[MDEV-32693] [Draft] MSAN / valgrind errors in safe_substract / Histogram_builder::next Created: 2023-11-06  Updated: 2023-11-26  Resolved: 2023-11-26

Status: Closed
Project: MariaDB Server
Component/s: Optimizer
Affects Version/s: 10.4, 10.6, 11.2
Fix Version/s: N/A

Type: Bug Priority: Major
Reporter: Elena Stepanova Assignee: Unassigned
Resolution: Duplicate Votes: 0
Labels: None

Issue Links:
Duplicate
duplicates MDEV-26509 ASAN stack-buffer-overflow in my_strn... Open

 Description   

Reproducible (also on 10.6.15, not a recent regression), needs cleaning

CREATE TABLE B (pk INTEGER AUTO_INCREMENT,
 
 col_int_nokey INTEGER,
 
 col_int_key INTEGER,
 
 col_date_key DATE,
 
 col_date_nokey DATE,
 
 col_time_key TIME,
 
 col_time_nokey TIME,
 
 col_datetime_key DATETIME,
 
 col_datetime_nokey DATETIME,
 
 col_varchar_key VARCHAR(1),
 
 col_varchar_nokey VARCHAR(1),
 
 PRIMARY KEY (pk DESC),
 
 KEY (col_varchar_key ASC, col_int_key)) CHARACTER SET cp1250 COLLATE cp1250_czech_cs;
 
 
 
INSERT /*! IGNORE */ INTO B (col_int_key, col_int_nokey,
 
 col_date_key, col_date_nokey,
 
 col_time_key, col_time_nokey,
 
 col_datetime_key, col_datetime_nokey,
 
 col_varchar_key, col_varchar_nokey) VALUES (6, 7, '2026-11-23', '2026-11-23', '09:19:37.055802', '09:19:37.055802', '1903-03-02 04:31:24.000649', '1903-03-02 04:31:24.000649', 'j', 'j');
 
ANALYZE TABLE B PERSISTENT FOR ALL;

10.6 b78b77e77db22321e2fa49afaea5564c083ca66a

 
==57350==WARNING: MemorySanitizer: use-of-uninitialized-value
 
    #0 0x55affe11a732 in safe_substract(unsigned long long, unsigned long long) /data/src/10.6-msan/sql/field.cc:1143:10
 
    #1 0x55affe11a732 in Field::pos_in_interval_val_str(Field*, Field*, unsigned int) /data/src/10.6-msan/sql/field.cc:1198:6
 
    #2 0x55affd8a6ba5 in Histogram_builder::next(void*, unsigned int) /data/src/10.6-msan/sql/sql_statistics.cc:1626:36
 
    #3 0x55b0003588ec in tree_walk_left_root_right /data/src/10.6-msan/mysys/tree.c:590:9
 
    #4 0x55b0003585fe in tree_walk /data/src/10.6-msan/mysys/tree.c:576:12
 
    #5 0x55affdad6eb6 in Unique::walk(TABLE*, int (*)(void*, unsigned int, void*), void*) /data/src/10.6-msan/sql/uniques.cc:654:12
 
    #6 0x55affd8a801e in Count_distinct_field::walk_tree_with_histogram(unsigned long long) /data/src/10.6-msan/sql/sql_statistics.cc:1754:11
 
    #7 0x55affd8a801e in Column_statistics_collected::finish(unsigned long long, double) /data/src/10.6-msan/sql/sql_statistics.cc:2426:23
 
    #8 0x55affd885138 in collect_statistics_for_table(THD*, TABLE*) /data/src/10.6-msan/sql/sql_statistics.cc:2725:37
 
    #9 0x55affdbdb488 in mysql_admin_table(THD*, TABLE_LIST*, st_ha_check_opt*, st_mysql_const_lex_string const*, thr_lock_type, bool, bool, unsigned int, int (*)(THD*, TABLE_LIST*, st_ha_check_opt*), int (handler::*)(THD*, st_ha_check_opt*), int (*)(THD*, TABLE_LIST*, st_ha_check_opt*), bool) /data/src/10.6-msan/sql/sql_admin.cc:1027:15
 
    #10 0x55affdbdef87 in Sql_cmd_analyze_table::execute(THD*) /data/src/10.6-msan/sql/sql_admin.cc:1521:8
 
    #11 0x55affd56a38e in mysql_execute_command(THD*, bool) /data/src/10.6-msan/sql/sql_parse.cc:6026:26
 
    #12 0x55affd55224a in mysql_parse(THD*, char*, unsigned int, Parser_state*) /data/src/10.6-msan/sql/sql_parse.cc:8050:18
 
    #13 0x55affd546790 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /data/src/10.6-msan/sql/sql_parse.cc:1896:7
 
    #14 0x55affd554640 in do_command(THD*, bool) /data/src/10.6-msan/sql/sql_parse.cc:1409:17
 
    #15 0x55affdb84e7f in do_handle_one_connection(CONNECT*, bool) /data/src/10.6-msan/sql/sql_connect.cc:1416:11
 
    #16 0x55affdb84465 in handle_one_connection /data/src/10.6-msan/sql/sql_connect.cc:1318:5
 
    #17 0x55affeffc18a in pfs_spawn_thread /data/src/10.6-msan/storage/perfschema/pfs.cc:2201:3
 
    #18 0x7fa74ffb4043 in start_thread nptl/./nptl/pthread_create.c:442:8
 
    #19 0x7fa75003461b in clone3 misc/../sysdeps/unix/sysv/linux/x86_64/clone3.S:81
 
 
 
  Uninitialized value was stored to memory at
 
    #0 0x55affe11a3e3 in char_prefix_to_ulonglong(unsigned char*) /data/src/10.6-msan/sql/field.cc:1131:11
 
    #1 0x55affe11a3e3 in Field::pos_in_interval_val_str(Field*, Field*, unsigned int) /data/src/10.6-msan/sql/field.cc:1195:9
 
 
 
  Uninitialized value was stored to memory at
 
    #0 0x55affe11a3aa in char_prefix_to_ulonglong(unsigned char*) /data/src/10.6-msan/sql/field.cc:1132:16
 
    #1 0x55affe11a3aa in Field::pos_in_interval_val_str(Field*, Field*, unsigned int) /data/src/10.6-msan/sql/field.cc:1195:9
 
 
 
  Uninitialized value was stored to memory at
 
    #0 0x55affe11a2ec in char_prefix_to_ulonglong(unsigned char*) /data/src/10.6-msan/sql/field.cc:1131:11
 
    #1 0x55affe11a2ec in Field::pos_in_interval_val_str(Field*, Field*, unsigned int) /data/src/10.6-msan/sql/field.cc:1195:9
 
 
 
  Uninitialized value was created by an allocation of 'minp_prefix' in the stack frame of function '_ZN5Field23pos_in_interval_val_strEPS_S0_j'
 
    #0 0x55affe119580 in Field::pos_in_interval_val_str(Field*, Field*, unsigned int) /data/src/10.6-msan/sql/field.cc:1180
 
 
 
SUMMARY: MemorySanitizer: use-of-uninitialized-value /data/src/10.6-msan/sql/field.cc:1143:10 in safe_substract(unsigned long long, unsigned long long)
 
Exiting



 Comments   
Comment by Elena Stepanova [ 2023-11-26 ]

Looks too similar to MDEV-26509.

Generated at Thu Feb 08 10:33:17 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.