Details
Blocker
Description
The problem appeared on 5.3 with the following revision:
revno: 3628 revision-id: igor@askmonty.org-20130225031611-jk8lyhhjazov66qc committer: Igor Babaev <igor@askmonty.org> branch nick: maria-5.3-mdev4177 timestamp: Sun 2013-02-24 19:16:11 -0800 message: Fixed bug mdev-4177
It might well be related to, or even be a duplicate of, MDEV-4274 and/or MDEV-4413, but the stack trace is different here, so I will file it separately, this way it will be searchable.
Valgrind warnings on 5.3 (with BUILD/compile-pentium-valgrind-max-no-ndb):
==21978== Thread 4: ==21978== Conditional jump or move depends on uninitialised value(s) ==21978== at 0x5DAE21: Item_equal::contains(Field*) (item_cmpfunc.cc:5560) ==21978== by 0x588B7E: Item_field::find_item_equal(COND_EQUAL*) (item.cc:4881) ==21978== by 0x729E5A: eliminate_item_equal(Item*, COND_EQUAL*, Item_equal*) (sql_select.cc:11845) ==21978== by 0x72A7CE: substitute_for_best_equal_field(st_join_table*, Item*, COND_EQUAL*, void*) (sql_select.cc:12136) ==21978== by 0x72A4B5: substitute_for_best_equal_field(st_join_table*, Item*, COND_EQUAL*, void*) (sql_select.cc:12063) ==21978== by 0x72A4B5: substitute_for_best_equal_field(st_join_table*, Item*, COND_EQUAL*, void*) (sql_select.cc:12063) ==21978== by 0x70DF46: JOIN::optimize() (sql_select.cc:1237) ==21978== by 0x7144E6: mysql_select(THD*, Item***, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) (sql_select.cc:2976) ==21978== by 0x70AF26: handle_select(THD*, st_lex*, select_result*, unsigned long) (sql_select.cc:288) ==21978== by 0x6963DE: execute_sqlcom_select(THD*, TABLE_LIST*) (sql_parse.cc:5172) ==21978== by 0x68D19D: mysql_execute_command(THD*) (sql_parse.cc:2305) ==21978== by 0x698E58: mysql_parse(THD*, char*, unsigned int, char const**) (sql_parse.cc:6173) ==21978== by 0x68A941: dispatch_command(enum_server_command, THD*, char*, unsigned int) (sql_parse.cc:1243) ==21978== by 0x689BDF: do_command(THD*) (sql_parse.cc:923) ==21978== by 0x68663A: handle_one_connection (sql_connect.cc:1231) ==21978== by 0x548DE99: start_thread (pthread_create.c:308) ==21978== Use of uninitialised value of size 8 ==21978== at 0x5DF48E: Item_equal_iterator<List_iterator_fast, Item>::get_curr_field() (item_cmpfunc.h:1856) ==21978== by 0x5DADED: Item_equal::contains(Field*) (item_cmpfunc.cc:5562) ==21978== by 0x588B7E: Item_field::find_item_equal(COND_EQUAL*) (item.cc:4881) ==21978== by 0x729E5A: eliminate_item_equal(Item*, COND_EQUAL*, Item_equal*) (sql_select.cc:11845) ==21978== by 0x72A7CE: substitute_for_best_equal_field(st_join_table*, Item*, COND_EQUAL*, void*) (sql_select.cc:12136) ==21978== by 0x72A4B5: substitute_for_best_equal_field(st_join_table*, Item*, COND_EQUAL*, void*) (sql_select.cc:12063) ==21978== by 0x72A4B5: substitute_for_best_equal_field(st_join_table*, Item*, COND_EQUAL*, void*) (sql_select.cc:12063) ==21978== by 0x70DF46: JOIN::optimize() (sql_select.cc:1237) ==21978== by 0x7144E6: mysql_select(THD*, Item***, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) (sql_select.cc:2976) ==21978== by 0x70AF26: handle_select(THD*, st_lex*, select_result*, unsigned long) (sql_select.cc:288) ==21978== by 0x6963DE: execute_sqlcom_select(THD*, TABLE_LIST*) (sql_parse.cc:5172) ==21978== by 0x68D19D: mysql_execute_command(THD*) (sql_parse.cc:2305) ==21978== by 0x698E58: mysql_parse(THD*, char*, unsigned int, char const**) (sql_parse.cc:6173) ==21978== by 0x68A941: dispatch_command(enum_server_command, THD*, char*, unsigned int) (sql_parse.cc:1243) ==21978== by 0x689BDF: do_command(THD*) (sql_parse.cc:923) ==21978== by 0x68663A: handle_one_connection (sql_connect.cc:1231) ==21978== Use of uninitialised value of size 8 ==21978== at 0x5DF4AF: Item_equal_iterator<List_iterator_fast, Item>::get_curr_field() (item_cmpfunc.h:1857) ==21978== by 0x5DADED: Item_equal::contains(Field*) (item_cmpfunc.cc:5562) ==21978== by 0x588B7E: Item_field::find_item_equal(COND_EQUAL*) (item.cc:4881) ==21978== by 0x729E5A: eliminate_item_equal(Item*, COND_EQUAL*, Item_equal*) (sql_select.cc:11845) ==21978== by 0x72A7CE: substitute_for_best_equal_field(st_join_table*, Item*, COND_EQUAL*, void*) (sql_select.cc:12136) ==21978== by 0x72A4B5: substitute_for_best_equal_field(st_join_table*, Item*, COND_EQUAL*, void*) (sql_select.cc:12063) ==21978== by 0x72A4B5: substitute_for_best_equal_field(st_join_table*, Item*, COND_EQUAL*, void*) (sql_select.cc:12063) ==21978== by 0x70DF46: JOIN::optimize() (sql_select.cc:1237) ==21978== by 0x7144E6: mysql_select(THD*, Item***, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) (sql_select.cc:2976) ==21978== by 0x70AF26: handle_select(THD*, st_lex*, select_result*, unsigned long) (sql_select.cc:288) ==21978== by 0x6963DE: execute_sqlcom_select(THD*, TABLE_LIST*) (sql_parse.cc:5172) ==21978== by 0x68D19D: mysql_execute_command(THD*) (sql_parse.cc:2305) ==21978== by 0x698E58: mysql_parse(THD*, char*, unsigned int, char const**) (sql_parse.cc:6173) ==21978== by 0x68A941: dispatch_command(enum_server_command, THD*, char*, unsigned int) (sql_parse.cc:1243) ==21978== by 0x689BDF: do_command(THD*) (sql_parse.cc:923) ==21978== by 0x68663A: handle_one_connection (sql_connect.cc:1231) ==21978== Use of uninitialised value of size 8 ==21978== at 0x5664F7: base_list_iterator::next_fast() (sql_list.h:449) ==21978== by 0x56895C: List_iterator_fast<Item>::operator++(int) (sql_list.h:561) ==21978== by 0x5DF467: Item_equal_iterator<List_iterator_fast, Item>::operator++(int) (item_cmpfunc.h:1844) ==21978== by 0x5DAE18: Item_equal::contains(Field*) (item_cmpfunc.cc:5560) ==21978== by 0x588B7E: Item_field::find_item_equal(COND_EQUAL*) (item.cc:4881) ==21978== by 0x729E5A: eliminate_item_equal(Item*, COND_EQUAL*, Item_equal*) (sql_select.cc:11845) ==21978== by 0x72A7CE: substitute_for_best_equal_field(st_join_table*, Item*, COND_EQUAL*, void*) (sql_select.cc:12136) ==21978== by 0x72A4B5: substitute_for_best_equal_field(st_join_table*, Item*, COND_EQUAL*, void*) (sql_select.cc:12063) ==21978== by 0x72A4B5: substitute_for_best_equal_field(st_join_table*, Item*, COND_EQUAL*, void*) (sql_select.cc:12063) ==21978== by 0x70DF46: JOIN::optimize() (sql_select.cc:1237) ==21978== by 0x7144E6: mysql_select(THD*, Item***, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) (sql_select.cc:2976) ==21978== by 0x70AF26: handle_select(THD*, st_lex*, select_result*, unsigned long) (sql_select.cc:288) ==21978== by 0x6963DE: execute_sqlcom_select(THD*, TABLE_LIST*) (sql_parse.cc:5172) ==21978== by 0x68D19D: mysql_execute_command(THD*) (sql_parse.cc:2305) ==21978== by 0x698E58: mysql_parse(THD*, char*, unsigned int, char const**) (sql_parse.cc:6173) ==21978== by 0x68A941: dispatch_command(enum_server_command, THD*, char*, unsigned int) (sql_parse.cc:1243)
Crash on 5.5:
#2 0x00000000007c6d68 in handle_fatal_signal (sig=11) at /data/bzr/5.5/sql/signal_handler.cc:262 #3 <signal handler called> #4 0x000000000067e8c2 in Item_equal_iterator<List_iterator_fast, Item>::get_curr_field (this=0x7f9255043f30) at /data/bzr/5.5/sql/item_cmpfunc.h:1849 #5 0x0000000000807a10 in Item_equal::contains (this=0x7f924c021380, field=0x7f924c044e00) at /data/bzr/5.5/sql/item_cmpfunc.cc:5646 #6 0x00000000007e2ac5 in Item_field::find_item_equal (this=0x7f924c008a70, cond_equal=0x7f924c009308) at /data/bzr/5.5/sql/item.cc:5243 #7 0x000000000065c39a in eliminate_item_equal (cond=0x0, upper_levels=0x7f924c009308, item_equal=0x7f924c021880) at /data/bzr/5.5/sql/sql_select.cc:12124 #8 0x000000000065cd26 in substitute_for_best_equal_field (context_tab=0x1, cond=0x7f924c021880, cond_equal=0x7f924c009308, table_join_idx=0x7f924c021a78) at /data/bzr/5.5/sql/sql_select.cc:12414 #9 0x000000000065ca0b in substitute_for_best_equal_field (context_tab=0x1, cond=0x7f924c008d80, cond_equal=0x7f924c01ffe8, table_join_idx=0x7f924c021a78) at /data/bzr/5.5/sql/sql_select.cc:12341 #10 0x000000000065ca0b in substitute_for_best_equal_field (context_tab=0x1, cond=0x7f924c01fef8, cond_equal=0x7f924c01ffe8, table_join_idx=0x7f924c021a78) at /data/bzr/5.5/sql/sql_select.cc:12341 #11 0x000000000064060c in JOIN::optimize (this=0x7f924c0200a0) at /data/bzr/5.5/sql/sql_select.cc:1288 #12 0x00000000006469e1 in mysql_select (thd=0x37c1820, rref_pointer_array=0x37c4828, tables=0x7f924c007730, wild_num=1, fields=..., conds=0x7f924c01fef8, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2147748608, result=0x7f924c009490, unit=0x37c3ef8, select_lex=0x37c45d0) at /data/bzr/5.5/sql/sql_select.cc:3048 #13 0x000000000063d5ea in handle_select (thd=0x37c1820, lex=0x37c3e48, result=0x7f924c009490, setup_tables_done_option=0) at /data/bzr/5.5/sql/sql_select.cc:318 #14 0x000000000061643d in execute_sqlcom_select (thd=0x37c1820, all_tables=0x7f924c007730) at /data/bzr/5.5/sql/sql_parse.cc:4641 #15 0x000000000060ee8c in mysql_execute_command (thd=0x37c1820) at /data/bzr/5.5/sql/sql_parse.cc:2195 #16 0x0000000000618cdc in mysql_parse (thd=0x37c1820, rawbuf=0x7f924c0074c8 "SELECT * FROM t1, t2 WHERE ( c = b ) AND ( 0 OR ( b = 'h' OR a = 136 ) AND ( d = b ) )", length=86, parser_state=0x7f9255045500) at /data/bzr/5.5/sql/sql_parse.cc:5759 #17 0x000000000060c3dc in dispatch_command (command=COM_QUERY, thd=0x37c1820, packet=0x38b6c41 "SELECT * FROM t1, t2 WHERE ( c = b ) AND ( 0 OR ( b = 'h' OR a = 136 ) AND ( d = b ) )", packet_length=86) at /data/bzr/5.5/sql/sql_parse.cc:1068 #18 0x000000000060b61d in do_command (thd=0x37c1820) at /data/bzr/5.5/sql/sql_parse.cc:794 #19 0x000000000071092d in do_handle_one_connection (thd_arg=0x37c1820) at /data/bzr/5.5/sql/sql_connect.cc:1266 #20 0x0000000000710314 in handle_one_connection (arg=0x37c1820) at /data/bzr/5.5/sql/sql_connect.cc:1181 #21 0x000000000096c0b8 in pfs_spawn_thread (arg=0x385fa70) at /data/bzr/5.5/storage/perfschema/pfs.cc:1015 #22 0x00007f9260732e9a in start_thread (arg=0x7f9255046700) at pthread_create.c:308 #23 0x00007f925fa26cbd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112
Test case:
CREATE TABLE t1 (a INT, b VARCHAR(1)) ENGINE=MyISAM; INSERT INTO t1 VALUES (0,'j'),(8,'v'); CREATE TABLE t2 (c VARCHAR(1), d VARCHAR(1)) ENGINE=MyISAM; INSERT INTO t2 VALUES ('k','k'); SELECT * FROM t1, t2 WHERE ( c = b ) AND ( 0 OR ( b = 'h' OR a = 136 ) AND ( d = b ) );
Gliffy Diagrams
Attachments
Issue Links
Activity
- All
- Comments
- Work Log
- History
- Activity
- Transitions
The fix for this bug was pushed into the 5.3 tree and later merged into the 5.5 tree.
The bug still exists on the following revision:
revision-id: igor@askmonty.org-20130430033140-qhx9wsgc5w2dx14r
date: 2013-04-29 20:31:40 -0700
build-date: 2013-04-30 23:45:52 +0400
revno: 3653
branch-nick: 5.3
Valgrind errors from this revision:
==20182== Thread 4:
==20182== Conditional jump or move depends on uninitialised value(s)
==20182== at 0x5DAE21: Item_equal::contains(Field*) (item_cmpfunc.cc:5560)
==20182== by 0x588B7E: Item_field::find_item_equal(COND_EQUAL*) (item.cc:4881)
==20182== by 0x729E5A: eliminate_item_equal(Item*, COND_EQUAL*, Item_equal*) (sql_select.cc:11845)
==20182== by 0x72A7CE: substitute_for_best_equal_field(st_join_table*, Item*, COND_EQUAL*, void*) (sql_select.cc:12136)
==20182== by 0x72A4B5: substitute_for_best_equal_field(st_join_table*, Item*, COND_EQUAL*, void*) (sql_select.cc:12063)
==20182== by 0x72A4B5: substitute_for_best_equal_field(st_join_table*, Item*, COND_EQUAL*, void*) (sql_select.cc:12063)
==20182== by 0x70DF46: JOIN::optimize() (sql_select.cc:1237)
==20182== by 0x7144E6: mysql_select(THD*, Item**, TABLE_LIST, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) (sql_select.cc:2976)
==20182== by 0x70AF26: handle_select(THD*, st_lex*, select_result*, unsigned long) (sql_select.cc:288)
==20182== by 0x6963DE: execute_sqlcom_select(THD*, TABLE_LIST*) (sql_parse.cc:5172)
==20182== by 0x68D19D: mysql_execute_command(THD*) (sql_parse.cc:2305)
==20182== by 0x698E58: mysql_parse(THD*, char*, unsigned int, char const**) (sql_parse.cc:6173)
==20182== by 0x68A941: dispatch_command(enum_server_command, THD*, char*, unsigned int) (sql_parse.cc:1243)
==20182== by 0x689BDF: do_command(THD*) (sql_parse.cc:923)
==20182== by 0x68663A: handle_one_connection (sql_connect.cc:1231)
==20182== by 0x548DE99: start_thread (pthread_create.c:308)
==20182== Use of uninitialised value of size 8
==20182== at 0x5DF48E: Item_equal_iterator<List_iterator_fast, Item>::get_curr_field() (item_cmpfunc.h:1856)
==20182== by 0x5DADED: Item_equal::contains(Field*) (item_cmpfunc.cc:5562)
==20182== by 0x588B7E: Item_field::find_item_equal(COND_EQUAL*) (item.cc:4881)
==20182== by 0x729E5A: eliminate_item_equal(Item*, COND_EQUAL*, Item_equal*) (sql_select.cc:11845)
==20182== by 0x72A7CE: substitute_for_best_equal_field(st_join_table*, Item*, COND_EQUAL*, void*) (sql_select.cc:12136)
==20182== by 0x72A4B5: substitute_for_best_equal_field(st_join_table*, Item*, COND_EQUAL*, void*) (sql_select.cc:12063)
==20182== by 0x72A4B5: substitute_for_best_equal_field(st_join_table*, Item*, COND_EQUAL*, void*) (sql_select.cc:12063)
==20182== by 0x70DF46: JOIN::optimize() (sql_select.cc:1237)
==20182== by 0x7144E6: mysql_select(THD*, Item**, TABLE_LIST, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) (sql_select.cc:2976)
==20182== by 0x70AF26: handle_select(THD*, st_lex*, select_result*, unsigned long) (sql_select.cc:288)
==20182== by 0x6963DE: execute_sqlcom_select(THD*, TABLE_LIST*) (sql_parse.cc:5172)
==20182== by 0x68D19D: mysql_execute_command(THD*) (sql_parse.cc:2305)
==20182== by 0x698E58: mysql_parse(THD*, char*, unsigned int, char const**) (sql_parse.cc:6173)
==20182== by 0x68A941: dispatch_command(enum_server_command, THD*, char*, unsigned int) (sql_parse.cc:1243)
==20182== by 0x689BDF: do_command(THD*) (sql_parse.cc:923)
==20182== by 0x68663A: handle_one_connection (sql_connect.cc:1231)
==20182== Use of uninitialised value of size 8
==20182== at 0x5DF4AF: Item_equal_iterator<List_iterator_fast, Item>::get_curr_field() (item_cmpfunc.h:1857)
==20182== by 0x5DADED: Item_equal::contains(Field*) (item_cmpfunc.cc:5562)
==20182== by 0x588B7E: Item_field::find_item_equal(COND_EQUAL*) (item.cc:4881)
==20182== by 0x729E5A: eliminate_item_equal(Item*, COND_EQUAL*, Item_equal*) (sql_select.cc:11845)
==20182== by 0x72A7CE: substitute_for_best_equal_field(st_join_table*, Item*, COND_EQUAL*, void*) (sql_select.cc:12136)
==20182== by 0x72A4B5: substitute_for_best_equal_field(st_join_table*, Item*, COND_EQUAL*, void*) (sql_select.cc:12063)
==20182== by 0x72A4B5: substitute_for_best_equal_field(st_join_table*, Item*, COND_EQUAL*, void*) (sql_select.cc:12063)
==20182== by 0x70DF46: JOIN::optimize() (sql_select.cc:1237)
==20182== by 0x7144E6: mysql_select(THD*, Item**, TABLE_LIST, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) (sql_select.cc:2976)
==20182== by 0x70AF26: handle_select(THD*, st_lex*, select_result*, unsigned long) (sql_select.cc:288)
==20182== by 0x6963DE: execute_sqlcom_select(THD*, TABLE_LIST*) (sql_parse.cc:5172)
==20182== by 0x68D19D: mysql_execute_command(THD*) (sql_parse.cc:2305)
==20182== by 0x698E58: mysql_parse(THD*, char*, unsigned int, char const**) (sql_parse.cc:6173)
==20182== by 0x68A941: dispatch_command(enum_server_command, THD*, char*, unsigned int) (sql_parse.cc:1243)
==20182== by 0x689BDF: do_command(THD*) (sql_parse.cc:923)
==20182== by 0x68663A: handle_one_connection (sql_connect.cc:1231)
==20182== Use of uninitialised value of size 8
==20182== at 0x5664F7: base_list_iterator::next_fast() (sql_list.h:449)
==20182== by 0x56895C: List_iterator_fast<Item>::operator++(int) (sql_list.h:561)
==20182== by 0x5DF467: Item_equal_iterator<List_iterator_fast, Item>::operator++(int) (item_cmpfunc.h:1844)
==20182== by 0x5DAE18: Item_equal::contains(Field*) (item_cmpfunc.cc:5560)
==20182== by 0x588B7E: Item_field::find_item_equal(COND_EQUAL*) (item.cc:4881)
==20182== by 0x729E5A: eliminate_item_equal(Item*, COND_EQUAL*, Item_equal*) (sql_select.cc:11845)
==20182== by 0x72A7CE: substitute_for_best_equal_field(st_join_table*, Item*, COND_EQUAL*, void*) (sql_select.cc:12136)
==20182== by 0x72A4B5: substitute_for_best_equal_field(st_join_table*, Item*, COND_EQUAL*, void*) (sql_select.cc:12063)
==20182== by 0x72A4B5: substitute_for_best_equal_field(st_join_table*, Item*, COND_EQUAL*, void*) (sql_select.cc:12063)
==20182== by 0x70DF46: JOIN::optimize() (sql_select.cc:1237)
==20182== by 0x7144E6: mysql_select(THD*, Item**, TABLE_LIST, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) (sql_select.cc:2976)
==20182== by 0x70AF26: handle_select(THD*, st_lex*, select_result*, unsigned long) (sql_select.cc:288)
==20182== by 0x6963DE: execute_sqlcom_select(THD*, TABLE_LIST*) (sql_parse.cc:5172)
==20182== by 0x68D19D: mysql_execute_command(THD*) (sql_parse.cc:2305)
==20182== by 0x698E58: mysql_parse(THD*, char*, unsigned int, char const**) (sql_parse.cc:6173)
==20182== by 0x68A941: dispatch_command(enum_server_command, THD*, char*, unsigned int) (sql_parse.cc:1243)