Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-36893

MSAN: THD::reset_sub_statement_state swaps with uninitialized structure

    XMLWordPrintable

Details

    • Not for Release Notes

    Description

      rpl.rpl_trigger 'mix'                    [ fail ]
      		 
              Test ended at 2025-05-27 23:47:42
      		 
       
      		 
      CURRENT_TEST: rpl.rpl_trigger
      		 
      mysqltest: At line 335: query 'SELECT MASTER_POS_WAIT('master-bin.000001', 513) >= 0' failed: <Unknown> (2013): Lost connection to server during query
      		 
       
      		 
      025-05-27 23:47:29 12 [Note] Slave I/O thread: Start asynchronous replication to master 'root@127.0.0.1:19000' in log '' at position 4
      		 
      2025-05-27 23:47:29 13 [Note] Slave SQL thread initialized, starting replication in log 'FIRST' at position 0, relay log './slave-relay-bin.000001' position: 4
      		 
      2025-05-27 23:47:29 12 [Note] Slave I/O thread: connected to master 'root@127.0.0.1:19000',replication started in log 'FIRST' at position 4
      		 
      ==252746==WARNING: MemorySanitizer: use-of-uninitialized-value
      		 
          #0 0x56454caec050 in Discrete_intervals_list::get_tail() const /source/sql/structs.h:518:41
      		 
          #1 0x56454cac831b in Discrete_intervals_list::swap(Discrete_intervals_list*) /source/sql/structs.h:498:13
      		 
          #2 0x56454ca819ad in THD::reset_sub_statement_state(Sub_statement_state*, unsigned int) /source/sql/sql_class.cc:5916:31
      		 
          #3 0x56454d78665b in Table_triggers_list::process_triggers(THD*, trg_event_type, trg_action_time_type, bool) /source/sql/sql_trigger.cc:2483:8
      		 
          #4 0x56454cbb470d in write_record(THD*, TABLE*, st_copy_info*, select_result*) /source/sql/sql_insert.cc:2324:32
      		 
          #5 0x56454cb9473a in mysql_insert(THD*, TABLE_LIST*, List<Item>&, List<List<Item>>&, List<Item>&, List<Item>&, enum_duplicates, bool, select_result*) /source/sql/sql_insert.cc:1170:14
      		 
          #6 0x56454ce6b9cf in mysql_execute_command(THD*, bool) /source/sql/sql_parse.cc:4634:10
      		 
          #7 0x56454ce2625c in mysql_parse(THD*, char*, unsigned int, Parser_state*) /source/sql/sql_parse.cc:8200:18
      		 
          #8 0x56454f72094a in Query_log_event::do_apply_event(rpl_group_info*, char const*, unsigned int) /source/sql/log_event_server.cc:1943:9
      		 
          #9 0x56454f7182b7 in Query_log_event::do_apply_event(rpl_group_info*) /source/sql/log_event_server.cc:1609:10
      		 
          #10 0x56454c5e558a in Log_event::apply_event(rpl_group_info*) /source/sql/log_event.h:1520:10
      		 
          #11 0x56454c57e0a9 in apply_event_and_update_pos_apply(Log_event*, THD*, rpl_group_info*, int) /source/sql/slave.cc:3940:19
      		 
          #12 0x56454c57d12e in apply_event_and_update_pos(Log_event*, THD*, rpl_group_info*) /source/sql/slave.cc:4112:10
      		 
          #13 0x56454c5b47dd in exec_relay_log_event(THD*, Relay_log_info*, rpl_group_info*) /source/sql/slave.cc:4489:15
      		 
          #14 0x56454c54d7c9 in handle_slave_sql /source/sql/slave.cc:5744:9
      		 
          #15 0x564550713388 in pfs_spawn_thread /source/storage/perfschema/pfs.cc:2201:3
      		 
          #16 0x7fc5fd4a81f4  (/lib/x86_64-linux-gnu/libc.so.6+0x891f4) (BuildId: 79005c16293efa45b441fed45f4f29b138557e9e)
      		 
          #17 0x7fc5fd52889b  (/lib/x86_64-linux-gnu/libc.so.6+0x10989b) (BuildId: 79005c16293efa45b441fed45f4f29b138557e9e)
      		 
       
      		 
        Uninitialized value was created by an allocation of 'statement_state' in the stack frame
      		 
          #0 0x56454d78584c in Table_triggers_list::process_triggers(THD*, trg_event_type, trg_action_time_type, bool) /source/sql/sql_trigger.cc:2456:3
      		 
       
      		 
      SUMMARY: MemorySanitizer: use-of-uninitialized-value /source/sql/structs.h:518:41 in Discrete_intervals_list::get_tail() const
      		 
      Exiting

      The uninitalized values aren't used before their restore later in the same function.

      A unidirection copy seems compatible and with the 1 other usages of reset_sub_statement_state.

      diff --git a/sql/sql_class.cc b/sql/sql_class.cc
      		 
      index 0effdbfcdb5..3367ae94d25 100644
      		 
      --- a/sql/sql_class.cc
      		 
      +++ b/sql/sql_class.cc
      		 
      @@ -5913,7 +5913,7 @@ void THD::reset_sub_statement_state(Sub_statement_state *backup,
      		 
         if (rpl_master_erroneous_autoinc(this))
      		 
         {
      		 
           DBUG_ASSERT(backup->auto_inc_intervals_forced.nb_elements() == 0);
      		 
      -    auto_inc_intervals_forced.swap(&backup->auto_inc_intervals_forced);
      		 
      +    backup->auto_inc_intervals_forced.copy_shallow(&auto_inc_intervals_forced);
      		 
         }
      		 
       #endif
      		 
         
      @@ -5961,7 +5961,7 @@ void THD::restore_sub_statement_state(Sub_statement_state *backup)
      		 
          */
      		 
         if (rpl_master_erroneous_autoinc(this))
      		 
         {
      		 
      -    backup->auto_inc_intervals_forced.swap(&auto_inc_intervals_forced);
      		 
      +    auto_inc_intervals_forced.copy_shallow(&backup->auto_inc_intervals_forced);
      		 
           DBUG_ASSERT(backup->auto_inc_intervals_forced.nb_elements() == 0);
      		 
         }
      		 
       #endif

      Attachments

        Activity

          People

            danblack Daniel Black
            danblack Daniel Black
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Git Integration

                Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.