Bug #19801 Test 'partition' shows read outside array in valgrind
Submitted: 14 May 2006 12:34 Modified: 15 Jun 2006 11:25
Reporter: Kent Boortz Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server: Partitions Severity:S2 (Serious)
Version:5.1.10-pre OS:Linux (Red Hat RHAS4 x86)
Assigned to: Mikael Ronström CPU Architecture:Any

[14 May 2006 12:34] Kent Boortz 
Description:
Test 'partition' running in valgrind shows

 Invalid read of size 4
    at 0x8348C9A: partition_info::check_list_constants() (partition_info.cc:637)
    by 0x834904F: partition_info::check_partition_info(handlerton**, handler*, unsigned long long) (partition_info.cc:774)
    by 0x82E6893: mysql_create_table_internal(THD*, char const*, char const*, st_ha_create_information*, List<create_field>&, List<Key>&, bool, unsigned) (sql_table.cc:3141)
    by 0x82E7543: mysql_create_table(THD*, char const*, char const*, st_ha_create_information*, List<create_field>&, List<Key>&, bool, unsigned) (sql_table.cc:3370)
    by 0x81FD456: mysql_execute_command(THD*) (sql_parse.cc:2938)
    by 0x8202260: mysql_parse(THD*, char*, unsigned) (sql_parse.cc:5887)
    by 0x8202BE3: dispatch_command(enum_server_command, THD*, char*, unsigned) (sql_parse.cc:1762)
    by 0x82042B5: handle_one_connection (sql_parse.cc:1548)
    by 0x786340: start_thread (in /lib/tls/libpthread-2.3.4.so)
    by 0x6066FD: clone (in /lib/tls/libc-2.3.4.so)
  Address 0xBB03EE0 is 0 bytes after a block of size 16 alloc'd
    at 0x40051F9: malloc (vg_replace_malloc.c:149)
    by 0x84DBBF4: my_malloc (my_malloc.c:35)
    by 0x84DC190: alloc_root (my_alloc.c:154)
    by 0x81A7AFC: sql_alloc(unsigned) (thr_malloc.cc:42)
    by 0x8348B88: partition_info::check_list_constants() (partition_info.cc:611)
    by 0x834904F: partition_info::check_partition_info(handlerton**, handler*, unsigned long long) (partition_info.cc:774)
    by 0x82E6893: mysql_create_table_internal(THD*, char const*, char const*, st_ha_create_information*, List<create_field>&, List<Key>&, bool, unsigned) (sql_table.cc:3141)
    by 0x82E7543: mysql_create_table(THD*, char const*, char const*, st_ha_create_information*, List<create_field>&, List<Key>&, bool, unsigned) (sql_table.cc:3370)
    by 0x81FD456: mysql_execute_command(THD*) (sql_parse.cc:2938)
    by 0x8202260: mysql_parse(THD*, char*, unsigned) (sql_parse.cc:5887)
    by 0x8202BE3: dispatch_command(enum_server_command, THD*, char*, unsigned) (sql_parse.cc:1762)
    by 0x82042B5: handle_one_connection (sql_parse.cc:1548)
    by 0x786340: start_thread (in /lib/tls/libpthread-2.3.4.so)
    by 0x6066FD: clone (in /lib/tls/libc-2.3.4.so)

How to repeat:
Run the test case under valgrind, i.e. --valgrind to mysql-test-run
[29 May 2006 22:37] Mikael Ronström 
Some special handling of the case no_list_values was needed.
Happened when only one partition was defined with only one value == NULL.
There were crashing variants of this bug as well when doing
select * from t1 where a < 1;
with one record where a == NULL.
[14 Jun 2006 21:09] Mikael Ronström 
Will be available in 5.1.12
This patch also fixes bug#20268
[15 Jun 2006 11:25] Jon Stephens 
Thank you for your bug report. This issue has been committed to our
source repository of that product and will be incorporated into the
next release.

If necessary, you can access the source repository and build the latest
available version, including the bugfix, yourself. More information 
about accessing the source trees is available at
    http://www.mysql.com/doc/en/Installing_source_tree.html

Additional info:

Documented bugfix in 5.1.12 changelog; closed.