MySQL Bugs: #58069: LOAD DATA INFILE: valgrind reports invalid memory reads and writes with utf8

Bug #58069	LOAD DATA INFILE: valgrind reports invalid memory reads and writes with utf8
Submitted:	9 Nov 2010 7:20	Modified:	3 May 2011 0:46
Reporter:	Shane Bester (Platinum Quality Contributor)	Email Updates:
Status:	Closed	Impact on me:	None
Category:	MySQL Server: General	Severity:	S1 (Critical)
Version:	5.0.92,5.1.53, 5.1.54, 5.5.8	OS:	Linux (FC13 x64)
Assigned to:		CPU Architecture:	Any
Tags:	GIGO, LOAD DATA INFILE, regression, utf8, valgrind

Description:
5.1.53:

Invalid write of size 4                                        
at: READ_INFO::read_field (sql_load.cc:1328)                   
by: read_sep_field (sql_load.cc:872)                           
by: mysql_load (sql_load.cc:442)                               
by: mysql_execute_command (sql_parse.cc:3534)                  
by: mysql_parse (sql_parse.cc:6068)                            
by: dispatch_command (sql_parse.cc:1261)                       
by: do_command (sql_parse.cc:889)                              
by: handle_one_connection (sql_connect.cc:1136)                
by: start_thread (pthread_create.c:301)                        
 Address 0x9357c18 is 0 bytes after a block of size 24 alloc'd 
at: malloc (vg_replace_malloc.c:195)                           
by: my_malloc (my_malloc.c:35)                                 
by: alloc_root (my_alloc.c:166)                                
by: sql_alloc (thr_malloc.cc:69)                               
by: READ_INFO::READ_INFO (sql_load.cc:1106)                    
by: mysql_load (sql_load.cc:382)                               
by: mysql_execute_command (sql_parse.cc:3534)                  
by: mysql_parse (sql_parse.cc:6068)                            
by: dispatch_command (sql_parse.cc:1261)                       
by: do_command (sql_parse.cc:889)                              
by: handle_one_connection (sql_connect.cc:1136)                
by: start_thread (pthread_create.c:301)                        

How to repeat:
set sql_mode='';
drop table if exists t1;
create table t1(a int)engine=myisam;
load data infile '/tmp/data.bin' ignore into table `t1`
character set utf8 fields 
enclosed by '' lines terminated by '';

data.bin file

Attachment: data.bin (application/octet-stream, text), 43.34 KiB.

Not repeatable for me with current mysql-5.1 tree from bzr, so looks like a recent regression.

humble apologies for confusion. this is repeatable on 5.1.52 but only when build like this:

 ./BUILD/compile-pentium-valgrind-max

Verified as described in the last comment (using -valgrind build) with current mysql-5.1 tree on 32-bit Ubuntu:

...
==26204== 1312 errors in context 2 of 9:
==26204== Invalid write of size 4
==26204==    at 0x83FAA4B: READ_INFO::read_field() (sql_load.cc:1328)
==26204==    by 0x83F9263: read_sep_field(THD*, st_copy_info&, TABLE_LIST*, List<Item>&, List<Item>&, List<Item>&, READ_INFO&, String&, unsigned long, bool) (sql_load.cc:872)
==26204==    by 0x83F7FA8: mysql_load(THD*, sql_exchange*, TABLE_LIST*, List<Item>&, List<Item>&, List<Item>&, enum_duplicates, bool, bool) (sql_load.cc:442)
==26204==    by 0x8291242: mysql_execute_command(THD*) (sql_parse.cc:3524)
==26204==    by 0x8298EE1: mysql_parse(THD*, char*, unsigned int, char const**) (sql_parse.cc:6051)
==26204==    by 0x828AD28: dispatch_command(enum_server_command, THD*, char*, unsigned int) (sql_parse.cc:1260)
==26204==    by 0x8289E30: do_command(THD*) (sql_parse.cc:888)
==26204==    by 0x8287FD1: handle_one_connection (sql_connect.cc:1136)
==26204==    by 0x404196D: start_thread (pthread_create.c:300)
==26204==    by 0x4196A4D: clone (clone.S:130)
==26204==  Address 0x5cb5a00 is 0 bytes after a block of size 24 alloc'd
==26204==    at 0x4024F20: malloc (vg_replace_malloc.c:236)
==26204==    by 0x85E0D24: my_malloc (my_malloc.c:35)
==26204==    by 0x85E1A18: alloc_root (my_alloc.c:166)
==26204==    by 0x821C568: sql_alloc(unsigned int) (thr_malloc.cc:69)
==26204==    by 0x83FA1A0: READ_INFO::READ_INFO(int, unsigned int, charset_info_st*, String&, String&, String&, String&, int, bool, bool) (sql_load.cc:1106)
==26204==    by 0x83F7C1E: mysql_load(THD*, sql_exchange*, TABLE_LIST*, List<Item>&, List<Item>&, List<Item>&, enum_duplicates, bool, bool) (sql_load.cc:382)
==26204==    by 0x8291242: mysql_execute_command(THD*) (sql_parse.cc:3524)
==26204==    by 0x8298EE1: mysql_parse(THD*, char*, unsigned int, char const**) (sql_parse.cc:6051)
==26204==    by 0x828AD28: dispatch_command(enum_server_command, THD*, char*, unsigned int) (sql_parse.cc:1260)
==26204==    by 0x8289E30: do_command(THD*) (sql_parse.cc:888)
==26204==    by 0x8287FD1: handle_one_connection (sql_connect.cc:1136)
==26204==    by 0x404196D: start_thread (pthread_create.c:300)
==26204== 
--26204-- 
--26204-- used_suppression:     27 dl-hack3-cond-1
==26204== 
==26204== ERROR SUMMARY: 2631 errors from 9 contexts (suppressed: 27 from 10)
...

Noted in 5.1.58, 5.5.13, 5.6.3 changelogs.

For LOAD DATA INFILE, multibyte character sequences could be pushed
onto a stack too small to accommodate them. 

CHANGESET - http://lists.mysql.com/commits/135499