Bug #59151 uninitialized values in extract_date_time with str_to_date(space(..) ... )
Submitted: 24 Dec 2010 8:30 Modified: 19 Apr 2011 17:10
Reporter: Shane Bester (Platinum Quality Contributor) Email Updates:
Status: Closed Impact on me:
Category:MySQL Server: Data Types Severity:S3 (Non-critical)
Version:5.0.92, 5.1.55, 5.5.9, 5.6.2 OS:Any
Assigned to: CPU Architecture:Any
Tags: space, STR_TO_DATE, valgrind

[24 Dec 2010 8:30] Shane Bester
Version: '5.6.1-m5-valgrind-max-debug'  socket: '/tmp/mysql.sock'  port: 3306  Source distribution
Thread 18:
Conditional jump or move depends on uninitialised value(s)
at: extract_date_time (item_timefunc.cc:521)
by: Item_func_str_to_date::get_date (item_timefunc.cc:3450)
by: Item_func::get_arg0_date (item_func.h:147)
by: Item_func_yearweek::val_int (item_timefunc.cc:1250)
by: Item::send (item.cc:5968)
by: Protocol::send_result_set_row (protocol.cc:848)
by: select_send::send_data (sql_class.cc:1866)
by: JOIN::exec (sql_select.cc:2794)
by: mysql_select (sql_select.cc:3554)
by: handle_select (sql_select.cc:323)
by: execute_sqlcom_select (sql_parse.cc:4513)
by: mysql_execute_command (sql_parse.cc:2096)
by: mysql_parse (sql_parse.cc:5550)
by: dispatch_command (sql_parse.cc:1078)
by: do_command (sql_parse.cc:815)
by: do_handle_one_connection (sql_connect.cc:748)
by: handle_one_connection (sql_connect.cc:684)
by: start_thread (pthread_create.c:301)
Uninitialised value was created by a stack allocation
at: Item_func_str_to_date::get_date(st_mysql_time*, unsigned int) (item_timefunc.cc:3435)

How to repeat:
#run mysqld in valgrind, then:
select str_to_date(space(2),'1');
[24 Dec 2010 9:57] Valeriy Kravchuk
Verified with current mysql-trunk on 32-bit Ubuntu 10.04:

Version: '5.6.2-m5-debug'  socket: '/tmp/mysql.sock'  port: 3306  Source distribution
==15715== Thread 18:
==15715== Conditional jump or move depends on uninitialised value(s)
==15715==    at 0x841C981: extract_date_time(st_date_time_format*, char const*, unsigned int, st_mysql_time*, enum_mysql_timestamp_type, char const**, char const*) (item_timefunc.cc:521)
==15715==    by 0x84254A5: Item_func_str_to_date::get_date(st_mysql_time*, unsigned int) (item_timefunc.cc:3450)
==15715==    by 0x8396BF9: Item::send(Protocol*, String*) (item.cc:5993)
==15715==    by 0x8198224: Protocol::send_result_set_row(List<Item>*) (protocol.cc:848)
==15715==    by 0x81E3D2B: select_send::send_data(List<Item>&) (sql_class.cc:1866)
==15715==    by 0x823EA46: JOIN::exec() (sql_select.cc:2794)
==15715==    by 0x824116A: mysql_select(THD*, Item***, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) (sql_select.cc:3554)
==15715==    by 0x823860B: handle_select(THD*, LEX*, select_result*, unsigned long) (sql_select.cc:323)
==15715==    by 0x821AB70: execute_sqlcom_select(THD*, TABLE_LIST*) (sql_parse.cc:4513)
==15715==    by 0x8212E61: mysql_execute_command(THD*) (sql_parse.cc:2096)
==15715==    by 0x821CBEB: mysql_parse(THD*, char*, unsigned int, Parser_state*) (sql_parse.cc:5550)
==15715==    by 0x8210802: dispatch_command(enum_server_command, THD*, char*, unsigned int) (sql_parse.cc:1078)
[19 Apr 2011 17:10] Paul Dubois
Noted in 5.1.57, 5.5.12, 5.6.3 changelogs.

In extract_date_time(), a Valgrind warning for a missing
end-of-string check was corrected. 

CHANGESET - http://lists.mysql.com/commits/133960