Bug #52124 memory leaks like a sieve in datetime, timestamp, time, date fields + warnings
Submitted: 17 Mar 2010 6:52 Modified: 21 Jun 2010 1:02
Reporter: Shane Bester (Platinum Quality Contributor) Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server: Data Types Severity:S1 (Critical)
Version:5.1.44, 5.1.46-bzr, 5.6.99-m4 OS:Any
Assigned to: Sergey Glukhov
Tags: Leak
Triage: Triaged: D2 (Serious)

[17 Mar 2010 6:52] Shane Bester
Description:
many recent valgrind reports of memory still reachable or possibly lost such as this from 5.6.99-m4:

136 bytes in 2 blocks are still reachable in loss record 4 of 7
at: malloc (vg_replace_malloc.c:195)
by: _mymalloc (safemalloc.c:137)
by: String::real_alloc (sql_string.cc:48)
by: String::alloc (sql_string.h:209)
by: Field_datetime::val_str (field.cc:6104)
by: Item_field::val_str (item.cc:2078)
by: Arg_comparator::compare_string (item_cmpfunc.cc:1271)
by: Arg_comparator::compare (item_cmpfunc.h:84)
by: Arg_comparator::compare_row (item_cmpfunc.cc:1582)
by: Arg_comparator::compare (item_cmpfunc.h:84)
by: Item_func_ge::val_int (item_cmpfunc.cc:1889)
by: evaluate_join_record (sql_select.cc:11522)
by: sub_select (sql_select.cc:11473)
by: do_select (sql_select.cc:11225)
by: JOIN::exec (sql_select.cc:2311)
by: mysql_select (sql_select.cc:2506)
by: handle_select (sql_select.cc:271)
by: execute_sqlcom_select (sql_parse.cc:4703)
by: mysql_execute_command (sql_parse.cc:2191)
by: mysql_parse (sql_parse.cc:5735)
by: dispatch_command (sql_parse.cc:1024)
by: do_command (sql_parse.cc:710)
by: do_handle_one_connection (sql_connect.cc:1174)
by: handle_one_connection (sql_connect.cc:1113)
by: start_thread (in /lib64/libpthread-2.5.so)
by: clone (in /lib64/libc-2.5.so)

How to repeat:
.
[17 Mar 2010 9:03] Shane Bester
#testcase: 5.1 definitely leaks, 5.6.99 says still reachable!
#valgrind --tool=memcheck --read-var-info=yes --track-origins=yes --leak-check=full --db-attach=no --num-callers=50 -v --show-reachable=yes  ./sql/mysqld 

---
set sql_mode='';
drop table if exists `t1`;
create table `t1` (`a` datetime not null,`b` tinyint) engine=myisam;
insert into `t1` values (),();
select  1 from `t1` where row(`a`,`b`)>=
row('1',(select 1 from `t1` where `a`>1234)); 
---

notice the two warnings.
[17 Mar 2010 9:53] Valerii Kravchuk
Veirfied just as described with recent 5.1.46 from bzr on 32-bit SuSE Linux:

...
==6581== 52 bytes in 1 blocks are still reachable in loss record 4 of 16
==6581==    at 0x401CA36: malloc (vg_replace_malloc.c:195)
==6581==    by 0x86CAFB0: _mymalloc (safemalloc.c:137)
==6581==    by 0x828E848: String::real_alloc(unsigned int) (sql_string.cc:51)
==6581==    by 0x8203AB9: String::alloc(unsigned int) (sql_string.h:205)
==6581==    by 0x8266A8C: Field_datetime::val_str(String*, String*) (field.cc:6151)
==6581==    by 0x81CC772: Item_field::val_str(String*) (item.cc:2009)
==6581==    by 0x820ABFB: Arg_comparator::compare_binary_string() (item_cmpfunc.cc:1298)
==6581==    by 0x81EEECB: Arg_comparator::compare() (item_cmpfunc.h:81)
==6581==    by 0x820B960: Arg_comparator::compare_row() (item_cmpfunc.cc:1580)
==6581==    by 0x81EEECB: Arg_comparator::compare() (item_cmpfunc.h:81)
==6581==    by 0x820C6C7: Item_func_ge::val_int() (item_cmpfunc.cc:1887)
==6581==    by 0x8326339: evaluate_join_record(JOIN*, st_join_table*, int) (sql_select.cc:11334)
==6581==    by 0x83261DF: sub_select(JOIN*, st_join_table*, bool) (sql_select.cc:11285)
==6581==    by 0x8325D77: do_select(JOIN*, List<Item>*, st_table*, Procedure*) (sql_select.cc:11041)
==6581==    by 0x83116EF: JOIN::exec() (sql_select.cc:2290)
==6581==    by 0x8311E63: mysql_select(THD*, Item***, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) (sql_select.cc:2485)
==6581==    by 0x830ACC5: handle_select(THD*, st_lex*, select_result*, unsigned long) (sql_select.cc:257)
==6581==    by 0x82AD45F: execute_sqlcom_select(THD*, TABLE_LIST*) (sql_parse.cc:5052)
==6581==    by 0x82A5465: mysql_execute_command(THD*) (sql_parse.cc:2248)
==6581==    by 0x82AF58F: mysql_parse(THD*, char const*, unsigned int, char const**) (sql_parse.cc:5971)
==6581==    by 0x82A327E: dispatch_command(enum_server_command, THD*, char*, unsigned int) (sql_parse.cc:1233)
==6581==    by 0x82A250D: do_command(THD*) (sql_parse.cc:874)
==6581==    by 0x82A0943: handle_one_connection (sql_connect.cc:1127)
==6581==    by 0x403AAA6: ??? (in /lib/tls/libpthread.so.0)
==6581==    by 0x4180C2D: clone (in /lib/tls/libc.so.6)
...
[24 Mar 2010 14:40] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/104217

3415 Sergey Glukhov	2010-03-24
      Bug#52124 memory leaks like a sieve in datetime, timestamp, time, date fields + warnings
      Arg_comparator initializes 'comparators' array in case of
      ROW comparison and does not free this array on its
      destruction. It leads to memory leaks.
      The fix is to delete 'comparators' array in destructor.
     @ mysql-test/r/row.result
        test result
     @ mysql-test/t/row.test
        test case
     @ sql/item_cmpfunc.h
        added Arg_comparator which frees 'comparators' array
[25 Mar 2010 15:09] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/104340

3414 Sergey Glukhov	2010-03-25
      Bug#52124 memory leaks like a sieve in datetime, timestamp, time, date fields + warnings
      Arg_comparator initializes 'comparators' array in case of
      ROW comparison and does not free this array on its
      destruction. It leads to memory leaks.
     @ mysql-test/r/row.result
        test result
     @ mysql-test/t/row.test
        test case
     @ sql/item_cmpfunc.h
        added Arg_comparator which frees 'comparators' array.
[31 Mar 2010 8:07] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/104681

3434 Sergey Glukhov	2010-03-30
      Bug#52124 memory leaks like a sieve in datetime, timestamp, time, date fields + warnings
      Arg_comparator initializes 'comparators' array in case of
      ROW comparison and does not free this array on destruction.
      It leads to memory leaks.
      The fix:
      -added Arg_comparator destructor which frees 'comparators' array.
      -create comparators array in PS arena if we are in a preapred
      statement
     @ mysql-test/r/row.result
        test result
     @ mysql-test/t/row.test
        test case
     @ sql/item_cmpfunc.cc
        if we are in a prepared statement the 
        then create comparators array in PS arena.
     @ sql/item_cmpfunc.h
        added Arg_comparator destructor which frees 'comparators' array.
[14 Apr 2010 12:26] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/105642

3452 Sergey Glukhov	2010-04-14
      Bug#52124 memory leaks like a sieve in datetime, timestamp, time, date fields + warnings
      Arg_comparator initializes 'comparators' array in case of
      ROW comparison and does not free this array on destruction.
      It leads to memory leaks.
      The fix:
      -added Arg_comparator destructor which frees 'comparators' array.
      -create comparators array in PS arena if we are in a prepared
       statement
      -Allocate 'comparators' array only if it's PS statement
       at 'prepare' stage or it's conventional statement.
     @ mysql-test/r/ps.result
        test case
     @ mysql-test/r/row.result
        test case
     @ mysql-test/t/ps.test
        test case
     @ mysql-test/t/row.test
        test case
     @ sql/item_cmpfunc.cc
        if we are in a prepared statement the 
        then create comparators array in PS arena.
        Allocate 'comparators' array only if it's PS statement
        at 'prepare' stage or it's conventional statement.
     @ sql/item_cmpfunc.h
        added Arg_comparator destructor which frees 'comparators' array.
[16 Apr 2010 7:06] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/105804

3452 Sergey Glukhov	2010-04-16
      Bug#52124 memory leaks like a sieve in datetime, timestamp, time, date fields + warnings
      Arg_comparator initializes 'comparators' array in case of
      ROW comparison and does not free this array on destruction.
      It leads to memory leaks.
      The fix:
      -added Arg_comparator::cleanup() method which frees
       'comparators' array.
      -added Item_bool_func2::cleanup() method which calls 
       Arg_comparator::cleanup() method
     @ mysql-test/r/ps.result
        test case
     @ mysql-test/r/row.result
        test case
     @ mysql-test/t/ps.test
        test case
     @ mysql-test/t/row.test
        test case
     @ sql/item_cmpfunc.h
        -added Arg_comparator::cleanup() method which frees
         'comparators' array.
        -added Item_bool_func2::cleanup() method which calls 
         Arg_comparator::cleanup() method
[16 Apr 2010 12:41] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/105859

3456 Sergey Glukhov	2010-04-16
      Bug#52124 memory leaks like a sieve in datetime, timestamp, time, date fields + warnings
      Arg_comparator initializes 'comparators' array in case of
      ROW comparison and does not free this array on destruction.
      It leads to memory leaks.
      The fix:
      -added Arg_comparator::cleanup() method which frees
       'comparators' array.
      -added Item_bool_func2::cleanup() method which calls 
       Arg_comparator::cleanup() method
     @ mysql-test/r/ps.result
        test case
     @ mysql-test/r/row.result
        test case
     @ mysql-test/t/ps.test
        test case
     @ mysql-test/t/row.test
        test case
     @ sql/item_cmpfunc.h
        -added Arg_comparator::cleanup() method which frees
         'comparators' array.
        -added Item_bool_func2::cleanup() method which calls 
         Arg_comparator::cleanup() method
[5 May 2010 15:14] Bugs System
Pushed into 5.1.47 (revid:joro@sun.com-20100505145753-ivlt4hclbrjy8eye) (version source revid:kristofer.pettersson@sun.com-20100416145616-vdcdyz9eu7j86lp7) (merge vers: 5.1.47) (pib:16)
[13 May 2010 14:36] Paul Dubois
Noted in 5.1.47 changelog.

A memory leak occurred due to missing deallocation of the "comparators"
array (a member of the "Arg_comparator" class).
[28 May 2010 6:09] Bugs System
Pushed into mysql-next-mr (revid:alik@sun.com-20100524190136-egaq7e8zgkwb9aqi) (version source revid:vasil.dimov@oracle.com-20100331130613-8ja7n0vh36a80457) (pib:16)
[28 May 2010 6:38] Bugs System
Pushed into 6.0.14-alpha (revid:alik@sun.com-20100524190941-nuudpx60if25wsvx) (version source revid:alik@sun.com-20100422150658-fkhgnwwkyugtxrmu) (merge vers: 6.0.14-alpha) (pib:16)
[28 May 2010 7:05] Bugs System
Pushed into 5.5.5-m3 (revid:alik@sun.com-20100524185725-c8k5q7v60i5nix3t) (version source revid:alexey.kopytov@sun.com-20100429203306-tg0wz4y2xyx8edrl) (merge vers: 5.5.5-m3) (pib:16)
[29 May 2010 15:05] Paul Dubois
Noted in 5.5.5, 6.0.14 changelogs.
[17 Jun 2010 12:14] Bugs System
Pushed into 5.1.47-ndb-7.0.16 (revid:martin.skold@mysql.com-20100617114014-bva0dy24yyd67697) (version source revid:vasil.dimov@oracle.com-20100331130613-8ja7n0vh36a80457) (merge vers: 5.1.46) (pib:16)
[17 Jun 2010 13:01] Bugs System
Pushed into 5.1.47-ndb-6.2.19 (revid:martin.skold@mysql.com-20100617115448-idrbic6gbki37h1c) (version source revid:vasil.dimov@oracle.com-20100331130613-8ja7n0vh36a80457) (merge vers: 5.1.46) (pib:16)
[17 Jun 2010 13:42] Bugs System
Pushed into 5.1.47-ndb-6.3.35 (revid:martin.skold@mysql.com-20100617114611-61aqbb52j752y116) (version source revid:vasil.dimov@oracle.com-20100331130613-8ja7n0vh36a80457) (merge vers: 5.1.46) (pib:16)