Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-4914

Valgrind warnings (Invalid read) on subquery in HAVING, materialization+semijoin

        Details

        • Type: Bug
        • Status: Closed
        • Priority: Minor
        • Resolution: Won't Fix
        • Affects Version/s: 5.3.12
        • Fix Version/s: 5.3.13
        • Component/s: None
        • Labels:
          None

          Description

          SET optimizer_switch='semijoin=on,materialization=on';

CREATE TABLE t1 (a INT, b INT) ENGINE=MyISAM;
INSERT INTO t1 VALUES (3,1),(0,3);

CREATE TABLE t2 (c INT, d INT) ENGINE=MyISAM;
INSERT INTO t2 VALUES (0, 4),(8, 6);

SELECT b, COUNT(*) AS cnt FROM t1, t2 GROUP BY b
HAVING b > ALL ( SELECT d FROM t2 WHERE c IN ( SELECT MAX( a ) FROM t1 ) ) AND cnt = 7;

          ==28299== Thread 4:
==28299== Invalid read of size 8
==28299==    at 0x58BB42: Item_field::print(String*, enum_query_type) (item.cc:6130)
==28299==    by 0x5AF685: Item_func::print_op(String*, enum_query_type) (item_func.cc:475)
==28299==    by 0x5DBC6C: Item_bool_func2::print(String*, enum_query_type) (item_cmpfunc.h:379)
==28299==    by 0x74081F: st_select_lex::print(THD*, String*, enum_query_type) (sql_select.cc:22582)
==28299==    by 0x618B23: subselect_single_select_engine::print(String*, enum_query_type) (item_subselect.cc:3631)
==28299==    by 0x61097D: Item_subselect::print(String*, enum_query_type) (item_subselect.cc:813)
==28299==    by 0x610D85: Item_maxmin_subselect::print(String*, enum_query_type) (item_subselect.cc:904)
==28299==    by 0x5AF5B5: Item_func::print_op(String*, enum_query_type) (item_func.cc:470)
==28299==    by 0x5DBC6C: Item_bool_func2::print(String*, enum_query_type) (item_cmpfunc.h:379)
==28299==    by 0x5AF51E: Item_func::print_args(String*, unsigned int, enum_query_type) (item_func.cc:460)
==28299==    by 0x5AF488: Item_func::print(String*, enum_query_type) (item_func.cc:449)
==28299==    by 0x5AF51E: Item_func::print_args(String*, unsigned int, enum_query_type) (item_func.cc:460)
==28299==    by 0x5AF488: Item_func::print(String*, enum_query_type) (item_func.cc:449)
==28299==    by 0x5C91C3: Item_func_not_all::print(String*, enum_query_type) (item_cmpfunc.cc:384)
==28299==    by 0x73AEA5: change_to_use_tmp_fields(THD*, Item**, List<Item>&, List<Item>&, unsigned int, List<Item>&) (sql_select.cc:20811)
==28299==    by 0x70CA82: JOIN::exec() (sql_select.cc:2356)
==28299==  Address 0xf877528 is 88 bytes inside a block of size 1,000 free'd
==28299==    at 0x4C2A82E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==28299==    by 0xB746E2: _myfree (safemalloc.c:337)
==28299==    by 0xB7397A: free_root (my_alloc.c:372)
==28299==    by 0x72DECC: free_tmp_table(THD*, st_table*) (sql_select.cc:15610)
==28299==    by 0x61A5F0: subselect_hash_sj_engine::cleanup() (item_subselect.cc:4440)
==28299==    by 0x60EF0D: Item_subselect::cleanup() (item_subselect.cc:130)
==28299==    by 0x60F0E8: Item_in_subselect::cleanup() (item_subselect.cc:167)
==28299==    by 0x720B9B: st_join_table::cleanup() (sql_select.cc:10130)
==28299==    by 0x721667: JOIN::cleanup(bool) (sql_select.cc:10440)
==28299==    by 0x721364: JOIN::join_free() (sql_select.cc:10360)
==28299==    by 0x72E68C: do_select(JOIN*, List<Item>*, st_table*, Procedure*) (sql_select.cc:15799)
==28299==    by 0x70E6B7: JOIN::exec() (sql_select.cc:2786)
==28299==    by 0x617A17: subselect_single_select_engine::exec() (item_subselect.cc:3141)
==28299==    by 0x61016E: Item_subselect::exec() (item_subselect.cc:588)
==28299==    by 0x6119CB: Item_singlerow_subselect::val_int() (item_subselect.cc:1155)
==28299==    by 0x5CB6C8: Arg_comparator::compare_int_signed() (item_cmpfunc.cc:1165)
==28299== Invalid read of size 1
==28299==    at 0x58BB46: Item_field::print(String*, enum_query_type) (item.cc:6130)
==28299==    by 0x5AF685: Item_func::print_op(String*, enum_query_type) (item_func.cc:475)
==28299==    by 0x5DBC6C: Item_bool_func2::print(String*, enum_query_type) (item_cmpfunc.h:379)
==28299==    by 0x74081F: st_select_lex::print(THD*, String*, enum_query_type) (sql_select.cc:22582)
==28299==    by 0x618B23: subselect_single_select_engine::print(String*, enum_query_type) (item_subselect.cc:3631)
==28299==    by 0x61097D: Item_subselect::print(String*, enum_query_type) (item_subselect.cc:813)
==28299==    by 0x610D85: Item_maxmin_subselect::print(String*, enum_query_type) (item_subselect.cc:904)
==28299==    by 0x5AF5B5: Item_func::print_op(String*, enum_query_type) (item_func.cc:470)
==28299==    by 0x5DBC6C: Item_bool_func2::print(String*, enum_query_type) (item_cmpfunc.h:379)
==28299==    by 0x5AF51E: Item_func::print_args(String*, unsigned int, enum_query_type) (item_func.cc:460)
==28299==    by 0x5AF488: Item_func::print(String*, enum_query_type) (item_func.cc:449)
==28299==    by 0x5AF51E: Item_func::print_args(String*, unsigned int, enum_query_type) (item_func.cc:460)
==28299==    by 0x5AF488: Item_func::print(String*, enum_query_type) (item_func.cc:449)
==28299==    by 0x5C91C3: Item_func_not_all::print(String*, enum_query_type) (item_cmpfunc.cc:384)
==28299==    by 0x73AEA5: change_to_use_tmp_fields(THD*, Item**, List<Item>&, List<Item>&, unsigned int, List<Item>&) (sql_select.cc:20811)
==28299==    by 0x70CA82: JOIN::exec() (sql_select.cc:2356)
==28299==  Address 0xf876d2f is 2,143 bytes inside a block of size 4,020 free'd
==28299==    at 0x4C2A82E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==28299==    by 0xB746E2: _myfree (safemalloc.c:337)
==28299==    by 0xB73940: free_root (my_alloc.c:366)
==28299==    by 0x72DECC: free_tmp_table(THD*, st_table*) (sql_select.cc:15610)
==28299==    by 0x61A5F0: subselect_hash_sj_engine::cleanup() (item_subselect.cc:4440)
==28299==    by 0x60EF0D: Item_subselect::cleanup() (item_subselect.cc:130)
==28299==    by 0x60F0E8: Item_in_subselect::cleanup() (item_subselect.cc:167)
==28299==    by 0x720B9B: st_join_table::cleanup() (sql_select.cc:10130)
==28299==    by 0x721667: JOIN::cleanup(bool) (sql_select.cc:10440)
==28299==    by 0x721364: JOIN::join_free() (sql_select.cc:10360)
==28299==    by 0x72E68C: do_select(JOIN*, List<Item>*, st_table*, Procedure*) (sql_select.cc:15799)
==28299==    by 0x70E6B7: JOIN::exec() (sql_select.cc:2786)
==28299==    by 0x617A17: subselect_single_select_engine::exec() (item_subselect.cc:3141)
==28299==    by 0x61016E: Item_subselect::exec() (item_subselect.cc:588)
==28299==    by 0x6119CB: Item_singlerow_subselect::val_int() (item_subselect.cc:1155)
==28299==    by 0x5CB6C8: Arg_comparator::compare_int_signed() (item_cmpfunc.cc:1165)

          bzr version-info
revision-id: igor@askmonty.org-20130817050147-k5dvrilf0u0vz8cr
revno: 3677
branch-nick: 5.3

          Built with BUILD/compile-pentium-debug-max-no-ndb or BUILD/compile-pentium-valgrind-max-no-ndb

          Reproducible on previous versions of 5.3 as well; but I couldn't reproduce it on 5.5 or 10.0, maybe it was fixed there along with MDEV-3874.
          If you consider it not important enough to fix in 5.3 only, please feel free to close it as "Won't fix", I just need to have it filed so that I can find it next time instead of investigating from scratch.

            Gliffy Diagrams

              Attachments

                Activity

                Hide
                Permalink
                psergey Sergei Petrunia added a comment -

                Doing as suggested in the comment. Not important to fix it in 5.3 only

                Show
                psergey Sergei Petrunia added a comment - Doing as suggested in the comment. Not important to fix it in 5.3 only

                  People

                  • Assignee:
                    psergey Sergei Petrunia
                    Reporter:
                    elenst Elena Stepanova
                  • Votes:
                    0 Vote for this issue
                    Watchers:
                    2 Start watching this issue

                    Dates

                    • Created:
                      Updated:
                      Resolved: