Bug #44774 load_file function produces valgrind warnings
Submitted: 11 May 8:31 Modified: 26 Jun 4:28
Reporter: Shane Bester
Status: Closed
Category:Server: DML Severity:S3 (Non-critical)
Version:5.0.82, 5.1.30, 5.1.34, 5.1.35 OS:Linux (32-bit fc8)
Assigned to: Ramil Kalimullin Target Version:5.0+
Tags: valgrind, load_file
Triage: Triaged: D2 (Serious)

[11 May 8:31] Shane Bester 
Description:
load_file uses some uninitialized values!  5.1.35 valgrind output (cut):

Conditional jump or move depends on uninitialised value(s)
: Item_load_file::val_str(String*) (sql_string.h:102)
: Item::send(Protocol*, String*) (item.cc:5302)
: select_send::send_data(List<Item>&) (sql_class.cc:1587)
: end_send(JOIN*, st_join_table*, bool) (sql_select.cc:11976)
: do_select (sql_select.cc:10854)
: JOIN::exec() (sql_select.cc:2199)
: mysql_select (sql_select.cc:2378)
: handle_select (sql_select.cc:268)
: execute_sqlcom_select(THD*, TABLE_LIST*) (sql_parse.cc:5009)
: mysql_execute_command(THD*) (sql_parse.cc:2211)
: mysql_parse(THD*, char const*, unsigned, char const**) (sql_parse.cc:5929)
: dispatch_command (sql_parse.cc:1216)

Conditional jump or move depends on uninitialised value(s)
: dirname_length (mf_dirname.c:33)
: dirname_part (mf_dirname.c:73)
: fn_format (mf_format.c:38)
: Item_load_file::val_str(String*) (item_strfunc.cc:2947)
: Item::send(Protocol*, String*) (item.cc:5302)
: select_send::send_data(List<Item>&) (sql_class.cc:1587)
: end_send(JOIN*, st_join_table*, bool) (sql_select.cc:11976)
: do_select(JOIN*, List<Item>*, st_table*, Procedure*) (sql_select.cc:10854)
: JOIN::exec() (sql_select.cc:2199)
: mysql_select (sql_select.cc:2378)
: handle_select (sql_select.cc:268)
: execute_sqlcom_select(THD*, TABLE_LIST*) (sql_parse.cc:5009)

Conditional jump or move depends on uninitialised value(s)
: index (mc_replace_strmem.c:164)
: fn_format (mf_format.c:57)
: Item_load_file::val_str(String*) (item_strfunc.cc:2947)
: Item::send(Protocol*, String*) (item.cc:5302)
: select_send::send_data(List<Item>&) (sql_class.cc:1587)
: end_send(JOIN*, st_join_table*, bool) (sql_select.cc:11976)
: do_select(JOIN*, List<Item>*, st_table*, Procedure*) (sql_select.cc:10854)
: JOIN::exec() (sql_select.cc:2199)
: mysql_select (sql_select.cc:2378)
: handle_select (sql_select.cc:268)
: execute_sqlcom_select(THD*, TABLE_LIST*) (sql_parse.cc:5009)
: mysql_execute_command(THD*) (sql_parse.cc:2211)

Conditional jump or move depends on uninitialised value(s)
: index (mc_replace_strmem.c:164)
: fn_format (mf_format.c:57)
: Item_load_file::val_str(String*) (item_strfunc.cc:2947)
: Item::send(Protocol*, String*) (item.cc:5302)
: select_send::send_data(List<Item>&) (sql_class.cc:1587)
: end_send(JOIN*, st_join_table*, bool) (sql_select.cc:11976)
: do_select(JOIN*, List<Item>*, st_table*, Procedure*) (sql_select.cc:10854)
: JOIN::exec() (sql_select.cc:2199)
: mysql_select (sql_select.cc:2378)
: handle_select (sql_select.cc:268)
: execute_sqlcom_select(THD*, TABLE_LIST*) (sql_parse.cc:5009)
: mysql_execute_command(THD*) (sql_parse.cc:2211)

Conditional jump or move depends on uninitialised value(s)
: strlength (mf_format.c:131)
: fn_format (mf_format.c:73)
: Item_load_file::val_str(String*) (item_strfunc.cc:2947)
: Item::send(Protocol*, String*) (item.cc:5302)
: select_send::send_data(List<Item>&) (sql_class.cc:1587)
: end_send(JOIN*, st_join_table*, bool) (sql_select.cc:11976)
: do_select(JOIN*, List<Item>*, st_table*, Procedure*) (sql_select.cc:10854)
: JOIN::exec() (sql_select.cc:2199)
: mysql_select (sql_select.cc:2378)
: handle_select (sql_select.cc:268)
: execute_sqlcom_select(THD*, TABLE_LIST*) (sql_parse.cc:5009)
: mysql_execute_command(THD*) (sql_parse.cc:2211)

How to repeat:
#run mysqld under valgrind, then this sql:

drop table if exists `tmp`;
create table `tmp`(`c2` tinyblob)engine=myisam;
insert into `tmp` values ('aaaaaaaa');
select load_file(`c2`) from  `tmp`;

Suggested fix:
initialize things properly.  please fix this, because it's causing too many errors in my
vast number of tests and it's annoying to filter out stuff all the time due to bugs.
[12 May 8:13] Bugs System 
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/73800

2737 Ramil Kalimullin	2009-05-12
      Fix for bug#44774: load_file function produces valgrind warnings
      
      Problem: using LOAD_FILE() in some cases we pass a file name string
      without a trailing '\0' to fn_format() which relies on that however.
      That may lead to valgrind warnings.
      
      Fix: add a trailing '\0' to the file name passed to fn_format().
     @ mysql-test/r/func_str.result
        Fix for bug#44774: load_file function produces valgrind warnings
          - test result.
     @ mysql-test/t/func_str.test
        Fix for bug#44774: load_file function produces valgrind warnings
          - test case.
     @ sql/item_strfunc.cc
        Fix for bug#44774: load_file function produces valgrind warnings
          - added a trailing '\0' to file name passed to fn_format().
          - file_name->c_ptr() replaced with file_name->ptr() accordingly.
[13 May 6:22] Bugs System 
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/73899

2739 Ramil Kalimullin	2009-05-13 [merge]
      Fix for bug#44774 merged.
[28 May 9:42] Bugs System 
Pushed into 5.0.83 (revid:joro@sun.com-20090528073529-q9b8s60vlpu28fny) (version source
revid:ramil@mysql.com-20090513042138-63mx29b27oow4zl2) (merge vers: 5.0.82) (pib:6)
[28 May 10:17] Bugs System 
Pushed into 5.1.36 (revid:joro@sun.com-20090528073639-yohsb4q1jzg7ycws) (version source
revid:jimw@mysql.com-20090515174051-ndjvfd1e9hc9k9c3) (merge vers: 5.1.36) (pib:6)
[1 Jun 18:41] Paul DuBois 
Noted in 5.0.83, 5.1.36 changelogs.

Several Valgrind warnings were silenced.

Setting report to NDI pending push into 6.0.x.
[17 Jun 21:24] Bugs System 
Pushed into 5.4.4-alpha (revid:alik@sun.com-20090616183122-chjzbaa30qopdra9) (version
source revid:ramil@mysql.com-20090514034347-wak8azegaipwf9lg) (merge vers: 6.0.12-alpha)
(pib:11)
[26 Jun 4:28] Paul DuBois 
Noted in 5.4.4 changelog.
[13 Aug 0:28] Paul DuBois 
Noted in 5.4.2 changelog because next 5.4 version will be 5.4.2 and not 5.4.4.
[15 Aug 3:46] Paul DuBois 
Ignore previous comment about 5.4.2.
[26 Aug 15:46] Bugs System 
Pushed into 5.1.37-ndb-7.0.8 (revid:jonas@mysql.com-20090826132541-yablppc59e3yb54l)
(version source revid:jonas@mysql.com-20090826132541-yablppc59e3yb54l) (merge vers:
5.1.37-ndb-7.0.8) (pib:11)
[26 Aug 15:46] Bugs System 
Pushed into 5.1.37-ndb-6.3.27 (revid:jonas@mysql.com-20090826105955-bkj027t47gfbamnc)
(version source revid:jonas@mysql.com-20090826105955-bkj027t47gfbamnc) (merge vers:
5.1.37-ndb-6.3.27) (pib:11)
[26 Aug 15:48] Bugs System 
Pushed into 5.1.37-ndb-6.2.19 (revid:jonas@mysql.com-20090825194404-37rtosk049t9koc4)
(version source revid:jonas@mysql.com-20090825194404-37rtosk049t9koc4) (merge vers:
5.1.37-ndb-6.2.19) (pib:11)
[27 Aug 18:32] Bugs System 
Pushed into 5.1.35-ndb-7.1.0 (revid:magnus.blaudd@sun.com-20090827163030-6o3kk6r2oua159hr)
(version source revid:jonas@mysql.com-20090826132541-yablppc59e3yb54l) (merge vers:
5.1.37-ndb-7.0.8) (pib:11)
[7 Oct 21:33] Paul DuBois 
The 5.4 fix has been pushed to 5.4.2.