Bug #59145 valgrind warnings for uninitialized values in my_strtoll10_mb2
Submitted: 24 Dec 2010 6:14 Modified: 18 Jan 2011 19:55
Reporter: Shane Bester (Platinum Quality Contributor) Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server: Charsets Severity:S3 (Non-critical)
Version:5.6.1, 5.6.2 OS:Any
Assigned to: Alexander Barkov CPU Architecture:Any
Tags: regression, valgrind
Triage: Triaged: D1 (Critical)

[24 Dec 2010 6:14] Shane Bester
Description:
incorrect result and valgrind warnings:

Version: '5.6.1-m5-valgrind-max-debug'  socket: '/tmp/mysql.sock'  port: 3306  Source distribution
Thread 18:
Conditional jump or move depends on uninitialised value(s)
at: my_strtoll10_mb2 (ctype-ucs2.c:748)
by: Item_func_signed::val_int_from_str (item_func.cc:971)
by: Item_func_unsigned::val_int (item_func.cc:1039)
by: Item::send (item.cc:5968)
by: Protocol::send_result_set_row (protocol.cc:848)
by: select_send::send_data (sql_class.cc:1866)
by: JOIN::exec (sql_select.cc:2794)
by: mysql_select (sql_select.cc:3554)
by: handle_select (sql_select.cc:323)
by: execute_sqlcom_select (sql_parse.cc:4513)
by: mysql_execute_command (sql_parse.cc:2096)
by: mysql_parse (sql_parse.cc:5550)
by: dispatch_command (sql_parse.cc:1078)
by: do_command (sql_parse.cc:815)
by: do_handle_one_connection (sql_connect.cc:748)
by: handle_one_connection (sql_connect.cc:684)
by: start_thread (pthread_create.c:301)
 Uninitialised value was created by a stack allocation
at 0xB229E1: my_strtoll10_mb2 (ctype-ucs2.c:714)

See attached file for full outputs.
5.1.55, 5.5.9 wasn't not affected.

How to repeat:
#run a mysqld from mysql-trunk in valgrind, then:
select convert(char(null using ucs2),unsigned);
[24 Dec 2010 6:14] Shane Bester
more details...

Attachment: bug59145_more_info.txt (text/plain), 21.04 KiB.

[24 Dec 2010 10:07] Valeriy Kravchuk
Verified just as described with current mysql-trunk tree on 32-bit Ubunut 10.04:

==15900== Conditional jump or move depends on uninitialised value(s)
==15900==    at 0x875CAB1: my_strtoll10_mb2 (ctype-ucs2.c:796)
==15900==    by 0x83D2775: Item_func_signed::val_int_from_str(int*) (item_func.cc:971)
==15900==    by 0x83D2B44: Item_func_unsigned::val_int() (item_func.cc:1039)
==15900==    by 0x8396AD2: Item::send(Protocol*, String*) (item.cc:5968)
==15900==    by 0x8198224: Protocol::send_result_set_row(List<Item>*) (protocol.cc:848)
==15900==    by 0x81E3D2B: select_send::send_data(List<Item>&) (sql_class.cc:1866)
==15900==    by 0x823EA46: JOIN::exec() (sql_select.cc:2794)
==15900==    by 0x824116A: mysql_select(THD*, Item***, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) (sql_select.cc:3554)
==15900==    by 0x823860B: handle_select(THD*, LEX*, select_result*, unsigned long) (sql_select.cc:323)
==15900==    by 0x821AB70: execute_sqlcom_select(THD*, TABLE_LIST*) (sql_parse.cc:4513)
==15900==    by 0x8212E61: mysql_execute_command(THD*) (sql_parse.cc:2096)
==15900==    by 0x821CBEB: mysql_parse(THD*, char*, unsigned int, Parser_state*) (sql_parse.cc:5550)
[24 Dec 2010 13:25] Shane Bester
another testcase (note: DO is needed instead of SELECT)

do ifnull(char(timestampdiff(day,'q','') using ucs2),'');

Conditional jump or move depends on uninitialised value(s)
at: my_strtoll10_mb2 (ctype-ucs2.c:748)
by: Item_func_numhybrid::val_int (item_func.cc:890)
by: mysql_do (sql_do.cc:34)
by: mysql_execute_command (sql_parse.cc:2119)
by: mysql_parse (sql_parse.cc:5550)
by: dispatch_command (sql_parse.cc:1078)
by: do_command (sql_parse.cc:815)
by: do_handle_one_connection (sql_connect.cc:748)
by: handle_one_connection (sql_connect.cc:684)
by: start_thread (pthread_create.c:301)
Uninitialised value was created by a stack allocation
at: my_strtoll10_mb2 (ctype-ucs2.c:714)
[24 Dec 2010 13:27] Shane Bester
do ifnull(char(null using ucs2),'');
[26 Dec 2010 8:40] Shane Bester
do cast(convert('' using ucs2) as unsigned)
[13 Jan 2011 15:59] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/128670

3502 Alexander Barkov	2011-01-13
      Bug#59145 valgrind warnings for uninitialized values in my_strtoll10_mb2
     @ mysql-test/r/ctype_ucs.result
        Adding test
     @ mysql-test/t/ctype_ucs.test
        Adding test
     @ strings/ctype-ucs2.c
        "wc" was not initialized in case of empty string.
        - Removing redundant loop condition in for - on end-of-string
          the loop will break by "goto".
        - Making "goto" condition stricter (just in case)
[18 Jan 2011 7:20] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/129025

3526 Alexander Barkov	2011-01-18
      Bug#59145 valgrind warnings for uninitialized values in my_strtoll10_mb2
      
        @ mysql-test/r/ctype_ucs.result
        Adding test
        @ mysql-test/t/ctype_ucs.test
          Adding test
        @ strings/ctype-ucs2.c
          "wc" was not initialized in case of empty string.
        - Removing redundant loop condition in for - on end-of-string
          the loop will break by "goto".
        - Making "goto" condition stricter (just in case)
[18 Jan 2011 7:21] Bugs System
Pushed into mysql-trunk 5.6.2 (revid:alexander.barkov@oracle.com-20110118071649-6ayyh3xrhkjeswle) (version source revid:alexander.barkov@oracle.com-20110118071649-6ayyh3xrhkjeswle) (merge vers: 5.6.2) (pib:24)
[18 Jan 2011 19:55] Paul Dubois
Noted in 5.6.2 changelog.

Valgrind warnings about uninitialized variables were corrected.
[21 Jan 2011 7:53] Shane Bester
now bug #59648 hits this assertion