[MDEV-32693] [Draft] MSAN / valgrind errors in safe_substract / Histogram_builder::next - Jira

XML

Word

Printable

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Major
Resolution: Duplicate
Affects Version/s: 10.4(EOL), 10.6, 11.2(EOL)
Fix Version/s: N/A
Component/s: Optimizer
Labels:
None

Description

Reproducible (also on 10.6.15, not a recent regression), needs cleaning

CREATE TABLE B (pk INTEGER AUTO_INCREMENT,

 col_int_nokey INTEGER,

 col_int_key INTEGER,

 col_date_key DATE,

 col_date_nokey DATE,

 col_time_key TIME,

 col_time_nokey TIME,

 col_datetime_key DATETIME,

 col_datetime_nokey DATETIME,

 col_varchar_key VARCHAR(1),

 col_varchar_nokey VARCHAR(1),

 PRIMARY KEY (pk DESC),

 KEY (col_varchar_key ASC, col_int_key)) CHARACTER SET cp1250 COLLATE cp1250_czech_cs;

INSERT /*! IGNORE */ INTO B (col_int_key, col_int_nokey,

 col_date_key, col_date_nokey,

 col_time_key, col_time_nokey,

 col_datetime_key, col_datetime_nokey,

 col_varchar_key, col_varchar_nokey) VALUES (6, 7, '2026-11-23', '2026-11-23', '09:19:37.055802', '09:19:37.055802', '1903-03-02 04:31:24.000649', '1903-03-02 04:31:24.000649', 'j', 'j');

ANALYZE TABLE B PERSISTENT FOR ALL;

10.6 b78b77e77db22321e2fa49afaea5564c083ca66a
==57350==WARNING: MemorySanitizer: use-of-uninitialized-value
#0 0x55affe11a732 in safe_substract(unsigned long long, unsigned long long) /data/src/10.6-msan/sql/field.cc:1143:10
#1 0x55affe11a732 in Field::pos_in_interval_val_str(Field, Field, unsigned int) /data/src/10.6-msan/sql/field.cc:1198:6
#2 0x55affd8a6ba5 in Histogram_builder::next(void*, unsigned int) /data/src/10.6-msan/sql/sql_statistics.cc:1626:36
#3 0x55b0003588ec in tree_walk_left_root_right /data/src/10.6-msan/mysys/tree.c:590:9
#4 0x55b0003585fe in tree_walk /data/src/10.6-msan/mysys/tree.c:576:12
#5 0x55affdad6eb6 in Unique::walk(TABLE, int ()(void, unsigned int, void), void*) /data/src/10.6-msan/sql/uniques.cc:654:12
#6 0x55affd8a801e in Count_distinct_field::walk_tree_with_histogram(unsigned long long) /data/src/10.6-msan/sql/sql_statistics.cc:1754:11
#7 0x55affd8a801e in Column_statistics_collected::finish(unsigned long long, double) /data/src/10.6-msan/sql/sql_statistics.cc:2426:23
#8 0x55affd885138 in collect_statistics_for_table(THD, TABLE) /data/src/10.6-msan/sql/sql_statistics.cc:2725:37
#9 0x55affdbdb488 in mysql_admin_table(THD, TABLE_LIST, st_ha_check_opt, st_mysql_const_lex_string const, thr_lock_type, bool, bool, unsigned int, int ()(THD, TABLE_LIST, st_ha_check_opt), int (handler::)(THD, st_ha_check_opt), int ()(THD, TABLE_LIST, st_ha_check_opt*), bool) /data/src/10.6-msan/sql/sql_admin.cc:1027:15
#10 0x55affdbdef87 in Sql_cmd_analyze_table::execute(THD*) /data/src/10.6-msan/sql/sql_admin.cc:1521:8
#11 0x55affd56a38e in mysql_execute_command(THD*, bool) /data/src/10.6-msan/sql/sql_parse.cc:6026:26
#12 0x55affd55224a in mysql_parse(THD, char, unsigned int, Parser_state*) /data/src/10.6-msan/sql/sql_parse.cc:8050:18
#13 0x55affd546790 in dispatch_command(enum_server_command, THD, char, unsigned int, bool) /data/src/10.6-msan/sql/sql_parse.cc:1896:7
#14 0x55affd554640 in do_command(THD*, bool) /data/src/10.6-msan/sql/sql_parse.cc:1409:17
#15 0x55affdb84e7f in do_handle_one_connection(CONNECT*, bool) /data/src/10.6-msan/sql/sql_connect.cc:1416:11
#16 0x55affdb84465 in handle_one_connection /data/src/10.6-msan/sql/sql_connect.cc:1318:5
#17 0x55affeffc18a in pfs_spawn_thread /data/src/10.6-msan/storage/perfschema/pfs.cc:2201:3
#18 0x7fa74ffb4043 in start_thread nptl/./nptl/pthread_create.c:442:8
#19 0x7fa75003461b in clone3 misc/../sysdeps/unix/sysv/linux/x86_64/clone3.S:81

Uninitialized value was stored to memory at
#0 0x55affe11a3e3 in char_prefix_to_ulonglong(unsigned char*) /data/src/10.6-msan/sql/field.cc:1131:11
#1 0x55affe11a3e3 in Field::pos_in_interval_val_str(Field, Field, unsigned int) /data/src/10.6-msan/sql/field.cc:1195:9

Uninitialized value was stored to memory at
#0 0x55affe11a3aa in char_prefix_to_ulonglong(unsigned char*) /data/src/10.6-msan/sql/field.cc:1132:16
#1 0x55affe11a3aa in Field::pos_in_interval_val_str(Field, Field, unsigned int) /data/src/10.6-msan/sql/field.cc:1195:9

Uninitialized value was stored to memory at
#0 0x55affe11a2ec in char_prefix_to_ulonglong(unsigned char*) /data/src/10.6-msan/sql/field.cc:1131:11
#1 0x55affe11a2ec in Field::pos_in_interval_val_str(Field, Field, unsigned int) /data/src/10.6-msan/sql/field.cc:1195:9

Uninitialized value was created by an allocation of 'minp_prefix' in the stack frame of function '_ZN5Field23pos_in_interval_val_strEPS_S0_j'
#0 0x55affe119580 in Field::pos_in_interval_val_str(Field, Field, unsigned int) /data/src/10.6-msan/sql/field.cc:1180

SUMMARY: MemorySanitizer: use-of-uninitialized-value /data/src/10.6-msan/sql/field.cc:1143:10 in safe_substract(unsigned long long, unsigned long long)
Exiting

Attachments

Issue Links

duplicates

MDEV-26509 ASAN stack-buffer-overflow in my_strnxfrm_tis620 / Histogram_builder::next

Open

Activity

People

Assignee:: Unassigned

Reporter:: Elena Stepanova

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 2023-11-06 20:28

Updated:: 2023-11-26 15:48

Resolved:: 2023-11-26 15:48

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.