Bug #59834 Crash in innodb.innodb_gis
Submitted: 31 Jan 2011 10:05 Modified: 31 Jan 2011 10:26
Reporter: Marko Mäkelä Email Updates:
Status: Duplicate Impact on me:
None 
Category:MySQL Server: Tests Severity:S3 (Non-critical)
Version:5.6 OS:Any
Assigned to: CPU Architecture:Any

[31 Jan 2011 10:05] Marko Mäkelä
Description:
I have experienced a failure of innodb.innodb_gis in my copy of mysql-trunk-innodb tree for some weeks or months now. The failure occurs when the tree is built without debugging, but curiously not with debugging. Here is the stack trace, from Valgrind:

==2824== Invalid write of size 8
==2824==    at 0x838AD39: Gcalc_scan_iterator::intersection_scan() (gcalc_slicescan.h:283)
==2824==    by 0x838B997: Gcalc_scan_iterator::normal_scan() (gcalc_slicescan.cc:507)
==2824==    by 0x82F2691: Item_func_spatial_rel::func_touches() (gcalc_slicescan.h:312)
==2824==    by 0x82F2A3F: Item_func_spatial_rel::val_int() (item_geofunc.cc:926)
==2824==    by 0x837916D: JOIN_CACHE::check_match(unsigned char*) (opt_range.h:928)
==2824==    by 0x83794C2: JOIN_CACHE::generate_full_extensions(unsigned char*) (sql_join_cache.cc:1949)
==2824==    by 0x8379936: JOIN_CACHE_BNL::join_matching_records(bool) (sql_join_cache.cc:1848)
==2824==    by 0x83786F6: JOIN_CACHE::join_records(bool) (sql_join_cache.cc:1654)
==2824==    by 0x81C815F: sub_select_cache(JOIN*, st_join_table*, bool) (sql_select.cc:17213)
==2824==    by 0x81C9734: do_select(JOIN*, List<Item>*, TABLE*, Procedure*) (sql_select.cc:16961)
==2824==    by 0x81DF47B: JOIN::exec() (sql_select.cc:3361)
==2824==    by 0x81E0AEA: mysql_select(THD*, Item***, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) (sql_select.cc:3584)
==2824==    by 0x81E1576: handle_select(THD*, LEX*, select_result*, unsigned long) (sql_select.cc:323)
==2824==    by 0x819EF2E: execute_sqlcom_select(THD*, TABLE_LIST*) (sql_parse.cc:4513)
==2824==    by 0x81A225E: mysql_execute_command(THD*) (sql_parse.cc:2096)
==2824==    by 0x81A6563: mysql_parse(THD*, char*, unsigned int, Parser_state*) (sql_parse.cc:5550)
==2824==  Address 0xc is not stack'd, malloc'd or (recently) free'd
==2824== 
110131 12:59:08 - mysqld got signal 11 ;

How to repeat:
cmake -DWITH_INNOBASE_STORAGE_ENGINE:BOOL=ON -DWITH_VALGRIND:BOOL:ON
make
cd mysql-test
./mysql-test-run --suite innodb innodb_gis

Suggested fix:
Address 0xc looks like dereferencing a struct or class that is NULL. Add a few __attribute__((nonnull)) to functions and methods in order to catch this class of errors at compilation time.
[31 Jan 2011 10:10] MySQL Verification Team
Marko, is it a duplicate of bug #59111 ?
[31 Jan 2011 10:26] Marko Mäkelä
Sorry, this is a duplicate of Bug #59111.