Bug #52304 valgrind does not like to print un-inited string in Protocol_text::store()
Submitted: 23 Mar 2010 13:55 Modified: 18 Jun 2010 1:05
Reporter: Andrei Elkin Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server Severity:S3 (Non-critical)
Version: OS:Any
Assigned to: Andrei Elkin CPU Architecture:Any

[23 Mar 2010 13:55] Andrei Elkin
Description:
There is the valgrind issue that can be seen on PB2:

http://pb2.norway.sun.com/?template=mysql_show_test_failure&test_failure_id=3081956

as

==12397== Syscall param write(buf) points to uninitialised byte(s)

==12397==    at 0x41A303B: ??? (in /lib/tls/i686/cmov/libc-2.10.1.so)
==12397==    by 0x414C92E: new_do_write (fileops.c:529)
==12397==    by 0x414CBC5: _IO_file_xsputn@@GLIBC_2.1 (fileops.c:1369)
==12397==    by 0x4127E07: buffered_vfprintf (vfprintf.c:2262)
==12397==    by 0x4122D3A: vfprintf (vfprintf.c:1306)
==12397==    by 0x8727405: _db_doprnt_ (dbug.c:1161)
==12397==    by 0x82B1E6B: Protocol_text::store(char const*, unsigned int, charset_info_st*) (protocol.cc:852)
==12397==    by 0x82B1BB3: Protocol::store(I_List<i_string>*) (protocol.cc:777)
==12397==    by 0x846AEF2: show_master_info(THD*, Master_info*) (slave.cc:1663)
==12397==    by 0x82CE9D9: mysql_execute_command(THD*) (sql_parse.cc:2435)

The method

bool Protocol_text::store(const char *from, size_t length,
                          CHARSET_INFO *fromcs)
{
  CHARSET_INFO *tocs= this->thd->variables.character_set_results;
#ifndef DBUG_OFF
  DBUG_PRINT("info", ("Protocol_text::store field %u (%u): %s", field_pos,
                      field_count, from));

attempts to print out `from' which may be uninitialized in the caller

bool Protocol::store(I_List<i_string>* str_list)
{
  char buf[256];
  ...

if `length' is zero which is evident from the sources code of the caller.

How to repeat:
To build 5.1-bt with valgrind and execute

mtr --valgrind rpl_get_master_version_and_clock

or to see PB2.

Suggested fix:
To refine DBUG_PRINT(... from) to not attempt printing `from' when length is zero.
[23 Mar 2010 15:01] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/104098

3412 Andrei Elkin	2010-03-23
      Bug #52304  	valgrind does not like to print un-inited string in Protocol_text::store()
      
      The reason of the failure was apparent flaw in that a pointer to an uninitialized buffer was
      passed to DBUG_PRINT of Protocol_text::store().
      
      Fixed with splitting the print-out into two branches: 
      one with length zero of the problematic arg and the rest.
     @ sql/protocol.cc
        correcting DBUG_PRINT to print out `from' with a care because one may be uninitialized in the caller.
[25 Mar 2010 12:50] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/104322

3422 Andrei Elkin	2010-03-25 [merge]
      merging bug#52304 to 5.1-bt,pe
[25 Mar 2010 16:11] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/104358

3999 Andrei Elkin	2010-03-25 [merge]
      merging bug#52304 to 5.1-bt,pe
[25 Mar 2010 16:15] Andrei Elkin
Pushed to 5.1-bt, pe.

Nothing is supposed to be documented imo because the changed lines are in DBUG_PRINT().
[25 Mar 2010 18:12] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/104377

4000 Andrei Elkin	2010-03-25 [merge]
      merging from 5.1-bt to pe changes of bug#52304
[6 Apr 2010 7:58] Bugs System
Pushed into 5.1.46 (revid:sergey.glukhov@sun.com-20100405111026-7kz1p8qlzglqgfmu) (version source revid:aelkin@mysql.com-20100325124924-svjarv9vi3raibtv) (merge vers: 5.1.46) (pib:16)
[6 Apr 2010 14:21] Paul DuBois
No changelog entry needed per earlier comment.
[28 May 2010 5:48] Bugs System
Pushed into mysql-next-mr (revid:alik@sun.com-20100524190136-egaq7e8zgkwb9aqi) (version source revid:alik@sun.com-20100422150750-vp0n37kp9ywq5ghf) (pib:16)
[28 May 2010 6:18] Bugs System
Pushed into 6.0.14-alpha (revid:alik@sun.com-20100524190941-nuudpx60if25wsvx) (version source revid:alik@sun.com-20100422150658-fkhgnwwkyugtxrmu) (merge vers: 6.0.14-alpha) (pib:16)
[28 May 2010 6:45] Bugs System
Pushed into 5.5.5-m3 (revid:alik@sun.com-20100524185725-c8k5q7v60i5nix3t) (version source revid:alexey.kopytov@sun.com-20100402151743-xowc2u930h729jsy) (merge vers: 5.5.4-m3) (pib:16)
[17 Jun 2010 11:48] Bugs System
Pushed into 5.1.47-ndb-7.0.16 (revid:martin.skold@mysql.com-20100617114014-bva0dy24yyd67697) (version source revid:vasil.dimov@oracle.com-20100331130613-8ja7n0vh36a80457) (merge vers: 5.1.46) (pib:16)
[17 Jun 2010 12:26] Bugs System
Pushed into 5.1.47-ndb-6.2.19 (revid:martin.skold@mysql.com-20100617115448-idrbic6gbki37h1c) (version source revid:martin.skold@mysql.com-20100609211156-tsac5qhw951miwtt) (merge vers: 5.1.46-ndb-6.2.19) (pib:16)
[17 Jun 2010 13:13] Bugs System
Pushed into 5.1.47-ndb-6.3.35 (revid:martin.skold@mysql.com-20100617114611-61aqbb52j752y116) (version source revid:vasil.dimov@oracle.com-20100331130613-8ja7n0vh36a80457) (merge vers: 5.1.46) (pib:16)