Bug #56115 invalid memory reads when PS selecting from information_schema tables.
Submitted: 19 Aug 2010 11:15 Modified: 21 Apr 2011 0:30
Reporter: Shane Bester (Platinum Quality Contributor) Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server: Prepared statements Severity:S1 (Critical)
Version:5.5.9, 5.6.1-debug innodb, plugin 1.20. OS:Any
Assigned to: Alexander Nozdrin CPU Architecture:Any
Tags: regression, regression, regression

[19 Aug 2010 11:15] Shane Bester
Description:
during a transactional DML test, selecting from information_schema.innodb_locks in a prepared statement caused valgrind errors:

Thread 18:
Invalid read of size 8
at : Field::make_field(field.cc:1555)
by : Item_field::make_field(item.cc:5285)
by : Protocol::send_result_set_metadata(protocol.cc:720)
by : select_send::send_result_set_metadata(sql_class.cc:1706)
by : Select_fetch_protocol_binary::send_result_set_metadata(sql_prepare.cc:2897)
by : Materialized_cursor::open (sql_cursor.cc:278)
by : mysql_open_cursor (sql_cursor.cc:146)
by : Prepared_statement::execute (sql_prepare.cc:3758)
by : Prepared_statement::execute_loop(sql_prepare.cc:3428)
by : mysqld_stmt_execute (sql_prepare.cc:2577)
by : dispatch_command(sql_parse.cc:1080)
by : do_command (sql_parse.cc:800)
by : do_handle_one_connection(sql_connect.cc:1191)
by : handle_one_connection (sql_connect.cc:1130)
by : start_thread
by : clone 
Address 0x14270bd0 is 16 bytes inside a block of size 4,736 free'd

How to repeat:
in a prepared statement, select * from information_schema.innodb_locks during a workload involving any innodb tables. testcase will be uploaded in a file.
[19 Aug 2010 12:46] MySQL Verification Team
forget that trx.sql file....  this is the .c testcase. run against mysqld instance under valgrind.

Attachment: bug56115.c (text/plain), 6.26 KiB.

[21 Aug 2010 10:00] Sveta Smirnova
Thank you for the report.

Verified as described. Not repeatable with version 5.1
[14 Mar 2011 18:50] MySQL Verification Team
problem is orig_table or it's fields have already been freed.

Attachment: bug56115_valgrind_gdb_5.5.11_output.txt (text/plain), 17.09 KiB.

[18 Mar 2011 14:55] Alexander Nozdrin
Bug#58701 has been marked as a duplicate of this bug.
[21 Apr 2011 0:30] Paul DuBois
Noted in 5.5.12, 5.6.3 changelogs.

With prepared statements, the server could attempt to send result set
metadata after the table had been closed. 

CHANGESET - http://lists.mysql.com/commits/133487
[30 Jun 2011 22:23] MySQL Verification Team
See http://bugs.mysql.com/bug.php?id=61710.