MySQL Bugs: #41729: Valgrind warnings in setup

Bug #41729	Valgrind warnings in setup_wild()
Submitted:	24 Dec 2008 10:46	Modified:	13 Jan 2009 17:16
Reporter:	Alexander Nozdrin	Email Updates:
Status:	Closed	Impact on me:	None
Category:	MySQL Server: Optimizer	Severity:	S3 (Non-critical)
Version:	6.0-TRUNK	OS:	Any
Assigned to:	Alexander Nozdrin	CPU Architecture:	Any
Tags:	pushbuild, test failure

Description:
There are the following valgrind warnings:
==21658== Source and destination overlap in memcpy(0x1181BA20, 0x1181BA20, 28)
==21658==    at 0x4C23AC3: memcpy (in /usr/lib64/valgrind/amd64-linux/vgpreload_memcheck.so)
==21658==    by 0x7A7B95: setup_wild(THD*, TABLE_LIST*, List<Item>&, List<Item>*, unsigned) (sql_base.cc:6531)
==21658==    by 0x7EF671: JOIN::prepare(Item***, TABLE_LIST*, unsigned, Item*, unsigned, st_order*, st_order*, Item*, st_order*, st_select_lex*, st_select_lex_unit*) (sql_select.cc:527)
==21658==    by 0x910D64: st_select_lex_unit::prepare(THD*, select_result*, unsigned long) (sql_union.cc:287)
==21658==    by 0x80BE33: mysql_test_select(Prepared_statement*, TABLE_LIST*) (sql_prepare.cc:1437)
==21658==    by 0x80C1E5: check_prepared_statement(Prepared_statement*) (sql_prepare.cc:1957)
==21658==    by 0x80C767: Prepared_statement::prepare(char const*, unsigned) (sql_prepare.cc:3201)
==21658==    by 0x80D49E: mysql_stmt_prepare(THD*, char const*, unsigned) (sql_prepare.cc:2169)
==21658==    by 0x760BBB: dispatch_command(enum_server_command, THD*, char*, unsigned) (sql_parse.cc:976)
==21658==    by 0x762165: do_command(THD*) (sql_parse.cc:690)
==21658==    by 0x74F58D: handle_one_connection (sql_connect.cc:1145)
==21658==    by 0x524D01F: start_thread (in /lib64/libpthread-2.6.1.so)
==21658==    by 0x62E0F8C: clone (in /lib64/libc-2.6.1.so)
==21658==

==21658== Invalid read of size 1
==21658==    at 0x4C22AB9: strnlen (in /usr/lib64/valgrind/amd64-linux/vgpreload_memcheck.so)
==21658==    by 0xD444B9: my_vsnprintf (my_vsnprintf.c:122)
==21658==    by 0x8211C1: vprint_msg_to_log(loglevel, char const*, __va_list_tag*) (log.cc:6663)
==21658==    by 0x821210: Log_to_file_event_handler::log_error(loglevel, char const*, __va_list_tag*) (log.cc:1448)
==21658==    by 0x81E2E5: LOGGER::error_log_print(loglevel, char const*, __va_list_tag*) (log.cc:1686)
==21658==    by 0x81E7A5: error_log_print(loglevel, char const*, __va_list_tag*) (log.cc:5935)
==21658==    by 0x820075: sql_print_information(char const*, ...) (log.cc:6707)
==21658==    by 0x7B1FF6: open_tables(THD*, TABLE_LIST**, unsigned*, unsigned) (sql_base.cc:3647)
==21658==    by 0x7B29A1: open_and_lock_tables_derived(THD*, TABLE_LIST*, bool, unsigned) (sql_base.cc:4168)
==21658==    by 0x762F9C: open_and_lock_tables(THD*, TABLE_LIST*) (mysql_priv.h:1599)
==21658==    by 0x7565EA: execute_sqlcom_select(THD*, TABLE_LIST*) (sql_parse.cc:4712)
==21658==    by 0x758226: mysql_execute_command(THD*) (sql_parse.cc:2062)
==21658==    by 0x808D8C: Prepared_statement::execute(String*, bool) (sql_prepare.cc:3756)
==21658==    by 0x80CCA6: Prepared_statement::execute_loop(String*, bool, unsigned char*, unsigned char*) (sql_prepare.cc:3386)
==21658==    by 0x80D14F: mysql_stmt_execute(THD*, char*, unsigned) (sql_prepare.cc:2542)
==21658==    by 0x760B61: dispatch_command(enum_server_command, THD*, char*, unsigned) (sql_parse.cc:961)
==21658==  Address 0x1494EB38 is 3,824 bytes inside a block of size 3,864 free'd
==21658==    at 0x4C2191B: free (in /usr/lib64/valgrind/amd64-linux/vgpreload_memcheck.so)
==21658==    by 0xD4E130: my_no_flags_free (my_malloc.c:59)
==21658==    by 0xD6708F: free_root (my_alloc.c:349)
==21658==    by 0x7CF68F: free_tmp_table(THD*, TABLE*) (sql_select.cc:13611)
==21658==    by 0x7AF07E: close_thread_tables(THD*, bool) (sql_base.cc:1352)
==21658==    by 0x807102: Prepared_statement::cleanup_stmt() (sql_prepare.cc:3061)
==21658==    by 0x80C843: Prepared_statement::prepare(char const*, unsigned) (sql_prepare.cc:3216)
==21658==    by 0x80D49E: mysql_stmt_prepare(THD*, char const*, unsigned) (sql_prepare.cc:2169)
==21658==    by 0x760BBB: dispatch_command(enum_server_command, THD*, char*, unsigned) (sql_parse.cc:976)
==21658==    by 0x762165: do_command(THD*) (sql_parse.cc:690)
==21658==    by 0x74F58D: handle_one_connection (sql_connect.cc:1145)
==21658==    by 0x524D01F: start_thread (in /lib64/libpthread-2.6.1.so)
==21658==    by 0x62E0F8C: clone (in /lib64/libc-2.6.1.so)

==21658== Invalid read of size 1
==21658==    at 0xD44002: strnmov (strnmov.c:29)
==21658==    by 0xD444EA: my_vsnprintf (my_vsnprintf.c:125)
==21658==    by 0x8211C1: vprint_msg_to_log(loglevel, char const*, __va_list_tag*) (log.cc:6663)
==21658==    by 0x821210: Log_to_file_event_handler::log_error(loglevel, char const*, __va_list_tag*) (log.cc:1448)
==21658==    by 0x81E2E5: LOGGER::error_log_print(loglevel, char const*, __va_list_tag*) (log.cc:1686)
==21658==    by 0x81E7A5: error_log_print(loglevel, char const*, __va_list_tag*) (log.cc:5935)
==21658==    by 0x820075: sql_print_information(char const*, ...) (log.cc:6707)
==21658==    by 0x7B1FF6: open_tables(THD*, TABLE_LIST**, unsigned*, unsigned) (sql_base.cc:3647)
==21658==    by 0x7B29A1: open_and_lock_tables_derived(THD*, TABLE_LIST*, bool, unsigned) (sql_base.cc:4168)
==21658==    by 0x762F9C: open_and_lock_tables(THD*, TABLE_LIST*) (mysql_priv.h:1599)
==21658==    by 0x7565EA: execute_sqlcom_select(THD*, TABLE_LIST*) (sql_parse.cc:4712)
==21658==    by 0x758226: mysql_execute_command(THD*) (sql_parse.cc:2062)
==21658==    by 0x808D8C: Prepared_statement::execute(String*, bool) (sql_prepare.cc:3756)
==21658==    by 0x80CCA6: Prepared_statement::execute_loop(String*, bool, unsigned char*, unsigned char*) (sql_prepare.cc:3386)
==21658==    by 0x80D14F: mysql_stmt_execute(THD*, char*, unsigned) (sql_prepare.cc:2542)
==21658==    by 0x760B61: dispatch_command(enum_server_command, THD*, char*, unsigned) (sql_parse.cc:961)
==21658==  Address 0x1494EB38 is 3,824 bytes inside a block of size 3,864 free'd
==21658==    at 0x4C2191B: free (in /usr/lib64/valgrind/amd64-linux/vgpreload_memcheck.so)
==21658==    by 0xD4E130: my_no_flags_free (my_malloc.c:59)
==21658==    by 0xD6708F: free_root (my_alloc.c:349)
==21658==    by 0x7CF68F: free_tmp_table(THD*, TABLE*) (sql_select.cc:13611)
==21658==    by 0x7AF07E: close_thread_tables(THD*, bool) (sql_base.cc:1352)
==21658==    by 0x807102: Prepared_statement::cleanup_stmt() (sql_prepare.cc:3061)
==21658==    by 0x80C843: Prepared_statement::prepare(char const*, unsigned) (sql_prepare.cc:3216)
==21658==    by 0x80D49E: mysql_stmt_prepare(THD*, char const*, unsigned) (sql_prepare.cc:2169)
==21658==    by 0x760BBB: dispatch_command(enum_server_command, THD*, char*, unsigned) (sql_parse.cc:976)
==21658==    by 0x762165: do_command(THD*) (sql_parse.cc:690)
==21658==    by 0x74F58D: handle_one_connection (sql_connect.cc:1145)
==21658==    by 0x524D01F: start_thread (in /lib64/libpthread-2.6.1.so)
==21658==    by 0x62E0F8C: clone (in /lib64/libc-2.6.1.so)

How to repeat:
Run the test suite under valgrind.

Suggested fix:
=== modified file 'sql/sql_base.cc'
--- sql/sql_base.cc     2008-12-14 11:36:15 +0000
+++ sql/sql_base.cc     2008-12-24 10:24:25 +0000
@@ -6524,7 +6524,9 @@ int setup_wild(THD *thd, TABLE_LIST *tab
     /* make * substituting permanent */
     SELECT_LEX *select_lex= thd->lex->current_select;
     select_lex->with_wild= 0;
-    select_lex->item_list= fields;
+
+    if (&select_lex->item_list != &fields)
+      select_lex->item_list= fields;

     thd->restore_active_arena(arena, &backup);
   }

Valgrind warnings in human readable form

Attachment: qqq (application/octet-stream, text), 6.41 KiB.

A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/62289

2712 Alexander Nozdrin	2008-12-24
      Fix for Bug#41729: Valgrind warnings in setup_wild().

A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/62313

2706 Sergey Petrunia	2008-12-25
      Fix for Bug#41729: Valgrind warnings in setup_wild().
      - Don't do selct_lex->item_list= fields assumption if they actually refer to the same object
      [Committing Alik's fix for PB test]

A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/62317

2713 Alexander Nozdrin	2008-12-25
      Fix for Bug#41729: Valgrind warnings in setup_wild().
      
      The problem is in the line below:
      [sql_base.cc:setup_wild()]
        select_lex->item_list= fields;
      
      This assignment is translated to memcpy() call (at least on some
      platforms). memcpy() expects that source and destination areas do not
      overlap.
      
      The fix is to do the assignment only if needed.

Pushed into 6.0.10-alpha (revid:alik@sun.com-20081225071837-vwwh9fyegrn68gum) (version source revid:alik@sun.com-20081225071837-vwwh9fyegrn68gum) (merge vers: 6.0.10-alpha) (pib:6)

Pushed into 6.0.10-alpha (revid:sergefp@mysql.com-20090110105650-he9xy4221tbn5y70) (version source revid:sergefp@mysql.com-20090110105650-he9xy4221tbn5y70) (merge vers: 6.0.10-alpha) (pib:6)

Noted in 6.0.10 changelog.

A Valgrind warning in setup_wild() was corrected.