Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-2242

LP:451085 - jump or move depends on uninitialised value in my_type_to_string

    Details

    • Type: Bug
    • Status: Closed
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: None
    • Labels:

      Description

      valgrind see 2 jump or move depends on uninitialised value in my_type_to_string in cast test:
      ==11018== Conditional jump or move depends on uninitialised value(s)
      ==11018== at 0x5AAF7D: String::c_ptr() (sql_string.h:110)
      ==11018== by 0x9BC1A7: my_type_to_string(XTThread*, Field*, st_table*) (myxt_xt.cc:2820)
      ==11018== by 0x9BC42D: XTDDColumnFactory::createFromMySQLField(XTThread*, st_table*, Field*) (myxt_xt.cc:3266)
      ==11018== by 0x9BC6D1: myxt_create_table_from_table(XTThread*, st_table*) (myxt_xt.cc:2856)
      ==11018== by 0x9AB221: ha_pbxt::create(char const*, st_table*, st_ha_create_information*) (ha_pbxt.cc:5063)
      ==11018== by 0x7A4B26: handler::ha_create(char const*, st_table*, st_ha_create_information*) (handler.cc:3376)
      ==11018== by 0x7A7C19: ha_create_table(THD*, char const*, char const*, char const*, st_ha_create_information*, bool) (handler.cc:3587)
      ==11018== by 0x75875B: rea_create_table(THD*, char const*, char const*, char const*, st_ha_create_information*, List<Create_field>&, unsigned int, st_key*, handler*) (unireg.cc:416)
      ==11018== by 0x7C61BE: mysql_create_table_no_lock(THD*, char const*, char const*, st_ha_create_information*, Alter_info*, bool, unsigned int) (sql_table.cc:3853)
      ==11018== by 0x7C658F: mysql_create_table(THD*, char const*, char const*, st_ha_create_information*, Alter_info*, bool, unsigned int) (sql_table.cc:3960)
      ==11018== by 0x67C4AA: mysql_execute_command(THD*) (sql_parse.cc:2732)
      ==11018== by 0x683ECE: mysql_parse(THD*, char const*, unsigned int, char const**) (sql_parse.cc:5979)
      ==11018== by 0x684CD8: dispatch_command(enum_server_command, THD*, char*, unsigned int) (sql_parse.cc:1223)
      ==11018== by 0x68602C: do_command(THD*) (sql_parse.cc:862)
      ==11018== by 0x671F79: handle_one_connection (sql_connect.cc:1130)
      ==11018== by 0x5048016: start_thread (in /lib64/libpthread-2.9.so)
      ==11018==
      ==11018== Conditional jump or move depends on uninitialised value(s)
      ==11018== at 0x9CBC3F: xt_strcat(unsigned long, char*, char const*) (strutil_xt.cc:75)
      ==11018== by 0x9BC207: my_type_to_string(XTThread*, Field*, st_table*) (myxt_xt.cc:2828)
      ==11018== by 0x9BC42D: XTDDColumnFactory::createFromMySQLField(XTThread*, st_table*, Field*) (myxt_xt.cc:3266)
      ==11018== by 0x9BC6D1: myxt_create_table_from_table(XTThread*, st_table*) (myxt_xt.cc:2856)
      ==11018== by 0x9AB221: ha_pbxt::create(char const*, st_table*, st_ha_create_information*) (ha_pbxt.cc:5063)
      ==11018== by 0x7A4B26: handler::ha_create(char const*, st_table*, st_ha_create_information*) (handler.cc:3376)
      ==11018== by 0x7A7C19: ha_create_table(THD*, char const*, char const*, char const*, st_ha_create_information*, bool) (handler.cc:3587)
      ==11018== by 0x75875B: rea_create_table(THD*, char const*, char const*, char const*, st_ha_create_information*, List<Create_field>&, unsigned int, st_key*, handler*) (unireg.cc:416)
      ==11018== by 0x7C61BE: mysql_create_table_no_lock(THD*, char const*, char const*, st_ha_create_information*, Alter_info*, bool, unsigned int) (sql_table.cc:3853)
      ==11018== by 0x7C658F: mysql_create_table(THD*, char const*, char const*, st_ha_create_information*, Alter_info*, bool, unsigned int) (sql_table.cc:3960)
      ==11018== by 0x67C4AA: mysql_execute_command(THD*) (sql_parse.cc:2732)
      ==11018== by 0x683ECE: mysql_parse(THD*, char const*, unsigned int, char const**) (sql_parse.cc:5979)
      ==11018== by 0x684CD8: dispatch_command(enum_server_command, THD*, char*, unsigned int) (sql_parse.cc:1223)
      ==11018== by 0x68602C: do_command(THD*) (sql_parse.cc:862)
      ==11018== by 0x671F79: handle_one_connection (sql_connect.cc:1130)
      ==11018== by 0x5048016: start_thread (in /lib64/libpthread-2.9.so)

      for more cases see:

      http://askmonty.org/buildbot/builders/gentoo-amd64-sanja/builds/4/steps/test_1/logs/mysqld.1.err.1
      http://askmonty.org/buildbot/builders/gentoo-amd64-sanja/builds/4/steps/test_1/logs/mysqld.1.err.3
      http://askmonty.org/buildbot/builders/gentoo-amd64-sanja/builds/4/steps/test_1/logs/mysqld.1.err.4

      Can be repeated if run pbxt test suite under valgrind (valgrind build (one of BUILD/compile*valgrind* ) and --valgrind parameter of mysql-test-run)

        Gliffy Diagrams

          Attachments

            Activity

            Hide
            monty Michael Widenius added a comment -

            re: [Bug 451085] Re: jump or move depends on uninitialised value in my_type_to_string

            Hi!

            >>>>> "Oleksandr" == Oleksandr Byelkin <Oleksandr> writes:

            Oleksandr> ** Also affects: maria
            Oleksandr> Importance: Undecided
            Oleksandr> Status: New

            Oleksandr> –
            Oleksandr> jump or move depends on uninitialised value in my_type_to_string
            Oleksandr> https://bugs.launchpad.net/bugs/451085
            Oleksandr> You received this bug notification because you are a member of Maria-
            Oleksandr> captains, which is the registrant for Maria.

            Oleksandr> Status in Maria: New
            Oleksandr> Status in PrimeBase XT: New

            Oleksandr> Bug description:
            Oleksandr> valgFrind see 2 jump or move depends on uninitialised value in my_type_to_string in cast test:
            Oleksandr> ==11018== Conditional jump or move depends on uninitialised value(s)
            Oleksandr> ==11018== at 0x5AAF7D: String::c_ptr() (sql_string.h:110)
            Oleksandr> ==11018== by 0x9BC1A7: my_type_to_string(XTThread*, Field*, st_table*) (myxt_xt.cc:2820)
            Oleksandr> ==11018== by 0x9BC42D: XTDDColumnFactory::createFromMySQLField(XTThread*, st_table*, Field*) (myxt_xt.cc:3266)

            The reason for c_ptr() giving an error is that this function checks if
            the end pointer is zero, which in some cases may be not initialized
            memory (this is still safe in 99.999% of all cases as all strings
            points to thread specific memory).

            <cut>

            Proposed fix:

            ptr = type.c_ptr();
            if (ptr != buffer)
            xt_strcpy(sizeof(buffer), buffer, ptr);

            ->
            ptr = type.ptr();
            if (ptr != buffer)
            xt_strcpy(min(sizeof(buffer)-1,type.length(), buffer, ptr);

            An even better solution would be to introduce xt_strmake()

            char *xt_strmake(register char *dst, register const char *src, size_t length)
            {
            memcpy(dst, src, length);
            dst[length]= 0;
            }

            and then use this instead of xt_strcpy()

            This would be the fastest solution...

            Regards,
            Monty

            Show
            monty Michael Widenius added a comment - re: [Bug 451085] Re: jump or move depends on uninitialised value in my_type_to_string Hi! >>>>> "Oleksandr" == Oleksandr Byelkin <Oleksandr> writes: Oleksandr> ** Also affects: maria Oleksandr> Importance: Undecided Oleksandr> Status: New Oleksandr> – Oleksandr> jump or move depends on uninitialised value in my_type_to_string Oleksandr> https://bugs.launchpad.net/bugs/451085 Oleksandr> You received this bug notification because you are a member of Maria- Oleksandr> captains, which is the registrant for Maria. Oleksandr> Status in Maria: New Oleksandr> Status in PrimeBase XT: New Oleksandr> Bug description: Oleksandr> valgFrind see 2 jump or move depends on uninitialised value in my_type_to_string in cast test: Oleksandr> ==11018== Conditional jump or move depends on uninitialised value(s) Oleksandr> ==11018== at 0x5AAF7D: String::c_ptr() (sql_string.h:110) Oleksandr> ==11018== by 0x9BC1A7: my_type_to_string(XTThread*, Field*, st_table*) (myxt_xt.cc:2820) Oleksandr> ==11018== by 0x9BC42D: XTDDColumnFactory::createFromMySQLField(XTThread*, st_table*, Field*) (myxt_xt.cc:3266) The reason for c_ptr() giving an error is that this function checks if the end pointer is zero, which in some cases may be not initialized memory (this is still safe in 99.999% of all cases as all strings points to thread specific memory). <cut> Proposed fix: ptr = type.c_ptr(); if (ptr != buffer) xt_strcpy(sizeof(buffer), buffer, ptr); -> ptr = type.ptr(); if (ptr != buffer) xt_strcpy(min(sizeof(buffer)-1,type.length(), buffer, ptr); An even better solution would be to introduce xt_strmake() char *xt_strmake(register char *dst, register const char *src, size_t length) { memcpy(dst, src, length); dst [length] = 0; } and then use this instead of xt_strcpy() This would be the fastest solution... Regards, Monty
            Hide
            vladimirkolesnikov Vladimir Kolesnikov added a comment -

            Re: jump or move depends on uninitialised value in my_type_to_string
            Hi Monty,

            thanks for the input. It was not me who wrote the original code, but when looking at it I've got into the .c_str() trap as well...

            Show
            vladimirkolesnikov Vladimir Kolesnikov added a comment - Re: jump or move depends on uninitialised value in my_type_to_string Hi Monty, thanks for the input. It was not me who wrote the original code, but when looking at it I've got into the .c_str() trap as well...
            Hide
            ratzpo Rasmus Johansson added a comment -

            Launchpad bug id: 451085

            Show
            ratzpo Rasmus Johansson added a comment - Launchpad bug id: 451085

              People

              • Assignee:
                Unassigned
                Reporter:
                sanja Oleksandr Byelkin
              • Votes:
                0 Vote for this issue
                Watchers:
                0 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: