Bug #46127 killing explain extended can lead to invalid memory reads/valgrind errors
Submitted: 11 Jul 2009 7:30 Modified: 21 Jan 2010 14:23
Reporter: Shane Bester (Platinum Quality Contributor) Email Updates:
Status: Can't repeat Impact on me:
None 
Category:MySQL Server: Optimizer Severity:S1 (Critical)
Version:5.1.37-debug OS:Linux (32-bit fc8)
Assigned to: CPU Architecture:Any
Tags: explain, KILL, valgrind

[11 Jul 2009 7:30] Shane Bester 
Description:
killing a query during explain extended at a certain point can lead to these errors:

5.1.37-debug stack traces:
3 errors in context 3 of 5:
Thread 10:
Invalid read of size 1
at: Item_field::print(String*, enum_query_type) (item.cc:5677)
by: st_select_lex::print_order (sql_lex.cc:2042)
by: st_select_lex::print(THD*, String*, enum_query_type) (sql_select.cc:16694)
by: st_select_lex_unit::print(String*, enum_query_type) (sql_lex.cc:2010)
by: TABLE_LIST::print(THD*, String*, enum_query_type) (sql_select.cc:16547)
by: print_join (sql_select.cc:16465)
by: TABLE_LIST::print(THD*, String*, enum_query_type) (sql_select.cc:16524)
by: print_join (sql_select.cc:16450)
by: st_select_lex::print(THD*, String*, enum_query_type) (sql_select.cc:16666)
by: st_select_lex_unit::print(String*, enum_query_type) (sql_lex.cc:2010)
by: execute_sqlcom_select(THD*, TABLE_LIST*) (sql_parse.cc:4996)
by: mysql_execute_command(THD*) (sql_parse.cc:2207)

Address 0x7B6A067 is 1,583 bytes inside a block of size 2,992 free'd
at: free (vg_replace_malloc.c:233)
by: my_no_flags_free (my_malloc.c:59)
by: free_root (my_alloc.c:349)
by: free_tmp_table(THD*, st_table*) (sql_select.cc:10632)
by: JOIN::destroy() (sql_select.cc:2260)
by: JOIN::destroy() (sql_select.cc:2246)
by: st_select_lex::cleanup() (sql_union.cc:779)
by: st_select_lex_unit::cleanup() (sql_union.cc:645)
by: st_select_lex::cleanup() (sql_union.cc:786)
by: mysql_select (sql_select.cc:2410)
by: mysql_explain_union (sql_select.cc:16419)
by: execute_sqlcom_select (sql_parse.cc:4990)

3 errors in context 4 of 5:
Invalid read of size 4
at: Item_field::print(String*, enum_query_type) (item.cc:5677)
by: st_select_lex::print_order (sql_lex.cc:2042)
by: st_select_lex::print(THD*, String*, enum_query_type) (sql_select.cc:16694)
by: st_select_lex_unit::print(String*, enum_query_type) (sql_lex.cc:2010)
by: TABLE_LIST::print(THD*, String*, enum_query_type) (sql_select.cc:16547)
by: print_join (sql_select.cc:16465)
by: TABLE_LIST::print(THD*, String*, enum_query_type) (sql_select.cc:16524)
by: print_join (sql_select.cc:16450)
by: st_select_lex::print(THD*, String*, enum_query_type) (sql_select.cc:16666)
by: st_select_lex_unit::print(String*, enum_query_type) (sql_lex.cc:2010)
by: execute_sqlcom_select(THD*, TABLE_LIST*) (sql_parse.cc:4996)
by: mysql_execute_command(THD*) (sql_parse.cc:2207)

Address 0x7B7904C is 220 bytes inside a block of size 996 free'd
at: free (vg_replace_malloc.c:233)
by: my_no_flags_free (my_malloc.c:59)
by: free_root (my_alloc.c:355)
by: free_tmp_table(THD*, st_table*) (sql_select.cc:10632)
by: JOIN::destroy() (sql_select.cc:2260)
by: JOIN::destroy() (sql_select.cc:2246)
by: st_select_lex::cleanup() (sql_union.cc:779)
by: st_select_lex_unit::cleanup() (sql_union.cc:645)
by: st_select_lex::cleanup() (sql_union.cc:786)
by: mysql_select (sql_select.cc:2410)
by: mysql_explain_union (sql_select.cc:16419)
by: execute_sqlcom_select(THD*, TABLE_LIST*) (sql_parse.cc:4990)

How to repeat:
will make a testcase later.  rapidly kill explain extended <complex query>
[11 Jul 2009 7:36] MySQL Verification Team 
some more info

Attachment: bug46127_full_valgrind_other_infos.txt (text/plain), 8.12 KiB.