| Bug #111310 | Prepared statement with CTE memory leak | ||
|---|---|---|---|
| Submitted: | 7 Jun 2023 6:51 | Modified: | 8 Jun 2023 8:29 |
| Reporter: | Pedro Ferreira | Email Updates: | |
| Status: | Verified | Impact on me: | |
| Category: | MySQL Server: Prepared statements | Severity: | S3 (Non-critical) |
| Version: | 8.0.33 | OS: | Ubuntu (22.04) |
| Assigned to: | CPU Architecture: | x86 (x86_64) | |
[8 Jun 2023 8:29]
MySQL Verification Team
Hello Pedro Ferreira, Thank you for the report and feedback. Verified as described. regards, Umesh
[8 Jun 2023 8:30]
MySQL Verification Team
- 8.0.33 scl enable gcc-toolset-12 bash MYSQL_VERSION="Bug111310" TARGET=/export/home/tmp/ushastry/src/$MYSQL_VERSION rm -rf /export/home/tmp/ushastry/src/$MYSQL_VERSION rm -rf bld/ mkdir bld && cd bld rm -rf CMakeCache.txt cmake .. -DBUILD_CONFIG=mysql_release -DCMAKE_INSTALL_PREFIX=$TARGET -DWITH_BOOST=../boost -DCOMPILATION_COMMENT=`date +"%m-%d-%Y"` -DWITH_DEBUG=1 -DWITH_ASAN=ON -DWITH_UBSAN=ON -DWITH_MYSQLX=OFF -DWITH_ROUTER=OFF -DCMAKE_C_COMPILER=/opt/rh/gcc-toolset-12/root/usr/bin/gcc -DCMAKE_CXX_COMPILER=/opt/rh/gcc-toolset-12/root/usr/bin/g++ make -j128 make install cd $TARGET bin/mysql -uroot -S /tmp/mysql.sock Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 7 Server version: 8.0.33-debug-asan-ubsan 06-08-2023 Copyright (c) 2000, 2023, Oracle and/or its affiliates. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. mysql> create database test; Query OK, 1 row affected (0.01 sec) mysql> use test Database changed mysql> PREPARE p0 FROM 'WITH x(x) AS (SELECT 1 WHERE (SELECT 1, 3) = (SELECT 2, ?)) SELECT 1'; Query OK, 0 rows affected (0.00 sec) Statement prepared mysql> SET @a0 = CAST('2000-1-1 0:0:0' AS DATETIME);EXECUTE p0 USING @a0; Query OK, 0 rows affected (0.00 sec) +---+ | 1 | +---+ | 1 | +---+ 1 row in set (0.00 sec) mysql> shutdown; Query OK, 0 rows affected (0.00 sec) mysql> \q Bye 2023-06-08T08:27:53.645979Z 0 [System] [MY-010910] [Server] /export/home/tmp/ushastry/src/Bug111310/bin/mysqld: Shutdown complete (mysqld 8.0.33-debug-asan-ubsan) 06-08-2023. ================================================================= ==751826==ERROR: LeakSanitizer: detected memory leaks Direct leak of 56 byte(s) in 1 object(s) allocated from: #0 0xfffcc8d01e34 in malloc (/lib64/libasan.so.8+0xb1e34) #1 0x8cae8b0 in redirecting_allocator /export/home/tmp/ushastry/src/mysql-8.0.33/mysys/my_malloc.cc:279 #2 0x8caf228 in my_raw_malloc<redirecting_allocator> /export/home/tmp/ushastry/src/mysql-8.0.33/mysys/my_malloc.cc:322 #3 0x8caf3d8 in my_internal_malloc<redirecting_allocator> /export/home/tmp/ushastry/src/mysql-8.0.33/mysys/my_malloc.cc:372 #4 0x8caf64c in my_malloc(unsigned int, unsigned long, int) /export/home/tmp/ushastry/src/mysql-8.0.33/mysys/my_malloc.cc:386 #5 0x3fb329c in String::real_alloc(unsigned long) /export/home/tmp/ushastry/src/mysql-8.0.33/sql-common/sql_string.cc:54 #6 0x352b514 in String::alloc(unsigned long) /export/home/tmp/ushastry/src/mysql-8.0.33/include/sql_string.h:389 #7 0x3fb4508 in String::copy(char const*, unsigned long, CHARSET_INFO const*) /export/home/tmp/ushastry/src/mysql-8.0.33/sql-common/sql_string.cc:239 #8 0x3fb540c in String::copy(char const*, unsigned long, CHARSET_INFO const*, CHARSET_INFO const*, unsigned int*) /export/home/tmp/ushastry/src/mysql-8.0.33/sql-common/sql_string.cc:390 #9 0x491ab10 in Item_param::set_str(char const*, unsigned long) /export/home/tmp/ushastry/src/mysql-8.0.33/sql/item.cc:3937 #10 0x49774b0 in Item_param::set_from_user_var(THD*, user_var_entry const*) /export/home/tmp/ushastry/src/mysql-8.0.33/sql/item.cc:4035 #11 0x38af9b4 in Prepared_statement::insert_parameters_from_vars(THD*, List<MYSQL_LEX_STRING>&, String*) /export/home/tmp/ushastry/src/mysql-8.0.33/sql/sql_prepare.cc:959 #12 0x38b0aa4 in Prepared_statement::set_parameters(THD*, String*) /export/home/tmp/ushastry/src/mysql-8.0.33/sql/sql_prepare.cc:2745 #13 0x38beac8 in mysql_sql_stmt_execute(THD*) /export/home/tmp/ushastry/src/mysql-8.0.33/sql/sql_prepare.cc:1965 #14 0x377c688 in mysql_execute_command(THD*, bool) /export/home/tmp/ushastry/src/mysql-8.0.33/sql/sql_parse.cc:3372 #15 0x379782c in dispatch_sql_command(THD*, Parser_state*) /export/home/tmp/ushastry/src/mysql-8.0.33/sql/sql_parse.cc:5363 #16 0x37a19dc in dispatch_command(THD*, COM_DATA const*, enum_server_command) /export/home/tmp/ushastry/src/mysql-8.0.33/sql/sql_parse.cc:2050 #17 0x37ae994 in do_command(THD*) /export/home/tmp/ushastry/src/mysql-8.0.33/sql/sql_parse.cc:1439 #18 0x40309dc in handle_connection /export/home/tmp/ushastry/src/mysql-8.0.33/sql/conn_handler/connection_handler_per_thread.cc:302 #19 0xab66f28 in pfs_spawn_thread /export/home/tmp/ushastry/src/mysql-8.0.33/storage/perfschema/pfs.cc:3042 #20 0xfffcc8c17904 in start_thread (/lib64/libpthread.so.0+0x7904) #21 0xfffcc7074298 in thread_start (/lib64/libc.so.6+0x24298) SUMMARY: AddressSanitizer: 56 byte(s) leaked in 1 allocation(s). 2023-06-08T08:28:14.655438Z mysqld_safe mysqld from pid file /export/home/tmp/ushastry/src/Bug111310/111310/ellex07.pid ended
Description: With the leak sanitizer run these queries: PREPARE p0 FROM 'WITH x(x) AS (SELECT 1 WHERE (SELECT 1, 3) = (SELECT 2, ?)) SELECT 1'; SET @a0 = CAST('2000-1-1 0:0:0' AS DATETIME);EXECUTE p0 USING @a0; Then shutdown the server, and the leak sanitizer will report a memory leak: Direct leak of 56 byte(s) in 1 object(s) allocated from: #0 0x7fde7b8b4867 in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:145 #1 0x55ae257a77b4 in redirecting_allocator mysys/my_malloc.cc:279 #2 0x55ae257a8115 in my_raw_malloc<redirecting_allocator> mysys/my_malloc.cc:322 #3 0x55ae257a8280 in my_internal_malloc<redirecting_allocator> mysys/my_malloc.cc:372 #4 0x55ae257a8503 in my_malloc(unsigned int, unsigned long, int) mysys/my_malloc.cc:386 #5 0x55ae21fdf8cf in String::real_alloc(unsigned long) sql-common/sql_string.cc:54 #6 0x55ae1f54e49f in String::alloc(unsigned long) include/sql_string.h:389 #7 0x55ae21fe0b5b in String::copy(char const*, unsigned long, CHARSET_INFO const*) sql-common/sql_string.cc:239 #8 0x55ae21fe1b65 in String::copy(char const*, unsigned long, CHARSET_INFO const*, CHARSET_INFO const*, unsigned int*) sql-common/sql_string.cc:390 #9 0x55ae1f5e5114 in Item_param::set_str(char const*, unsigned long) sql/item.cc:3937 #10 0x55ae1f652d51 in Item_param::set_from_user_var(THD*, user_var_entry const*) sql/item.cc:4035 #11 0x55ae21882b5c in Prepared_statement::insert_parameters_from_vars(THD*, List<MYSQL_LEX_STRING>&, String*) sql/sql_prepare.cc:959 #12 0x55ae21883d6c in Prepared_statement::set_parameters(THD*, String*) sql/sql_prepare.cc:2745 #13 0x55ae218914c6 in mysql_sql_stmt_execute(THD*) sql/sql_prepare.cc:1965 #14 0x55ae2171b4a5 in mysql_execute_command(THD*, bool) sql/sql_parse.cc:3372 #15 0x55ae21736794 in dispatch_sql_command(THD*, Parser_state*) sql/sql_parse.cc:5363 #16 0x55ae21742424 in dispatch_command(THD*, COM_DATA const*, enum_server_command) sql/sql_parse.cc:2137 #17 0x55ae2174d5cb in do_command(THD*) sql/sql_parse.cc:1439 #18 0x55ae2205de54 in handle_connection sql/conn_handler/connection_handler_per_thread.cc:302 #19 0x55ae27f02804 in pfs_spawn_thread storage/perfschema/pfs.cc:3042 #20 0x7fde79a94b42 in start_thread nptl/pthread_create.c:442 The compilation parameters are the same as issue 108148: -DWITH_DEBUG=1 -DWITH_ASAN=ON -DWITH_UBSAN=ON and boost library version 1.77 How to repeat: Run the queries above and shutdown the server.