[MDEV-29678] Valgrind/MSAN uninitialised value errors upon PS with ALTER under ONLY_FULL_GROUP_BY Created: 2022-10-01  Updated: 2022-10-21  Resolved: 2022-10-21

Status: Closed
Project: MariaDB Server
Component/s: Data Definition - Alter Table, Prepared Statements
Affects Version/s: 10.3, 10.4, 10.5, 10.6, 10.7, 10.8, 10.9, 10.10
Fix Version/s: 10.3.37, 10.4.27, 10.5.18, 10.6.11, 10.7.7, 10.8.6, 10.9.4, 10.10.2, 10.11.1

Type: Bug Priority: Critical
Reporter: Elena Stepanova Assignee: Daniel Black
Resolution: Fixed Votes: 0
Labels: None


 Description   

main.mysql_tzinfo_to_sql_symlink started failing with Valgrind/MSAN errors after this commit in 10.6:

commit 3dd03a23340b6b966b26fc15cf2212b9a7484910
 
Author: Sergei Golubchik
 
Date:   Fri Sep 2 11:43:14 2022 +0200
 
 
 
    MDEV-29347 MariaDB 10.6.8 fails to start when ONLY_FULL_GROUP_BY gets provided

However, it is only a messenger, the underlying problem existed before the commit:

SET sql_mode= ONLY_FULL_GROUP_BY;
 
EXECUTE IMMEDIATE 'ALTER TABLE mysql.time_zone_transition ORDER BY Time_zone_id, Transition_time';

10.3 97695675

 
==900797== Conditional jump or move depends on uninitialised value(s)
 
==900797==    at 0xB647B3: Item_field::fix_fields(THD*, Item**) (item.cc:6391)
 
==900797==    by 0x664A54: Item::fix_fields_if_needed(THD*, Item**) (item.h:829)
 
==900797==    by 0x663F68: Item::fix_fields_if_needed_for_scalar(THD*, Item**) (item.h:833)
 
==900797==    by 0x853A24: Item::fix_fields_if_needed_for_order_by(THD*, Item**) (item.h:841)
 
==900797==    by 0x7F65A8: find_order_in_list(THD*, Bounds_checked_array<Item*>, TABLE_LIST*, st_order*, List<Item>&, List<Item>&, bool, bool, bool) (sql_select.cc:23699)
 
==900797==    by 0x83950A: setup_order(THD*, Bounds_checked_array<Item*>, TABLE_LIST*, List<Item>&, List<Item>&, st_order*, bool) (sql_select.cc:23746)
 
==900797==    by 0x8B3257: copy_data_between_tables(THD*, TABLE*, TABLE*, List<Create_field>&, bool, unsigned int, st_order*, unsigned long long*, unsigned long long*, Alter_info::enum_enable_or_disable, Alter_table_ctx*) (sql_table.cc:10652)
 
==900797==    by 0x8AA95F: mysql_alter_table(THD*, st_mysql_const_lex_string const*, st_mysql_const_lex_string const*, HA_CREATE_INFO*, TABLE_LIST*, Alter_info*, unsigned int, st_order*, bool) (sql_table.cc:10189)
 
==900797==    by 0x9593EF: Sql_cmd_alter_table::execute(THD*) (sql_alter.cc:512)
 
==900797==    by 0x7AB823: mysql_execute_command(THD*) (sql_parse.cc:6075)
 
==900797==    by 0x7D1CE5: Prepared_statement::execute(String*, bool) (sql_prepare.cc:5027)
 
==900797==    by 0x7CD647: Prepared_statement::execute_loop(String*, bool, unsigned char*, unsigned char*) (sql_prepare.cc:4455)
 
==900797==    by 0x7CBC7B: Prepared_statement::execute_immediate(char const*, unsigned int) (sql_prepare.cc:5151)
 
==900797==    by 0x7CB996: mysql_sql_stmt_execute_immediate(THD*) (sql_prepare.cc:2989)
 
==900797==    by 0x7A0C65: mysql_execute_command(THD*) (sql_parse.cc:3876)
 
==900797==    by 0x79ACA0: mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) (sql_parse.cc:7870)

MSAN variation:

10.6 2ab52cc0e

 
==306674==WARNING: MemorySanitizer: use-of-uninitialized-value
 
    #0 0x55bba997b9b0 in Item_field::fix_fields(THD*, Item**) /home/jenkins/workspace/Source-Build-Test/src/sql/item.cc:6191:51
 
    #1 0x55bba8cf8cc3 in Item::fix_fields_if_needed(THD*, Item**) /home/jenkins/workspace/Source-Build-Test/src/sql/item.h:1144:30
 
    #2 0x55bba8cf8cc3 in Item::fix_fields_if_needed_for_scalar(THD*, Item**) /home/jenkins/workspace/Source-Build-Test/src/sql/item.h:1148:12
 
    #3 0x55bba8cf8cc3 in Item::fix_fields_if_needed_for_order_by(THD*, Item**) /home/jenkins/workspace/Source-Build-Test/src/sql/item.h:1156:12
 
    #4 0x55bba8cf8cc3 in find_order_in_list(THD*, Bounds_checked_array<Item*>, TABLE_LIST*, st_order*, List<Item>&, List<Item>&, bool, bool, bool) /home/jenkins/workspace/Source-Build-Test/src/sql/sql_select.cc:25205:19
 
    #5 0x55bba8e14991 in setup_order(THD*, Bounds_checked_array<Item*>, TABLE_LIST*, List<Item>&, List<Item>&, st_order*, bool) /home/jenkins/workspace/Source-Build-Test/src/sql/sql_select.cc:25252:9
 
    #6 0x55bba8facca7 in copy_data_between_tables(THD*, TABLE*, TABLE*, List<Create_field>&, bool, unsigned int, st_order*, unsigned long long*, unsigned long long*, Alter_info::enum_enable_or_disable, Alter_table_ctx*) /home/jenkins/workspace/Source-Build-Test/src/sql/sql_table.cc:11040:11
 
    #7 0x55bba8facca7 in mysql_alter_table(THD*, st_mysql_const_lex_string const*, st_mysql_const_lex_string const*, HA_CREATE_INFO*, TABLE_LIST*, Alter_info*, unsigned int, st_order*, bool, bool) /home/jenkins/workspace/Source-Build-Test/src/sql/sql_table.cc:10430:9
 
    #8 0x55bba9212f51 in Sql_cmd_alter_table::execute(THD*) /home/jenkins/workspace/Source-Build-Test/src/sql/sql_alter.cc:542:11
 
    #9 0x55bba8bef144 in mysql_execute_command(THD*, bool) /home/jenkins/workspace/Source-Build-Test/src/sql/sql_parse.cc:5997:26
 
    #10 0x55bba8c899aa in Prepared_statement::execute(String*, bool) /home/jenkins/workspace/Source-Build-Test/src/sql/sql_prepare.cc:5205:14
 
    #11 0x55bba8c74375 in Prepared_statement::execute_loop(String*, bool, unsigned char*, unsigned char*) /home/jenkins/workspace/Source-Build-Test/src/sql/sql_prepare.cc:4633:10
 
    #12 0x55bba8c6f6be in Prepared_statement::execute_immediate(char const*, unsigned int) /home/jenkins/workspace/Source-Build-Test/src/sql/sql_prepare.cc:5356:10
 
    #13 0x55bba8c6eb67 in mysql_sql_stmt_execute_immediate(THD*) /home/jenkins/workspace/Source-Build-Test/src/sql/sql_prepare.cc:3095:16
 
    #14 0x55bba8bf2135 in mysql_execute_command(THD*, bool) /home/jenkins/workspace/Source-Build-Test/src/sql/sql_parse.cc:3952:5
 
    #15 0x55bba8bd66a7 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /home/jenkins/workspace/Source-Build-Test/src/sql/sql_parse.cc:8032:18
 
    #16 0x55bba8bcaa7d in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /home/jenkins/workspace/Source-Build-Test/src/sql/sql_parse.cc:1896:7
 
    #17 0x55bba8bd8a9f in do_command(THD*, bool) /home/jenkins/workspace/Source-Build-Test/src/sql/sql_parse.cc:1409:17
 
    #18 0x55bba91ef7f6 in do_handle_one_connection(CONNECT*, bool) /home/jenkins/workspace/Source-Build-Test/src/sql/sql_connect.cc:1416:11
 
    #19 0x55bba91eee85 in handle_one_connection /home/jenkins/workspace/Source-Build-Test/src/sql/sql_connect.cc:1318:5
 
    #20 0x55bbaa63d74a in pfs_spawn_thread /home/jenkins/workspace/Source-Build-Test/src/storage/perfschema/pfs.cc:2201:3
 
    #21 0x7fc43323c608 in start_thread /build/glibc-eX1tMB/glibc-2.31/nptl/pthread_create.c:477:8
 
    #22 0x7fc432f41292 in clone /build/glibc-eX1tMB/glibc-2.31/misc/../sysdeps/unix/sysv/linux/x86_64/clone.S:95
 
 
 
  Memory was marked as uninitialized
 
    #0 0x55bba86c2c9e in __msan_allocated_memory (/home/jenkins/workspace/Source-Build-Test/src/sql/mariadbd+0x7fbc9e)
 
    #1 0x55bbab8a56c0 in my_malloc /home/jenkins/workspace/Source-Build-Test/src/mysys/my_malloc.c:113:7
 
 
 
SUMMARY: MemorySanitizer: use-of-uninitialized-value /home/jenkins/workspace/Source-Build-Test/src/sql/item.cc:6191:51 in Item_field::fix_fields(THD*, Item**)



 Comments   
Comment by Daniel Black [ 2022-10-12 ]

bb-10.6-danielblack-MDEV-29678-uninit passing MSAN.

10.3 version with test case on https://github.com/MariaDB/server/pull/2286

Comment by Sergei Golubchik [ 2022-10-21 ]

eb3f4b658613a7d99efb2744e1a81c541c347a0d is ok to push

Generated at Thu Feb 08 10:10:27 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.