Bug #59343 year(4): incorrect result and valgrind warnings with min/max, union
Submitted: 7 Jan 2011 5:11 Modified: 27 Apr 2011 18:54
Reporter: Shane Bester (Platinum Quality Contributor) Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server: Data Types Severity:S1 (Critical)
Version:4.1.25,5.0.92,5.1.55,5.5.9,5.6.2 OS:Any
Assigned to: CPU Architecture:Any

[7 Jan 2011 5:11] Shane Bester
Description:
one of the mysql-trunk valgrind errors (see attachment for full log):

Use of uninitialised value of size 8
at: my_mb_wc_latin1 (ctype-latin1.c:367)
by: copy_and_convert_extended (sql_string.cc:756)
by: copy_and_convert (sql_string.cc:845)
by: Protocol::net_store_data (protocol.cc:114)
by: Protocol::store_string_aux (protocol.cc:958)
by: Protocol_text::store (protocol.cc:1120)
by: Item_field::send (item.cc:6082)
by: Protocol::send_result_set_row (protocol.cc:848)
by: select_send::send_data (sql_class.cc:1866)
by: end_send (sql_select.cc:18449)
by: evaluate_join_record (sql_select.cc:17668)
by: sub_select (sql_select.cc:17364)
by: do_select (sql_select.cc:16908)
by: JOIN::exec (sql_select.cc:3331)
by: mysql_select (sql_select.cc:3554)
by: st_select_lex_unit::exec (sql_union.cc:618)
by: mysql_union (sql_union.cc:38)
by: handle_select (sql_select.cc:301)
by: execute_sqlcom_select (sql_parse.cc:4513)
by: mysql_execute_command (sql_parse.cc:2096)
by: mysql_parse (sql_parse.cc:5550)
by: dispatch_command (sql_parse.cc:1078)
by: do_command (sql_parse.cc:815)
by: do_handle_one_connection (sql_connect.cc:748)
by: handle_one_connection (sql_connect.cc:684)
by: start_thread (pthread_create.c:301)
 Uninitialised value was created by a stack allocation
at: Protocol_text::store(Field*) (protocol.cc:1098)

There is garbage appended to the end of the resultset.

How to repeat:
#run mysqld in valgrind, then:

set names utf8;
drop table if exists t1;
create table t1(a year(4))engine=myisam;
insert into t1 values (0000),(2001);
(select max(`a`) from t1) union (select max(`a`) from t1);
[7 Jan 2011 5:13] MySQL Verification Team
full outputs from valgrind

Attachment: bug59343_mysql-trunk_valgrind_output.txt (text/plain), 17.87 KiB.

[7 Jan 2011 9:16] Valeriy Kravchuk
This is how it looks:

macbook-pro:5.5 openxs$ bin/mysql -uroot test
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 4
Server version: 5.1.55-debug Source distribution

Copyright (c) 2000, 2010, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> set names utf8;
Query OK, 0 rows affected (0.00 sec)

mysql> drop table if exists t1;
Query OK, 0 rows affected (0.59 sec)

mysql> create table t1(a year(4))engine=myisam;
Query OK, 0 rows affected (0.08 sec)

mysql> insert into t1 values (0000),(2001);
Query OK, 2 rows affected (0.00 sec)
Records: 2  Duplicates: 0  Warnings: 0

mysql> (select max(`a`) from t1) union (select max(`a`) from t1);
+----------------------+
| max(`a`)             |
+----------------------+
| 0001      iBY    C |
+----------------------+
1 row in set (0.07 sec)
[27 Apr 2011 18:54] Paul DuBois
Noted in 5.1.58, 5.5.13, 5.6.3 changelogs.

The incorrect max_length value for YEAR values could be used in
temporary result tables for UNION, leading to incorrect results.

The incorrect max_length value for YEAR values could be used in
temporary result tables for UNION, leading to incorrect results.