Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-4513

Valgrind warnings (Conditional jump or move depends on uninitialised value) in inflate on UNCOMPRESS

    Details

      Description

      Also reproducible on MySQL 5.5, 5.6, 5.7 and filed as http://bugs.mysql.com/bug.php?id=69202

      SELECT UNCOMPRESS( CAST( 0 AS BINARY(5) ) );

      ==26747== Thread 4:
      ==26747== Conditional jump or move depends on uninitialised value(s)
      ==26747==    at 0x4E3BF0C: inflate (in /lib/x86_64-linux-gnu/libz.so.1.2.3.4)
      ==26747==    by 0x4E36514: uncompress (in /lib/x86_64-linux-gnu/libz.so.1.2.3.4)
      ==26747==    by 0x5ECA63: Item_func_uncompress::val_str(String*) (item_strfunc.cc:3447)
      ==26747==    by 0x58BB2D: Item::send(Protocol*, String*) (item.cc:5970)
      ==26747==    by 0x65CADF: select_send::send_data(List<Item>&) (sql_class.cc:2012)
      ==26747==    by 0x711486: JOIN::exec() (sql_select.cc:2152)
      ==26747==    by 0x71457C: mysql_select(THD*, Item***, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) (sql_select.cc:2990)
      ==26747==    by 0x70AF26: handle_select(THD*, st_lex*, select_result*, unsigned long) (sql_select.cc:288)
      ==26747==    by 0x6963DE: execute_sqlcom_select(THD*, TABLE_LIST*) (sql_parse.cc:5172)
      ==26747==    by 0x68D19D: mysql_execute_command(THD*) (sql_parse.cc:2305)
      ==26747==    by 0x698E58: mysql_parse(THD*, char*, unsigned int, char const**) (sql_parse.cc:6173)
      ==26747==    by 0x68A941: dispatch_command(enum_server_command, THD*, char*, unsigned int) (sql_parse.cc:1243)
      ==26747==    by 0x689BDF: do_command(THD*) (sql_parse.cc:923)
      ==26747==    by 0x68663A: handle_one_connection (sql_connect.cc:1231)
      ==26747==    by 0x548DE99: start_thread (pthread_create.c:308)
      ==26747==    by 0x5F9ACBC: clone (clone.S:112)
      ==26747== Conditional jump or move depends on uninitialised value(s)
      ==26747==    at 0x4E3BF79: inflate (in /lib/x86_64-linux-gnu/libz.so.1.2.3.4)
      ==26747==    by 0x4E36514: uncompress (in /lib/x86_64-linux-gnu/libz.so.1.2.3.4)
      ==26747==    by 0x5ECA63: Item_func_uncompress::val_str(String*) (item_strfunc.cc:3447)
      ==26747==    by 0x58BB2D: Item::send(Protocol*, String*) (item.cc:5970)
      ==26747==    by 0x65CADF: select_send::send_data(List<Item>&) (sql_class.cc:2012)
      ==26747==    by 0x711486: JOIN::exec() (sql_select.cc:2152)
      ==26747==    by 0x71457C: mysql_select(THD*, Item***, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) (sql_select.cc:2990)
      ==26747==    by 0x70AF26: handle_select(THD*, st_lex*, select_result*, unsigned long) (sql_select.cc:288)
      ==26747==    by 0x6963DE: execute_sqlcom_select(THD*, TABLE_LIST*) (sql_parse.cc:5172)
      ==26747==    by 0x68D19D: mysql_execute_command(THD*) (sql_parse.cc:2305)
      ==26747==    by 0x698E58: mysql_parse(THD*, char*, unsigned int, char const**) (sql_parse.cc:6173)
      ==26747==    by 0x68A941: dispatch_command(enum_server_command, THD*, char*, unsigned int) (sql_parse.cc:1243)
      ==26747==    by 0x689BDF: do_command(THD*) (sql_parse.cc:923)
      ==26747==    by 0x68663A: handle_one_connection (sql_connect.cc:1231)
      ==26747==    by 0x548DE99: start_thread (pthread_create.c:308)
      ==26747==    by 0x5F9ACBC: clone (clone.S:112)

      3410:String *Item_func_uncompress::val_str(String *str)
      3411:{
      3412:  DBUG_ASSERT(fixed == 1);
      3413:  String *res= args[0]->val_str(str);
      3414:  ulong new_size;
      3415:  int err;
      3416:  uint code;
      3417:
      3418:  if (!res)
      3419:    goto err;
      3420:  null_value= 0;
      3421:  if (res->is_empty())
      3422:    return res;
      3423:
      3424:  /* If length is less than 4 bytes, data is corrupt */
      3425:  if (res->length() <= 4)
      3426:  {
      3427:    push_warning_printf(current_thd,MYSQL_ERROR::WARN_LEVEL_ERROR,
      3428:                   ER_ZLIB_Z_DATA_ERROR,
      3429:                   ER(ER_ZLIB_Z_DATA_ERROR));
      3430:    goto err;
      3431:  }
      3432:
      3433:  /* Size of uncompressed data is stored as first 4 bytes of field */
      3434:  new_size= uint4korr(res->ptr()) & 0x3FFFFFFF;
      3435:  if (new_size > current_thd->variables.max_allowed_packet)
      3436:  {
      3437:    push_warning_printf(current_thd,MYSQL_ERROR::WARN_LEVEL_ERROR,
      3438:                   ER_TOO_BIG_FOR_UNCOMPRESS,
      3439:                   ER(ER_TOO_BIG_FOR_UNCOMPRESS),
      3440:                        static_cast<int>(current_thd->variables.
      3441:                                         max_allowed_packet));
      3442:    goto err;
      3443:  }
      3444:  if (buffer.realloc((uint32)new_size))
      3445:    goto err;
      3446:
      3447:  if ((err= uncompress((Byte*)buffer.ptr(), &new_size,
      3448:                  ((const Bytef*)res->ptr())+4,res->length())) == Z_OK)
      3449:  {
      3450:    buffer.length((uint32) new_size);
      3451:    return &buffer;
      3452:  }
      3453:3453:
      3454:  code= ((err == Z_BUF_ERROR) ? ER_ZLIB_Z_BUF_ERROR :
      3455:    ((err == Z_MEM_ERROR) ? ER_ZLIB_Z_MEM_ERROR : ER_ZLIB_Z_DATA_ERROR));
      3456:  push_warning(current_thd,MYSQL_ERROR::WARN_LEVEL_ERROR,code,ER(code));
      3457:
      3458:err:
      3459:  null_value= 1;
      3460:  return 0;
      3461:}

      bzr version-info

      revision-id: psergey@askmonty.org-20130505013255-oyp1f1cscm7z8bx8
      revno: 3656
      branch-nick: 5.3

        Attachments

          Activity

            People

            • Assignee:
              serg Sergei Golubchik
              Reporter:
              elenst Elena Stepanova
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: