[MDEV-4914] Valgrind warnings (Invalid read) on subquery in HAVING, materialization+semijoin Created: 2013-08-17  Updated: 2014-02-19  Resolved: 2014-02-19

Status: Closed
Project: MariaDB Server
Component/s: None
Affects Version/s: 5.3.12
Fix Version/s: 5.3.13

Type: Bug Priority: Minor
Reporter: Elena Stepanova Assignee: Sergei Petrunia
Resolution: Won't Fix Votes: 0
Labels: None

Issue Links:
Relates

 Description    

SET optimizer_switch='semijoin=on,materialization=on';
 
 
 
CREATE TABLE t1 (a INT, b INT) ENGINE=MyISAM;
 
INSERT INTO t1 VALUES (3,1),(0,3);
 
 
 
CREATE TABLE t2 (c INT, d INT) ENGINE=MyISAM;
 
INSERT INTO t2 VALUES (0, 4),(8, 6);
 
 
 
SELECT b, COUNT(*) AS cnt FROM t1, t2 GROUP BY b
 
HAVING b > ALL ( SELECT d FROM t2 WHERE c IN ( SELECT MAX( a ) FROM t1 ) ) AND cnt = 7;
 

==28299== Thread 4:
 
==28299== Invalid read of size 8
 
==28299==    at 0x58BB42: Item_field::print(String*, enum_query_type) (item.cc:6130)
 
==28299==    by 0x5AF685: Item_func::print_op(String*, enum_query_type) (item_func.cc:475)
 
==28299==    by 0x5DBC6C: Item_bool_func2::print(String*, enum_query_type) (item_cmpfunc.h:379)
 
==28299==    by 0x74081F: st_select_lex::print(THD*, String*, enum_query_type) (sql_select.cc:22582)
 
==28299==    by 0x618B23: subselect_single_select_engine::print(String*, enum_query_type) (item_subselect.cc:3631)
 
==28299==    by 0x61097D: Item_subselect::print(String*, enum_query_type) (item_subselect.cc:813)
 
==28299==    by 0x610D85: Item_maxmin_subselect::print(String*, enum_query_type) (item_subselect.cc:904)
 
==28299==    by 0x5AF5B5: Item_func::print_op(String*, enum_query_type) (item_func.cc:470)
 
==28299==    by 0x5DBC6C: Item_bool_func2::print(String*, enum_query_type) (item_cmpfunc.h:379)
 
==28299==    by 0x5AF51E: Item_func::print_args(String*, unsigned int, enum_query_type) (item_func.cc:460)
 
==28299==    by 0x5AF488: Item_func::print(String*, enum_query_type) (item_func.cc:449)
 
==28299==    by 0x5AF51E: Item_func::print_args(String*, unsigned int, enum_query_type) (item_func.cc:460)
 
==28299==    by 0x5AF488: Item_func::print(String*, enum_query_type) (item_func.cc:449)
 
==28299==    by 0x5C91C3: Item_func_not_all::print(String*, enum_query_type) (item_cmpfunc.cc:384)
 
==28299==    by 0x73AEA5: change_to_use_tmp_fields(THD*, Item**, List<Item>&, List<Item>&, unsigned int, List<Item>&) (sql_select.cc:20811)
 
==28299==    by 0x70CA82: JOIN::exec() (sql_select.cc:2356)
 
==28299==  Address 0xf877528 is 88 bytes inside a block of size 1,000 free'd
 
==28299==    at 0x4C2A82E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
 
==28299==    by 0xB746E2: _myfree (safemalloc.c:337)
 
==28299==    by 0xB7397A: free_root (my_alloc.c:372)
 
==28299==    by 0x72DECC: free_tmp_table(THD*, st_table*) (sql_select.cc:15610)
 
==28299==    by 0x61A5F0: subselect_hash_sj_engine::cleanup() (item_subselect.cc:4440)
 
==28299==    by 0x60EF0D: Item_subselect::cleanup() (item_subselect.cc:130)
 
==28299==    by 0x60F0E8: Item_in_subselect::cleanup() (item_subselect.cc:167)
 
==28299==    by 0x720B9B: st_join_table::cleanup() (sql_select.cc:10130)
 
==28299==    by 0x721667: JOIN::cleanup(bool) (sql_select.cc:10440)
 
==28299==    by 0x721364: JOIN::join_free() (sql_select.cc:10360)
 
==28299==    by 0x72E68C: do_select(JOIN*, List<Item>*, st_table*, Procedure*) (sql_select.cc:15799)
 
==28299==    by 0x70E6B7: JOIN::exec() (sql_select.cc:2786)
 
==28299==    by 0x617A17: subselect_single_select_engine::exec() (item_subselect.cc:3141)
 
==28299==    by 0x61016E: Item_subselect::exec() (item_subselect.cc:588)
 
==28299==    by 0x6119CB: Item_singlerow_subselect::val_int() (item_subselect.cc:1155)
 
==28299==    by 0x5CB6C8: Arg_comparator::compare_int_signed() (item_cmpfunc.cc:1165)
 
==28299== Invalid read of size 1
 
==28299==    at 0x58BB46: Item_field::print(String*, enum_query_type) (item.cc:6130)
 
==28299==    by 0x5AF685: Item_func::print_op(String*, enum_query_type) (item_func.cc:475)
 
==28299==    by 0x5DBC6C: Item_bool_func2::print(String*, enum_query_type) (item_cmpfunc.h:379)
 
==28299==    by 0x74081F: st_select_lex::print(THD*, String*, enum_query_type) (sql_select.cc:22582)
 
==28299==    by 0x618B23: subselect_single_select_engine::print(String*, enum_query_type) (item_subselect.cc:3631)
 
==28299==    by 0x61097D: Item_subselect::print(String*, enum_query_type) (item_subselect.cc:813)
 
==28299==    by 0x610D85: Item_maxmin_subselect::print(String*, enum_query_type) (item_subselect.cc:904)
 
==28299==    by 0x5AF5B5: Item_func::print_op(String*, enum_query_type) (item_func.cc:470)
 
==28299==    by 0x5DBC6C: Item_bool_func2::print(String*, enum_query_type) (item_cmpfunc.h:379)
 
==28299==    by 0x5AF51E: Item_func::print_args(String*, unsigned int, enum_query_type) (item_func.cc:460)
 
==28299==    by 0x5AF488: Item_func::print(String*, enum_query_type) (item_func.cc:449)
 
==28299==    by 0x5AF51E: Item_func::print_args(String*, unsigned int, enum_query_type) (item_func.cc:460)
 
==28299==    by 0x5AF488: Item_func::print(String*, enum_query_type) (item_func.cc:449)
 
==28299==    by 0x5C91C3: Item_func_not_all::print(String*, enum_query_type) (item_cmpfunc.cc:384)
 
==28299==    by 0x73AEA5: change_to_use_tmp_fields(THD*, Item**, List<Item>&, List<Item>&, unsigned int, List<Item>&) (sql_select.cc:20811)
 
==28299==    by 0x70CA82: JOIN::exec() (sql_select.cc:2356)
 
==28299==  Address 0xf876d2f is 2,143 bytes inside a block of size 4,020 free'd
 
==28299==    at 0x4C2A82E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
 
==28299==    by 0xB746E2: _myfree (safemalloc.c:337)
 
==28299==    by 0xB73940: free_root (my_alloc.c:366)
 
==28299==    by 0x72DECC: free_tmp_table(THD*, st_table*) (sql_select.cc:15610)
 
==28299==    by 0x61A5F0: subselect_hash_sj_engine::cleanup() (item_subselect.cc:4440)
 
==28299==    by 0x60EF0D: Item_subselect::cleanup() (item_subselect.cc:130)
 
==28299==    by 0x60F0E8: Item_in_subselect::cleanup() (item_subselect.cc:167)
 
==28299==    by 0x720B9B: st_join_table::cleanup() (sql_select.cc:10130)
 
==28299==    by 0x721667: JOIN::cleanup(bool) (sql_select.cc:10440)
 
==28299==    by 0x721364: JOIN::join_free() (sql_select.cc:10360)
 
==28299==    by 0x72E68C: do_select(JOIN*, List<Item>*, st_table*, Procedure*) (sql_select.cc:15799)
 
==28299==    by 0x70E6B7: JOIN::exec() (sql_select.cc:2786)
 
==28299==    by 0x617A17: subselect_single_select_engine::exec() (item_subselect.cc:3141)
 
==28299==    by 0x61016E: Item_subselect::exec() (item_subselect.cc:588)
 
==28299==    by 0x6119CB: Item_singlerow_subselect::val_int() (item_subselect.cc:1155)
 
==28299==    by 0x5CB6C8: Arg_comparator::compare_int_signed() (item_cmpfunc.cc:1165)
 

bzr version-info
 
revision-id: igor@askmonty.org-20130817050147-k5dvrilf0u0vz8cr
 
revno: 3677
 
branch-nick: 5.3

Built with BUILD/compile-pentium-debug-max-no-ndb or BUILD/compile-pentium-valgrind-max-no-ndb

Reproducible on previous versions of 5.3 as well; but I couldn't reproduce it on 5.5 or 10.0, maybe it was fixed there along with MDEV-3874.
If you consider it not important enough to fix in 5.3 only, please feel free to close it as "Won't fix", I just need to have it filed so that I can find it next time instead of investigating from scratch.

 Comments   
Comment by Sergei Petrunia [ 2014-02-19 ]

Doing as suggested in the comment. Not important to fix it in 5.3 only

Generated at Thu Feb 08 07:00:11 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.