Details
-
Bug
-
Status: Closed (View Workflow)
-
Critical
-
Resolution: Fixed
-
10.0.3
-
None
-
None
Description
Run "valgrind --tool=memcheck mysqld" and execute this SQL query:
SELECT TIMESTAMP('2001-01-01 00:00:00.'); -- Notice trailing DOT |
Valgrind reports uninitialized memory read.
It seems str_to_datetime() does not handle this case well
and leaves the "second_part" member of the "l_time"
argument uninitialized.
This is the valgrind report:
==3535== Thread 22:
|
==3535== Conditional jump or move depends on uninitialised value(s)
|
==3535== at 0x8BF8CE: my_datetime_to_str (my_time.c:1066)
|
==3535== by 0x571C97: Protocol_text::store(st_mysql_time*, int) (protocol.cc:1185)
|
==3535== by 0x7E3D5F: Item::send(Protocol*, String*) (item.cc:6394)
|
==3535== by 0x570E34: Protocol::send_result_set_row(List<Item>*) (protocol.cc:900)
|
==3535== by 0x5D1377: select_send::send_data(List<Item>&) (sql_class.cc:2443)
|
==3535== by 0x63D040: JOIN::exec_inner() (sql_select.cc:2369)
|
==3535== by 0x63CB24: JOIN::exec() (sql_select.cc:2291)
|
==3535== by 0x63FD50: mysql_select(THD*, Item***, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) (sql_select.cc:3221)
|
==3535== by 0x636AAD: handle_select(THD*, LEX*, select_result*, unsigned long) (sql_select.cc:371)
|
==3535== by 0x60DC0F: execute_sqlcom_select(THD*, TABLE_LIST*) (sql_parse.cc:5043)
|
==3535== by 0x6069DC: mysql_execute_command(THD*) (sql_parse.cc:2483)
|
==3535== by 0x61037A: mysql_parse(THD*, char*, unsigned int, Parser_state*) (sql_parse.cc:6176)
|
Valgrind reports no problems with TIME.
The second part of the original report has been moved to
MDEV-4844
The patch merging SQL standard temporal literals (from MySQL-5.6) fixed this problem.