Bug #37956 memory leak and / or crash with geometry and prepared statements!
Submitted: 8 Jul 2008 7:45 Modified: 28 Jan 2009 21:40
Reporter: Shane Bester (Platinum Quality Contributor) Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server: Prepared statements Severity:S1 (Critical)
Version:5.0.66a, 5.1.26 OS:Any
Assigned to: Sergey Glukhov
Tags: memory leak
Triage: Triaged: D1 (Critical)

[8 Jul 2008 7:45] Shane Bester
Description:
running my application testsuite against 5.1 under valgrind, then shutting down the server causes valgrind to print these warnings:

 4,636 (996 direct, 3,640 indirect) bytes in 1 blocks are definitely lost in loss record 7 of 8
    at 0x4005400: malloc 
    by 0x849AF99: my_malloc 
    by 0x849B940: alloc_root 
    by 0x817284D: sql_alloc
    by 0x811FF19: Item::tmp_table_field_from_field_type
    by 0x8226E2C: create_tmp_field_from_item
    by 0x82273A4: create_tmp_field
    by 0x8227F7F: create_tmp_table
    by 0x831793E: select_union::create_result_table
    by 0x8327AB7: Select_materialize::send_fields
    by 0x82431E6: JOIN::exec()
    by 0x82460ED: mysql_select
 
[sbester@box1 mysql-5.1]$ valgrind --version
valgrind-3.2.1
 
 3,640 bytes in 3 blocks are indirectly lost in loss record 8 of 8
    at 0x4005400: malloc
    by 0x849AF99: my_malloc
    by 0x849B940: alloc_root 
    by 0x8327ADF: Select_materialize::send_fields
    by 0x82431E6: JOIN::exec()
    by 0x82460ED: mysql_select
    by 0x824664C: handle_select
    by 0x81CFA73: execute_sqlcom_select
    by 0x81D2774: mysql_execute_command
    by 0x8327E38: mysql_open_cursor
    by 0x8253DD6: Prepared_statement::execute
    by 0x82550A8: Prepared_statement::execute_loop
 

How to repeat:
I will find the offending queries and make a testcase later.
[8 Jul 2008 7:49] Shane Bester
full valgrind summary attached to avoid wrapping.

Attachment: bug37956_valgrind_details.txt (text/plain), 9.71 KiB.

[7 Aug 2008 17:19] Shane Bester
the leaking/offending statement has been found.
when executing this query as prepared statement with random parameters, we have this error and a memory leak of about 2kb:   select point(?,?)

mysql_stmt_execute failed: Cannot get geometry object from data you send to the GEOMETRY field (1416)

running as a normal query in mysql client and even using PREPARE syntax works fine though.  will upload a small testcase later.
[8 Aug 2008 8:03] Shane Bester
causes memory leaks and/or crashes of server !

Attachment: bug37956.c (text/plain), 8.70 KiB.

[8 Aug 2008 8:06] Shane Bester
verified.  it's possible this might be related to bug #37671 but i don't remember seeing memory leak in that one.  please check when fixing.
[25 Nov 2008 15:15] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/59808

2722 Sergey Glukhov	2008-11-25
      Bug#37956 memory leak and / or crash with geometry and prepared statements!
      Bug#37671 crash on prepared statement + cursor + geometry + too many open files!
      if mysql_execute_command() returns error then free materialized_cursor object.
      is_rnd_inited is added to satisfy rnd_end() assertion
      (handler may be uninitialized in some cases)
[25 Nov 2008 17:13] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/59828

2722 Sergey Glukhov	2008-11-25
      Bug#37956 memory leak and / or crash with geometry and prepared statements!
      Bug#37671 crash on prepared statement + cursor + geometry + too many open files!
      if mysql_execute_command() returns error then free materialized_cursor object.
      is_rnd_inited is added to satisfy rnd_end() assertion
      (handler may be uninitialized in some cases)
[8 Dec 2008 12:46] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/60901

2722 Sergey Glukhov	2008-12-08
      Bug#37956 memory leak and / or crash with geometry and prepared statements!
      Bug#37671 crash on prepared statement + cursor + geometry + too many open files!
      if mysql_execute_command() returns error then free materialized_cursor object.
      is_rnd_inited is added to satisfy rnd_end() assertion
      (handler may be uninitialized in some cases)
[10 Dec 2008 14:14] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/61216

2722 Sergey Glukhov	2008-12-10
      Bug#37956 memory leak and / or crash with geometry and prepared statements!
      Bug#37671 crash on prepared statement + cursor + geometry + too many open files!
      if mysql_execute_command() returns error then free materialized_cursor object.
      is_rnd_inited is added to satisfy rnd_end() assertion
      (handler may be uninitialized in some cases)
[6 Jan 2009 13:56] Bugs System
Pushed into 5.0.76 (revid:joro@sun.com-20090105160414-8q9j4bi1klkfwiup) (version source revid:azundris@mysql.com-20081230114734-nmsc37ak330zlygn) (merge vers: 5.0.76) (pib:6)
[8 Jan 2009 21:32] Paul Dubois
Noted in 5.0.76 changelog.

Use of spatial data types in prepared statements could cause memory
leaks or server crashes.

Setting report to NDI pending push into 5.1.x/6.0.x.
[15 Jan 2009 6:37] Bugs System
Pushed into 5.1.31 (revid:joro@sun.com-20090115053147-tx1oapthnzgvs1ro) (version source revid:azundris@mysql.com-20081230114838-cn52tu180wcrvh0h) (merge vers: 5.1.31) (pib:6)
[15 Jan 2009 16:29] Paul Dubois
Noted in 5.1.31 changelog.

Setting report to NDI pending push into 6.0.x.
[19 Jan 2009 11:23] Bugs System
Pushed into 5.1.31-ndb-6.2.17 (revid:tomas.ulin@sun.com-20090119095303-uwwvxiibtr38djii) (version source revid:tomas.ulin@sun.com-20090115073240-1wanl85vlvw2she1) (merge vers: 5.1.31-ndb-6.2.17) (pib:6)
[19 Jan 2009 13:01] Bugs System
Pushed into 5.1.31-ndb-6.3.21 (revid:tomas.ulin@sun.com-20090119104956-guxz190n2kh31fxl) (version source revid:tomas.ulin@sun.com-20090119104956-guxz190n2kh31fxl) (merge vers: 5.1.31-ndb-6.3.21) (pib:6)
[19 Jan 2009 15:15] Jon Stephens
Setting status back to NDI pending merge to 6.0 tree.
[19 Jan 2009 16:07] Bugs System
Pushed into 5.1.31-ndb-6.4.1 (revid:tomas.ulin@sun.com-20090119144033-4aylstx5czzz88i5) (version source revid:tomas.ulin@sun.com-20090119144033-4aylstx5czzz88i5) (merge vers: 5.1.31-ndb-6.4.1) (pib:6)
[20 Jan 2009 19:00] Bugs System
Pushed into 6.0.10-alpha (revid:joro@sun.com-20090119171328-2hemf2ndc1dxl0et) (version source revid:azundris@mysql.com-20081230114916-c290n83z25wkt6e4) (merge vers: 6.0.9-alpha) (pib:6)
[28 Jan 2009 21:40] Paul Dubois
Noted in 6.0.10 changelog.