Bug #14904 Conditional jump or move depends on uninitialised value(s) in mysql_create_like
Submitted: 12 Nov 2005 23:07 Modified: 4 Jan 2006 21:43
Reporter: Oleksandr Byelkin Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server Severity:S3 (Non-critical)
Version:5.0.17 OS:Linux (linux)
Assigned to: Oleksandr Byelkin CPU Architecture:Any

[12 Nov 2005 23:07] Oleksandr Byelkin 
Description:
There are a lot of following valgrind errors:
==3789== Conditional jump or move depends on uninitialised value(s)
==3789==    at 0x84F14D1: my_copy (my_copy.c:77)
==3789==    by 0x82A52EC: mysql_create_like_table(THD*, st_table_list*, st_ha_cr
eate_information*, Table_ident*) (sql_table.cc:2730)
==3789==    by 0x81B948F: mysql_execute_command(THD*) (sql_parse.cc:2892)
==3789==    by 0x81C0B84: mysql_parse(THD*, char*, unsigned) (sql_parse.cc:5593)
==3789==    by 0x81B68D3: dispatch_command(enum_server_command, THD*, char*, uns
igned) (sql_parse.cc:1709)
==3789==    by 0x81B615C: do_command(THD*) (sql_parse.cc:1510)
==3789==    by 0x81B5247: handle_one_connection (sql_parse.cc:1155)
==3789==    by 0x1BA87F1A: pthread_start_thread (in /lib/libpthread-0.10.so)
==3789==    by 0x1BBFDC09: clone (in /lib/libc-2.3.5.so)

How to repeat:
1) build last 5.0.17 with valgrind support,
2) run tests with valgrind, for example:
./mysql-test-run --valgrind blakhole create grant
full list of failed test can be seen in master.err attached to the report.
[16 Dec 2005 21:07] Bugs System 
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/206
[27 Dec 2005 0:02] Bugs System 
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/421
[27 Dec 2005 0:06] Oleksandr Byelkin 
pushed to 5.0.19
[4 Jan 2006 21:42] Mike Hillyer 
Added note to 5.0.19 changelog: 

     <listitem>
        <para>
          Potential  conditional jump on uninitialized variable removed.
          (Bug #14904)
        </para>
      </listitem>
[4 Jan 2006 22:01] Guilhem Bichot 
In fact there is nothing to document: there is no user-visible bug, the old code always worked well in all situations, with zero risk; it's just that it triggered a Valgrind harmless warning. The code was like this:
int f(int a)
{
   int b; // b is not initialized
   if (a) b=10; // b is initialized only if a is non-zero
   if (a && b)
     return 1;
   return 0;
}
In the if (a &&b): if a is zero, b is uninitialized, but a&&b is zero, so the jump does not depend on b. If a is non-zero, b is initialized so the jump does not depend on b.
So the jump never depends on an uninitialized value, but Valgrind complains when a is zero and b is read (even though a&&b does not depend on b in the end, Valgrind cannot know it in advance).
Lazy evaluation would require that if a is zero then b is not evaluated, but the compiler is allowed to evaluate b nevertheless as it does not generate side-effects (other than Valgrind warnings!).