Bug #59164 valgrind: uninitialized value in number_to_datetime
Submitted: 24 Dec 2010 22:43 Modified: 19 Apr 2011 16:59
Reporter: Shane Bester (Platinum Quality Contributor) Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server: DML Severity:S3 (Non-critical)
Version:5.0.92,5.1.55,5.5.9,5.6.1, 5.6.2 OS:Any
Assigned to: CPU Architecture:Any
Triage: Triaged: D1 (Critical)

[24 Dec 2010 22:43] Shane Bester
Description:
merry xmas \o/

Version: '5.6.1-m5-valgrind-max-debug'  socket: '/tmp/mysql.sock'  port: 3306  Source distribution
Thread 18:
Conditional jump or move depends on uninitialised value(s)
at: number_to_datetime (my_time.c:1111)
by: Item::get_date (item.cc:1014)
by: Item_date_add_interval::get_date (item_timefunc.cc:2243)
by: Item_date_add_interval::val_str (item_timefunc.cc:2262)
by: Item::send (item.cc:5931)
by: Protocol::send_result_set_row (protocol.cc:848)
by: select_send::send_data (sql_class.cc:1866)
by: JOIN::exec (sql_select.cc:2794)
by: mysql_select (sql_select.cc:3554)
by: handle_select (sql_select.cc:323)
by: execute_sqlcom_select (sql_parse.cc:4513)
by: mysql_execute_command (sql_parse.cc:2096)
by: mysql_parse (sql_parse.cc:5550)
by: dispatch_command (sql_parse.cc:1078)
by: do_command (sql_parse.cc:815)
by: do_handle_one_connection (sql_connect.cc:748)
by: handle_one_connection (sql_connect.cc:684)
by: start_thread (pthread_create.c:301)
Uninitialised value was created by a stack allocation
at: Item_func_month::val_int() (item_timefunc.cc:1111)

How to repeat:
#run mysqld in valgrind, then:
select adddate(month(from_unixtime(null)),interval 1 hour);
[25 Dec 2010 7:30] Sveta Smirnova
Thank you for the report.

Verified as described.
[27 Dec 2010 18:12] Shane Bester
another testcase:
do timestampadd(MICROSECOND,(0x77F00000),(year(from_unixtime(-2147483647))))
[4 Jan 2011 8:04] Shane Bester
another testcase:

do date_add((day(from_unixtime(yearweek(('T7'),7)))),interval (@@global.ft_query_expansion_limit) SECOND);
[1 Mar 2011 5:29] Shane Bester
Another similar testcase, kindly test the fix using all the testcases on this bug report:

Version: '5.6.2-m5-valgrind-max-debug'  socket: 'sock'  port: 3306  Source distribution
REDIR: 0x30e1481a70 (strncpy) redirected to 0x480155c (_vgnU_ifunc_wrapper)
REDIR: 0x30e1524ca0 (???) redirected to 0x4a06500 (strncpy)
Thread 18:
Conditional jump or move depends on uninitialised value(s)
at: number_to_datetime (my_time.c:1111)
by: Item::get_date (item.cc:1013)
by: Item_func::get_arg0_date (item_func.h:147)
by: Item_func_yearweek::val_int() (item_timefunc.cc:1247)
by: mysql_do (sql_do.cc:34)
by: mysql_execute_command (sql_parse.cc:2117)
by: mysql_parse (sql_parse.cc:5551)
by: dispatch_command (sql_parse.cc:1077)
by: do_command (sql_parse.cc:814)
by: do_handle_one_connection (sql_connect.cc:771)
by: handle_one_connection (sql_connect.cc:707)
by: start_thread (pthread_create.c:301)
 Uninitialised value was created by a stack allocation
at: Item_func_dayofmonth::val_int() (item_timefunc.cc:1103)

Testcase:
do yearweek(day(from_unixtime(geomfromwkb('255'))))
[8 Apr 2011 19:47] Shane Bester
See oracle bug #12340997 for a similar bug with date_add/date_sub interval .. that always crashes.
[19 Apr 2011 16:59] Paul Dubois
Noted in 5.1.57, 5.5.12, 5.6.3 changelogs.

In Item::get_date, a Valgrind warning for a missing NULL value check
was corrected. 

CHANGESET - http://lists.mysql.com/commits/134207