[MDEV-34251] Conditional jump or move depends on uninitialised value in ha_handler_stats::has_stats - Jira

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Major
Resolution: Fixed
Affects Version/s: 10.6
Fix Version/s: 10.6.20, 10.11.10, 11.2.6, 11.4.4
Component/s: Optimizer
Labels:
None

Description

Discovered this while working on ~~MDEV-34125~~. Its initial testcase fails like this:

==11329== Thread 10:

==11329== Conditional jump or move depends on uninitialised value(s)

==11329==    at 0xFA06FE: ha_handler_stats::has_stats() (ha_handler_stats.h:58)

==11329==    by 0xF86200: MYSQL_QUERY_LOG::write(THD*, long, char const*, unsigned long, unsigned long long, unsigned long long, bool, char const*, unsigned long) (log.cc:3273)

==11329==    by 0xF7F944: Log_to_file_event_handler::log_slow(THD*, my_hrtime_t, char const*, unsigned long, unsigned long long, unsigned long long, bool, char const*, unsigned long) (log.cc:1076)

==11329==    by 0xF80615: LOGGER::slow_log_print(THD*, char const*, unsigned long, unsigned long long) (log.cc:1350)

==11329==    by 0xF91F6B: slow_log_print(THD*, char const*, unsigned int, unsigned long long) (log.cc:6950)

==11329==    by 0xA84E94: log_slow_statement(THD*) (sql_parse.cc:2585)

==11329==    by 0xA848B0: dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) (sql_parse.cc:2453)

This happens for this statement:

set long_query_time=0.0, log_slow_verbosity='engine';

Attachments

Issue Links

relates to

MDEV-34125 ANALYZE FORMAT=JSON: r_engine_stats.pages_read_time_ms has wrong scale

Closed

Activity

Ascending order - Click to sort in descending order

Sergei Petrunia added a comment - 2024-05-27 11:54 - edited

The failure happens when accessing THD::handler_stats.

That variable is NOT initialized by default.

It is reset in THD::reset_slow_query_state():

   if ((variables.log_slow_verbosity & LOG_SLOW_VERBOSITY_ENGINE))

     handler_stats.reset();

Then, in MYSQL_QUERY_LOG::write(), it is checked:

     if (unlikely(log_slow_verbosity &

                  LOG_SLOW_VERBOSITY_ENGINE) &&

         thd->handler_stats.has_stats())

Now, consider this scenario of running a statement

The statement starts with LOG_SLOW_VERBOSITY_ENGINE flag not set. the values of thd.handler_stats are not cleared.
The statement sets LOG_SLOW_VERBOSITY_ENGINE.
In, MYSQL_QUERY_LOG::write(), we check thd->handler_stats, that is, read garbage data.

Sergei Petrunia added a comment - 2024-05-27 11:54 - edited The failure happens when accessing THD::handler_stats . That variable is NOT initialized by default. It is reset in THD::reset_slow_query_state(): if ((variables.log_slow_verbosity & LOG_SLOW_VERBOSITY_ENGINE)) handler_stats.reset(); Then, in MYSQL_QUERY_LOG::write(), it is checked: if (unlikely(log_slow_verbosity & LOG_SLOW_VERBOSITY_ENGINE) && thd->handler_stats.has_stats()) { Now, consider this scenario of running a statement The statement starts with LOG_SLOW_VERBOSITY_ENGINE flag not set. the values of thd.handler_stats are not cleared. The statement sets LOG_SLOW_VERBOSITY_ENGINE. In, MYSQL_QUERY_LOG::write(), we check thd->handler_stats, that is, read garbage data.

Michael Widenius added a comment - 2024-10-03 13:59

Fixed by checking handler_stats if it's active instead of
thd->variables.log_slow_verbosity & LOG_SLOW_VERBOSITY_ENGINE.

Michael Widenius added a comment - 2024-10-03 13:59 Fixed by checking handler_stats if it's active instead of thd->variables.log_slow_verbosity & LOG_SLOW_VERBOSITY_ENGINE.

People

Assignee:: Michael Widenius

Reporter:: Sergei Petrunia

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 2024-05-27 11:50

Updated:: 2024-10-03 13:59

Resolved:: 2024-10-03 13:59

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.

MariaDB Server