Details
-
Type:
Bug
-
Status: Closed
-
Priority:
Major
-
Resolution: Fixed
-
Affects Version/s: 10.0.3
-
Fix Version/s: 10.0.4
-
Component/s: None
-
Labels:None
Description
Attention: the warning appears on a release build, e.g. the one that we provide in release bintar, or built with BUILD/compile-pentium-max; but not reproducible with a debug build or valgrind build (at least on my machine)!
To reproduce, it's enough to run a test from the standard MTR suite, e.g.
perl mysql-test-run.pl main.1st --valgrind-mysqld
==30728== Thread 4: ==30728== Conditional jump or move depends on uninitialised value(s) ==30728== at 0x6E2414: Item_equal::fix_fields(THD*, Item**) (item_cmpfunc.cc:5982) ==30728== by 0x5D7350: build_equal_items_for_cond(THD*, Item*, COND_EQUAL*, bool) (sql_select.cc:12199) ==30728== by 0x5D7A9B: build_equal_items(JOIN*, Item*, COND_EQUAL*, List<TABLE_LIST>*, bool, COND_EQUAL**, bool) (sql_select.cc:12331) ==30728== by 0x5D7C49: optimize_cond(JOIN*, Item*, List<TABLE_LIST>*, bool, Item::cond_result*, COND_EQUAL**, int) (sql_select.cc:13875) ==30728== by 0x5D8040: JOIN::optimize_inner() (sql_select.cc:1162) ==30728== by 0x5DB220: JOIN::optimize() (sql_select.cc:1003) ==30728== by 0x5DD9EA: mysql_select(THD*, Item***, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) (sql_select.cc:3207) ==30728== by 0x5DE6FC: handle_select(THD*, LEX*, select_result*, unsigned long) (sql_select.cc:371) ==30728== by 0x58C468: execute_sqlcom_select(THD*, TABLE_LIST*) (sql_parse.cc:5043) ==30728== by 0x5927AB: mysql_execute_command(THD*) (sql_parse.cc:2483) ==30728== by 0x7A58DD: sp_instr_stmt::exec_core(THD*, unsigned int*) (sp_head.cc:3189) ==30728== by 0x7AB4FD: sp_lex_keeper::reset_lex_and_exec_core(THD*, unsigned int*, bool, sp_instr*) (sp_head.cc:2983) ==30728== by 0x7AB993: sp_instr_stmt::execute(THD*, unsigned int*) (sp_head.cc:3121) ==30728== by 0x7A856F: sp_head::execute(THD*, bool) (sp_head.cc:1427) ==30728== by 0x7A9A26: sp_head::execute_procedure(THD*, List<Item>*) (sp_head.cc:2184) ==30728== by 0x594DAC: mysql_execute_command(THD*) (sql_parse.cc:4480)
revision-id: sergii@pisem.net-20130610064025-makoe3xkewwwky8j revno: 3761 branch-nick: 10.0-rel BUILD/compile-pentium-max
5951:bool Item_equal::fix_fields(THD *thd, Item **ref)
5952:{
5953: DBUG_ASSERT(fixed == 0);
5954: Item_equal_fields_iterator it(*this);
5955: Item *item;
5956: Field *first_equal_field;
5957: Field *last_equal_field;
5958: Field *prev_equal_field= NULL;
5959: not_null_tables_cache= used_tables_cache= 0;
5960: const_item_cache= 0;
5961: while ((item= it++))
5962: {
5963: table_map tmp_table_map;
5964: used_tables_cache|= item->used_tables();
5965: tmp_table_map= item->not_null_tables();
5966: not_null_tables_cache|= tmp_table_map;
5967: DBUG_ASSERT(!item->with_sum_func && !item->with_subselect);
5968: if (item->maybe_null)
5969: maybe_null= 1;
5970: if (!item->get_item_equal())
5971: item->set_item_equal(this);
5972: if (link_equal_fields && item->real_item()->type() == FIELD_ITEM)
5973: {
5974: last_equal_field= ((Item_field *) (item->real_item()))->field;
5975: if (!prev_equal_field)
5976: first_equal_field= last_equal_field;
5977: else
5978: prev_equal_field->next_equal_field= last_equal_field;
5979: prev_equal_field= last_equal_field;
5980: }
5981: }
5982: if (prev_equal_field && last_equal_field != first_equal_field)
5983: last_equal_field->next_equal_field= first_equal_field;
5984: fix_length_and_dec();
5985: fixed= 1;
5986: return FALSE;
5987:}
Also reproducible on 10.0.2 release.
Gliffy Diagrams
Attachments
Activity
- All
- Comments
- Work Log
- History
- Activity
- Transitions
Committed for review
Pushed to 10.0
It complain about first_equal_field. Theoretically it can be checked uninitialized, do not see how it can happened practecally.