[MDEV-2366] LP:482100 - Valgrind warning and garbled output from innodb_file_format_name_update() Created: 2009-11-13  Updated: 2012-10-04  Resolved: 2012-10-04

Status: Closed
Project: MariaDB Server
Component/s: None
Affects Version/s: None
Fix Version/s: None

Type: Bug Priority: Major
Reporter: Kristian Nielsen Assignee: Kristian Nielsen
Resolution: Fixed Votes: 0
Labels: Launchpad

Attachments: XML File LPexportBug482100.xml     Text File LPexportBug482100_xtradb.patch     Text File LPexportBug482100_xtradb.patch    

 Description   

Using this test case (simplified from innodb_xtradb_bug317074.test):

-----------------------------------------------------------------------
--source include/have_innodb.inc

SET @old_innodb_file_format=@@innodb_file_format;
SET @old_innodb_file_format_check=@@innodb_file_format_check;

SET GLOBAL innodb_file_format=@old_innodb_file_format;
SET GLOBAL innodb_file_format_check=@old_innodb_file_format_check;
-----------------------------------------------------------------------

perl mysql-test-run.pl --valgrind innodb-kn

I get this warning and stack trace:

==27371== Conditional jump or move depends on uninitialised value(s)
==27371== at 0xA3D759: innobase_file_format_name_lookup(char const*) (ha_innodb.cc:9568)
==27371== by 0xA3D941: innodb_file_format_name_update(THD*, st_mysql_sys_var*, void*, void const*) (ha_innodb.cc:9710)
==27371== by 0x86B3D4: sys_var_pluginvar::update(THD*, set_var*) (sql_plugin.cc:2802)
==27371== by 0x6903DB: set_var::update(THD*) (set_var.cc:3674)
==27371== by 0x697535: sql_set_variables(THD*, List<set_var_base>*) (set_var.cc:3549)
==27371== by 0x687125: mysql_execute_command(THD*) (sql_parse.cc:3495)
==27371== by 0x68C1EC: mysql_parse(THD*, char const*, unsigned, char const**) (sql_parse.cc:5983)
==27371== by 0x68CFB1: dispatch_command(enum_server_command, THD*, char*, unsigned) (sql_parse.cc:1227)
==27371== by 0x68E398: do_command(THD*) (sql_parse.cc:866)
==27371== by 0x679FB2: handle_one_connection (sql_connect.cc:1130)
==27371== by 0x50463F6: start_thread (pthread_create.c:297)
==27371== by 0x6026B4C: clone (in /usr/lib/debug/libc-2.7.so)

I also get a spurious warning due to reading garbage data in
innobase_file_format_name_lookup().

I found bug 461155, which may be related. But I checked the fix committed as
rev. 112 of lp:~percona-dev/percona-xtradb/alignment-for-5.1.40. This fix
seems to just rewrite the test cases, so I'm thinking that if it is related it
just hides the problem rather than fix it.

I will debug to investigate.

 Comments   
Comment by Kristian Nielsen [ 2009-11-13 ]

Re: Valgrind warning and garbled output from innodb_file_format_name_update()
Found this while merging xtradb 8 into MariaDB 5.1.39. But the same problem is present when using stock XtraDB 8 with stock MySQL 5.1.39.

Comment by Kristian Nielsen [ 2009-11-13 ]

Re: Valgrind warning and garbled output from innodb_file_format_name_update()
Ok, I found the problem.

It is in innodb_file_format_check_validate(), in ha_innodb.cc

char buff[STRING_BUFFER_USUAL_SIZE];
...
file_format_input = value->val_str(value, buff, &len);
...
static_cast<const char*>(save) = file_format_input;
return(0);

So the file_format_input string is stored in a local buffer on the stack, but the pointer to it is used after return of the function, which is illegal of course.

Comment by Kristian Nielsen [ 2009-11-13 ]

Re: Valgrind warning and garbled output from innodb_file_format_name_update()
Ok, attached is a patch that fixes the problem.

Comment by Kristian Nielsen [ 2009-11-13 ]

Ok, attached is a patch that fixes the problem.
patch for bug
LPexportBug482100_xtradb.patch

Comment by Kristian Nielsen [ 2009-11-13 ]

Re: Valgrind warning and garbled output from innodb_file_format_name_update()
BTW, the patch is offered to Percona under the simplified BSD license.

Comment by Kristian Nielsen [ 2009-11-13 ]

Re: Valgrind warning and garbled output from innodb_file_format_name_update()
Sorry, previous patch is buggy, the memory need to be allocated on the THD memroot so it will be freed automatically, freeing in update does not work.

Again, this patch is offered to Percona under the simplified BSD license.

Comment by Kristian Nielsen [ 2009-11-13 ]

Sorry, previous patch is buggy, the memory need to be allocated on the THD memroot so it will be freed automatically, freeing in update does not work.

Again, this patch is offered to Percona under the simplified BSD license.
Revised patch to fix problem
LPexportBug482100_xtradb.patch

Comment by Kristian Nielsen [ 2009-11-28 ]

Re: Valgrind warning and garbled output from innodb_file_format_name_update()
Fix is in MariaDB 5.1.39 release.

Comment by Stewart Smith [ 2011-06-07 ]

Re: Valgrind warning and garbled output from innodb_file_format_name_update()
All development of XtraDB has moved under the Percona Server project - https://launchpad.net/percona-server - If this bug can be reproduced against current Percona Server, please file this bug against percona-server (you can simply do so by using the "Also affects project" link above).

Thanks,
Stewart Smith
Director of Server Development
Percona.

Comment by Rasmus Johansson (Inactive) [ 2011-06-07 ]

Launchpad bug id: 482100

Generated at Thu Feb 08 06:41:21 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.