp_head.cc:1372)
      ==236449==    by 0x88B0E7: sp_head::execute_procedure(THD*, List<Item>*) (sp_head.cc:2407)
      ==236449==    by 0x987E23: do_execute_sp(THD*, sp_head*) (sql_parse.cc:3064)
      ==236449==    by 0x988B4B: Sql_cmd_call::execute(THD*) (sql_parse.cc:3306)
      ==236449==    by 0x99388A: mysql_execute_command(THD*) (sql_parse.cc:6218)
      ==236449==    by 0x998D2E: mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) (sql_parse.cc:8012)
      ==236449==    by 0x984581: dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) (sql_parse.cc:1857)
      ==236449==    by 0x982DE8: do_command(THD*) (sql_parse.cc:1378)
      ==236449==    by 0xB2AE2D: do_handle_one_connection(CONNECT*) (sql_connect.cc:1420)
      ==236449==    by 0xB2AB95: handle_one_connection (sql_connect.cc:1324)
      ==236449==    by 0x10A2813: pfs_spawn_thread (pfs.cc:1869)
      ==236449==    by 0x4D7DFD3: start_thread (pthread_create.c:442)
      ==236449==    by 0x4DFD81F: clone (clone.S:100)
      ==236449== 
      ==236449== Use of uninitialised value of size 8
      ==236449==    at 0x9872F5: alloc_query(THD*, char const*, unsigned long) (sql_parse.cc:2744)
      ==236449==    by 0x88EE17: sp_instr_stmt::execute(THD*, unsigned int*) (sp_head.cc:3654)
      ==236449==    by 0x888294: sp_head::execute(THD*, bool) (sp_head.cc:1372)
      ==236449==    by 0x88B0E7: sp_head::execute_procedure(THD*, List<Item>*) (sp_head.cc:2407)
      ==236449==    by 0x987E23: do_execute_sp(THD*, sp_head*) (sql_parse.cc:3064)
      ==236449==    by 0x988B4B: Sql_cmd_call::execute(THD*) (sql_parse.cc:3306)
      ==236449==    by 0x99388A: mysql_execute_command(THD*) (sql_parse.cc:6218)
      ==236449==    by 0x998D2E: mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) (sql_parse.cc:8012)
      ==236449==    by 0x984581: dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) (sql_parse.cc:1857)
      ==236449==    by 0x982DE8: do_command(THD*) (sql_parse.cc:1378)
      ==236449==    by 0xB2AE2D: do_handle_one_connection(CONNECT*) (sql_connect.cc:1420)
      ==236449==    by 0xB2AB95: handle_one_connection (sql_connect.cc:1324)
      ==236449==    by 0x10A2813: pfs_spawn_thread (pfs.cc:1869)
      ==236449==    by 0x4D7DFD3: start_thread (pthread_create.c:442)
      ==236449==    by 0x4DFD81F: clone (clone.S:100)
      ==236449== 
      

      11.2 872ed5342d8f1ec02f8f8a7a25a606e4ff512234 MSAN

      ==237277==WARNING: MemorySanitizer: use-of-uninitialized-value
          #0 0x562637fce9e6 in alloc_query(THD*, char const*, unsigned long) /data/src/11.2-msan/sql/sql_parse.cc:2711:19
          #1 0x56263894830a in sp_instr_stmt::execute(THD*, unsigned int*) /data/src/11.2-msan/sql/sp_instr.cc:849:14
          #2 0x562637c3c87c in sp_head::execute(THD*, bool) /data/src/11.2-msan/sql/sp_head.cc:1277:20
          #3 0x562637c4604a in sp_head::execute_procedure(THD*, List<Item>*) /data/src/11.2-msan/sql/sp_head.cc:2264:5
          #4 0x562637fd9643 in do_execute_sp(THD*, sp_head*) /data/src/11.2-msan/sql/sql_parse.cc:3035:16
          #5 0x562637fd867c in Sql_cmd_call::execute(THD*) /data/src/11.2-msan/sql/sql_parse.cc:3280:9
          #6 0x562637fe063f in mysql_execute_command(THD*, bool) /data/src/11.2-msan/sql/sql_parse.cc:5775:26
          #7 0x562637fc778a in mysql_parse(THD*, char*, unsigned int, Parser_state*) /data/src/11.2-msan/sql/sql_parse.cc:7810:18
          #8 0x562637fbbcd7 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /data/src/11.2-msan/sql/sql_parse.cc:1893:7
          #9 0x562637fc9b80 in do_command(THD*, bool) /data/src/11.2-msan/sql/sql_parse.cc:1406:17
          #10 0x562638681adf in do_handle_one_connection(CONNECT*, bool) /data/src/11.2-msan/sql/sql_connect.cc:1445:11
          #11 0x5626386810b5 in handle_one_connection /data/src/11.2-msan/sql/sql_connect.cc:1347:5
          #12 0x562639a91aba in pfs_spawn_thread /data/src/11.2-msan/storage/perfschema/pfs.cc:2201:3
          #13 0x7f529ace4fd3 in start_thread nptl/./nptl/pthread_create.c:442:8
          #14 0x7f529ad655bb in clone3 misc/../sysdeps/unix/sysv/linux/x86_64/clone3.S:81
       
        Memory was marked as uninitialized
          #0 0x5626379af9ce in __msan_allocated_memory (/mnt8t/src/11.2-msan/sql/mariadbd+0x7c49ce)
          #1 0x56263ad66471 in my_malloc /data/src/11.2-msan/mysys/my_malloc.c:116:7
       
      SUMMARY: MemorySanitizer: use-of-uninitialized-value /data/src/11.2-msan/sql/sql_parse.cc:2711:19 in alloc_query(THD*, char const*, unsigned long)
      

      Attachments

        Activity

          People

            sanja Oleksandr Byelkin
            elenst Elena Stepanova
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:

              Git Integration

                Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.