MySQL Bugs: #52124: memory leaks like a sieve in datetime, timestamp, time, date fields + warnings

Bug #52124	memory leaks like a sieve in datetime, timestamp, time, date fields + warnings
Submitted:	17 Mar 2010 6:52	Modified:	21 Jun 2010 1:02
Reporter:	Shane Bester (Platinum Quality Contributor)	Email Updates:
Status:	Closed	Impact on me:	None
Category:	MySQL Server: Data Types	Severity:	S1 (Critical)
Version:	5.1.44, 5.1.46-bzr, 5.6.99-m4	OS:	Any
Assigned to:	Sergei Glukhov	CPU Architecture:	Any
Tags:	Leak

Description:
many recent valgrind reports of memory still reachable or possibly lost such as this from 5.6.99-m4:

136 bytes in 2 blocks are still reachable in loss record 4 of 7
at: malloc (vg_replace_malloc.c:195)
by: _mymalloc (safemalloc.c:137)
by: String::real_alloc (sql_string.cc:48)
by: String::alloc (sql_string.h:209)
by: Field_datetime::val_str (field.cc:6104)
by: Item_field::val_str (item.cc:2078)
by: Arg_comparator::compare_string (item_cmpfunc.cc:1271)
by: Arg_comparator::compare (item_cmpfunc.h:84)
by: Arg_comparator::compare_row (item_cmpfunc.cc:1582)
by: Arg_comparator::compare (item_cmpfunc.h:84)
by: Item_func_ge::val_int (item_cmpfunc.cc:1889)
by: evaluate_join_record (sql_select.cc:11522)
by: sub_select (sql_select.cc:11473)
by: do_select (sql_select.cc:11225)
by: JOIN::exec (sql_select.cc:2311)
by: mysql_select (sql_select.cc:2506)
by: handle_select (sql_select.cc:271)
by: execute_sqlcom_select (sql_parse.cc:4703)
by: mysql_execute_command (sql_parse.cc:2191)
by: mysql_parse (sql_parse.cc:5735)
by: dispatch_command (sql_parse.cc:1024)
by: do_command (sql_parse.cc:710)
by: do_handle_one_connection (sql_connect.cc:1174)
by: handle_one_connection (sql_connect.cc:1113)
by: start_thread (in /lib64/libpthread-2.5.so)
by: clone (in /lib64/libc-2.5.so)

How to repeat:
.

#testcase: 5.1 definitely leaks, 5.6.99 says still reachable!
#valgrind --tool=memcheck --read-var-info=yes --track-origins=yes --leak-check=full --db-attach=no --num-callers=50 -v --show-reachable=yes  ./sql/mysqld 

---
set sql_mode='';
drop table if exists `t1`;
create table `t1` (`a` datetime not null,`b` tinyint) engine=myisam;
insert into `t1` values (),();
select  1 from `t1` where row(`a`,`b`)>=
row('1',(select 1 from `t1` where `a`>1234)); 
---

notice the two warnings.

Veirfied just as described with recent 5.1.46 from bzr on 32-bit SuSE Linux:

...
==6581== 52 bytes in 1 blocks are still reachable in loss record 4 of 16
==6581==    at 0x401CA36: malloc (vg_replace_malloc.c:195)
==6581==    by 0x86CAFB0: _mymalloc (safemalloc.c:137)
==6581==    by 0x828E848: String::real_alloc(unsigned int) (sql_string.cc:51)
==6581==    by 0x8203AB9: String::alloc(unsigned int) (sql_string.h:205)
==6581==    by 0x8266A8C: Field_datetime::val_str(String*, String*) (field.cc:6151)
==6581==    by 0x81CC772: Item_field::val_str(String*) (item.cc:2009)
==6581==    by 0x820ABFB: Arg_comparator::compare_binary_string() (item_cmpfunc.cc:1298)
==6581==    by 0x81EEECB: Arg_comparator::compare() (item_cmpfunc.h:81)
==6581==    by 0x820B960: Arg_comparator::compare_row() (item_cmpfunc.cc:1580)
==6581==    by 0x81EEECB: Arg_comparator::compare() (item_cmpfunc.h:81)
==6581==    by 0x820C6C7: Item_func_ge::val_int() (item_cmpfunc.cc:1887)
==6581==    by 0x8326339: evaluate_join_record(JOIN*, st_join_table*, int) (sql_select.cc:11334)
==6581==    by 0x83261DF: sub_select(JOIN*, st_join_table*, bool) (sql_select.cc:11285)
==6581==    by 0x8325D77: do_select(JOIN*, List<Item>*, st_table*, Procedure*) (sql_select.cc:11041)
==6581==    by 0x83116EF: JOIN::exec() (sql_select.cc:2290)
==6581==    by 0x8311E63: mysql_select(THD*, Item***, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) (sql_select.cc:2485)
==6581==    by 0x830ACC5: handle_select(THD*, st_lex*, select_result*, unsigned long) (sql_select.cc:257)
==6581==    by 0x82AD45F: execute_sqlcom_select(THD*, TABLE_LIST*) (sql_parse.cc:5052)
==6581==    by 0x82A5465: mysql_execute_command(THD*) (sql_parse.cc:2248)
==6581==    by 0x82AF58F: mysql_parse(THD*, char const*, unsigned int, char const**) (sql_parse.cc:5971)
==6581==    by 0x82A327E: dispatch_command(enum_server_command, THD*, char*, unsigned int) (sql_parse.cc:1233)
==6581==    by 0x82A250D: do_command(THD*) (sql_parse.cc:874)
==6581==    by 0x82A0943: handle_one_connection (sql_connect.cc:1127)
==6581==    by 0x403AAA6: ??? (in /lib/tls/libpthread.so.0)
==6581==    by 0x4180C2D: clone (in /lib/tls/libc.so.6)
...

A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/104217

3415 Sergey Glukhov	2010-03-24
      Bug#52124 memory leaks like a sieve in datetime, timestamp, time, date fields + warnings
      Arg_comparator initializes 'comparators' array in case of
      ROW comparison and does not free this array on its
      destruction. It leads to memory leaks.
      The fix is to delete 'comparators' array in destructor.
     @ mysql-test/r/row.result
        test result
     @ mysql-test/t/row.test
        test case
     @ sql/item_cmpfunc.h
        added Arg_comparator which frees 'comparators' array

A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/104340

3414 Sergey Glukhov	2010-03-25
      Bug#52124 memory leaks like a sieve in datetime, timestamp, time, date fields + warnings
      Arg_comparator initializes 'comparators' array in case of
      ROW comparison and does not free this array on its
      destruction. It leads to memory leaks.
     @ mysql-test/r/row.result
        test result
     @ mysql-test/t/row.test
        test case
     @ sql/item_cmpfunc.h
        added Arg_comparator which frees 'comparators' array.

A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/104681

3434 Sergey Glukhov	2010-03-30
      Bug#52124 memory leaks like a sieve in datetime, timestamp, time, date fields + warnings
      Arg_comparator initializes 'comparators' array in case of
      ROW comparison and does not free this array on destruction.
      It leads to memory leaks.
      The fix:
      -added Arg_comparator destructor which frees 'comparators' array.
      -create comparators array in PS arena if we are in a preapred
      statement
     @ mysql-test/r/row.result
        test result
     @ mysql-test/t/row.test
        test case
     @ sql/item_cmpfunc.cc
        if we are in a prepared statement the 
        then create comparators array in PS arena.
     @ sql/item_cmpfunc.h
        added Arg_comparator destructor which frees 'comparators' array.

A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/105642

3452 Sergey Glukhov	2010-04-14
      Bug#52124 memory leaks like a sieve in datetime, timestamp, time, date fields + warnings
      Arg_comparator initializes 'comparators' array in case of
      ROW comparison and does not free this array on destruction.
      It leads to memory leaks.
      The fix:
      -added Arg_comparator destructor which frees 'comparators' array.
      -create comparators array in PS arena if we are in a prepared
       statement
      -Allocate 'comparators' array only if it's PS statement
       at 'prepare' stage or it's conventional statement.
     @ mysql-test/r/ps.result
        test case
     @ mysql-test/r/row.result
        test case
     @ mysql-test/t/ps.test
        test case
     @ mysql-test/t/row.test
        test case
     @ sql/item_cmpfunc.cc
        if we are in a prepared statement the 
        then create comparators array in PS arena.
        Allocate 'comparators' array only if it's PS statement
        at 'prepare' stage or it's conventional statement.
     @ sql/item_cmpfunc.h
        added Arg_comparator destructor which frees 'comparators' array.

A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/105804

3452 Sergey Glukhov	2010-04-16
      Bug#52124 memory leaks like a sieve in datetime, timestamp, time, date fields + warnings
      Arg_comparator initializes 'comparators' array in case of
      ROW comparison and does not free this array on destruction.
      It leads to memory leaks.
      The fix:
      -added Arg_comparator::cleanup() method which frees
       'comparators' array.
      -added Item_bool_func2::cleanup() method which calls 
       Arg_comparator::cleanup() method
     @ mysql-test/r/ps.result
        test case
     @ mysql-test/r/row.result
        test case
     @ mysql-test/t/ps.test
        test case
     @ mysql-test/t/row.test
        test case
     @ sql/item_cmpfunc.h
        -added Arg_comparator::cleanup() method which frees
         'comparators' array.
        -added Item_bool_func2::cleanup() method which calls 
         Arg_comparator::cleanup() method

A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/105859

3456 Sergey Glukhov	2010-04-16
      Bug#52124 memory leaks like a sieve in datetime, timestamp, time, date fields + warnings
      Arg_comparator initializes 'comparators' array in case of
      ROW comparison and does not free this array on destruction.
      It leads to memory leaks.
      The fix:
      -added Arg_comparator::cleanup() method which frees
       'comparators' array.
      -added Item_bool_func2::cleanup() method which calls 
       Arg_comparator::cleanup() method
     @ mysql-test/r/ps.result
        test case
     @ mysql-test/r/row.result
        test case
     @ mysql-test/t/ps.test
        test case
     @ mysql-test/t/row.test
        test case
     @ sql/item_cmpfunc.h
        -added Arg_comparator::cleanup() method which frees
         'comparators' array.
        -added Item_bool_func2::cleanup() method which calls 
         Arg_comparator::cleanup() method

Pushed into 5.1.47 (revid:joro@sun.com-20100505145753-ivlt4hclbrjy8eye) (version source revid:kristofer.pettersson@sun.com-20100416145616-vdcdyz9eu7j86lp7) (merge vers: 5.1.47) (pib:16)

Noted in 5.1.47 changelog.

A memory leak occurred due to missing deallocation of the "comparators"
array (a member of the "Arg_comparator" class).

Pushed into mysql-next-mr (revid:alik@sun.com-20100524190136-egaq7e8zgkwb9aqi) (version source revid:vasil.dimov@oracle.com-20100331130613-8ja7n0vh36a80457) (pib:16)

Pushed into 6.0.14-alpha (revid:alik@sun.com-20100524190941-nuudpx60if25wsvx) (version source revid:alik@sun.com-20100422150658-fkhgnwwkyugtxrmu) (merge vers: 6.0.14-alpha) (pib:16)

Pushed into 5.5.5-m3 (revid:alik@sun.com-20100524185725-c8k5q7v60i5nix3t) (version source revid:alexey.kopytov@sun.com-20100429203306-tg0wz4y2xyx8edrl) (merge vers: 5.5.5-m3) (pib:16)

Noted in 5.5.5, 6.0.14 changelogs.

Pushed into 5.1.47-ndb-7.0.16 (revid:martin.skold@mysql.com-20100617114014-bva0dy24yyd67697) (version source revid:vasil.dimov@oracle.com-20100331130613-8ja7n0vh36a80457) (merge vers: 5.1.46) (pib:16)

Pushed into 5.1.47-ndb-6.2.19 (revid:martin.skold@mysql.com-20100617115448-idrbic6gbki37h1c) (version source revid:vasil.dimov@oracle.com-20100331130613-8ja7n0vh36a80457) (merge vers: 5.1.46) (pib:16)

Pushed into 5.1.47-ndb-6.3.35 (revid:martin.skold@mysql.com-20100617114611-61aqbb52j752y116) (version source revid:vasil.dimov@oracle.com-20100331130613-8ja7n0vh36a80457) (merge vers: 5.1.46) (pib:16)