Details
-
Bug
-
Status: Closed (View Workflow)
-
Major
-
Resolution: Fixed
-
10.6.22
-
Not for Release Notes
Description
connect.bson_udf connect.json_udf connect.json_udf_bin tests show:
==252981==WARNING: MemorySanitizer: use-of-uninitialized-value
|
#0 0x7f23fc4958ae in JSNX::ParseJpath(_global*) /source/storage/connect/jsonudf.cpp:265:8
|
#1 0x7f23fc4935bd in JSNX::SetJpath(_global*, char*, char) /source/storage/connect/jsonudf.cpp:109:9
|
#2 0x7f23fc511fbf in handle_item(st_udf_init*, st_udf_args*, char*, unsigned long*, unsigned char*, unsigned char*) /source/storage/connect/jsonudf.cpp:4353:13
|
#3 0x7f23fc50ff1c in json_set_item /source/storage/connect/jsonudf.cpp:4448:9
|
#4 0x55d31e3f8e80 in udf_handler::val_str(String*, String*) /source/sql/item_func.cc:3764:13
|
#5 0x55d31e3fcca1 in Item_func_udf_str::val_str(String*) /source/sql/item_func.cc:3912:19
|
#6 0x55d31d5c6a8f in Type_handler::Item_send_str(Item*, Protocol*, st_value*) const /source/sql/sql_type.cc:7597:19
|
#7 0x55d31cf14f0a in Type_handler_string_result::Item_send(Item*, Protocol*, st_value*) const /source/sql/sql_type.h:5546:12
|
#8 0x55d31b840513 in Item::send(Protocol*, st_value*) /source/sql/item.h:1272:28
|
#9 0x55d31b80cfc5 in Protocol::send_result_set_row(List<Item>*) /source/sql/protocol.cc:1329:15
|
#10 0x55d31bde2b70 in select_send::send_data(List<Item>&) /source/sql/sql_class.cc:3219:17
|
#11 0x55d31c77861c in select_result_sink::send_data_with_check(List<Item>&, st_select_lex_unit*, unsigned long long) /source/sql/sql_class.h:5965:12
|
#12 0x55d31c5632c3 in JOIN::exec_inner() /source/sql/sql_select.cc:4805:22
|
#13 0x55d31c56029b in JOIN::exec() /source/sql/sql_select.cc:4717:3
|
#14 0x55d31c4381b4 in mysql_select(THD*, TABLE_LIST*, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /source/sql/sql_select.cc:5196:9
|
#15 0x55d31c4348b2 in handle_select(THD*, LEX*, select_result*, unsigned long) /source/sql/sql_select.cc:573:10
|
#16 0x55d31c23ea1b in execute_sqlcom_select(THD*, TABLE_LIST*) /source/sql/sql_parse.cc:6422:12
|
#17 0x55d31c1f97dc in mysql_execute_command(THD*, bool) /source/sql/sql_parse.cc:4013:12
|
#18 0x55d31c1c225c in mysql_parse(THD*, char*, unsigned int, Parser_state*) /source/sql/sql_parse.cc:8200:18
|
#19 0x55d31c1afff2 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /source/sql/sql_parse.cc:1908:7
|
#20 0x55d31c1c781e in do_command(THD*, bool) /source/sql/sql_parse.cc:1421:17
|
#21 0x55d31cfd1350 in do_handle_one_connection(CONNECT*, bool) /source/sql/sql_connect.cc:1386:11
|
#22 0x55d31cfcfc4d in handle_one_connection /source/sql/sql_connect.cc:1298:5
|
#23 0x55d31faaf388 in pfs_spawn_thread /source/storage/perfschema/pfs.cc:2201:3
|
#24 0x7f2403dc81f4 (/lib/x86_64-linux-gnu/libc.so.6+0x891f4) (BuildId: 79005c16293efa45b441fed45f4f29b138557e9e)
|
#25 0x7f2403e4889b (/lib/x86_64-linux-gnu/libc.so.6+0x10989b) (BuildId: 79005c16293efa45b441fed45f4f29b138557e9e)
|
|
|
Uninitialized value was stored to memory at
|
#0 0x7f23fc4958a7 in JSNX::ParseJpath(_global*) /source/storage/connect/jsonudf.cpp:265:44
|
#1 0x7f23fc4935bd in JSNX::SetJpath(_global*, char*, char) /source/storage/connect/jsonudf.cpp:109:9
|
#2 0x7f23fc511fbf in handle_item(st_udf_init*, st_udf_args*, char*, unsigned long*, unsigned char*, unsigned char*) /source/storage/connect/jsonudf.cpp:4353:13
|
#3 0x7f23fc50ff1c in json_set_item /source/storage/connect/jsonudf.cpp:4448:9
|
#4 0x55d31e3f8e80 in udf_handler::val_str(String*, String*) /source/sql/item_func.cc:3764:13
|
#5 0x55d31e3fcca1 in Item_func_udf_str::val_str(String*) /source/sql/item_func.cc:3912:19
|
#6 0x55d31d5c6a8f in Type_handler::Item_send_str(Item*, Protocol*, st_value*) const /source/sql/sql_type.cc:7597:19
|
#7 0x55d31cf14f0a in Type_handler_string_result::Item_send(Item*, Protocol*, st_value*) const /source/sql/sql_type.h:5546:12
|
#8 0x55d31b840513 in Item::send(Protocol*, st_value*) /source/sql/item.h:1272:28
|
#9 0x55d31b80cfc5 in Protocol::send_result_set_row(List<Item>*) /source/sql/protocol.cc:1329:15
|
#10 0x55d31bde2b70 in select_send::send_data(List<Item>&) /source/sql/sql_class.cc:3219:17
|
#11 0x55d31c77861c in select_result_sink::send_data_with_check(List<Item>&, st_select_lex_unit*, unsigned long long) /source/sql/sql_class.h:5965:12
|
#12 0x55d31c5632c3 in JOIN::exec_inner() /source/sql/sql_select.cc:4805:22
|
#13 0x55d31c56029b in JOIN::exec() /source/sql/sql_select.cc:4717:3
|
#14 0x55d31c4381b4 in mysql_select(THD*, TABLE_LIST*, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /source/sql/sql_select.cc:5196:9
|
#15 0x55d31c4348b2 in handle_select(THD*, LEX*, select_result*, unsigned long) /source/sql/sql_select.cc:573:10
|
#16 0x55d31c23ea1b in execute_sqlcom_select(THD*, TABLE_LIST*) /source/sql/sql_parse.cc:6422:12
|
#17 0x55d31c1f97dc in mysql_execute_command(THD*, bool) /source/sql/sql_parse.cc:4013:12
|
#18 0x55d31c1c225c in mysql_parse(THD*, char*, unsigned int, Parser_state*) /source/sql/sql_parse.cc:8200:18
|
#19 0x55d31c1afff2 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /source/sql/sql_parse.cc:1908:7
|
|
|
Uninitialized value was created by a heap allocation
|
#0 0x55d31b6c9252 in malloc (/build/sql/mariadbd+0x8d4252) (BuildId: 08fd02d598ee893657b0089032db22a7e53e4071)
|
#1 0x7f23fc59a182 in AllocSarea /source/storage/connect/plugutil.cpp:481:14
|
#2 0x7f23fc599d69 in PlugInit /source/storage/connect/plugutil.cpp:175:18
|
#3 0x7f23fc4ba8cd in JsonInit(st_udf_init*, st_udf_args*, char*, char, unsigned long, unsigned long, unsigned long) /source/storage/connect/jsonudf.cpp:1364:15
|
#4 0x7f23fc50f4d3 in json_set_item_init /source/storage/connect/jsonudf.cpp:4427:7
|
#5 0x55d31e3f5d4b in udf_handler::fix_fields(THD*, Item_func_or_sum*, unsigned int, Item**) /source/sql/item_func.cc:3663:9
|
#6 0x55d31e47cc3b in Item_udf_func::fix_fields(THD*, Item**) /source/sql/item_func.h:2975:19
|
#7 0x55d31b8c23e5 in Item::fix_fields_if_needed(THD*, Item**) /source/sql/item.h:1184:30
|
#8 0x55d31b8bad5a in Item::fix_fields_if_needed_for_scalar(THD*, Item**) /source/sql/item.h:1193:12
|
#9 0x55d31bcc8314 in setup_fields(THD*, Bounds_checked_array<Item*>, List<Item>&, enum_column_usage, List<Item>*, List<Item>*, bool, THD_WHERE) /source/sql/sql_base.cc:7858:15
|
#10 0x55d31c4592c7 in JOIN::prepare(TABLE_LIST*, Item*, unsigned int, st_order*, bool, st_order*, Item*, st_order*, st_select_lex*, st_select_lex_unit*) /source/sql/sql_select.cc:1512:7
|
#11 0x55d31c4378b2 in mysql_select(THD*, TABLE_LIST*, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /source/sql/sql_select.cc:5172:21
|
#12 0x55d31c4348b2 in handle_select(THD*, LEX*, select_result*, unsigned long) /source/sql/sql_select.cc:573:10
|
#13 0x55d31c23ea1b in execute_sqlcom_select(THD*, TABLE_LIST*) /source/sql/sql_parse.cc:6422:12
|
#14 0x55d31c1f97dc in mysql_execute_command(THD*, bool) /source/sql/sql_parse.cc:4013:12
|
#15 0x55d31c1c225c in mysql_parse(THD*, char*, unsigned int, Parser_state*) /source/sql/sql_parse.cc:8200:18
|
#16 0x55d31c1afff2 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /source/sql/sql_parse.cc:1908:7
|
#17 0x55d31c1c781e in do_command(THD*, bool) /source/sql/sql_parse.cc:1421:17
|
#18 0x55d31cfd1350 in do_handle_one_connection(CONNECT*, bool) /source/sql/sql_connect.cc:1386:11
|
#19 0x55d31cfcfc4d in handle_one_connection /source/sql/sql_connect.cc:1298:5
|
|
|
SUMMARY: MemorySanitizer: use-of-uninitialized-value /source/storage/connect/jsonudf.cpp:265:8 in JSNX::ParseJpath(_global*)
|
#5 0x0000555739c1e8f3 in __msan_warning_with_origin_noreturn ()
|
No symbol table info available.
|
#6 0x00007ff27a5ca8af in JSNX::ParseJpath (this=0x72300000fc40, g=0x725000048800) at /source/storage/connect/jsonudf.cpp:265
|
p = 0x72300000fe52 "2]"
|
p1 = 0x0
|
p2 = 0x72300000fe55 "cinq"
|
pbuf = 0x72300000fe52 "2]"
|
i = 0
|
a = 1 '\001'
|
#7 0x00007ff27a5c85be in JSNX::SetJpath (this=0x72300000fc40, g=0x725000048800, path=0x72300000fe40 "$[2].cinq", jb=0 '\000') at /source/storage/connect/jsonudf.cpp:109
|
No locals.
|
#8 0x00007ff27a646fc0 in handle_item (initid=0x714000011198, args=0x714000011158, result=0x7ff274006868 "$set", res_length=0x7ff2740062d0, is_null=0x7ff2740062df "", error=0x7140000111c8 "") at /source/storage/connect/jsonudf.cpp:4353
|
i = 1
|
p = 0x0
|
path = 0x72300000fe40 "$[2].cinq"
|
str = 0x0
|
w = 0
|
b = 1 '\001'
|
jsp = 0x722000012010
|
jsx = 0x72300000fc40
|
jvp = 0x722000012228
|
g = 0x725000048800
|
gb = 0x725000046000
|
n = 0
|
msg = 0x47940000413a ""
|
#9 0x00007ff27a644f1d in json_set_item (initid=0x714000011198, args=0x714000011158, result=0x7ff274006868 "$set", res_length=0x7ff2740062d0, is_null=0x7ff2740062df "", p=0x7140000111c8 "") at /source/storage/connect/jsonudf.cpp:4448
|
No locals.
|
#10 0x000055573c95e8d1 in udf_handler::val_str (this=0x714000011148, str=0x7ff274006800, save_str=0x7140000110c8) at /source/sql/item_func.cc:3764
|
is_null_tmp = 0 '\000'
|
res_length = 766
|
func = 0x7ff27a644a40 <json_set_item(UDF_INIT*, UDF_ARGS*, char*, unsigned long*, uchar*, uchar*)>
|
res = 0x50404008000437f <error: Cannot access memory at address 0x50404008000437f>
|
#11 0x000055573c9626f2 in Item_func_udf_str::val_str (this=0x7140000110a0, str=0x7ff274006800) at /source/sql/item_func.cc:3912
|
res = 0x555739c305d9 <__interceptor_memset+41>
|
#12 0x000055573bb2c4e0 in Type_handler::Item_send_str (this=0x55574659d6f8 <type_handler_varchar>, item=0x7140000110a0, protocol=0x72b00004d6a0, buf=0x7ff2740067d0) at /source/sql/sql_type.cc:7597
|
res = 0x7ff274006810
|
#13 0x000055573b47a95b in Type_handler_string_result::Item_send (this=0x55574659d6f8 <type_handler_varchar>, item=0x7140000110a0, protocol=0x72b00004d6a0, buf=0x7ff2740067d0) at /source/sql/sql_type.h:5546
|
No locals.
|
#14 0x0000555739da6514 in Item::send (this=0x7140000110a0, protocol=0x72b00004d6a0, buffer=0x7ff2740067d0) at /source/sql/item.h:1272
|
|
|
|
|
#6 0x00007ff27a5ca8af in JSNX::ParseJpath (this=0x72300000fc40, g=0x725000048800) at /source/storage/connect/jsonudf.cpp:265
|
265 if (SetArrayOptions(g, p, i, Nodes[i-1].Key))
|
(gdb) info locals
|
p = 0x72300000fe52 "2]"
|
p1 = 0x0
|
p2 = 0x72300000fe55 "cinq"
|
pbuf = 0x72300000fe52 "2]"
|
i = 0
|
a = 1 '\001'
|
(gdb) p Nodes
|
$3 = (JNODE *) 0x72300000fe60
|
(gdb) p Nodes[i]
|
$4 = {Key = 0x0, Op = 0, CncVal = 0x0, Rank = 0, Rx = 0, Nx = 0}
|
(gdb) p Nodes[i-1]
|
$5 = {Key = 0x202020200a7d2000 <error: Cannot access memory at address 0x202020200a7d2000>, Op = 1563581220, CncVal = 0x71, Rank = 1563581220, Rx = 1852400384, Nx = 113}
|
(gdb) p *g
|
$6 = {Sarea = 0x72300000fc00, Sarea_Size = 6473, Activityp = 0x0, Message = "\000pplication not initialized\000 write path", '\000' <repeats 4120 times>, More = 0, Saved_Size = 64, Createas = false, Xchk = 0x722000012010, Alchecked = 1, Mrr = 1, N = 1, jump_level = -1,
|
jumper = {{{__jmpbuf = {0, 0, 0, 0, 0, 0, 0, 0}, __mask_was_saved = 0, __saved_mask = {__val = {0 <repeats 16 times>}}}} <repeats 26 times>}}
|
(gdb) quit
|
A debugging session is active.
|
|
|
Inferior 1 [process 253581] will be killed.
|
|
Last arg of JSNX::ParseJpath unused, no point segfault to pass a value here.