[MDEV-22251] get_key_scans_params: Conditional jump or move depends on uninitialised value Created: 2020-04-15  Updated: 2021-02-02  Resolved: 2021-01-28

Status: Closed
Project: MariaDB Server
Component/s: Optimizer
Affects Version/s: 5.5, 10.1, 10.2, 10.3
Fix Version/s: 10.2.37, 10.3.28

Type: Bug Priority: Major
Reporter: Elena Stepanova Assignee: Varun Gupta (Inactive)
Resolution: Fixed Votes: 0
Labels: regression, valgrind


 Description   

The test below is essentially vcol.range from 10.2, only with the virtual column removed, to make it applicable to 5.5 and 10.1. In 10.2+, vcol.range itself fails the same way.

create table t1 (pk int, i int, v int, primary key (pk), key(v)) engine=myisam;
 
insert into t1 (pk,i,v) values (1,1,2),(2,2,4),(3,3,6),(4,4,8),(5,5,10),(6,6,12),(7,7,14),(8,8,16);
 
create table t2 (a int, b int) engine=myisam;
 
insert into t2 values (1,2),(2,4);
 
select * from t1 inner join t2 on ( t2.b = t1.v or t2.a = t1.pk );
 
drop table t1, t2;

5.5 5af12e46

 
==14854== Thread 4:
 
==14854== Conditional jump or move depends on uninitialised value(s)
 
==14854==    at 0x7B067B: get_key_scans_params(PARAM*, SEL_TREE*, bool, bool, double) (opt_range.cc:6805)
 
==14854==    by 0x7AB9F2: get_best_disjunct_quick(PARAM*, SEL_IMERGE*, double) (opt_range.cc:4711)
 
==14854==    by 0x7A901D: SQL_SELECT::test_quick_select(THD*, Bitmap<64u>, unsigned long long, unsigned long long, bool, bool) (opt_range.cc:3212)
 
==14854==    by 0x5301C6: make_join_select(JOIN*, SQL_SELECT*, Item*) (sql_select.cc:9145)
 
==14854==    by 0x51981C: JOIN::optimize() (sql_select.cc:1460)
 
==14854==    by 0x51F68E: mysql_select(THD*, Item***, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) (sql_select.cc:3121)
 
==14854==    by 0x515B6D: handle_select(THD*, LEX*, select_result*, unsigned long) (sql_select.cc:312)
 
==14854==    by 0x4ED5D1: execute_sqlcom_select(THD*, TABLE_LIST*) (sql_parse.cc:4684)
 
==14854==    by 0x4E64D2: mysql_execute_command(THD*) (sql_parse.cc:2222)
 
==14854==    by 0x4F01B2: mysql_parse(THD*, char*, unsigned int, Parser_state*) (sql_parse.cc:5929)
 
==14854==    by 0x4E3A50: dispatch_command(enum_server_command, THD*, char*, unsigned int) (sql_parse.cc:1067)
 
==14854==    by 0x4E2C60: do_command(THD*) (sql_parse.cc:793)
 
==14854==    by 0x5EE7F4: do_handle_one_connection(THD*) (sql_connect.cc:1268)
 
==14854==    by 0x5EE563: handle_one_connection (sql_connect.cc:1184)
 
==14854==    by 0x997777: pfs_spawn_thread (pfs.cc:1015)
 
==14854==    by 0x4E3F4A3: start_thread (pthread_create.c:456)

The problem appeared in 5.5 after this commit:

commit 5af12e463549e4bbc2ce6ab720d78937d5e5db4e
 
Author: Igor Babaev
 
Date:   Thu Mar 12 23:50:20 2020 -0700
 
 
 
    MDEV-21932 A fast plan with ROR index-merge is ignored when
 
              'index_merge_sort_union=off'

At the time of filing this bug, it is reproducible on 5.5-10.3, the change hasn't been merged up to 10.4 yet.

 Comments   
Comment by Sergei Petrunia [ 2021-01-28 ]

Review input: http://lists.askmonty.org/pipermail/commits/2021-January/014459.html

Comment by Sergei Petrunia [ 2021-01-28 ]

Pushed the adjusted patch into 10.2

Generated at Thu Feb 08 09:13:20 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.