Bug #44774 load_file function produces valgrind warnings
Submitted: 11 May 2009 6:31 Modified: 26 Jun 2009 2:28
Reporter: Shane Bester (Platinum Quality Contributor) Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server: DML Severity:S3 (Non-critical)
Version:5.0.82, 5.1.30, 5.1.34, 5.1.35 OS:Linux (32-bit fc8)
Assigned to: Ramil Kalimullin
Tags: load_file, valgrind
Triage: Triaged: D2 (Serious)

[11 May 2009 6:31] Shane Bester
Description:
load_file uses some uninitialized values!  5.1.35 valgrind output (cut):

Conditional jump or move depends on uninitialised value(s)
: Item_load_file::val_str(String*) (sql_string.h:102)
: Item::send(Protocol*, String*) (item.cc:5302)
: select_send::send_data(List<Item>&) (sql_class.cc:1587)
: end_send(JOIN*, st_join_table*, bool) (sql_select.cc:11976)
: do_select (sql_select.cc:10854)
: JOIN::exec() (sql_select.cc:2199)
: mysql_select (sql_select.cc:2378)
: handle_select (sql_select.cc:268)
: execute_sqlcom_select(THD*, TABLE_LIST*) (sql_parse.cc:5009)
: mysql_execute_command(THD*) (sql_parse.cc:2211)
: mysql_parse(THD*, char const*, unsigned, char const**) (sql_parse.cc:5929)
: dispatch_command (sql_parse.cc:1216)

Conditional jump or move depends on uninitialised value(s)
: dirname_length (mf_dirname.c:33)
: dirname_part (mf_dirname.c:73)
: fn_format (mf_format.c:38)
: Item_load_file::val_str(String*) (item_strfunc.cc:2947)
: Item::send(Protocol*, String*) (item.cc:5302)
: select_send::send_data(List<Item>&) (sql_class.cc:1587)
: end_send(JOIN*, st_join_table*, bool) (sql_select.cc:11976)
: do_select(JOIN*, List<Item>*, st_table*, Procedure*) (sql_select.cc:10854)
: JOIN::exec() (sql_select.cc:2199)
: mysql_select (sql_select.cc:2378)
: handle_select (sql_select.cc:268)
: execute_sqlcom_select(THD*, TABLE_LIST*) (sql_parse.cc:5009)

Conditional jump or move depends on uninitialised value(s)
: index (mc_replace_strmem.c:164)
: fn_format (mf_format.c:57)
: Item_load_file::val_str(String*) (item_strfunc.cc:2947)
: Item::send(Protocol*, String*) (item.cc:5302)
: select_send::send_data(List<Item>&) (sql_class.cc:1587)
: end_send(JOIN*, st_join_table*, bool) (sql_select.cc:11976)
: do_select(JOIN*, List<Item>*, st_table*, Procedure*) (sql_select.cc:10854)
: JOIN::exec() (sql_select.cc:2199)
: mysql_select (sql_select.cc:2378)
: handle_select (sql_select.cc:268)
: execute_sqlcom_select(THD*, TABLE_LIST*) (sql_parse.cc:5009)
: mysql_execute_command(THD*) (sql_parse.cc:2211)

Conditional jump or move depends on uninitialised value(s)
: index (mc_replace_strmem.c:164)
: fn_format (mf_format.c:57)
: Item_load_file::val_str(String*) (item_strfunc.cc:2947)
: Item::send(Protocol*, String*) (item.cc:5302)
: select_send::send_data(List<Item>&) (sql_class.cc:1587)
: end_send(JOIN*, st_join_table*, bool) (sql_select.cc:11976)
: do_select(JOIN*, List<Item>*, st_table*, Procedure*) (sql_select.cc:10854)
: JOIN::exec() (sql_select.cc:2199)
: mysql_select (sql_select.cc:2378)
: handle_select (sql_select.cc:268)
: execute_sqlcom_select(THD*, TABLE_LIST*) (sql_parse.cc:5009)
: mysql_execute_command(THD*) (sql_parse.cc:2211)

Conditional jump or move depends on uninitialised value(s)
: strlength (mf_format.c:131)
: fn_format (mf_format.c:73)
: Item_load_file::val_str(String*) (item_strfunc.cc:2947)
: Item::send(Protocol*, String*) (item.cc:5302)
: select_send::send_data(List<Item>&) (sql_class.cc:1587)
: end_send(JOIN*, st_join_table*, bool) (sql_select.cc:11976)
: do_select(JOIN*, List<Item>*, st_table*, Procedure*) (sql_select.cc:10854)
: JOIN::exec() (sql_select.cc:2199)
: mysql_select (sql_select.cc:2378)
: handle_select (sql_select.cc:268)
: execute_sqlcom_select(THD*, TABLE_LIST*) (sql_parse.cc:5009)
: mysql_execute_command(THD*) (sql_parse.cc:2211)

How to repeat:
#run mysqld under valgrind, then this sql:

drop table if exists `tmp`;
create table `tmp`(`c2` tinyblob)engine=myisam;
insert into `tmp` values ('aaaaaaaa');
select load_file(`c2`) from  `tmp`;

Suggested fix:
initialize things properly.  please fix this, because it's causing too many errors in my vast number of tests and it's annoying to filter out stuff all the time due to bugs.
[12 May 2009 6:13] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/73800

2737 Ramil Kalimullin	2009-05-12
      Fix for bug#44774: load_file function produces valgrind warnings
      
      Problem: using LOAD_FILE() in some cases we pass a file name string
      without a trailing '\0' to fn_format() which relies on that however.
      That may lead to valgrind warnings.
      
      Fix: add a trailing '\0' to the file name passed to fn_format().
     @ mysql-test/r/func_str.result
        Fix for bug#44774: load_file function produces valgrind warnings
          - test result.
     @ mysql-test/t/func_str.test
        Fix for bug#44774: load_file function produces valgrind warnings
          - test case.
     @ sql/item_strfunc.cc
        Fix for bug#44774: load_file function produces valgrind warnings
          - added a trailing '\0' to file name passed to fn_format().
          - file_name->c_ptr() replaced with file_name->ptr() accordingly.
[13 May 2009 4:22] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/73899

2739 Ramil Kalimullin	2009-05-13 [merge]
      Fix for bug#44774 merged.
[28 May 2009 7:42] Bugs System
Pushed into 5.0.83 (revid:joro@sun.com-20090528073529-q9b8s60vlpu28fny) (version source revid:ramil@mysql.com-20090513042138-63mx29b27oow4zl2) (merge vers: 5.0.82) (pib:6)
[28 May 2009 8:17] Bugs System
Pushed into 5.1.36 (revid:joro@sun.com-20090528073639-yohsb4q1jzg7ycws) (version source revid:jimw@mysql.com-20090515174051-ndjvfd1e9hc9k9c3) (merge vers: 5.1.36) (pib:6)
[1 Jun 2009 16:41] Paul Dubois
Noted in 5.0.83, 5.1.36 changelogs.

Several Valgrind warnings were silenced.

Setting report to NDI pending push into 6.0.x.
[17 Jun 2009 19:24] Bugs System
Pushed into 5.4.4-alpha (revid:alik@sun.com-20090616183122-chjzbaa30qopdra9) (version source revid:ramil@mysql.com-20090514034347-wak8azegaipwf9lg) (merge vers: 6.0.12-alpha) (pib:11)
[26 Jun 2009 2:28] Paul Dubois
Noted in 5.4.4 changelog.
[12 Aug 2009 22:28] Paul Dubois
Noted in 5.4.2 changelog because next 5.4 version will be 5.4.2 and not 5.4.4.
[15 Aug 2009 1:46] Paul Dubois
Ignore previous comment about 5.4.2.
[26 Aug 2009 13:46] Bugs System
Pushed into 5.1.37-ndb-7.0.8 (revid:jonas@mysql.com-20090826132541-yablppc59e3yb54l) (version source revid:jonas@mysql.com-20090826132541-yablppc59e3yb54l) (merge vers: 5.1.37-ndb-7.0.8) (pib:11)
[26 Aug 2009 13:46] Bugs System
Pushed into 5.1.37-ndb-6.3.27 (revid:jonas@mysql.com-20090826105955-bkj027t47gfbamnc) (version source revid:jonas@mysql.com-20090826105955-bkj027t47gfbamnc) (merge vers: 5.1.37-ndb-6.3.27) (pib:11)
[26 Aug 2009 13:48] Bugs System
Pushed into 5.1.37-ndb-6.2.19 (revid:jonas@mysql.com-20090825194404-37rtosk049t9koc4) (version source revid:jonas@mysql.com-20090825194404-37rtosk049t9koc4) (merge vers: 5.1.37-ndb-6.2.19) (pib:11)
[27 Aug 2009 16:32] Bugs System
Pushed into 5.1.35-ndb-7.1.0 (revid:magnus.blaudd@sun.com-20090827163030-6o3kk6r2oua159hr) (version source revid:jonas@mysql.com-20090826132541-yablppc59e3yb54l) (merge vers: 5.1.37-ndb-7.0.8) (pib:11)
[7 Oct 2009 19:33] Paul Dubois
The 5.4 fix has been pushed to 5.4.2.