[MDEV-13135] Valgrind warnings (invalid write) in JOIN::save_query_plan Created: 2017-06-20  Updated: 2017-12-01  Resolved: 2017-10-13

Status: Closed
Project: MariaDB Server
Component/s: Optimizer
Affects Version/s: 5.5, 10.0, 10.1, 10.2
Fix Version/s: 5.5.58, 10.0.33, 10.1.29, 10.2.10

Type: Bug Priority: Major
Reporter: Elena Stepanova Assignee: Igor Babaev
Resolution: Fixed Votes: 0
Labels: None

Sprint: 5.5.58

 Description    

CREATE TABLE t1 (a INT);
 
CREATE ALGORITHM=MERGE VIEW v1 AS SELECT a AS v_a FROM t1;
 
INSERT INTO t1 VALUES (1),(2);
 
 
 
CREATE TABLE t2 (b INT, KEY(b));
 
INSERT INTO t2 VALUES (3),(4);
 
 
 
SELECT * FROM t1 WHERE a NOT IN (
 
  SELECT b FROM t2 INNER JOIN v1 ON (b IN ( SELECT a FROM t1 )) 
  WHERE v_a = b 
);

5.5 ded614d7dbc930e373d1a69a0d2a7e4bf0a2c6d3

 
==5050== Invalid write of size 8
 
==5050==    at 0x67166A: JOIN::save_query_plan(JOIN::Join_plan_state*) (sql_select.cc:23724)
 
==5050==    by 0x6719BB: JOIN::reoptimize(Item*, unsigned long long, JOIN::Join_plan_state*) (sql_select.cc:23827)
 
==5050==    by 0x751A8B: JOIN::choose_subquery_plan(unsigned long long) (opt_subselect.cc:5627)
 
==5050==    by 0x640ED2: make_join_statistics(JOIN*, List<TABLE_LIST>&, Item*, st_dynamic_array*) (sql_select.cc:3835)
 
==5050==    by 0x637ACC: JOIN::optimize() (sql_select.cc:1235)
 
==5050==    by 0x5FBF08: st_select_lex::optimize_unflattened_subqueries(bool) (sql_lex.cc:3550)
 
==5050==    by 0x7507EF: JOIN::optimize_unflattened_subqueries() (opt_subselect.cc:5092)
 
==5050==    by 0x639584: JOIN::optimize() (sql_select.cc:1671)
 
==5050==    by 0x63E57E: mysql_select(THD*, Item***, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) (sql_select.cc:3089)
 
==5050==    by 0x634CB7: handle_select(THD*, LEX*, select_result*, unsigned long) (sql_select.cc:319)
 
==5050==    by 0x60D3C2: execute_sqlcom_select(THD*, TABLE_LIST*) (sql_parse.cc:4686)
 
==5050==    by 0x606735: mysql_execute_command(THD*) (sql_parse.cc:2234)
 
==5050==    by 0x60FFAB: mysql_parse(THD*, char*, unsigned int, Parser_state*) (sql_parse.cc:5931)
 
==5050==    by 0x603CC4: dispatch_command(enum_server_command, THD*, char*, unsigned int) (sql_parse.cc:1079)
 
==5050==    by 0x602E7E: do_command(THD*) (sql_parse.cc:793)
 
==5050==    by 0x70ABE2: do_handle_one_connection(THD*) (sql_connect.cc:1268)
 
==5050==  Address 0xa93bd38 is 0 bytes after a block of size 1,128 alloc'd
 
==5050==    at 0x4C2BBAF: malloc (vg_replace_malloc.c:299)
 
==5050==    by 0xCD7BBB: my_malloc (my_malloc.c:41)
 
==5050==    by 0xCC8DCF: my_multi_malloc (mulalloc.c:51)
 
==5050==    by 0x752858: JOIN::Join_plan_state::Join_plan_state(unsigned int) (sql_select.h:902)
 
==5050==    by 0x7518BA: JOIN::choose_subquery_plan(unsigned long long) (opt_subselect.cc:5549)
 
==5050==    by 0x640ED2: make_join_statistics(JOIN*, List<TABLE_LIST>&, Item*, st_dynamic_array*) (sql_select.cc:3835)
 
==5050==    by 0x637ACC: JOIN::optimize() (sql_select.cc:1235)
 
==5050==    by 0x5FBF08: st_select_lex::optimize_unflattened_subqueries(bool) (sql_lex.cc:3550)
 
==5050==    by 0x7507EF: JOIN::optimize_unflattened_subqueries() (opt_subselect.cc:5092)
 
==5050==    by 0x639584: JOIN::optimize() (sql_select.cc:1671)
 
==5050==    by 0x63E57E: mysql_select(THD*, Item***, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) (sql_select.cc:3089)
 
==5050==    by 0x634CB7: handle_select(THD*, LEX*, select_result*, unsigned long) (sql_select.cc:319)
 
==5050==    by 0x60D3C2: execute_sqlcom_select(THD*, TABLE_LIST*) (sql_parse.cc:4686)
 
==5050==    by 0x606735: mysql_execute_command(THD*) (sql_parse.cc:2234)
 
==5050==    by 0x60FFAB: mysql_parse(THD*, char*, unsigned int, Parser_state*) (sql_parse.cc:5931)
 
==5050==    by 0x603CC4: dispatch_command(enum_server_command, THD*, char*, unsigned int) (sql_parse.cc:1079)
 
==5050== Invalid read of size 8
 
==5050==    at 0x6718C3: JOIN::restore_query_plan(JOIN::Join_plan_state*) (sql_select.cc:23772)
 
==5050==    by 0x751D30: JOIN::choose_subquery_plan(unsigned long long) (opt_subselect.cc:5707)
 
==5050==    by 0x640ED2: make_join_statistics(JOIN*, List<TABLE_LIST>&, Item*, st_dynamic_array*) (sql_select.cc:3835)
 
==5050==    by 0x637ACC: JOIN::optimize() (sql_select.cc:1235)
 
==5050==    by 0x5FBF08: st_select_lex::optimize_unflattened_subqueries(bool) (sql_lex.cc:3550)
 
==5050==    by 0x7507EF: JOIN::optimize_unflattened_subqueries() (opt_subselect.cc:5092)
 
==5050==    by 0x639584: JOIN::optimize() (sql_select.cc:1671)
 
==5050==    by 0x63E57E: mysql_select(THD*, Item***, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) (sql_select.cc:3089)
 
==5050==    by 0x634CB7: handle_select(THD*, LEX*, select_result*, unsigned long) (sql_select.cc:319)
 
==5050==    by 0x60D3C2: execute_sqlcom_select(THD*, TABLE_LIST*) (sql_parse.cc:4686)
 
==5050==    by 0x606735: mysql_execute_command(THD*) (sql_parse.cc:2234)
 
==5050==    by 0x60FFAB: mysql_parse(THD*, char*, unsigned int, Parser_state*) (sql_parse.cc:5931)
 
==5050==    by 0x603CC4: dispatch_command(enum_server_command, THD*, char*, unsigned int) (sql_parse.cc:1079)
 
==5050==    by 0x602E7E: do_command(THD*) (sql_parse.cc:793)
 
==5050==    by 0x70ABE2: do_handle_one_connection(THD*) (sql_connect.cc:1268)
 
==5050==    by 0x70A96F: handle_one_connection (sql_connect.cc:1184)
 
==5050==  Address 0xa93bd38 is 0 bytes after a block of size 1,128 alloc'd
 
==5050==    at 0x4C2BBAF: malloc (vg_replace_malloc.c:299)
 
==5050==    by 0xCD7BBB: my_malloc (my_malloc.c:41)
 
==5050==    by 0xCC8DCF: my_multi_malloc (mulalloc.c:51)
 
==5050==    by 0x752858: JOIN::Join_plan_state::Join_plan_state(unsigned int) (sql_select.h:902)
 
==5050==    by 0x7518BA: JOIN::choose_subquery_plan(unsigned long long) (opt_subselect.cc:5549)
 
==5050==    by 0x640ED2: make_join_statistics(JOIN*, List<TABLE_LIST>&, Item*, st_dynamic_array*) (sql_select.cc:3835)
 
==5050==    by 0x637ACC: JOIN::optimize() (sql_select.cc:1235)
 
==5050==    by 0x5FBF08: st_select_lex::optimize_unflattened_subqueries(bool) (sql_lex.cc:3550)
 
==5050==    by 0x7507EF: JOIN::optimize_unflattened_subqueries() (opt_subselect.cc:5092)
 
==5050==    by 0x639584: JOIN::optimize() (sql_select.cc:1671)
 
==5050==    by 0x63E57E: mysql_select(THD*, Item***, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) (sql_select.cc:3089)
 
==5050==    by 0x634CB7: handle_select(THD*, LEX*, select_result*, unsigned long) (sql_select.cc:319)
 
==5050==    by 0x60D3C2: execute_sqlcom_select(THD*, TABLE_LIST*) (sql_parse.cc:4686)
 
==5050==    by 0x606735: mysql_execute_command(THD*) (sql_parse.cc:2234)
 
==5050==    by 0x60FFAB: mysql_parse(THD*, char*, unsigned int, Parser_state*) (sql_parse.cc:5931)
 
==5050==    by 0x603CC4: dispatch_command(enum_server_command, THD*, char*, unsigned int) (sql_parse.cc:1079)

Note: Better to use an actual valgrind build. When I run the test with --valgrind on a build built without valgrind, the memcheck seems to fall into an endless loop, it uses CPU, keeps producing new warnings and does not finish. With VALGRIND-enabled build, it's a normal routine.

 Comments   
Comment by Igor Babaev [ 2017-10-13 ]

A fix for this bug was pushed into the 5.5 tree.

Generated at Thu Feb 08 08:03:10 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.