Bug #20549 Unitialized memory in ha_ndbcluster_binlog.cc
Submitted: 19 Jun 2006 22:18 Modified: 26 Jun 2006 14:10
Reporter: Kristian Nielsen Email Updates:
Status: Closed
Category:Server: Cluster Severity:S2 (Serious)
Version:5.1.12 OS:Linux (Linux/All)
Assigned to: Kristian Nielsen Target Version:

[19 Jun 2006 22:18] Kristian Nielsen 
Description:
Found two "uninitialized memory" problems in ha_ndbcluster_binlog.cc (as reported by Valgrind in the ndb_autodiscover3 test case).

1. null_bytes of table->record[0] not initialized in ndbcluster_binlog_open_table.

2. thd->variables.pseudo_thread_id overwritten with uninitialized data during binlog thread creation.

I will attach a patch that fixes these and shows exactly where the problems are.

This is the error reported in Valgrind:

==6176== Syscall param write(buf) points to uninitialised byte(s)
==6176==    at 0x4C3CADF: (within /lib64/tls/libpthread-0.60.so)
==6176==    by 0x9F092E: my_write (my_write.c:35)
==6176==    by 0x9F5C68: my_b_flush_io_cache (mf_iocache.c:1210)
==6176==    by 0x6765AB: MYSQL_BIN_LOG::write(THD*, st_io_cache*, Log_event*) (log.cc:2890)
==6176==    by 0x67884A: binlog_end_trans(THD*, binlog_trx_data*, Log_event*) (log.cc:1074)
==6176==    by 0x6789F1: binlog_commit(THD*, bool) (log.cc:1134)
==6176==    by 0x6B9698: ha_commit_one_phase(THD*, bool) (handler.cc:718)
==6176==    by 0x6B9434: ha_commit_trans(THD*, bool) (handler.cc:688)
==6176==    by 0x5FDA45: end_trans(THD*, enum_mysql_completiontype) (sql_parse.cc:1441)
==6176==    by 0x7533D0: injector::transaction::commit() (rpl_injector.cc:66)
==6176==    by 0x706B1C: ndb_binlog_thread_func (ha_ndbcluster_binlog.cc:3744)
==6176==    by 0x4C37C63: start_thread (in /lib64/tls/libpthread-0.60.so)
==6176==    by 0x52F3242: clone (in /lib64/tls/libc-2.3.2.so)
==6176==  Address 0x54874DB is 19 bytes inside a block of size 8,192 alloc'd
==6176==    at 0x4A18B63: malloc (vg_replace_malloc.c:149)
==6176==    by 0x9F72AE: my_malloc (my_malloc.c:35)
==6176==    by 0x9F4969: init_io_cache (mf_iocache.c:215)
==6176==    by 0x672000: MYSQL_LOG::open(char const*, enum_log_type, char const*, cache_type) (log.cc:1432)
==6176==    by 0x6734B5: MYSQL_BIN_LOG::open(char const*, enum_log_type, char const*, cache_type, bool, unsigned long, bool) (log.cc:1999)
==6176==    by 0x5E81FF: init_server_components() (mysqld.cc:3284)
==6176==    by 0x5E4C1C: main (mysqld.cc:3561)

How to repeat:
mysql-test-run.pl --valgrind-all ndb_autodiscover3

Suggested fix:
Will commit shortly.
[19 Jun 2006 22:25] Bugs System 
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/7886
[20 Jun 2006 21:20] Bugs System 
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/7971
[21 Jun 2006 11:40] Bugs System 
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/8009
[22 Jun 2006 14:45] Bugs System 
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/8081
[26 Jun 2006 14:10] Kristian Nielsen 
Pushed to 5.1.12.

No known user-visible problems, so nothing to document.