Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-4418

Valgrind warnings or server crash in Item_equal_iterator<List_iterator_fast, Item>::get_curr_field, from Item_equal::contains

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Blocker
    • Resolution: Fixed
    • Affects Version/s: 10.0.1, 5.5.30, 5.3.12
    • Fix Version/s: 10.0.5, 5.5.33, 5.3.13
    • Component/s: None
    • Labels:
      None

      Description

      The problem appeared on 5.3 with the following revision:

      revno: 3628
      revision-id: igor@askmonty.org-20130225031611-jk8lyhhjazov66qc
      committer: Igor Babaev <igor@askmonty.org>
      branch nick: maria-5.3-mdev4177
      timestamp: Sun 2013-02-24 19:16:11 -0800
      message:
        Fixed bug mdev-4177

      It might well be related to, or even be a duplicate of, MDEV-4274 and/or MDEV-4413, but the stack trace is different here, so I will file it separately, this way it will be searchable.

      Valgrind warnings on 5.3 (with BUILD/compile-pentium-valgrind-max-no-ndb):

      ==21978== Thread 4:
      ==21978== Conditional jump or move depends on uninitialised value(s)
      ==21978==    at 0x5DAE21: Item_equal::contains(Field*) (item_cmpfunc.cc:5560)
      ==21978==    by 0x588B7E: Item_field::find_item_equal(COND_EQUAL*) (item.cc:4881)
      ==21978==    by 0x729E5A: eliminate_item_equal(Item*, COND_EQUAL*, Item_equal*) (sql_select.cc:11845)
      ==21978==    by 0x72A7CE: substitute_for_best_equal_field(st_join_table*, Item*, COND_EQUAL*, void*) (sql_select.cc:12136)
      ==21978==    by 0x72A4B5: substitute_for_best_equal_field(st_join_table*, Item*, COND_EQUAL*, void*) (sql_select.cc:12063)
      ==21978==    by 0x72A4B5: substitute_for_best_equal_field(st_join_table*, Item*, COND_EQUAL*, void*) (sql_select.cc:12063)
      ==21978==    by 0x70DF46: JOIN::optimize() (sql_select.cc:1237)
      ==21978==    by 0x7144E6: mysql_select(THD*, Item***, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) (sql_select.cc:2976)
      ==21978==    by 0x70AF26: handle_select(THD*, st_lex*, select_result*, unsigned long) (sql_select.cc:288)
      ==21978==    by 0x6963DE: execute_sqlcom_select(THD*, TABLE_LIST*) (sql_parse.cc:5172)
      ==21978==    by 0x68D19D: mysql_execute_command(THD*) (sql_parse.cc:2305)
      ==21978==    by 0x698E58: mysql_parse(THD*, char*, unsigned int, char const**) (sql_parse.cc:6173)
      ==21978==    by 0x68A941: dispatch_command(enum_server_command, THD*, char*, unsigned int) (sql_parse.cc:1243)
      ==21978==    by 0x689BDF: do_command(THD*) (sql_parse.cc:923)
      ==21978==    by 0x68663A: handle_one_connection (sql_connect.cc:1231)
      ==21978==    by 0x548DE99: start_thread (pthread_create.c:308)
      ==21978== Use of uninitialised value of size 8
      ==21978==    at 0x5DF48E: Item_equal_iterator<List_iterator_fast, Item>::get_curr_field() (item_cmpfunc.h:1856)
      ==21978==    by 0x5DADED: Item_equal::contains(Field*) (item_cmpfunc.cc:5562)
      ==21978==    by 0x588B7E: Item_field::find_item_equal(COND_EQUAL*) (item.cc:4881)
      ==21978==    by 0x729E5A: eliminate_item_equal(Item*, COND_EQUAL*, Item_equal*) (sql_select.cc:11845)
      ==21978==    by 0x72A7CE: substitute_for_best_equal_field(st_join_table*, Item*, COND_EQUAL*, void*) (sql_select.cc:12136)
      ==21978==    by 0x72A4B5: substitute_for_best_equal_field(st_join_table*, Item*, COND_EQUAL*, void*) (sql_select.cc:12063)
      ==21978==    by 0x72A4B5: substitute_for_best_equal_field(st_join_table*, Item*, COND_EQUAL*, void*) (sql_select.cc:12063)
      ==21978==    by 0x70DF46: JOIN::optimize() (sql_select.cc:1237)
      ==21978==    by 0x7144E6: mysql_select(THD*, Item***, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) (sql_select.cc:2976)
      ==21978==    by 0x70AF26: handle_select(THD*, st_lex*, select_result*, unsigned long) (sql_select.cc:288)
      ==21978==    by 0x6963DE: execute_sqlcom_select(THD*, TABLE_LIST*) (sql_parse.cc:5172)
      ==21978==    by 0x68D19D: mysql_execute_command(THD*) (sql_parse.cc:2305)
      ==21978==    by 0x698E58: mysql_parse(THD*, char*, unsigned int, char const**) (sql_parse.cc:6173)
      ==21978==    by 0x68A941: dispatch_command(enum_server_command, THD*, char*, unsigned int) (sql_parse.cc:1243)
      ==21978==    by 0x689BDF: do_command(THD*) (sql_parse.cc:923)
      ==21978==    by 0x68663A: handle_one_connection (sql_connect.cc:1231)
      ==21978== Use of uninitialised value of size 8
      ==21978==    at 0x5DF4AF: Item_equal_iterator<List_iterator_fast, Item>::get_curr_field() (item_cmpfunc.h:1857)
      ==21978==    by 0x5DADED: Item_equal::contains(Field*) (item_cmpfunc.cc:5562)
      ==21978==    by 0x588B7E: Item_field::find_item_equal(COND_EQUAL*) (item.cc:4881)
      ==21978==    by 0x729E5A: eliminate_item_equal(Item*, COND_EQUAL*, Item_equal*) (sql_select.cc:11845)
      ==21978==    by 0x72A7CE: substitute_for_best_equal_field(st_join_table*, Item*, COND_EQUAL*, void*) (sql_select.cc:12136)
      ==21978==    by 0x72A4B5: substitute_for_best_equal_field(st_join_table*, Item*, COND_EQUAL*, void*) (sql_select.cc:12063)
      ==21978==    by 0x72A4B5: substitute_for_best_equal_field(st_join_table*, Item*, COND_EQUAL*, void*) (sql_select.cc:12063)
      ==21978==    by 0x70DF46: JOIN::optimize() (sql_select.cc:1237)
      ==21978==    by 0x7144E6: mysql_select(THD*, Item***, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) (sql_select.cc:2976)
      ==21978==    by 0x70AF26: handle_select(THD*, st_lex*, select_result*, unsigned long) (sql_select.cc:288)
      ==21978==    by 0x6963DE: execute_sqlcom_select(THD*, TABLE_LIST*) (sql_parse.cc:5172)
      ==21978==    by 0x68D19D: mysql_execute_command(THD*) (sql_parse.cc:2305)
      ==21978==    by 0x698E58: mysql_parse(THD*, char*, unsigned int, char const**) (sql_parse.cc:6173)
      ==21978==    by 0x68A941: dispatch_command(enum_server_command, THD*, char*, unsigned int) (sql_parse.cc:1243)
      ==21978==    by 0x689BDF: do_command(THD*) (sql_parse.cc:923)
      ==21978==    by 0x68663A: handle_one_connection (sql_connect.cc:1231)
      ==21978== Use of uninitialised value of size 8
      ==21978==    at 0x5664F7: base_list_iterator::next_fast() (sql_list.h:449)
      ==21978==    by 0x56895C: List_iterator_fast<Item>::operator++(int) (sql_list.h:561)
      ==21978==    by 0x5DF467: Item_equal_iterator<List_iterator_fast, Item>::operator++(int) (item_cmpfunc.h:1844)
      ==21978==    by 0x5DAE18: Item_equal::contains(Field*) (item_cmpfunc.cc:5560)
      ==21978==    by 0x588B7E: Item_field::find_item_equal(COND_EQUAL*) (item.cc:4881)
      ==21978==    by 0x729E5A: eliminate_item_equal(Item*, COND_EQUAL*, Item_equal*) (sql_select.cc:11845)
      ==21978==    by 0x72A7CE: substitute_for_best_equal_field(st_join_table*, Item*, COND_EQUAL*, void*) (sql_select.cc:12136)
      ==21978==    by 0x72A4B5: substitute_for_best_equal_field(st_join_table*, Item*, COND_EQUAL*, void*) (sql_select.cc:12063)
      ==21978==    by 0x72A4B5: substitute_for_best_equal_field(st_join_table*, Item*, COND_EQUAL*, void*) (sql_select.cc:12063)
      ==21978==    by 0x70DF46: JOIN::optimize() (sql_select.cc:1237)
      ==21978==    by 0x7144E6: mysql_select(THD*, Item***, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) (sql_select.cc:2976)
      ==21978==    by 0x70AF26: handle_select(THD*, st_lex*, select_result*, unsigned long) (sql_select.cc:288)
      ==21978==    by 0x6963DE: execute_sqlcom_select(THD*, TABLE_LIST*) (sql_parse.cc:5172)
      ==21978==    by 0x68D19D: mysql_execute_command(THD*) (sql_parse.cc:2305)
      ==21978==    by 0x698E58: mysql_parse(THD*, char*, unsigned int, char const**) (sql_parse.cc:6173)
      ==21978==    by 0x68A941: dispatch_command(enum_server_command, THD*, char*, unsigned int) (sql_parse.cc:1243)

      Crash on 5.5:

      #2  0x00000000007c6d68 in handle_fatal_signal (sig=11) at /data/bzr/5.5/sql/signal_handler.cc:262
      #3  <signal handler called>
      #4  0x000000000067e8c2 in Item_equal_iterator<List_iterator_fast, Item>::get_curr_field (this=0x7f9255043f30) at /data/bzr/5.5/sql/item_cmpfunc.h:1849
      #5  0x0000000000807a10 in Item_equal::contains (this=0x7f924c021380, field=0x7f924c044e00) at /data/bzr/5.5/sql/item_cmpfunc.cc:5646
      #6  0x00000000007e2ac5 in Item_field::find_item_equal (this=0x7f924c008a70, cond_equal=0x7f924c009308) at /data/bzr/5.5/sql/item.cc:5243
      #7  0x000000000065c39a in eliminate_item_equal (cond=0x0, upper_levels=0x7f924c009308, item_equal=0x7f924c021880) at /data/bzr/5.5/sql/sql_select.cc:12124
      #8  0x000000000065cd26 in substitute_for_best_equal_field (context_tab=0x1, cond=0x7f924c021880, cond_equal=0x7f924c009308, table_join_idx=0x7f924c021a78) at /data/bzr/5.5/sql/sql_select.cc:12414
      #9  0x000000000065ca0b in substitute_for_best_equal_field (context_tab=0x1, cond=0x7f924c008d80, cond_equal=0x7f924c01ffe8, table_join_idx=0x7f924c021a78) at /data/bzr/5.5/sql/sql_select.cc:12341
      #10 0x000000000065ca0b in substitute_for_best_equal_field (context_tab=0x1, cond=0x7f924c01fef8, cond_equal=0x7f924c01ffe8, table_join_idx=0x7f924c021a78) at /data/bzr/5.5/sql/sql_select.cc:12341
      #11 0x000000000064060c in JOIN::optimize (this=0x7f924c0200a0) at /data/bzr/5.5/sql/sql_select.cc:1288
      #12 0x00000000006469e1 in mysql_select (thd=0x37c1820, rref_pointer_array=0x37c4828, tables=0x7f924c007730, wild_num=1, fields=..., conds=0x7f924c01fef8, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2147748608, result=0x7f924c009490, unit=0x37c3ef8, select_lex=0x37c45d0) at /data/bzr/5.5/sql/sql_select.cc:3048
      #13 0x000000000063d5ea in handle_select (thd=0x37c1820, lex=0x37c3e48, result=0x7f924c009490, setup_tables_done_option=0) at /data/bzr/5.5/sql/sql_select.cc:318
      #14 0x000000000061643d in execute_sqlcom_select (thd=0x37c1820, all_tables=0x7f924c007730) at /data/bzr/5.5/sql/sql_parse.cc:4641
      #15 0x000000000060ee8c in mysql_execute_command (thd=0x37c1820) at /data/bzr/5.5/sql/sql_parse.cc:2195
      #16 0x0000000000618cdc in mysql_parse (thd=0x37c1820, rawbuf=0x7f924c0074c8 "SELECT * FROM t1, t2 WHERE ( c = b ) AND ( 0 OR ( b = 'h' OR a = 136 ) AND ( d = b ) )", length=86, parser_state=0x7f9255045500) at /data/bzr/5.5/sql/sql_parse.cc:5759
      #17 0x000000000060c3dc in dispatch_command (command=COM_QUERY, thd=0x37c1820, packet=0x38b6c41 "SELECT * FROM t1, t2 WHERE ( c = b ) AND ( 0 OR ( b = 'h' OR a = 136 ) AND ( d = b ) )", packet_length=86) at /data/bzr/5.5/sql/sql_parse.cc:1068
      #18 0x000000000060b61d in do_command (thd=0x37c1820) at /data/bzr/5.5/sql/sql_parse.cc:794
      #19 0x000000000071092d in do_handle_one_connection (thd_arg=0x37c1820) at /data/bzr/5.5/sql/sql_connect.cc:1266
      #20 0x0000000000710314 in handle_one_connection (arg=0x37c1820) at /data/bzr/5.5/sql/sql_connect.cc:1181
      #21 0x000000000096c0b8 in pfs_spawn_thread (arg=0x385fa70) at /data/bzr/5.5/storage/perfschema/pfs.cc:1015
      #22 0x00007f9260732e9a in start_thread (arg=0x7f9255046700) at pthread_create.c:308
      #23 0x00007f925fa26cbd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112

      Test case:

      CREATE TABLE t1 (a INT, b VARCHAR(1)) ENGINE=MyISAM;
      INSERT INTO t1 VALUES (0,'j'),(8,'v');
       
      CREATE TABLE t2 (c VARCHAR(1), d VARCHAR(1)) ENGINE=MyISAM;
      INSERT INTO t2 VALUES ('k','k');
       
      SELECT * FROM t1, t2 WHERE ( c = b ) AND ( 0 OR ( b = 'h' OR a = 136 ) AND ( d = b ) );

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                igor Igor Babaev
                Reporter:
                elenst Elena Stepanova
              • Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: