[MDEV-2242] LP:451085 - jump or move depends on uninitialised value in my_type_to_string - JIRA

Details

Type: Bug
Status: Closed
Resolution: Fixed
Affects Version/s: None
Fix Version/s: None
Component/s: None
Labels:
- Launchpad

Description

valgrind see 2 jump or move depends on uninitialised value in my_type_to_string in cast test:
==11018== Conditional jump or move depends on uninitialised value(s)
==11018== at 0x5AAF7D: String::c_ptr() (sql_string.h:110)
==11018== by 0x9BC1A7: my_type_to_string(XTThread*, Field*, st_table*) (myxt_xt.cc:2820)
==11018== by 0x9BC42D: XTDDColumnFactory::createFromMySQLField(XTThread*, st_table*, Field*) (myxt_xt.cc:3266)
==11018== by 0x9BC6D1: myxt_create_table_from_table(XTThread*, st_table*) (myxt_xt.cc:2856)
==11018== by 0x9AB221: ha_pbxt::create(char const*, st_table*, st_ha_create_information*) (ha_pbxt.cc:5063)
==11018== by 0x7A4B26: handler::ha_create(char const*, st_table*, st_ha_create_information*) (handler.cc:3376)
==11018== by 0x7A7C19: ha_create_table(THD*, char const*, char const*, char const*, st_ha_create_information*, bool) (handler.cc:3587)
==11018== by 0x75875B: rea_create_table(THD*, char const*, char const*, char const*, st_ha_create_information*, List<Create_field>&, unsigned int, st_key*, handler*) (unireg.cc:416)
==11018== by 0x7C61BE: mysql_create_table_no_lock(THD*, char const*, char const*, st_ha_create_information*, Alter_info*, bool, unsigned int) (sql_table.cc:3853)
==11018== by 0x7C658F: mysql_create_table(THD*, char const*, char const*, st_ha_create_information*, Alter_info*, bool, unsigned int) (sql_table.cc:3960)
==11018== by 0x67C4AA: mysql_execute_command(THD*) (sql_parse.cc:2732)
==11018== by 0x683ECE: mysql_parse(THD*, char const*, unsigned int, char const**) (sql_parse.cc:5979)
==11018== by 0x684CD8: dispatch_command(enum_server_command, THD*, char*, unsigned int) (sql_parse.cc:1223)
==11018== by 0x68602C: do_command(THD*) (sql_parse.cc:862)
==11018== by 0x671F79: handle_one_connection (sql_connect.cc:1130)
==11018== by 0x5048016: start_thread (in /lib64/libpthread-2.9.so)
==11018==
==11018== Conditional jump or move depends on uninitialised value(s)
==11018== at 0x9CBC3F: xt_strcat(unsigned long, char*, char const*) (strutil_xt.cc:75)
==11018== by 0x9BC207: my_type_to_string(XTThread*, Field*, st_table*) (myxt_xt.cc:2828)
==11018== by 0x9BC42D: XTDDColumnFactory::createFromMySQLField(XTThread*, st_table*, Field*) (myxt_xt.cc:3266)
==11018== by 0x9BC6D1: myxt_create_table_from_table(XTThread*, st_table*) (myxt_xt.cc:2856)
==11018== by 0x9AB221: ha_pbxt::create(char const*, st_table*, st_ha_create_information*) (ha_pbxt.cc:5063)
==11018== by 0x7A4B26: handler::ha_create(char const*, st_table*, st_ha_create_information*) (handler.cc:3376)
==11018== by 0x7A7C19: ha_create_table(THD*, char const*, char const*, char const*, st_ha_create_information*, bool) (handler.cc:3587)
==11018== by 0x75875B: rea_create_table(THD*, char const*, char const*, char const*, st_ha_create_information*, List<Create_field>&, unsigned int, st_key*, handler*) (unireg.cc:416)
==11018== by 0x7C61BE: mysql_create_table_no_lock(THD*, char const*, char const*, st_ha_create_information*, Alter_info*, bool, unsigned int) (sql_table.cc:3853)
==11018== by 0x7C658F: mysql_create_table(THD*, char const*, char const*, st_ha_create_information*, Alter_info*, bool, unsigned int) (sql_table.cc:3960)
==11018== by 0x67C4AA: mysql_execute_command(THD*) (sql_parse.cc:2732)
==11018== by 0x683ECE: mysql_parse(THD*, char const*, unsigned int, char const**) (sql_parse.cc:5979)
==11018== by 0x684CD8: dispatch_command(enum_server_command, THD*, char*, unsigned int) (sql_parse.cc:1223)
==11018== by 0x68602C: do_command(THD*) (sql_parse.cc:862)
==11018== by 0x671F79: handle_one_connection (sql_connect.cc:1130)
==11018== by 0x5048016: start_thread (in /lib64/libpthread-2.9.so)

for more cases see:

http://askmonty.org/buildbot/builders/gentoo-amd64-sanja/builds/4/steps/test_1/logs/mysqld.1.err.1
http://askmonty.org/buildbot/builders/gentoo-amd64-sanja/builds/4/steps/test_1/logs/mysqld.1.err.3
http://askmonty.org/buildbot/builders/gentoo-amd64-sanja/builds/4/steps/test_1/logs/mysqld.1.err.4

Can be repeated if run pbxt test suite under valgrind (valgrind build (one of BUILD/compile*valgrind* ) and --valgrind parameter of mysql-test-run)

Gliffy Diagrams

Attachments

Options
- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

Attachments

LPexportBug451085.xml
10 kB
2012-10-03 11:32

Activity

Ascending order - Click to sort in descending order

Hide

Permalink

Michael Widenius added a comment - 2009-10-14 12:33

re: [Bug 451085] Re: jump or move depends on uninitialised value in my_type_to_string

Hi!

>>>>> "Oleksandr" == Oleksandr Byelkin <Oleksandr> writes:

Oleksandr> ** Also affects: maria
Oleksandr> Importance: Undecided
Oleksandr> Status: New

Oleksandr> –
Oleksandr> jump or move depends on uninitialised value in my_type_to_string
Oleksandr> https://bugs.launchpad.net/bugs/451085
Oleksandr> You received this bug notification because you are a member of Maria-
Oleksandr> captains, which is the registrant for Maria.

Oleksandr> Status in Maria: New
Oleksandr> Status in PrimeBase XT: New

Oleksandr> Bug description:
Oleksandr> valgFrind see 2 jump or move depends on uninitialised value in my_type_to_string in cast test:
Oleksandr> ==11018== Conditional jump or move depends on uninitialised value(s)
Oleksandr> ==11018== at 0x5AAF7D: String::c_ptr() (sql_string.h:110)
Oleksandr> ==11018== by 0x9BC1A7: my_type_to_string(XTThread*, Field*, st_table*) (myxt_xt.cc:2820)
Oleksandr> ==11018== by 0x9BC42D: XTDDColumnFactory::createFromMySQLField(XTThread*, st_table*, Field*) (myxt_xt.cc:3266)

The reason for c_ptr() giving an error is that this function checks if
the end pointer is zero, which in some cases may be not initialized
memory (this is still safe in 99.999% of all cases as all strings
points to thread specific memory).

<cut>

Proposed fix:

ptr = type.c_ptr();
if (ptr != buffer)
xt_strcpy(sizeof(buffer), buffer, ptr);

->
ptr = type.ptr();
if (ptr != buffer)
xt_strcpy(min(sizeof(buffer)-1,type.length(), buffer, ptr);

An even better solution would be to introduce xt_strmake()

char *xt_strmake(register char *dst, register const char *src, size_t length)
{
memcpy(dst, src, length);
dst[length]= 0;
}

and then use this instead of xt_strcpy()

This would be the fastest solution...

Regards,
Monty

Show

Michael Widenius added a comment - 2009-10-14 12:33 re: [Bug 451085] Re: jump or move depends on uninitialised value in my_type_to_string Hi! >>>>> "Oleksandr" == Oleksandr Byelkin <Oleksandr> writes: Oleksandr> ** Also affects: maria Oleksandr> Importance: Undecided Oleksandr> Status: New Oleksandr> – Oleksandr> jump or move depends on uninitialised value in my_type_to_string Oleksandr> https://bugs.launchpad.net/bugs/451085 Oleksandr> You received this bug notification because you are a member of Maria- Oleksandr> captains, which is the registrant for Maria. Oleksandr> Status in Maria: New Oleksandr> Status in PrimeBase XT: New Oleksandr> Bug description: Oleksandr> valgFrind see 2 jump or move depends on uninitialised value in my_type_to_string in cast test: Oleksandr> ==11018== Conditional jump or move depends on uninitialised value(s) Oleksandr> ==11018== at 0x5AAF7D: String::c_ptr() (sql_string.h:110) Oleksandr> ==11018== by 0x9BC1A7: my_type_to_string(XTThread*, Field*, st_table*) (myxt_xt.cc:2820) Oleksandr> ==11018== by 0x9BC42D: XTDDColumnFactory::createFromMySQLField(XTThread*, st_table*, Field*) (myxt_xt.cc:3266) The reason for c_ptr() giving an error is that this function checks if the end pointer is zero, which in some cases may be not initialized memory (this is still safe in 99.999% of all cases as all strings points to thread specific memory). <cut> Proposed fix: ptr = type.c_ptr(); if (ptr != buffer) xt_strcpy(sizeof(buffer), buffer, ptr); -> ptr = type.ptr(); if (ptr != buffer) xt_strcpy(min(sizeof(buffer)-1,type.length(), buffer, ptr); An even better solution would be to introduce xt_strmake() char *xt_strmake(register char *dst, register const char *src, size_t length) { memcpy(dst, src, length); dst [length] = 0; } and then use this instead of xt_strcpy() This would be the fastest solution... Regards, Monty

Hide

Permalink

Vladimir Kolesnikov added a comment - 2009-10-14 21:48

Re: jump or move depends on uninitialised value in my_type_to_string
Hi Monty,

thanks for the input. It was not me who wrote the original code, but when looking at it I've got into the .c_str() trap as well...

Show

Vladimir Kolesnikov added a comment - 2009-10-14 21:48 Re: jump or move depends on uninitialised value in my_type_to_string Hi Monty, thanks for the input. It was not me who wrote the original code, but when looking at it I've got into the .c_str() trap as well...

Hide

Permalink

Rasmus Johansson added a comment - 2009-11-17 23:13

Launchpad bug id: 451085

Show

Rasmus Johansson added a comment - 2009-11-17 23:13 Launchpad bug id: 451085

LP:451085 - jump or move depends on uninitialised value in my_type_to_string

Details

Description

Gliffy Diagrams

Attachments

Attachments

Activity

People

Dates

Agile